Skip to content
This repository has been archived by the owner on Sep 29, 2024. It is now read-only.

Commit

Permalink
Dangling pointers in crypto tests (#349)
Browse files Browse the repository at this point in the history
  • Loading branch information
keeshux authored Dec 13, 2023
1 parent 8ca928a commit 071b6e2
Show file tree
Hide file tree
Showing 5 changed files with 61 additions and 66 deletions.
43 changes: 21 additions & 22 deletions Tests/TunnelKitOpenVPNTests/CryptoAEADTests.swift
Original file line number Diff line number Diff line change
Expand Up @@ -36,40 +36,39 @@ class CryptoAEADTests: XCTestCase {

private let plainData = Data(hex: "00112233ffddaa")

private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]

private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]

private lazy var flags: CryptoFlags = {
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: iv.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}()

func test_givenData_whenEncrypt_thenDecrypts() {
let sut = CryptoAEAD(cipherName: "aes-256-gcm")
sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
let encryptedData: Data
var flags = cryptoFlags

let sut1 = CryptoAEAD(cipherName: "aes-256-gcm")
sut1.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
encryptedData = try sut1.encryptData(plainData, flags: &flags)
encryptedData = try sut.encryptData(plainData, flags: &flags)
} catch {
XCTFail("Cannot encrypt: \(error)")
return
}

let sut2 = CryptoAEAD(cipherName: "aes-256-gcm")
sut2.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
let returnedData = try sut2.decryptData(encryptedData, flags: &flags)
let returnedData = try sut.decryptData(encryptedData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
} catch {
XCTFail("Cannot decrypt: \(error)")
}
}

private var cryptoFlags: CryptoFlags {
let packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}
}
35 changes: 16 additions & 19 deletions Tests/TunnelKitOpenVPNTests/CryptoCBCTests.swift
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,26 @@ class CryptoCBCTests: XCTestCase {

private let encryptedHMACData = Data(hex: "fea3fe87ee68eb21c697e62d3c29f7bea2f5b457d9a7fa66291322fc9c2fe6f700000000000000000000000000000000ebe197e706c3c5dcad026f4e3af1048b")

private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]

private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]

private lazy var flags: CryptoFlags = {
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: iv.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}()

func test_givenDecrypted_whenEncryptWithoutCipher_thenEncodesWithHMAC() {
let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
sut.configureEncryption(withCipherKey: nil, hmacKey: hmacKey)

var flags = cryptoFlags
do {
let returnedData = try sut.encryptData(plainData, flags: &flags)
XCTAssertEqual(returnedData, plainHMACData)
Expand All @@ -57,7 +72,6 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")
sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)

var flags = cryptoFlags
do {
let returnedData = try sut.encryptData(plainData, flags: &flags)
XCTAssertEqual(returnedData, encryptedHMACData)
Expand All @@ -70,7 +84,6 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)

var flags = cryptoFlags
do {
let returnedData = try sut.decryptData(plainHMACData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
Expand All @@ -83,7 +96,6 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")
sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)

var flags = cryptoFlags
do {
let returnedData = try sut.decryptData(encryptedHMACData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
Expand All @@ -96,22 +108,7 @@ class CryptoCBCTests: XCTestCase {
let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)

var flags = cryptoFlags
XCTAssertNoThrow(try sut.verifyData(plainHMACData, flags: &flags))
XCTAssertNoThrow(try sut.verifyData(encryptedHMACData, flags: &flags))
}

private var cryptoFlags: CryptoFlags {
let packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}
}
43 changes: 21 additions & 22 deletions Tests/TunnelKitOpenVPNTests/CryptoCTRTests.swift
Original file line number Diff line number Diff line change
Expand Up @@ -36,40 +36,39 @@ class CryptoCTRTests: XCTestCase {

private let plainData = Data(hex: "00112233ffddaa")

private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]

private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]

private lazy var flags: CryptoFlags = {
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: iv.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}()

func test_givenData_whenEncrypt_thenDecrypts() {
let sut = CryptoCTR(cipherName: "aes-128-ctr", digestName: "sha256")
sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
let encryptedData: Data
var flags = cryptoFlags

let sut1 = CryptoCTR(cipherName: "aes-128-ctr", digestName: "sha256")
sut1.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
encryptedData = try sut1.encryptData(plainData, flags: &flags)
encryptedData = try sut.encryptData(plainData, flags: &flags)
} catch {
XCTFail("Cannot encrypt: \(error)")
return
}

let sut2 = CryptoCTR(cipherName: "aes-128-ctr", digestName: "sha256")
sut2.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)
do {
let returnedData = try sut2.decryptData(encryptedData, flags: &flags)
let returnedData = try sut.decryptData(encryptedData, flags: &flags)
XCTAssertEqual(returnedData, plainData)
} catch {
XCTFail("Cannot decrypt: \(error)")
}
}

private var cryptoFlags: CryptoFlags {
let packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]
let ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]
return packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ class EncryptionPerformanceTests: XCTestCase {
CryptoFlags(iv: nil,
ivLength: 0,
ad: $0.baseAddress,
adLength: ad.count,
adLength: $0.count,
forTesting: true)
}
measure {
Expand Down
4 changes: 2 additions & 2 deletions Tests/TunnelKitOpenVPNTests/EncryptionTests.swift
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ class EncryptionTests: XCTestCase {
var flags = packetId.withUnsafeBufferPointer { iv in
ad.withUnsafeBufferPointer { ad in
CryptoFlags(iv: iv.baseAddress,
ivLength: packetId.count,
ivLength: iv.count,
ad: ad.baseAddress,
adLength: ad.count,
forTesting: true)
Expand All @@ -106,7 +106,7 @@ class EncryptionTests: XCTestCase {
CryptoFlags(iv: nil,
ivLength: 0,
ad: $0.baseAddress,
adLength: ad.count,
adLength: $0.count,
forTesting: true)
}

Expand Down

0 comments on commit 071b6e2

Please sign in to comment.