diff options
| author | Jakub Zelenka <bukka@php.net> | 2016-01-04 14:07:19 +0000 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2016-01-04 14:07:19 +0000 |
| commit | 5897256d0405592d6629a25d0ca0b77cfaa741fe (patch) | |
| tree | 46754a001114b8413bd3ec4d585aca8fff7c74a8 | |
| parent | 8daecc59eb62516e2f6b703150c4d3e78ab55b75 (diff) | |
| download | php-git-5897256d0405592d6629a25d0ca0b77cfaa741fe.tar.gz | |
Fix and test OpenSSL CCM encryption
| -rw-r--r-- | ext/openssl/openssl.c | 5 | ||||
| -rw-r--r-- | ext/openssl/tests/cipher_tests.inc | 14 | ||||
| -rw-r--r-- | ext/openssl/tests/openssl_encrypt_ccm.phpt | 39 |
3 files changed, 58 insertions, 0 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index a6abcb927e..d87d9b931f 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -5354,6 +5354,11 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type, { int i = 0; + if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { + php_error_docref(NULL, E_WARNING, "Setting of data length failed"); + return FAILURE; + } + if (mode->is_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (unsigned char *)aad, (int)aad_len)) { php_error_docref(NULL, E_WARNING, "Setting of additional application data failed"); return FAILURE; diff --git a/ext/openssl/tests/cipher_tests.inc b/ext/openssl/tests/cipher_tests.inc index 00119e99ab..b9e84af8f8 100644 --- a/ext/openssl/tests/cipher_tests.inc +++ b/ext/openssl/tests/cipher_tests.inc @@ -1,5 +1,19 @@ <?php $php_openssl_cipher_tests = array( + 'aes-256-ccm' => array( + array( + 'key' => '1bde3251d41a8b5ea013c195ae128b21' . + '8b3e0306376357077ef1c1c78548b92e', + 'iv' => '5b8e40746f6b98e00f1d13ff41', + 'aad' => 'c17a32514eb6103f3249e076d4c871dc' . + '97e04b286699e54491dc18f6d734d4c0', + 'tag' => '2024931d73bca480c24a24ece6b6c2bf', + 'pt' => '53bd72a97089e312422bf72e242377b3' . + 'c6ee3e2075389b999c4ef7f28bd2b80a', + 'ct' => '9a5fcccdb4cf04e7293d2775cc76a488' . + 'f042382d949b43b7d6bb2b9864786726', + ), + ), 'aes-128-gcm' => array( array( 'key' => '00000000000000000000000000000000', diff --git a/ext/openssl/tests/openssl_encrypt_ccm.phpt b/ext/openssl/tests/openssl_encrypt_ccm.phpt new file mode 100644 index 0000000000..1606044997 --- /dev/null +++ b/ext/openssl/tests/openssl_encrypt_ccm.phpt @@ -0,0 +1,39 @@ +--TEST-- +openssl_encrypt() with CCM cipher algorithm tests +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) + die("skip"); +if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + die("skip: aes-256-ccm not available"); +?> +--FILE-- +<?php +require_once __DIR__ . "/cipher_tests.inc"; +$method = 'aes-256-ccm'; +$tests = openssl_get_cipher_tests($method); + +foreach ($tests as $idx => $test) { + echo "TEST $idx\n"; + $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, + $test['iv'], $tag, $test['aad'], strlen($test['tag'])); + var_dump($test['ct'] === $ct); + var_dump($test['tag'] === $tag); +} + +// Empty IV error +var_dump(openssl_encrypt('data', $method, 'password', 0, NULL, $tag, '')); + +// Test setting different IV length and unlimeted tag +var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 10), $tag, '', 1024)); +var_dump(strlen($tag)); +?> +--EXPECTF-- +TEST 0 +bool(true) +bool(true) + +Warning: openssl_encrypt(): Setting of IV length for AEAD mode failed, the expected length is 12 bytes in %s on line %d +bool(false) +string(8) "p/lvgA==" +int(1024) |