passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dangling pointers in crypto tests (#349)

This commit is contained in:
Davide De Rosa 2023-12-13 21:11:05 +01:00 committed by GitHub
parent 8ca928a13b
commit 071b6e22ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 67 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
Tests/TunnelKitOpenVPNTests/CryptoAEADTests.swift
View File

@ -36,40 +36,39 @@ class CryptoAEADTests: XCTestCase {
private let plainData = Data(hex: "00112233ffddaa") private let plainData = Data(hex: "00112233ffddaa")
func test_givenData_whenEncrypt_thenDecrypts() { private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let encryptedData: Data
var flags = cryptoFlags
let sut1 = CryptoAEAD(cipherName: "aes-256-gcm") private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
sut1.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
encryptedData = try sut1.encryptData(plainData, flags: &flags)
} catch {
XCTFail("Cannot encrypt: \(error)")
return
}
let sut2 = CryptoAEAD(cipherName: "aes-256-gcm") private lazy var flags: CryptoFlags = {
sut2.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
let returnedData = try sut2.decryptData(encryptedData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
} catch {
XCTFail("Cannot decrypt: \(error)")
}
}
private var cryptoFlags: CryptoFlags {
let packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
return packetId.withUnsafeBufferPointer { iv in return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress, CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count, ivLength: iv.count,
ad: ad.baseAddress, ad: ad.baseAddress,
adLength: ad.count, adLength: ad.count,
forTesting: true) forTesting: true)
} }
} }
}()
func test_givenData_whenEncrypt_thenDecrypts() {
let sut = CryptoAEAD(cipherName: "aes-256-gcm")
sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
let encryptedData: Data
do {
encryptedData = try sut.encryptData(plainData, flags: &flags)
} catch {
XCTFail("Cannot encrypt: \(error)")
return
}
do {
let returnedData = try sut.decryptData(encryptedData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
} catch {
XCTFail("Cannot decrypt: \(error)")
}
} }
} }

35
Tests/TunnelKitOpenVPNTests/CryptoCBCTests.swift
View File

@ -40,11 +40,26 @@ class CryptoCBCTests: XCTestCase {
private let encryptedHMACData = Data(hex: "fea3fe87ee68eb21c697e62d3c29f7bea2f5b457d9a7fa66291322fc9c2fe6f700000000000000000000000000000000ebe197e706c3c5dcad026f4e3af1048b") private let encryptedHMACData = Data(hex: "fea3fe87ee68eb21c697e62d3c29f7bea2f5b457d9a7fa66291322fc9c2fe6f700000000000000000000000000000000ebe197e706c3c5dcad026f4e3af1048b")
private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
private lazy var flags: CryptoFlags = {
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: iv.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}()
func test_givenDecrypted_whenEncryptWithoutCipher_thenEncodesWithHMAC() { func test_givenDecrypted_whenEncryptWithoutCipher_thenEncodesWithHMAC() {
let sut = CryptoCBC(cipherName: nil, digestName: "sha256") let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
sut.configureEncryption(withCipherKey: nil, hmacKey: hmacKey) sut.configureEncryption(withCipherKey: nil, hmacKey: hmacKey)
var flags = cryptoFlags
do { do {
let returnedData = try sut.encryptData(plainData, flags: &flags) let returnedData = try sut.encryptData(plainData, flags: &flags)
XCTAssertEqual(returnedData, plainHMACData) XCTAssertEqual(returnedData, plainHMACData)
@ -57,7 +72,6 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256") let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")
sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey) sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
var flags = cryptoFlags
do { do {
let returnedData = try sut.encryptData(plainData, flags: &flags) let returnedData = try sut.encryptData(plainData, flags: &flags)
XCTAssertEqual(returnedData, encryptedHMACData) XCTAssertEqual(returnedData, encryptedHMACData)
@ -70,7 +84,6 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: nil, digestName: "sha256") let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey) sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)
var flags = cryptoFlags
do { do {
let returnedData = try sut.decryptData(plainHMACData, flags: &flags) let returnedData = try sut.decryptData(plainHMACData, flags: &flags)
XCTAssertEqual(returnedData, plainData) XCTAssertEqual(returnedData, plainData)
@ -83,7 +96,6 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256") let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")
sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey) sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
var flags = cryptoFlags
do { do {
let returnedData = try sut.decryptData(encryptedHMACData, flags: &flags) let returnedData = try sut.decryptData(encryptedHMACData, flags: &flags)
XCTAssertEqual(returnedData, plainData) XCTAssertEqual(returnedData, plainData)
@ -96,22 +108,7 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: nil, digestName: "sha256") let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey) sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)
var flags = cryptoFlags
XCTAssertNoThrow(try sut.verifyData(plainHMACData, flags: &flags)) XCTAssertNoThrow(try sut.verifyData(plainHMACData, flags: &flags))
XCTAssertNoThrow(try sut.verifyData(encryptedHMACData, flags: &flags)) XCTAssertNoThrow(try sut.verifyData(encryptedHMACData, flags: &flags))
} }
private var cryptoFlags: CryptoFlags {
let packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}
} }

