diff --git a/src/tr31.c b/src/tr31.c index 11c0b0e..3ffc51e 100644 --- a/src/tr31.c +++ b/src/tr31.c @@ -90,6 +90,26 @@ struct tr31_payload_t { #define TR31_MIN_PAYLOAD_LENGTH (DES_BLOCK_SIZE) #define TR31_MIN_KEY_BLOCK_LENGTH (sizeof(struct tr31_header_t) + TR31_MIN_PAYLOAD_LENGTH + 8) // Minimum TR-31 key block length: header + minimum payload + authenticator +// Internal processing state +struct tr31_state_t { + // encryption block size used for header length validation + unsigned int enc_block_size; + + // buffer containing: + // - verbatim header + // - binary (hex decoded) payload + // - binary (hex decoded) authenticator + size_t decoded_key_block_length; + void* decoded_key_block; + + // lengths and pointers for decoded key block buffer + size_t header_length; + size_t payload_length; + void* payload; + size_t authenticator_length; + void* authenticator; +}; + // helper functions static int dec_to_int(const char* str, size_t str_len); static void int_to_dec(unsigned int value, char* str, size_t str_len); @@ -104,12 +124,15 @@ static int tr31_opt_block_parse(const void* ptr, size_t remaining_len, size_t* o static int tr31_opt_block_validate_iso8601(const char* ts_str, size_t ts_str_len); static int tr31_opt_block_export(const struct tr31_opt_ctx_t* opt_ctx, size_t remaining_len, size_t* opt_blk_len, void* ptr); static int tr31_opt_block_export_PB(const struct tr31_ctx_t* ctx, size_t pb_len, struct tr31_opt_blk_t* opt_blk); +static int tr31_state_init(uint8_t version_id, struct tr31_state_t* state); +static int tr31_state_prepare_import(struct tr31_state_t* state, const void* key_block, size_t key_block_len, size_t header_len); +static void tr31_state_release(struct tr31_state_t* state); static int tr31_compute_final_lengths(struct tr31_ctx_t* ctx); -static int tr31_tdes_decrypt_verify_variant_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk); +static int tr31_tdes_decrypt_verify_variant_binding(const struct tr31_state_t* state, const struct tr31_key_t* kbpk, struct tr31_key_t* key); static int tr31_tdes_encrypt_sign_variant_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk); -static int tr31_tdes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk); +static int tr31_tdes_decrypt_verify_derivation_binding(struct tr31_state_t* state, const struct tr31_key_t* kbpk, struct tr31_key_t* key); static int tr31_tdes_encrypt_sign_derivation_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk); -static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk); +static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_state_t* state, const struct tr31_key_t* kbpk, struct tr31_key_t* key); static int tr31_aes_encrypt_sign_derivation_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk); static int dec_to_int(const char* str, size_t str_len) @@ -1170,8 +1193,8 @@ int tr31_import( { int r; const struct tr31_header_t* header; + struct tr31_state_t state; size_t opt_blk_len_total = 0; - unsigned int enc_block_size; const void* ptr; if (!key_block || !ctx) { @@ -1189,8 +1212,18 @@ int tr31_import( return TR31_ERROR_INVALID_KEY_BLOCK_STRING; } - // initialise TR-31 context object + // initialise processing state object + // this will populate: + // - state.enc_block_size + // - state.authenticator_length header = (const struct tr31_header_t*)key_block; + r = tr31_state_init(header->version_id, &state); + if (r) { + // return error value as-is + return r; + } + + // initialise TR-31 context object r = tr31_init(header->version_id, NULL, ctx); if (r) { // return error value as-is @@ -1260,36 +1293,6 @@ int tr31_import( ptr += opt_blk_len; } - // validate key block format version - // set associated authenticator length - // set