MCPcopy
hub / github.com/tailscale/tailscale / TestCBCOracleCounterMeasure

Function TestCBCOracleCounterMeasure

tempfork/sshtest/ssh/cipher_test.go:78–136  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

76}
77
78func TestCBCOracleCounterMeasure(t *testing.T) {
79 kr := &kexResult{Hash: crypto.SHA1}
80 algs := directionAlgorithms{
81 Cipher: aes128cbcID,
82 MAC: "hmac-sha1",
83 Compression: "none",
84 }
85 client, err := newPacketCipher(clientKeys, algs, kr)
86 if err != nil {
87 t.Fatalf("newPacketCipher(client): %v", err)
88 }
89
90 want := "bla bla"
91 input := []byte(want)
92 buf := &bytes.Buffer{}
93 if err := client.writeCipherPacket(0, buf, rand.Reader, input); err != nil {
94 t.Errorf("writeCipherPacket: %v", err)
95 }
96
97 packetSize := buf.Len()
98 buf.Write(make([]byte, 2*maxPacket))
99
100 // We corrupt each byte, but this usually will only test the
101 // 'packet too large' or 'MAC failure' cases.
102 lastRead := -1
103 for i := 0; i < packetSize; i++ {
104 server, err := newPacketCipher(clientKeys, algs, kr)
105 if err != nil {
106 t.Fatalf("newPacketCipher(client): %v", err)
107 }
108
109 fresh := &bytes.Buffer{}
110 fresh.Write(buf.Bytes())
111 fresh.Bytes()[i] ^= 0x01
112
113 before := fresh.Len()
114 _, err = server.readCipherPacket(0, fresh)
115 if err == nil {
116 t.Errorf("corrupt byte %d: readCipherPacket succeeded ", i)
117 continue
118 }
119 if _, ok := err.(cbcError); !ok {
120 t.Errorf("corrupt byte %d: got %v (%T), want cbcError", i, err, err)
121 continue
122 }
123
124 after := fresh.Len()
125 bytesRead := before - after
126 if bytesRead < maxPacket {
127 t.Errorf("corrupt byte %d: read %d bytes, want more than %d", i, bytesRead, maxPacket)
128 continue
129 }
130
131 if i > 0 && bytesRead != lastRead {
132 t.Errorf("corrupt byte %d: read %d bytes, want %d bytes read", i, bytesRead, lastRead)
133 }
134 lastRead = bytesRead
135 }

Callers

nothing calls this directly

Calls 8

WriteMethod · 0.95
newPacketCipherFunction · 0.85
BytesMethod · 0.80
FatalfMethod · 0.65
writeCipherPacketMethod · 0.65
ErrorfMethod · 0.65
LenMethod · 0.65
readCipherPacketMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…