49
Tests/TunnelKitOpenVPNTests/CryptoCTRTests.swift
View File

@ -36,40 +36,39 @@ class CryptoCTRTests: XCTestCase {
private let plainData = Data(hex: "00112233ffddaa") private let plainData = Data(hex: "00112233ffddaa")
func test_givenData_whenEncrypt_thenDecrypts() { private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let encryptedData: Data
var flags = cryptoFlags
let sut1 = CryptoCTR(cipherName: "aes-128-ctr", digestName: "sha256") private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
sut1.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
encryptedData = try sut1.encryptData(plainData, flags: &flags)
} catch {
XCTFail("Cannot encrypt: \(error)")
return
}
let sut2 = CryptoCTR(cipherName: "aes-128-ctr", digestName: "sha256") private lazy var flags: CryptoFlags = {
sut2.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
let returnedData = try sut2.decryptData(encryptedData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
} catch {
XCTFail("Cannot decrypt: \(error)")
}
}
private var cryptoFlags: CryptoFlags {
let packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
return packetId.withUnsafeBufferPointer { iv in return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress, CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count, ivLength: iv.count,
ad: ad.baseAddress, ad: ad.baseAddress,
adLength: ad.count, adLength: ad.count,
forTesting: true) forTesting: true)
} }
} }
}()
func test_givenData_whenEncrypt_thenDecrypts() {
let sut = CryptoCTR(cipherName: "aes-128-ctr", digestName: "sha256")
sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
let encryptedData: Data
do {
encryptedData = try sut.encryptData(plainData, flags: &flags)
} catch {
XCTFail("Cannot encrypt: \(error)")
return
}
do {
let returnedData = try sut.decryptData(encryptedData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
} catch {
XCTFail("Cannot decrypt: \(error)")
}
} }
} }

2
Tests/TunnelKitOpenVPNTests/EncryptionPerformanceTests.swift
View File

@ -85,7 +85,7 @@ class EncryptionPerformanceTests: XCTestCase {
CryptoFlags(iv: nil, CryptoFlags(iv: nil,
ivLength: 0, ivLength: 0,
ad: $0.baseAddress, ad: $0.baseAddress,
adLength: ad.count, adLength: $0.count,
forTesting: true) forTesting: true)
} }
measure { measure {

4
Tests/TunnelKitOpenVPNTests/EncryptionTests.swift
View File

@ -85,7 +85,7 @@ class EncryptionTests: XCTestCase {
var flags = packetId.withUnsafeBufferPointer { iv in var flags = packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress, CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count, ivLength: iv.count,
ad: ad.baseAddress, ad: ad.baseAddress,
adLength: ad.count, adLength: ad.count,
forTesting: true) forTesting: true)
@ -106,7 +106,7 @@ class EncryptionTests: XCTestCase {
CryptoFlags(iv: nil, CryptoFlags(iv: nil,
ivLength: 0, ivLength: 0,
ad: $0.baseAddress, ad: $0.baseAddress,
adLength: ad.count, adLength: $0.count,
forTesting: true) forTesting: true)
} }