Add test cases

aws · Mar 18, 2024 · da7ed85 · da7ed85
1 parent a1e0880
commit da7ed85
Show file tree

Hide file tree

Showing 6 changed files with 6,127 additions and 850 deletions.
diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
@@ -133,6 +133,10 @@ static const struct KnownAEAD kAEADs[] = {
      "aes_128_cbc_sha256_tls_implicit_iv_tests.txt",
      kLimitedImplementation | RequiresADLength(11)},
 
+  {"AES_256_CBC_SHA384_TLS", EVP_aead_aes_256_cbc_sha384_tls,
+     "aes_256_cbc_sha384_tls_tests.txt",
+     kLimitedImplementation | RequiresADLength(11)},
+
     {"AES_256_CBC_SHA1_TLS", EVP_aead_aes_256_cbc_sha1_tls,
      "aes_256_cbc_sha1_tls_tests.txt",
      kLimitedImplementation | RequiresADLength(11)},

diff --git a/crypto/cipher_extra/test/aes_256_cbc_sha384_tls_tests.txt b/crypto/cipher_extra/test/aes_256_cbc_sha384_tls_tests.txt
diff --git a/crypto/cipher_extra/test/make_all_legacy_aead_tests.sh b/crypto/cipher_extra/test/make_all_legacy_aead_tests.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 
 set -xe
 
@@ -11,6 +11,8 @@ go run make_legacy_aead_tests.go -cipher aes128 -mac sha256 -implicit-iv > aes_1
 go run make_legacy_aead_tests.go -cipher aes256 -mac sha1 > aes_256_cbc_sha1_tls_tests.txt
 go run make_legacy_aead_tests.go -cipher aes256 -mac sha1 -implicit-iv > aes_256_cbc_sha1_tls_implicit_iv_tests.txt
 
+go run make_legacy_aead_tests.go -cipher aes256 -mac sha384 > aes_256_cbc_sha384_tls_tests.txt
+
 go run make_legacy_aead_tests.go -cipher 3des -mac sha1 > des_ede3_cbc_sha1_tls_tests.txt
 go run make_legacy_aead_tests.go -cipher 3des -mac sha1 -implicit-iv > des_ede3_cbc_sha1_tls_implicit_iv_tests.txt
 

diff --git a/crypto/cipher_extra/tls_cbc.c b/crypto/cipher_extra/tls_cbc.c
@@ -519,7 +519,7 @@ int EVP_final_with_secret_suffix_sha384(SHA512_CTX *ctx,
   // - in[:len]
   // - A 0x80 byte
   // - However many zero bytes are needed to pad up to a block.
-  // - Eight bytes of length.
+  // - 16 bytes of length.
   size_t num_blocks = (ctx->num + len + 1 + 16 + SHA384_CBLOCK - 1) >> 7;
   size_t last_block = num_blocks - 1;
   size_t max_blocks = (ctx->num + max_len + 1 + 16 + SHA384_CBLOCK - 1) >> 7;
@@ -579,12 +579,13 @@ int EVP_final_with_secret_suffix_sha384(SHA512_CTX *ctx,
 
     // Process the block and save the hash state if it is the final value.
     SHA384_Transform(ctx, block);
-    for (size_t j = 0; j < 6; j++) {
+    for (size_t j = 0; j < 8; j++) {
       result[j] |= is_last_block & ctx->h[j];
     }
   }
 
-  // Write the output.
+  // Write the output. For SHA384 the resulting has is truncated to the left-most
+  // 384-bits (6 bytes).
   for (size_t i = 0; i < 6; i++) {
     CRYPTO_store_u64_be(out + 8 * i, result[i]);
   }