encryption block size for header length validation - switch (ctx->version) { - case TR31_VERSION_A: - case TR31_VERSION_C: - ctx->authenticator_length = 4; // 4 bytes; 8 ASCII hex digits - enc_block_size = DES_BLOCK_SIZE; - break; - - case TR31_VERSION_B: - ctx->authenticator_length = 8; // 8 bytes; 16 ASCII hex digits - enc_block_size = DES_BLOCK_SIZE; - break; - - case TR31_VERSION_D: - ctx->authenticator_length = 16; // 16 bytes; 32 ASCII hex digits - enc_block_size = AES_BLOCK_SIZE; - break; - - case TR31_VERSION_E: - ctx->authenticator_length = 16; // 16 bytes; 32 ASCII hex digits - enc_block_size = AES_BLOCK_SIZE; - break; - - default: - // invalid format version - return -1; - } - // ANSI X9.143:2021, 6.3.6 (page 19) indicates that the padding block must // result in the total length of all optional blocks being a multiple of // the encryption block length. @@ -1298,45 +1301,25 @@ int tr31_import( // does not make an exception for format version E. // So we'll use the encryption block size which is determined by the key // block format version. - if (opt_blk_len_total & (enc_block_size-1)) { + if (opt_blk_len_total & (state.enc_block_size-1)) { r = TR31_ERROR_INVALID_OPTIONAL_BLOCK_PADDING; goto error; } - // ensure that current pointer is valid for minimal payload and authenticator - if (ptr - (void*)header + TR31_MIN_PAYLOAD_LENGTH + (ctx->authenticator_length * 2) > key_block_len) { - r = TR31_ERROR_INVALID_LENGTH; - goto error; - } - - // update header data in context object - ctx->header_length = ptr - (void*)header; - ctx->header = (void*)header; - - // determine payload length - size_t key_block_payload_length = key_block_len - ctx->header_length - (ctx->authenticator_length * 2); - ctx->payload_length = key_block_payload_length / 2; - - // add payload data to context object - ctx->payload = calloc(1, ctx->payload_length); - r = hex_to_bin(ptr, key_block_payload_length, ctx->payload, ctx->payload_length); - if (r) { - r = TR31_ERROR_INVALID_PAYLOAD_FIELD; - goto error; - } - ptr += key_block_payload_length; - - // ensure that current point is valid for remaining authenticator - if (ptr - (void*)header + (ctx->authenticator_length * 2) != key_block_len) { - r = TR31_ERROR_INVALID_LENGTH; - goto error; - } - - // add authenticator to context object - ctx->authenticator = calloc(1, ctx->authenticator_length); - r = hex_to_bin(ptr, ctx->authenticator_length * 2, ctx->authenticator, ctx->authenticator_length); + // prepare state object for import processing + // this function requires: + // - state.authenticator_length + // and will: + // - validate that the payload and authenticator are hex encoded + // - populate remaining fields required by binding functions + r = tr31_state_prepare_import( + &state, + key_block, + ctx->length, + ptr - (void*)header + ); if (r) { - r = TR31_ERROR_INVALID_AUTHENTICATOR_FIELD; + // return error value as-is goto error; } @@ -1362,7 +1345,7 @@ int tr31_import( // not appear to indicate a minimum or maximum for key length // padding, and therefore this implementation only enforces the // cipher block size - if (ctx->payload_length & (DES_BLOCK_SIZE-1)) { + if (state.payload_length & (DES_BLOCK_SIZE-1)) { // payload length must be a multiple of TDES block size // for format version A, B, C r = TR31_ERROR_INVALID_KEY_LENGTH; @@ -1371,10 +1354,10 @@ int tr31_import( if (ctx->version == TR31_VERSION_A || ctx->version == TR31_VERSION_C) { // verify and decrypt payload - r = tr31_tdes_decrypt_verify_variant_binding(ctx, kbpk); + r = tr31_tdes_decrypt_verify_variant_binding(&state, kbpk, &ctx->key); } else if (ctx->version == TR31_VERSION_B) { // decrypt and verify payload - r = tr31_tdes_decrypt_verify_derivation_binding(ctx, kbpk); + r = tr31_tdes_decrypt_verify_derivation_binding(&state, kbpk, &ctx->key); } else { // invalid format version return -1; @@ -1416,7 +1399,7 @@ int tr31_import( // TR-31:2018 nor ISO 20038:2017 appear to indicate a minimum or // maximum for key length padding, and therefore this // implementation only enforces the cipher block size - if (ctx->payload_length & (AES_BLOCK_SIZE-1)) { + if (state.payload_length & (AES_BLOCK_SIZE-1)) { // payload length must be a multiple of AES block size // for format version D r = TR31_ERROR_INVALID_KEY_LENGTH; @@ -1424,7 +1407,7 @@ int tr31_import( } // decrypt and verify payload - r = tr31_aes_decrypt_verify_derivation_binding(ctx, kbpk); + r = tr31_aes_decrypt_verify_derivation_binding(&state, kbpk, &ctx->key); if (r) { // return error value as-is goto error; @@ -1467,7 +1450,7 @@ int tr31_import( } // decrypt and verify payload - r = tr31_aes_decrypt_verify_derivation_binding(ctx, kbpk); + r = tr31_aes_decrypt_verify_derivation_binding(&state, kbpk, &ctx->key); if (r) { // return error value as-is goto error; @@ -1513,6 +1496,7 @@ int tr31_import( error: tr31_release(ctx); exit: + tr31_state_release(&state); return r; } @@ -2175,6 +2159,98 @@ static int tr31_opt_block_export_PB( return 0; } +static int tr31_state_init(uint8_t version_id, struct tr31_state_t* state) +{ + memset(state, 0, sizeof(*state)); + + // determine authenticator length and encryption block size + switch (version_id) { + case TR31_VERSION_A: + case TR31_VERSION_C: + state->enc_block_size = DES_BLOCK_SIZE; + state->authenticator_length = 4; // 4 bytes; 8 ASCII hex digits + break; + + case TR31_VERSION_B: + state->enc_block_size = DES_BLOCK_SIZE; + state->authenticator_length = 8; // 8 bytes; 16 ASCII hex digits + break; + + case TR31_VERSION_D: + state->enc_block_size = AES_BLOCK_SIZE; + state->authenticator_length = 16; // 16 bytes; 32 ASCII hex digits + break; + + case TR31_VERSION_E: + state->enc_block_size = AES_BLOCK_SIZE; + state->authenticator_length = 16; // 16 bytes; 32 ASCII hex digits + break; + + default: + return TR31_ERROR_UNSUPPORTED_VERSION; + } + + return 0; +} + +static int tr31_state_prepare_import( + struct tr31_state_t* state, + const void* key_block, + size_t key_block_len, + size_t header_len +) +{ + int r; + size_t authenticator_hex_length; + size_t payload_hex_length; + const void* ptr; + + // ensure that key block length is valid for minimal payload and authenticator + authenticator_hex_length = state->authenticator_length * 2; + if (header_len + TR31_MIN_PAYLOAD_LENGTH + authenticator_hex_length > key_block_len) { + return TR31_ERROR_INVALID_LENGTH; + } + + // populate various lengths + state->header_length = header_len; + payload_hex_length = key_block_len - state->header_length - authenticator_hex_length; + state->payload_length = payload_hex_length / 2; + + // prepare decoded key block buffer + state->decoded_key_block_length = state->header_length + state->payload_length + state->authenticator_length; + state->decoded_key_block = malloc(state->decoded_key_block_length); + memcpy(state->decoded_key_block, key_block, state->header_length); + + // decode payload + ptr = key_block + header_len; + state->payload = state->decoded_key_block + state->header_length; + r = hex_to_bin(ptr, payload_hex_length, state->payload, state->payload_length); + if (r) { + return TR31_ERROR_INVALID_PAYLOAD_FIELD; + } + + // decode authenticator + ptr += payload_hex_length; + state->authenticator = state->payload + state->payload_length; + r = hex_to_bin(ptr, authenticator_hex_length, state->authenticator, state->authenticator_length); + if (r) { + return TR31_ERROR_INVALID_AUTHENTICATOR_FIELD; + } + + return 