Skip to content

Commit

Permalink
Added test case with low-level botan calls, reproducing windows crash…
Browse files Browse the repository at this point in the history
… issue.
  • Loading branch information
ni4 committed Dec 4, 2023
1 parent e2be41f commit b9eb93c
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 0 deletions.
87 changes: 87 additions & 0 deletions src/tests/cipher.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1137,3 +1137,90 @@ TEST_F(rnp_tests, test_brainpool_enabled)
assert_false(supported);
#endif
}

#if defined(CRYPTO_BACKEND_BOTAN)
TEST_F(rnp_tests, test_windows_botan_crash)
{
/* Reproducer for https://github.com/randombit/botan/issues/3812 . Related CLI test test
* test_sym_encrypted__rnp_aead_botan_crash */
/* First 32 bytes are encrypted key as it was extracted from the OpenPGP stream. */

auto ver_major = botan_version_major();
auto ver_minor = botan_version_minor();
auto ver_patch = botan_version_patch();
/* Currently AV happens with versions up to 2.19.3 and 3.2.0 */
if ((ver_major == 2) && ((ver_minor > 19) || ((ver_minor == 19) && (ver_patch > 3)))) {
return;

Check warning on line 1153 in src/tests/cipher.cpp

View check run for this annotation

Codecov / codecov/patch

src/tests/cipher.cpp#L1153

Added line #L1153 was not covered by tests
}
if ((ver_major == 3) && ((ver_minor > 2) || ((ver_minor == 2) && (ver_patch > 0)))) {
return;

Check warning on line 1156 in src/tests/cipher.cpp

View check run for this annotation

Codecov / codecov/patch

src/tests/cipher.cpp#L1156

Added line #L1156 was not covered by tests
}

auto data = file_to_vec("data/test_messages/message.aead-windows-issue-botan");
size_t idx = 32;
uint8_t bufbin[64] = {0};
uint8_t outbuf[32768] = {0};
size_t written = 0;
size_t read = 0;
size_t diff = 0;

/* Now the data which exposes a possible crash */
struct botan_cipher_struct *cipher = NULL;
assert_int_equal(botan_cipher_init(&cipher, "AES-128/OCB", BOTAN_CIPHER_INIT_FLAG_DECRYPT),
0);

const char *key2 = "417835a476bc5958b18d41fb00cf682d";
assert_int_equal(rnp::hex_decode(key2, bufbin, 16), 16);
assert_int_equal(botan_cipher_set_key(cipher, bufbin, 16), 0);

const char *ad2 = "d40107020c0000000000000000";
assert_int_equal(rnp::hex_decode(ad2, bufbin, 13), 13);
assert_int_equal(botan_cipher_set_associated_data(cipher, bufbin, 13), 0);

const char *nonce2 = "005dbbbe0088f9d17ca2d8d464920f";
assert_int_equal(rnp::hex_decode(nonce2, bufbin, 15), 15);
assert_int_equal(botan_cipher_start(cipher, bufbin, 15), 0);

assert_int_equal(
botan_cipher_update(
cipher, 0, outbuf, sizeof(outbuf), &written, data.data() + idx, 32736, &read),
0);
diff = 32736 - read;
idx += read;

assert_int_equal(
botan_cipher_update(
cipher, 0, outbuf, sizeof(outbuf), &written, data.data() + idx, diff + 32736, &read),
0);
idx += read;
diff = diff + 32736 - read;

assert_int_equal(
botan_cipher_update(
cipher, 0, outbuf, sizeof(outbuf), &written, data.data() + idx, diff + 32736, &read),
0);
idx += read;
diff = diff + 32736 - read;

assert_int_equal(
botan_cipher_update(
cipher, 0, outbuf, sizeof(outbuf), &written, data.data() + idx, diff + 32736, &read),
0);
idx += read;
diff = diff + 32736 - read;

assert_int_equal(botan_cipher_update(cipher,
BOTAN_CIPHER_UPDATE_FLAG_FINAL,
outbuf,
sizeof(outbuf),
&written,
data.data() + idx,
diff + 25119,
&read),
0);
idx += read;

assert_int_equal(botan_cipher_reset(cipher), 0);
assert_int_equal(botan_cipher_destroy(cipher), 0);
}
#endif
Binary file not shown.

0 comments on commit b9eb93c

Please sign in to comment.