From patchwork Thu Jan 25 12:38:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3594 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:3b94:b0:101:b91e:57cc with SMTP id kh20csp1653579dyb; Thu, 25 Jan 2024 04:39:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IFgL1Tqf7lQB1VbT+gDUMm0KWFeMKJ20ICfIDsvVCF0gAgeca6L2NZ5RQzVP8ZWqOGd5Ovt X-Received: by 2002:a05:6a20:6115:b0:196:16b0:c554 with SMTP id m21-20020a056a20611500b0019616b0c554mr1533183pzb.5.1706186346435; Thu, 25 Jan 2024 04:39:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1706186346; cv=none; d=google.com; s=arc-20160816; b=WkRZyLWJ2t+GBSiR/1OKYQnAMTISgNHVYUJyGOhuyIgtbcbd7/7aRhjuZ+dRmqW9zN wQQBo8qWtcF320Ph2rdEryZZ2TPFlf68kf0M9qxfcGA/QcMgo9narjaQMk/OW/a9Z2OE ZUCKQsbUf82RuoVGe27vUij9lt7W99xlU8AJXyYDyMpgWjKW62Mr0+jZxy739pW3nXQW x6l0nz3MmjhvFfmT950IIfjAVbwurN/y2MkohgyH7QsACxzJDz/KSAboeedi9vLgZwPR PZJuDDRVVHr8IdgTtvVk3AMmd8h19NIKaD4fCxin34625bfExGLxDMXRER5u5/sgIOTS 04qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=hskUH4ca1xaBoxxhIbR1z7LodkAE19yWd1vRzUx+lU0=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=a7QHTLiL8t+E2B2wfJToUrrLlyEbEbP7J6YE2kXTuPXhPen608DHATwUvSGFgEG0fs pp7/DySeA8IF/t7C99EWn4RRGDLKPToj219QZgXjSzDyhFl5j9HrFN8drNfmqozqtmzE +dsMFOhv4djBn3lVSNmx75c1rMgMdPadA+lH0kJ6rUiMnGXukW4rO9wBtfTD+BtQidpf j0YeT5KvDLGtI4FarSHcXEknV3I4DjhiRi96IqEJK25LL1S+bbi7jkZS62vmRDUiKLCu 7TtZ7bHQ9QZ83U1RMqiLyDWXNC9s6Md4B7ozwxx8ujizuy1C5zuU24unl+K5Xm+h7LbA mkSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kqDcAwID; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="NnoT/D1x"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=gwUfZAjR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e26-20020a63745a000000b005d6a99217dasi668846pgn.403.2024.01.25.04.39.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2024 04:39:06 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kqDcAwID; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="NnoT/D1x"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=gwUfZAjR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rSz06-00069Z-8G; Thu, 25 Jan 2024 12:38:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rSz04-00069S-Vu for openvpn-devel@lists.sourceforge.net; Thu, 25 Jan 2024 12:38:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XoLZ/+eC7qbjAFG4XgQDaThZmjzyTxLhARBAZNcAcPg=; b=kqDcAwIDfXWmdxkXa1pUZvnPhs LyiRIdQEGsL+7Nm3o1A/s5KVJeUVTszBkz181nl5ZR15nrIgCfssKOIhwk2oRaRu10SWAdrzXHxsx 8pVl8A7Hqpwj/fu2LZkClBVFiotXSjroO2nxBA5/ly6fP2ALz0Ol3w5mnq6VfQG3oRsw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=XoLZ/+eC7qbjAFG4XgQDaThZmjzyTxLhARBAZNcAcPg=; b=N noT/D1xcC/lsd5guDlGTwuv4qWsHWkskk7k/GPP0b2hssy1OstZdb5XskBlY54cr9jEgKqTiA0eF6 9B+4qp9LNiy0SBMh1oMsi9eJx3sRmUEjn1kUBmxxtZjo9qKBS11Rbk9d7ZA52dVThPws6S9FOLLWt l0VrEG1vsVc7x6/M=; Received: from mail-wm1-f42.google.com ([209.85.128.