0; +} + +static void tr31_state_release(struct tr31_state_t* state) +{ + if (state->decoded_key_block) { + // cleanse this buffer because the derivation binding functions copy + // cleartext key data into it for CMAC verification + crypto_cleanse(state->decoded_key_block, state->decoded_key_block_length); + free(state->decoded_key_block); + } + memset(state, 0, sizeof(*state)); +} + static int tr31_compute_final_lengths(struct tr31_ctx_t* ctx) { size_t padded_key_length; @@ -2251,22 +2327,14 @@ static int tr31_compute_final_lengths(struct tr31_ctx_t* ctx) return 0; } -static int tr31_tdes_decrypt_verify_variant_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk) +static int tr31_tdes_decrypt_verify_variant_binding(const struct tr31_state_t* state, const struct tr31_key_t* kbpk, struct tr31_key_t* key) { int r; uint8_t kbek[TDES3_KEY_SIZE]; uint8_t kbak[TDES3_KEY_SIZE]; + struct tr31_payload_t* decrypted_payload = NULL; size_t key_length; - // buffer for decryption - uint8_t decrypted_payload_buf[ctx->payload_length]; - struct tr31_payload_t* decrypted_payload = (struct tr31_payload_t*)decrypted_payload_buf; - - // buffer for MAC verification - uint8_t mac_input[ctx->header_length + ctx->payload_length]; - memcpy(mac_input, ctx->header, ctx->header_length); - memcpy(mac_input + ctx->header_length, ctx->payload, ctx->payload_length); - // output key block encryption key variant and key block authentication key variant r = tr31_tdes_kbpk_variant(kbpk->data, kbpk->length, kbek, kbak); if (r) { @@ -2275,29 +2343,50 @@ static int tr31_tdes_decrypt_verify_variant_binding(struct tr31_ctx_t* ctx, cons } // verify authenticator - r = tr31_tdes_verify_cbcmac(kbak, kbpk->length, mac_input, sizeof(mac_input), ctx->authenticator, ctx->authenticator_length); + r = tr31_tdes_verify_cbcmac( + kbak, + kbpk->length, + state->decoded_key_block, + state->header_length + state->payload_length, + state->authenticator, + state->authenticator_length + ); if (r) { r = TR31_ERROR_KEY_BLOCK_VERIFICATION_FAILED; goto error; } // decrypt key payload; note that the TR-31 header is used as the IV - r = crypto_tdes_decrypt(kbek, kbpk->length, ctx->header, ctx->payload, ctx->payload_length, decrypted_payload); + decrypted_payload = malloc(state->payload_length); + r = crypto_tdes_decrypt( + kbek, + kbpk->length, + state->decoded_key_block, + state->payload, + state->payload_length, + decrypted_payload + ); if (r) { // return error value as-is goto error; } // validate payload length field - key_length = ntohs(decrypted_payload->length) / 8; // payload length is big endian and in bits, not bytes - if (key_length > ctx->payload_length - 2) { + key_length = ntohs(decrypted_payload->length); // payload length is big endian and in bits, not bytes + if ((key_length & 0x7) != 0) { + // invalid key length is not a multiple of 8 bits + r = TR31_ERROR_INVALID_KEY_LENGTH; + goto error; + } + key_length /= 8; // convert to bytes + if (key_length > state->payload_length - 2) { // invalid key length relative to encrypted payload length r = TR31_ERROR_INVALID_KEY_LENGTH; goto error; } // extract key data - r = tr31_key_set_data(&ctx->key, decrypted_payload->data, key_length); + r = tr31_key_set_data(key, decrypted_payload->data, key_length); if (r) { // return error value as-is goto error; @@ -2312,8 +2401,10 @@ static int tr31_tdes_decrypt_verify_variant_binding(struct tr31_ctx_t* ctx, cons // cleanse sensitive buffers crypto_cleanse(kbek, sizeof(kbek)); crypto_cleanse(kbak, sizeof(kbak)); - crypto_cleanse(decrypted_payload_buf, sizeof(decrypted_payload_buf)); - crypto_cleanse(mac_input, sizeof(mac_input)); + if (decrypted_payload) { + crypto_cleanse(decrypted_payload, state->payload_length); + free(decrypted_payload); + } return r; } @@ -2386,18 +2477,14 @@ static int tr31_tdes_encrypt_sign_variant_binding(struct tr31_ctx_t* ctx, const return r; } -static int tr31_tdes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk) +static int tr31_tdes_decrypt_verify_derivation_binding(struct tr31_state_t* state, const struct tr31_key_t* kbpk, struct tr31_key_t* key) { int r; uint8_t kbek[TDES3_KEY_SIZE]; uint8_t kbak[TDES3_KEY_SIZE]; + struct tr31_payload_t* decrypted_payload = NULL; size_t key_length; - // buffer for decryption and CMAC verification - uint8_t decrypted_key_block[ctx->header_length + ctx->payload_length]; - memcpy(decrypted_key_block, ctx->header, ctx->header_length); - struct tr31_payload_t* decrypted_payload = (struct tr31_payload_t*)(decrypted_key_block + ctx->header_length); - // derive key block encryption key and key block authentication key from key block protection key r = tr31_tdes_kbpk_derive(kbpk->data, kbpk->length, kbek, kbak); if (r) { @@ -2406,29 +2493,51 @@ static int tr31_tdes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, c } // decrypt key payload; note that the authenticator is used as the IV - r = crypto_tdes_decrypt(kbek, kbpk->length, ctx->authenticator, ctx->payload, ctx->payload_length, decrypted_payload); + decrypted_payload = malloc(state->payload_length); + r = crypto_tdes_decrypt( + kbek, + kbpk->length, + state->authenticator, + state->payload, + state->payload_length, + decrypted_payload + ); if (r) { // return error value as-is goto error; } // extract payload length field - key_length = ntohs(decrypted_payload->length) / 8; // payload length is big endian and in bits, not bytes - if (key_length > ctx->payload_length - 2) { + key_length = ntohs(decrypted_payload->length); // payload length is big endian and in bits, not bytes + if ((key_length & 0x7) != 0) { + // invalid key length is not a multiple of 8 bits + r = TR31_ERROR_INVALID_KEY_LENGTH; + goto error; + } + key_length /= 8; // convert to bytes + if (key_length > state->payload_length - 2) { // invalid key length relative to encrypted payload length r = TR31_ERROR_INVALID_KEY_LENGTH; goto error; } // verify authenticator - r = tr31_tdes_verify_cmac(kbak, kbpk->length, decrypted_key_block, sizeof(decrypted_key_block), ctx->authenticator, ctx->authenticator_length); + memcpy(state->payload, decrypted_payload, state->payload_length); + r = tr31_tdes_verify_cmac( + kbak, + kbpk->length, + state->decoded_key_block, + state->header_length + state->payload_length, + state->authenticator, + state->authenticator_length + ); if (r) { r = TR31_ERROR_KEY_BLOCK_VERIFICATION_FAILED; goto error; } // extract key data - r = tr31_key_set_data(&ctx->key, decrypted_payload->data, key_length); + r = tr31_key_set_data(key, decrypted_payload->data, key_length); if (r) { // return error value as-is goto error; @@ -2443,7 +2552,10 @@ static int tr31_tdes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, c // cleanse sensitive buffers crypto_cleanse(kbek, sizeof(kbek)); crypto_cleanse(kbak, sizeof(kbak)); - crypto_cleanse(decrypted_key_block, sizeof(decrypted_key_block)); + if (decrypted_payload) { + crypto_cleanse(decrypted_payload, state->payload_length); + free(decrypted_payload); + } return r; } @@ -2511,19 +2623,17 @@ static int tr31_tdes_encrypt_sign_derivation_binding(struct tr31_ctx_t* ctx, con return r; } -static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, const struct tr31_key_t* kbpk) +static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_state_t* state, const struct tr31_key_t* kbpk, struct tr31_key_t* key) { int r; uint8_t kbek[AES256_KEY_SIZE]; uint8_t