(t *testing.T)
| 76 | } |
| 77 | |
| 78 | func TestCBCOracleCounterMeasure(t *testing.T) { |
| 79 | kr := &kexResult{Hash: crypto.SHA1} |
| 80 | algs := directionAlgorithms{ |
| 81 | Cipher: aes128cbcID, |
| 82 | MAC: "hmac-sha1", |
| 83 | Compression: "none", |
| 84 | } |
| 85 | client, err := newPacketCipher(clientKeys, algs, kr) |
| 86 | if err != nil { |
| 87 | t.Fatalf("newPacketCipher(client): %v", err) |
| 88 | } |
| 89 | |
| 90 | want := "bla bla" |
| 91 | input := []byte(want) |
| 92 | buf := &bytes.Buffer{} |
| 93 | if err := client.writeCipherPacket(0, buf, rand.Reader, input); err != nil { |
| 94 | t.Errorf("writeCipherPacket: %v", err) |
| 95 | } |
| 96 | |
| 97 | packetSize := buf.Len() |
| 98 | buf.Write(make([]byte, 2*maxPacket)) |
| 99 | |
| 100 | // We corrupt each byte, but this usually will only test the |
| 101 | // 'packet too large' or 'MAC failure' cases. |
| 102 | lastRead := -1 |
| 103 | for i := 0; i < packetSize; i++ { |
| 104 | server, err := newPacketCipher(clientKeys, algs, kr) |
| 105 | if err != nil { |
| 106 | t.Fatalf("newPacketCipher(client): %v", err) |
| 107 | } |
| 108 | |
| 109 | fresh := &bytes.Buffer{} |
| 110 | fresh.Write(buf.Bytes()) |
| 111 | fresh.Bytes()[i] ^= 0x01 |
| 112 | |
| 113 | before := fresh.Len() |
| 114 | _, err = server.readCipherPacket(0, fresh) |
| 115 | if err == nil { |
| 116 | t.Errorf("corrupt byte %d: readCipherPacket succeeded ", i) |
| 117 | continue |
| 118 | } |
| 119 | if _, ok := err.(cbcError); !ok { |
| 120 | t.Errorf("corrupt byte %d: got %v (%T), want cbcError", i, err, err) |
| 121 | continue |
| 122 | } |
| 123 | |
| 124 | after := fresh.Len() |
| 125 | bytesRead := before - after |
| 126 | if bytesRead < maxPacket { |
| 127 | t.Errorf("corrupt byte %d: read %d bytes, want more than %d", i, bytesRead, maxPacket) |
| 128 | continue |
| 129 | } |
| 130 | |
| 131 | if i > 0 && bytesRead != lastRead { |
| 132 | t.Errorf("corrupt byte %d: read %d bytes, want %d bytes read", i, bytesRead, lastRead) |
| 133 | } |
| 134 | lastRead = bytesRead |
| 135 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…