Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add testMaxPlaintextLength to check GCM plaintext limits #9

Closed
wants to merge 1 commit into from
Closed

Add testMaxPlaintextLength to check GCM plaintext limits #9

wants to merge 1 commit into from

Conversation

SalusaSecondus
Copy link
Contributor

This adds a test to ensure implementations enforce maximum plaintext lengths as defined by NIST SP 800-38D.

@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@SalusaSecondus
Copy link
Contributor Author

SalusaSecondus commented Dec 27, 2016
edited
Loading

I signed it! (I'm covered by Amazon.com's corporate CLA.)

@googlebot
Copy link

CLAs look good, thanks!

@cryptosubtlety
Copy link
Contributor

Thanks SalusaSecondus, this is one of few @slowtest tests that we haven't published yet and we'll publish them after the holidays.
FYI, I found this GCM bug in Bouncy Castle (CVE-2015-6644) and OpenJDK8 which lead to the following fixes:
BouncyCastle (https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f%5E%21/#F0)
OpenJDK8 (http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0c3ed12cdaf5)

@SalusaSecondus
Copy link
Contributor Author

So you're the person to thank. Thank you! I did check to ensure the libraries were patched before I made this test public.

I'm starting to think we may need a better way to coordinate to avoid duplicate work. I've a few more tests that I want to draft for AesGcm (and possibly AesEax) but don't know what will pass yet and don't want to write tests you've already spent time on.

@thaidn
Copy link
Contributor

thaidn commented Dec 28, 2016

I'm starting to think we may need a better way to coordinate to avoid duplicate work. I've a few more tests that I want to draft for AesGcm (and possibly AesEax) but don't know what will pass yet and don't want to write tests you've already spent time on.

This is awesome :).

Could you please email wycheproof-users@? We can tell you right away what has been done.

@jurajsomorovsky jurajsomorovsky mentioned this pull request Jan 2, 2017
Open
@thaidn
Copy link
Contributor

thaidn commented Feb 1, 2017

The test that Quan alluded to earlier has been released: https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/AesGcmTest.java#L452.

Please reopen this PR if you think that test is not quite the same as yours.

Thanks!

@thaidn thaidn closed this Feb 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@SalusaSecondus @googlebot @cryptosubtlety @thaidn