kbak[AES256_KEY_SIZE]; + const struct tr31_header_t* header; + struct tr31_payload_t* decrypted_payload = NULL; size_t key_length; - // buffer for decryption and CMAC verification - uint8_t decrypted_key_block[ctx->header_length + ctx->payload_length]; - memcpy(decrypted_key_block, ctx->header, ctx->header_length); - struct tr31_payload_t* decrypted_payload = (struct tr31_payload_t*)(decrypted_key_block + ctx->header_length); - - if (ctx->version == TR31_VERSION_D) { + header = state->decoded_key_block; + if (header->version_id == TR31_VERSION_D) { // derive key block encryption key and key block authentication key from key block protection key // format version D uses CBC block mode r = tr31_aes_kbpk_derive(kbpk->data, kbpk->length, TR31_AES_MODE_CBC, kbek, kbak); @@ -2533,13 +2643,21 @@ static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, co } // decrypt key payload; note that the authenticator is used as the IV - r = crypto_aes_decrypt(kbek, kbpk->length, ctx->authenticator, ctx->payload, ctx->payload_length, decrypted_payload); + decrypted_payload = malloc(state->payload_length); + r = crypto_aes_decrypt( + kbek, + kbpk->length, + state->authenticator, + state->payload, + state->payload_length, + decrypted_payload + ); if (r) { // return error value as-is goto error; } - } else if (ctx->version == TR31_VERSION_E) { + } else if (header->version_id == TR31_VERSION_E) { // derive key block encryption key and key block authentication key from key block protection key // format version E uses CTR block mode r = tr31_aes_kbpk_derive(kbpk->data, kbpk->length, TR31_AES_MODE_CTR, kbek, kbak); @@ -2549,7 +2667,15 @@ static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, co } // decrypt key payload; note that the authenticator is used as the IV/nonce - r = crypto_aes_decrypt_ctr(kbek, kbpk->length, ctx->authenticator, ctx->payload, ctx->payload_length, decrypted_payload); + decrypted_payload = malloc(state->payload_length); + r = crypto_aes_decrypt_ctr( + kbek, + kbpk->length, + state->authenticator, + state->payload, + state->payload_length, + decrypted_payload + ); if (r) { // return error value as-is goto error; @@ -2561,22 +2687,36 @@ static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, co } // extract payload length field - key_length = ntohs(decrypted_payload->length) / 8; // payload length is big endian and in bits, not bytes - if (key_length > ctx->payload_length - 2) { + key_length = ntohs(decrypted_payload->length); // payload length is big endian and in bits, not bytes + if ((key_length & 0x7) != 0) { + // invalid key length is not a multiple of 8 bits + r = TR31_ERROR_INVALID_KEY_LENGTH; + goto error; + } + key_length /= 8; // convert to bytes + if (key_length > state->payload_length - 2) { // invalid key length relative to encrypted payload length r = TR31_ERROR_INVALID_KEY_LENGTH; goto error; } // verify authenticator - r = tr31_aes_verify_cmac(kbak, kbpk->length, decrypted_key_block, sizeof(decrypted_key_block), ctx->authenticator, ctx->authenticator_length); + memcpy(state->payload, decrypted_payload, state->payload_length); + r = tr31_aes_verify_cmac( + kbak, + kbpk->length, + state->decoded_key_block, + state->header_length + state->payload_length, + state->authenticator, + state->authenticator_length + ); if (r) { r = TR31_ERROR_KEY_BLOCK_VERIFICATION_FAILED; goto error; } // extract key data - r = tr31_key_set_data(&ctx->key, decrypted_payload->data, key_length); + r = tr31_key_set_data(key, decrypted_payload->data, key_length); if (r) { // return error value as-is goto error; @@ -2591,7 +2731,10 @@ static int tr31_aes_decrypt_verify_derivation_binding(struct tr31_ctx_t* ctx, co // cleanse sensitive buffers