Fix: result len of aes{128,256}_gcm_{encrypt,decrypt}_auth

The result len when using - aes_128_gcm_encrypt_auth - aes_128_gcm_decrypt_auth was incorrect. It was computing it by: `((datalen / 16) + 1) * 16` although it should be datalen. To verify it there a is a new test in: - nasl/tests/test_crypt_data_aes.nasl And to verify it the execution Makefile is simplified and added to github workflows. To manually verify it go to `nasl/tests` and execute `make check`.
greenbone · Jul 12, 2022 · 0736d6c · 0736d6c
1 parent aa3655e
commit 0736d6c
Show file tree

Hide file tree

Showing 8 changed files with 104 additions and 128 deletions.
diff --git a/.github/workflows/nasl.yml b/.github/workflows/nasl.yml
@@ -0,0 +1,23 @@
+name: "NASL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  nasl-test:
+    name: Test
+    runs-on: ubuntu-latest
+    container: ${{ github.repository }}-build:unstable
+    steps:
+      - uses: actions/checkout@v3
+      - name: build
+        run: |
+          cmake -Bbuild -DCMAKE_BUILD_TYPE=Release
+          cmake --build build
+      - name: run
+        run: |
+          cd nasl/tests
+          OPENVAS_NASL=../../build/nasl/openvas-nasl make check
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ nasl/nasl_grammar.output
 nasl/nasl_grammar.tab.c
 nasl/nasl_grammar.tab.h
 .cache/
+testsuiterun.nasl
diff --git a/nasl/nasl_crypto2.c b/nasl/nasl_crypto2.c
@@ -1818,9 +1818,9 @@ crypt_data (lex_ctxt *lexic, int cipher, int mode, int flags)
       else if (cipher == GCRY_CIPHER_3DES)
         resultlen = ((datalen / 8) + 1) * 8;
       else if (cipher == GCRY_CIPHER_AES128)
-        resultlen = ((datalen / 16) + 1) * 16;
+        resultlen = datalen;
       else if (cipher == GCRY_CIPHER_AES256)
-        resultlen = ((datalen / 32) + 1) * 32;
+        resultlen = datalen;
       else
         {
           nasl_perror (lexic, "encrypt_data: Unknown cipher %d", cipher);

diff --git a/nasl/tests/Makefile b/nasl/tests/Makefile
@@ -21,25 +21,21 @@
 
 TEST_SCRIPTS = test_bn.nasl test_md.nasl test_dh.nasl test_blowfish.nasl \
                test_dsa.nasl test_privkey.nasl test_rsa.nasl test_hexstr.nasl \
-	       test_isotime.nasl
+	       test_isotime.nasl test_crypt_data_aes.nasl
+
+ifndef OPENVAS_NASL
+	OPENVAS_NASL := openvas-nasl
+endif
+.PHONY: check
+
+all: check
 
 # Scripts which are useful for debugging.  Eventually they should be
 # enhanced so that they can be run as part of the regression test.
 debug_scripts =
 
-KEYRING_FILES = gnupg/pubring.gpg gnupg/secring.gpg gnupg/trustdb.gpg
-
-check: testsuite $(KEYRING_FILES)
-	../openvas-nasl -X testsuite
-	@echo
-	./test_script_signing.sh
-
-testsuite: $(TEST_SCRIPTS) testsuiteinit.nasl testsuitesummary.nasl
-	cat testsuiteinit.nasl $(TEST_SCRIPTS) testsuitesummary.nasl > testsuite
-
+check: testsuiterun.nasl
+	${OPENVAS_NASL} -X testsuiterun.nasl
 
