From 63fdd9b5816c752120c315c04c1d6878f3c13143 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Wed, 9 Nov 2022 16:14:42 +0000
Subject: [tests] Verify ability to reset cipher initialisation vector

TLS relies upon the ability to reuse a cipher by resetting only the
initialisation vector while reusing the existing key.

Add verification of resetting the initialisation vector to the cipher
self-tests.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/tests/cipher_test.c | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/src/tests/cipher_test.c b/src/tests/cipher_test.c
index 2ead3c827..0d0eac1d8 100644
--- a/src/tests/cipher_test.c
+++ b/src/tests/cipher_test.c
@@ -81,6 +81,25 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
 	okx ( cipher->authsize == test->auth_len, file, line );
 	cipher_auth ( cipher, ctx, auth );
 	okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
+
+	/* Reset initialisation vector */
+	cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
+
+	/* Process additional data, if applicable */
+	if ( test->additional_len ) {
+		cipher_encrypt ( cipher, ctx, test->additional, NULL,
+				 test->additional_len );
+	}
+
+	/* Perform encryption */
+	cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len );
+
+	/* Compare against expected ciphertext */
+	okx ( memcmp ( ciphertext, test->ciphertext, len ) == 0, file, line );
+
+	/* Check authentication tag */
+	cipher_auth ( cipher, ctx, auth );
+	okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
 }
 
 /**
@@ -120,6 +139,25 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
 	okx ( cipher->authsize == test->auth_len, file, line );
 	cipher_auth ( cipher, ctx, auth );
 	okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
+
+	/* Reset initialisation vector */
+	cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
+
+	/* Process additional data, if applicable */
+	if ( test->additional_len ) {
+		cipher_decrypt ( cipher, ctx, test->additional, NULL,
+				 test->additional_len );
+	}
+
+	/* Perform decryption */
+	cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len );
+
+	/* Compare against expected plaintext */
+	okx ( memcmp ( plaintext, test->plaintext, len ) == 0, file, line );
+
+	/* Check authentication tag */
+	cipher_auth ( cipher, ctx, auth );
+	okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
 }
 
 /**
-- 
cgit