crypto_cleanse(kbek, sizeof(kbek)); crypto_cleanse(kbak, sizeof(kbak)); - crypto_cleanse(decrypted_key_block, sizeof(decrypted_key_block)); + if (decrypted_payload) { + crypto_cleanse(decrypted_payload, state->payload_length); + free(decrypted_payload); + } return r; } diff --git a/test/tr31_decode_test.c b/test/tr31_decode_test.c index 5319da9..8bb04fb 100644 --- a/test/tr31_decode_test.c +++ b/test/tr31_decode_test.c @@ -62,11 +62,7 @@ int main(void) test_tr31.opt_blocks[0].id != TR31_OPT_BLOCK_KS || test_tr31.opt_blocks[0].data_length != sizeof(test1_ksn_verify) || test_tr31.opt_blocks[0].data == NULL || - memcmp(test_tr31.opt_blocks[0].data, test1_ksn_verify, sizeof(test1_ksn_verify)) != 0 || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 8 || - test_tr31.authenticator == NULL + memcmp(test_tr31.opt_blocks[0].data, test1_ksn_verify, sizeof(test1_ksn_verify)) != 0 ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -90,11 +86,7 @@ int main(void) test_tr31.key.key_version_str[0] != 0 || test_tr31.key.exportability != TR31_KEY_EXPORT_NONE || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 32 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -118,11 +110,7 @@ int main(void) test_tr31.key.key_version_str[0] != 0 || test_tr31.key.exportability != TR31_KEY_EXPORT_NONE || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 48 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -154,11 +142,7 @@ int main(void) test_tr31.opt_blocks[1].id != TR31_OPT_BLOCK_KC || test_tr31.opt_blocks[1].data == NULL || test_tr31.opt_blocks[2].id != TR31_OPT_BLOCK_KP || - test_tr31.opt_blocks[2].data == NULL || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 8 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks[2].data == NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; diff --git a/test/tr31_decrypt_test.c b/test/tr31_decrypt_test.c index f1f9a28..c8fc47e 100644 --- a/test/tr31_decrypt_test.c +++ b/test/tr31_decrypt_test.c @@ -238,11 +238,7 @@ int main(void) test_tr31.key.length != sizeof(test1_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 4 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -278,11 +274,7 @@ int main(void) test_tr31.key.length != sizeof(test1_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 8 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -318,11 +310,7 @@ int main(void) test_tr31.key.length != sizeof(test1_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 4 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -364,11 +352,7 @@ int main(void) test_tr31.key.length != sizeof(test2_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 4 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -410,11 +394,7 @@ int main(void) test_tr31.key.length != sizeof(test3_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 8 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -460,11 +440,7 @@ int main(void) test_tr31.opt_blocks[0].id != TR31_OPT_BLOCK_KS || test_tr31.opt_blocks[0].data_length != sizeof(test4_tr31_ksn_verify) || test_tr31.opt_blocks[0].data == NULL || - memcmp(test_tr31.opt_blocks[0].data, test4_tr31_ksn_verify, sizeof(test4_tr31_ksn_verify)) != 0 || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 4 || - test_tr31.authenticator == NULL + memcmp(test_tr31.opt_blocks[0].data, test4_tr31_ksn_verify, sizeof(test4_tr31_ksn_verify)) != 0 ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -510,11 +486,7 @@ int main(void) test_tr31.opt_blocks[0].id != TR31_OPT_BLOCK_KS || test_tr31.opt_blocks[0].data_length != sizeof(test5_tr31_ksn_verify) || test_tr31.opt_blocks[0].data == NULL || - memcmp(test_tr31.opt_blocks[0].data, test5_tr31_ksn_verify, sizeof(test5_tr31_ksn_verify)) != 0 || - test_tr31.payload_length != 24 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 8 || - test_tr31.authenticator == NULL + memcmp(test_tr31.opt_blocks[0].data, test5_tr31_ksn_verify, sizeof(test5_tr31_ksn_verify)) != 0 ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -556,11 +528,7 @@ int main(void) test_tr31.key.length != sizeof(test6_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 32 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -602,11 +570,7 @@ int main(void) test_tr31.key.length != sizeof(test7_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 32 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -648,11 +612,7 @@ int main(void) test_tr31.key.length != sizeof(test8_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 48 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -694,11 +654,7 @@ int main(void) test_tr31.key.length != sizeof(test9_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 18 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -740,11 +696,7 @@ int main(void) test_tr31.key.length != sizeof(test10_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 32 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -786,11 +738,7 @@ int main(void) test_tr31.key.length != sizeof(test11_tr31_key_verify) || test_tr31.key.data == NULL || test_tr31.opt_blocks_count != 0 || - test_tr31.opt_blocks != NULL || - test_tr31.payload_length != 48 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks != NULL ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -836,11 +784,7 @@ int main(void) test_tr31.opt_blocks[0].id != TR31_OPT_BLOCK_KS || test_tr31.opt_blocks[0].data_length != sizeof(test15_tr31_ksn_verify) || test_tr31.opt_blocks[0].data == NULL || - memcmp(test_tr31.opt_blocks[0].data, test15_tr31_ksn_verify, sizeof(test15_tr31_ksn_verify)) != 0 || - test_tr31.payload_length != 32 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 4 || - test_tr31.authenticator == NULL + memcmp(test_tr31.opt_blocks[0].data, test15_tr31_ksn_verify, sizeof(test15_tr31_ksn_verify)) != 0 ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -886,11 +830,7 @@ int main(void) test_tr31.opt_blocks[0].id != TR31_OPT_BLOCK_KS || test_tr31.opt_blocks[0].data_length != sizeof(test16_tr31_ksn_verify) || test_tr31.opt_blocks[0].data == NULL || - memcmp(test_tr31.opt_blocks[0].data, test16_tr31_ksn_verify, sizeof(test16_tr31_ksn_verify)) != 0 || - test_tr31.payload_length != 32 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 8 || - test_tr31.authenticator == NULL + memcmp(test_tr31.opt_blocks[0].data, test16_tr31_ksn_verify, sizeof(test16_tr31_ksn_verify)) != 0 ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -942,11 +882,7 @@ int main(void) test_tr31.opt_blocks[2].data_length != strlen(test17_tr31_ts_verify) || test_tr31.opt_blocks[2].data == NULL || memcmp(test_tr31.opt_blocks[2].data, test17_tr31_ts_verify, strlen(test17_tr31_ts_verify)) != 0 || - test_tr31.opt_blocks[3].id != TR31_OPT_BLOCK_PB || - test_tr31.payload_length != 1200 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks[3].id != TR31_OPT_BLOCK_PB ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1; @@ -988,11 +924,7 @@ int main(void) test_tr31.opt_blocks[2].data_length != strlen(test18_tr31_ts_verify) || test_tr31.opt_blocks[2].data == NULL || memcmp(test_tr31.opt_blocks[2].data, test18_tr31_ts_verify, strlen(test18_tr31_ts_verify)) != 0 || - test_tr31.opt_blocks[3].id != TR31_OPT_BLOCK_PB || - test_tr31.payload_length != 128 || - test_tr31.payload == NULL || - test_tr31.authenticator_length != 16 || - test_tr31.authenticator == NULL + test_tr31.opt_blocks[3].id != TR31_OPT_BLOCK_PB ) { fprintf(stderr, "TR-31 context is incorrect\n"); r = 1;