Add round-trip for BIO_write

aws · Sep 7, 2024 · d2a8c63 · d2a8c63
1 parent b2966f4
commit d2a8c63
Showing 1 changed file with 35 additions and 2 deletions.
diff --git a/crypto/pkcs7/pkcs7_internal_bio_test.cc b/crypto/pkcs7/pkcs7_internal_bio_test.cc
@@ -14,6 +14,12 @@
 #include "../test/test_util.h"
 #include "./internal.h"
 
+// TODO [childw]
+// 1. parameterize over a meaningful set of ciphers
+// 2. deduplicate round-trip code to the extent possible
+// 3. seed RNG with fixed (random? need to print stdout?) value
+// 4. clang-format all the things
+// 5. parameterize over plaintext sizes that break cipher block size boundaries
 
 TEST(PKCS7Test, CipherBIO) {
   uint8_t key[EVP_MAX_KEY_LENGTH];
@@ -29,6 +35,7 @@ TEST(PKCS7Test, CipherBIO) {
   ASSERT_TRUE(RAND_bytes(key, sizeof(key)));
   ASSERT_TRUE(RAND_bytes(iv, sizeof(iv)));
 
+  // Round-trip using the |BIO_read|
   bio_cipher.reset(BIO_new(BIO_f_cipher()));
   ASSERT_TRUE(bio_cipher);
   EXPECT_TRUE(BIO_get_cipher_ctx(bio_cipher.get(), &ctx));
@@ -37,14 +44,40 @@ TEST(PKCS7Test, CipherBIO) {
   bio_mem.reset(BIO_new_mem_buf(pt, sizeof(pt)));
   ASSERT_TRUE(bio_mem);
   ASSERT_TRUE(BIO_up_ref(bio_mem.get()));  // |bio_cipher| will take ownership
-  ASSERT_TRUE(BIO_set_mem_eof_return(bio_mem.get(), 0));
   ASSERT_TRUE(BIO_push(bio_cipher.get(), bio_mem.get()));
   EXPECT_TRUE(BIO_read(bio_cipher.get(), ct, sizeof(ct)));
-  EXPECT_TRUE(BIO_flush(bio_cipher.get()));
   EXPECT_TRUE(BIO_get_cipher_status(bio_cipher.get()));
   // only consider first |sizeof(pt)| bytes of |ct|, exclude tag
   EXPECT_NE(Bytes(pt, sizeof(pt)), Bytes(ct, sizeof(pt)));
+  // Reset both BIOs and decrypt
+  bio_cipher.reset(BIO_new(BIO_f_cipher()));
+  ASSERT_TRUE(bio_cipher);
+  EXPECT_TRUE(BIO_get_cipher_ctx(bio_cipher.get(), &ctx));
+  ASSERT_TRUE(
+      EVP_CipherInit_ex(ctx, EVP_aes_128_gcm(), NULL, key, iv, /*enc*/ 0));
+  bio_mem.reset(BIO_new_mem_buf((const uint8_t *)ct, sizeof(ct)));
+  ASSERT_TRUE(bio_mem);
+  ASSERT_TRUE(BIO_up_ref(bio_mem.get()));  // |bio_cipher| will take ownership
+  ASSERT_TRUE(BIO_push(bio_cipher.get(), bio_mem.get()));
+  EXPECT_TRUE(BIO_read(bio_cipher.get(), pt_decrypted, sizeof(pt_decrypted)));
+  EXPECT_TRUE(BIO_get_cipher_status(bio_cipher.get()));
+  EXPECT_EQ(Bytes(pt, sizeof(pt)), Bytes(pt_decrypted, sizeof(pt_decrypted)));
 
+  // Round-trip using |BIO_read| and |BIO_write| instead of |BIO_new_mem_buf|
+  bio_cipher.reset(BIO_new(BIO_f_cipher()));
+  ASSERT_TRUE(bio_cipher);
+  EXPECT_TRUE(BIO_get_cipher_ctx(bio_cipher.get(), &ctx));
+  ASSERT_TRUE(
+      EVP_CipherInit_ex(ctx, EVP_aes_128_gcm(), NULL, key, iv, /*enc*/ 1));
+  bio_mem.reset(BIO_new(BIO_s_mem()));
+  ASSERT_TRUE(bio_mem);
+  ASSERT_TRUE(BIO_up_ref(bio_mem.get()));  // |bio_cipher| will take ownership
+  ASSERT_TRUE(BIO_push(bio_cipher.get(), bio_mem.get()));
+  EXPECT_TRUE(BIO_write(bio_cipher.get(), pt, sizeof(pt)));
+  EXPECT_TRUE(BIO_get_cipher_status(bio_cipher.get()));
+  // Only consider first |sizeof(pt)| bytes of |ct|, exclude tag
+  EXPECT_NE(Bytes(pt, sizeof(pt)), Bytes(ct, sizeof(pt)));
+  // Reset both BIOs and decrypt
   bio_cipher.reset(BIO_new(BIO_f_cipher()));
   ASSERT_TRUE(bio_cipher);
   EXPECT_TRUE(BIO_get_cipher_ctx(bio_cipher.get(), &ctx));