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rSz01-0000Ko-NI for openvpn-devel@lists.sourceforge.net; Thu, 25 Jan 2024 12:38:32 +0000 Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-40ea5653f6bso68946635e9.3 for ; Thu, 25 Jan 2024 04:38:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1706186298; x=1706791098; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=XoLZ/+eC7qbjAFG4XgQDaThZmjzyTxLhARBAZNcAcPg=; b=gwUfZAjRj10lZvb5T4H0FXwfKyxj0NtRDc0hKlIcFEmRyDLoHJulKKUenQqC2ic5bB A+kZlb1zrnTsMK8Kj1Ho0emcocac4RakEe6R00KIcG9FVulDwSXVNObXlpS3CFgmhNIj BkQT6cwTC3soxlZR1FpSWbCZMNe+4swj+C+KMX19bltyFS03eQ0fH/qV1jGNvL567dXh u3Bgs0qVeA13/IGQ0I96V3YOKZzyHTIw6OCJz0fAqYqDzxjLoZYa54MHkONitweNAGA8 5FXXZL1HW9O4sWD4uVJDiqWxCMaWSBgcUn/D876Zl4pJi9v0Ukebahh4I5YX3qlz1OJS WZtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706186298; x=1706791098; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XoLZ/+eC7qbjAFG4XgQDaThZmjzyTxLhARBAZNcAcPg=; b=Lpf80CsH48QNBErJsXt/Usq/IH2RpD1y8J0BZ+vd7qqOGdO50tAO6Gv9qmgImCAB0U wNtso7h5x9GvP9bGjrggHb9w7Lt8nabou6ZljeJx4VEcEEzPzxma3tT0w3y3Lmp8ajEr SSueqAGT2mAsTUlwggZ+9rbW2VVRikkBaIN4ZN1Mo/R255u1wJrCUcx424C5Aw8m8mUe TVcltR70YO4Qr1wKzItgDBOctyCcyjHtqBfwwBNZF8CsvVKV/udCpZoFo8bZvcAXd1QF D1FNOydq73J2eJQZPDWqHtrB0BdpNXpct0c3KG417PHObAwc9AIs80ZloasU36z6TOrU 5iHA== X-Gm-Message-State: AOJu0Yz6ltr0UaEfWSJiX4ayrS+BMbD7TAvEWER6gKb9A8q2A6chMJVW GkOkKiUdS+rZT6QCmVVHhQ0OOIs4stpOuqspCxrbXEVCzAhOG/x/vUOivFtZ7ma2KVa7+umTAi+ u X-Received: by 2002:a05:600c:35d1:b0:40e:878b:34bf with SMTP id r17-20020a05600c35d100b0040e878b34bfmr501827wmq.1.1706186298433; Thu, 25 Jan 2024 04:38:18 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id u11-20020a05600c138b00b0040e76b60235sm2481836wmf.8.2024.01.25.04.38.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jan 2024 04:38:17 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 25 Jan 2024 12:38:17 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I00821d75342daf3f813b829812d648fe298bea81 X-Gerrit-Change-Number: 506 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 98b5efa86ad1b6d5e08f48262045439467744be3 References: Message-ID: <7b5f4c01bb8b841ba64349804e2d44ecd34178ec-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.42 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.42 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rSz01-0000Ko-NI Subject: [Openvpn-devel] [M] Change in openvpn[master]: Implement support for AEAD tag at the end X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1789066053942729504?= X-GMAIL-MSGID: =?utf-8?q?1789066053942729504?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/506?usp=email to review the following change. Change subject: Implement support for AEAD tag at the end ...................................................................... Implement support for AEAD tag at the end Change-Id: I00821d75342daf3f813b829812d648fe298bea81 --- M src/openvpn/crypto.c M src/openvpn/crypto.h M src/openvpn/init.c M src/openvpn/options.c M src/openvpn/push.c M src/openvpn/ssl.h M tests/unit_tests/openvpn/test_ssl.c 7 files changed, 85 insertions(+), 26 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/06/506/1 diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 2fca131..9988ebe 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -104,14 +104,10 @@ ASSERT(cipher_ctx_reset(ctx->cipher, iv)); } - /* Reserve space for authentication tag */ - mac_out = buf_write_alloc(&work, mac_len); - ASSERT(mac_out); - dmsg(D_PACKET_CONTENT, "ENCRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 80, &gc)); /* Buffer overflow check */ - if (!buf_safe(&work, buf->len + cipher_ctx_block_size(ctx->cipher))) + if (!buf_safe(&work, buf->len + mac_len + cipher_ctx_block_size(ctx->cipher))) { msg(D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d", @@ -121,9 +117,16 @@ } /* For AEAD ciphers, authenticate Additional Data, including opcode */ - ASSERT(cipher_ctx_update_ad(ctx->cipher, BPTR(&work), BLEN(&work) - mac_len)); + ASSERT(cipher_ctx_update_ad(ctx->cipher, BPTR(&work), BLEN(&work))); dmsg(D_PACKET_CONTENT, "ENCRYPT AD: %s", - format_hex(BPTR(&work), BLEN(&work) - mac_len, 0, &gc)); + format_hex(BPTR(&work), BLEN(&work), 0, &gc)); + + if (!