More AES-GCM tests

[Rubin, Greg]

While looking through the AES-GCM tests, I spotted some gaps which I think we should cover. Here they are so we can avoid duplicate work:

 

·         Cipher.update(byte[], int, int, byte[], int) is copy-safe

·         Direct ByteBuffers

·         Direct ByteBuffer aliasing

·         Direct ByteBuffer offset aliasing (so while they are both backed by the same data, they start at different locations)

·         Various update lengths

o   Longer ciphertext

o   Cipher.update() called with a wide variety of lengths (1, 15, 16, 17, 31, 32, and 33 are good lengths)

 

Greg

[Thai Duong]

Hi Greg,

I'm sorry for the late response. I just double checked and saw that we have two confidential tests that haven't been released, but neither seem related to what you're proposing. Before sending a PR, could you please explain what you want to test for with each test?

Cheers,

Thai.

 

Greg

[Rubin, Greg]

Thai,

 

Certainly. For all but the last test, these are similar to the existing testByteBufferAlias test. They are intended to show that the implementations properly handle the cases when both the input and output refer to the same logical place (be it an array or the backing structure of a ByteBuffer). The last test (multiple lengths) covers a bug which I’ve seen occur where updates don’t align with the block-size. In this case, data (either the input or the keystream) needs to be cached by the underlying implementation. This is relatively easy to get wrong with implementations duplicating data, dropping data, or skipping over portions of the keystream.

 

Greg

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/04f347d8-a483-40ec-b9c4-cd4e3709cac9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Thai Duong]

On Fri, Jan 6, 2017 at 9:20 AM, 'Rubin, Greg' via wycheproof-users <wychepro...@googlegroups.com> wrote:

Thai,

 

Certainly. For all but the last test, these are similar to the existing testByteBufferAlias test. They are intended to show that the implementations properly handle the cases when both the input and output refer to the same logical place (be it an array or the backing structure of a ByteBuffer). The last test (multiple lengths) covers a bug which I’ve seen occur where updates don’t align with the block-size. In this case, data (either the input or the keystream) needs to be cached by the underlying implementation. This is relatively easy to get wrong with implementations duplicating data, dropping data, or skipping over portions of the keystream.

Thanks Greg. Please send us PRs. We're still working on our two-way sync, but all PRs should be merged sometime in Q1. 

 

Greg

 

From: wycheproof-users@googlegroups.com [mailto:wycheproof-users@googlegroups.com] On Behalf Of Thai Duong
Sent: Friday, January 06, 2017 8:33 AM
To: wycheproof-users <wycheproof-users@googlegroups.com>
Subject: Re: More AES-GCM tests

 

 

On Wednesday, December 28, 2016 at 12:27:33 PM UTC-5, Rubin, Greg wrote:

While looking through the AES-GCM tests, I spotted some gaps which I think we should cover. Here they are so we can avoid duplicate work:

 

·         Cipher.update(byte[], int, int, byte[], int) is copy-safe 

·         Direct ByteBuffers

·         Direct ByteBuffer aliasing

·         Direct ByteBuffer offset aliasing (so while they are both backed by the same data, they start at different locations)

·         Various update lengths

o   Longer ciphertext

o   Cipher.update() called with a wide variety of lengths (1, 15, 16, 17, 31, 32, and 33 are good lengths)

 

Hi Greg,

 

I'm sorry for the late response. I just double checked and saw that we have two confidential tests that haven't been released, but neither seem related to what you're proposing. Before sending a PR, could you please explain what you want to test for with each test?

 

Cheers,

Thai.

 

 

 

Greg

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/04f347d8-a483-40ec-b9c4-cd4e3709cac9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/89354102216446998357fe4073ca3d8e%40EX13D06UWC002.ant.amazon.com.