-$(KEYRING_FILES): keys/keypair.asc keys/ownertrust.txt
-	mkdir gnupg
-	chmod 700 gnupg
-	gpg --homedir=gnupg --import keys/keypair.asc
-	gpg --homedir=gnupg --import-ownertrust keys/ownertrust.txt
+testsuiterun.nasl: $(TEST_SCRIPTS) testsuiteinit.nasl testsuitesummary.nasl
+	cat testsuiteinit.nasl $(TEST_SCRIPTS) testsuitesummary.nasl > testsuiterun.nasl
diff --git a/nasl/tests/keys/keypair.asc b/nasl/tests/keys/keypair.asc
diff --git a/nasl/tests/keys/ownertrust.txt b/nasl/tests/keys/ownertrust.txt
diff --git a/nasl/tests/test_crypt_data_aes.nasl b/nasl/tests/test_crypt_data_aes.nasl
@@ -0,0 +1,66 @@
+
+key = raw_string(0xa9, 0x87, 0xf5, 0x2b, 0xaf, 0x99, 0x06, 0xfa, 0x04, 0x8e, 0x2d, 0xb4, 0x6f, 0x50, 0x88, 0xa3); # Encryption Key
+
+nonce = raw_string(0x49, 0xa9, 0xe3, 0x12, 0x4d, 0xb5, 0x69, 0xeb, 0xef, 0x13, 0x4f, 0x2f); # Nonce 11 Bytes
+
+aad = raw_string(0x49, 0xa9, 0xe3, 0x12, 0x4d, 0xb5, 0x69, 0xeb,
+				 0xef, 0x13, 0x4f, 0x2f, 0x00, 0x00, 0x00, 0x00,
+				 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+				 0x4d, 0x00, 0x00, 0x78, 0x55, 0x18, 0x00, 0x00);
+
+data = raw_string(0xfe, 0x53, 0x4d, 0x42, 0x40, 0x00, 0x01, 0x00,
+				  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x81, 0x1f, 
+				  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+				  0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+				  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+				  0x4d, 0x00, 0x00, 0x78, 0x55, 0x18, 0x00, 0x00, 
+				  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+				  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+				  0x09, 0x00, 0x00, 0x00, 0x48, 0x00, 0x26, 0x00, 
+				  0x5c, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x39, 0x00, 
+				  0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00, 
+				  0x38, 0x00, 0x2e, 0x00, 0x39, 0x00, 0x2e, 0x00, 
+				  0x37, 0x00, 0x30, 0x00, 0x5c, 0x00, 0x49, 0x00, 
+				  0x50, 0x00, 0x43, 0x00, 0x24, 0x00 );
+
+crypt = aes128_gcm_encrypt_auth ( key:key,iv:nonce, data:data, aad:aad );
+encrypt = crypt[0];
+signature = crypt[1];
+
+testcase_start("test_aes128_gcm encrypt signature");
+if(hexstr(signature) == "5fa4ed441e482bf586e0f07be7eefc28") {
+  testcase_ok();
+} else {
+  testcase_failed();
+	display("Wrong signature: " + hexstr(signature));
+}
+
+testcase_start("test_aes128_gcm encrypt");
+if(hexstr(encrypt) == "95dfb1325902969990096fc398a3c25334"+
+	"94db23544a282d5549926a055f0400c1d09f4a493c51fa24a3b26"+
+	"7bcf06ad6d38f89d582d181098aeccaf02e7495685bc563cbeb66" +
+	"7af90d820adc5db0b705effc03078c57741ad954a3726ab08af1d0eac3ff4f0f442cffb7203aa4ce"){
+  testcase_ok();
+} else {
+  testcase_failed();
+	display("False data: " + hexstr(encrypt));
+}
+
+crypt = aes128_gcm_decrypt_auth (key:key, iv:nonce, data:encrypt, len: strlen(data), aad:aad);
+
+decrypt = crypt[0];
+tag = crypt[1];
+
+testcase_start("test_aes128_gcm decrypt");
+if (decrypt == data) {
+  testcase_ok();
+} else {
+  testcase_failed();
+}
+
+testcase_start("test_aes128_gcm decrypt tag");
+if (hexstr(tag) == "5fa4ed441e482bf586e0f07be7eefc28") {
+  testcase_ok();
+} else {
+  testcase_failed();
+}
diff --git a/nasl/tests/test_script_signing.sh b/nasl/tests/test_script_signing.sh