(opt->flags & CO_AEAD_TAG_AT_THE_END)) + { + /* Reserve space for authentication tag */ + mac_out = buf_write_alloc(&work, mac_len); + ASSERT(mac_out); + } /* Encrypt packet ID, payload */ ASSERT(cipher_ctx_update(ctx->cipher, BEND(&work), &outlen, BPTR(buf), BLEN(buf))); @@ -133,6 +136,14 @@ ASSERT(cipher_ctx_final(ctx->cipher, BEND(&work), &outlen)); ASSERT(buf_inc_len(&work, outlen)); + /* if the tag is at end the end, allocate it now */ + if (opt->flags & CO_AEAD_TAG_AT_THE_END) + { + /* Reserve space for authentication tag */ + mac_out = buf_write_alloc(&work, mac_len); + ASSERT(mac_out); + } + /* Write authentication tag */ ASSERT(cipher_ctx_get_tag(ctx->cipher, mac_out, mac_len)); @@ -353,7 +364,6 @@ static const char error_prefix[] = "AEAD Decrypt error"; struct packet_id_net pin = { 0 }; const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; - uint8_t *tag_ptr = NULL; int outlen; struct gc_arena gc; @@ -406,19 +416,29 @@ /* keep the tag value to feed in later */ const int tag_size = OPENVPN_AEAD_TAG_LENGTH; - if (buf->len < tag_size) + if (buf->len < tag_size + 1) { - CRYPT_ERROR("missing tag"); + CRYPT_ERROR("missing tag or no payload"); } - tag_ptr = BPTR(buf); - ASSERT(buf_advance(buf, tag_size)); + + const int ad_size = BPTR(buf) - ad_start; + + uint8_t *tag_ptr = NULL; + int data_len = 0; + + if (opt->flags & CO_AEAD_TAG_AT_THE_END) + { + data_len = BLEN(buf) - tag_size; + tag_ptr = BPTR(buf) + data_len; + } + else + { + tag_ptr = BPTR(buf); + ASSERT(buf_advance(buf, tag_size)); + data_len = BLEN(buf); + } + dmsg(D_PACKET_CONTENT, "DECRYPT MAC: %s", format_hex(tag_ptr, tag_size, 0, &gc)); - - if (buf->len < 1) - { - CRYPT_ERROR("missing payload"); - } - dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 0, &gc)); /* Buffer overflow check (should never fail) */ @@ -427,20 +447,19 @@ CRYPT_ERROR("potential buffer overflow"); } - { - /* feed in tag and the authenticated data */ - const int ad_size = BPTR(buf) - ad_start - tag_size; - ASSERT(cipher_ctx_update_ad(ctx->cipher, ad_start, ad_size)); - dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s", - format_hex(BPTR(buf) - ad_size - tag_size, ad_size, 0, &gc)); - } + + /* feed in tag and the authenticated data */ + ASSERT(cipher_ctx_update_ad(ctx->cipher, ad_start, ad_size)); + dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s", + format_hex(ad_start, ad_size, 0, &gc)); /* Decrypt and authenticate packet */ if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf), - BLEN(buf))) + data_len)) { CRYPT_ERROR("cipher update failed"); } + ASSERT(buf_inc_len(&work, outlen)); if (!cipher_ctx_final_check_tag(ctx->cipher, BPTR(&work) + outlen, &outlen, tag_ptr, tag_size)) diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 4201524..95a5b31 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -279,6 +279,10 @@ /**< Bit-flag indicating that renegotiations are using tls-crypt * with a TLS-EKM derived key. */ +#define CO_AEAD_TAG_AT_THE_END (1<<8) + /**< Bit-flag indicating that the AEAD tag is at the end of the + * packet. + */ unsigned int flags; /**< Bit-flags determining behavior of * security operation functions. */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index c5cc154..cd37b36 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2323,6 +2323,10 @@ { buf_printf(&out, " dyn-tls-crypt"); } + if (o->imported_protocol_flags & CO_AEAD_TAG_AT_THE_END) + { + buf_printf(&out, " aead-tag-end"); + } } if (buf_len(&out) > strlen(header)) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2c79a1e..39f00c0 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8686,6 +8686,10 @@ options->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT; } #endif + else if (streq(p[j], "aead-tag-end")) + { + options->imported_protocol_flags |= CO_AEAD_TAG_AT_THE_END; + } else { msg(msglevel, "Unknown protocol-flags flag: %s", p[j]); diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 2249434..e4c122c 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -29,6 +29,7 @@ #include "push.h" #include "options.h" +#include "crypto.h" #include "ssl.h" #include "ssl_verify.h" #include "ssl_ncp.h" @@ -686,6 +687,11 @@ buf_printf(&proto_flags, " dyn-tls-crypt"); } + if (o->imported_protocol_flags & CO_AEAD_TAG_AT_THE_END) + { + buf_printf(&proto_flags, " aead-tag-end"); + } + if (buf_len(&proto_flags) > 0) { push_option_fmt(gc, push_list, M_USAGE, "protocol-flags%s", buf_str(&proto_flags)); diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 71b99db..a1c67a2 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -107,6 +107,9 @@ /** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */ #define IV_PROTO_DYN_TLS_CRYPT (1<<9) +/** Suport for the AEAD tag at the end a larger peer id and IV */ +#define IV_PROTO_DATA_V3 (1<<10) + /* Default field in X509 to be username */ #define X509_USERNAME_FIELD_DEFAULT "CN" diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index 8c1fb5b..0ded052 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -266,6 +266,19 @@ } +/* This adds a few more methods that strictly necessary but this allows + * us to see which exact test was run from the backtrace of the test + * when it fails */ + +static void +run_data_channel_with_cipher_end(const char *cipher) +{ + struct crypto_options co = init_crypto_options(cipher, "none"); + co.flags |= CO_AEAD_TAG_AT_THE_END; + do_data_channel_round_trip(&co); + uninit_crypto_options(&co); +} + static void run_data_channel_with_cipher(const char *cipher, const char *auth) { @@ -274,21 +287,25 @@ uninit_crypto_options(&co); } + static void test_data_channel_roundtrip_aes_128_gcm(void **state) { + run_data_channel_with_cipher_end("AES-128-GCM"); run_data_channel_with_cipher("AES-128-GCM", "none"); } static void test_data_channel_roundtrip_aes_192_gcm(void **state) { + run_data_channel_with_cipher_end("AES-192-GCM"); run_data_channel_with_cipher("AES-192-GCM", "none"); } static void test_data_channel_roundtrip_aes_256_gcm(void **state) { + run_data_channel_with_cipher_end("AES-256-GCM"); run_data_channel_with_cipher("AES-256-GCM", "none"); } @@ -318,6 +335,8 @@ skip(); return; } + + run_data_channel_with_cipher_end("ChaCha20-Poly1305"); run_data_channel_with_cipher("ChaCha20-Poly1305", "none"); }