diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-01-23 18:45:34 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-01-26 07:47:51 +0100 |
| commit | f60b67a6fcbed7329f7d27511e8c572dc252934e (patch) | |
| tree | 91c4e3f38c037ec740865adba7a9e46e1e4eb8db /src/lib | |
| parent | a1ac8d6c95d75f7b291cc27feddc9ad429eb3fed (diff) | |
| download | ouroboros-f60b67a6fcbed7329f7d27511e8c572dc252934e.tar.gz ouroboros-f60b67a6fcbed7329f7d27511e8c572dc252934e.zip | |
lib: Speed up key rotation tests
The tests were not correct as the library was compiled with the
default 1 << 20 epoch. Added a parametere to the sk configuration that
specifies the epoch size. Set to 1 << KEY_ROTATION_BIT in dev.c, but
lowered to 7 in unit tests.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/crypt/openssl.c | 7 | ||||
| -rw-r--r-- | src/lib/dev.c | 2 | ||||
| -rw-r--r-- | src/lib/serdes-irm.c | 6 | ||||
| -rw-r--r-- | src/lib/tests/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | src/lib/tests/crypt_test.c | 24 |
5 files changed, 21 insertions, 19 deletions
diff --git a/src/lib/crypt/openssl.c b/src/lib/crypt/openssl.c index 13ed1c64..b8233593 100644 --- a/src/lib/crypt/openssl.c +++ b/src/lib/crypt/openssl.c @@ -1093,6 +1093,7 @@ struct ossl_crypt_ctx * openssl_crypt_create_ctx(struct crypt_sk * sk) assert(sk != NULL); assert(sk->key != NULL); + assert(sk->rot_bit > 0 && sk->rot_bit < 32); ctx = malloc(sizeof(*ctx)); if (ctx == NULL) @@ -1124,11 +1125,7 @@ struct ossl_crypt_ctx * openssl_crypt_create_ctx(struct crypt_sk * sk) ctx->tagsz = 16; /* Standard AEAD tag length (128 bits) */ ctx->rot.cntr = 0; -#ifdef TEST_KEY_ROTATION_BIT - ctx->rot.mask = (1U << TEST_KEY_ROTATION_BIT); -#else - ctx->rot.mask = (1U << KEY_ROTATION_BIT); -#endif + ctx->rot.mask = (1U << sk->rot_bit); ctx->rot.age = 0; ctx->rot.phase = 0; diff --git a/src/lib/dev.c b/src/lib/dev.c index 31f4fb78..106a4256 100644 --- a/src/lib/dev.c +++ b/src/lib/dev.c @@ -549,6 +549,8 @@ static int flow_init(struct flow_info * info, flow->tailsz = 0; if (IS_ENCRYPTED(sk)) { + /* Set to lower value in tests, should we make configurable? */ + sk->rot_bit = KEY_ROTATION_BIT; flow->crypt = crypt_create_ctx(sk); if (flow->crypt == NULL) goto fail_crypt; diff --git a/src/lib/serdes-irm.c b/src/lib/serdes-irm.c index a0fdbec2..9e829632 100644 --- a/src/lib/serdes-irm.c +++ b/src/lib/serdes-irm.c @@ -134,9 +134,9 @@ int flow_join__irm_req_ser(buffer_t * buf, IRM_MSG_CODE__IRM_FLOW_JOIN); } -int flow__irm_result_des(buffer_t * buf, - struct flow_info * flow, - struct crypt_sk * sk) +int flow__irm_result_des(buffer_t * buf, + struct flow_info * flow, + struct crypt_sk * sk) { irm_msg_t * msg; int err; diff --git a/src/lib/tests/CMakeLists.txt b/src/lib/tests/CMakeLists.txt index fe4c1342..6ab69bd1 100644 --- a/src/lib/tests/CMakeLists.txt +++ b/src/lib/tests/CMakeLists.txt @@ -26,7 +26,6 @@ add_executable(${PARENT_DIR}_test ${${PARENT_DIR}_tests}) disable_test_logging_for_target(${PARENT_DIR}_test) target_link_libraries(${PARENT_DIR}_test ouroboros-common) -target_compile_definitions(${PARENT_DIR}_test PRIVATE TEST_KEY_ROTATION_BIT=10) add_dependencies(build_tests ${PARENT_DIR}_test) diff --git a/src/lib/tests/crypt_test.c b/src/lib/tests/crypt_test.c index a24cde66..e1232b8c 100644 --- a/src/lib/tests/crypt_test.c +++ b/src/lib/tests/crypt_test.c @@ -39,8 +39,9 @@ static int test_crypt_create_destroy(void) struct crypt_ctx * ctx; uint8_t key[SYMMKEYSZ]; struct crypt_sk sk = { - .nid = NID_aes_256_gcm, - .key = key + .nid = NID_aes_256_gcm, + .key = key, + .rot_bit = KEY_ROTATION_BIT }; TEST_START(); @@ -69,8 +70,9 @@ static int test_crypt_encrypt_decrypt(int nid) struct crypt_ctx * ctx; uint8_t key[SYMMKEYSZ]; struct crypt_sk sk = { - .nid = NID_aes_256_gcm, - .key = key + .nid = NID_aes_256_gcm, + .key = key, + .rot_bit = KEY_ROTATION_BIT }; buffer_t in; buffer_t out; @@ -261,8 +263,9 @@ static int test_key_rotation(void) struct crypt_ctx * rx_ctx; uint8_t key[SYMMKEYSZ]; struct crypt_sk sk = { - .nid = NID_aes_256_gcm, - .key = key + .nid = NID_aes_256_gcm, + .key = key, + .rot_bit = 7 }; buffer_t in; buffer_t enc; @@ -297,7 +300,7 @@ static int test_key_rotation(void) in.len = sizeof(pkt); in.data = pkt; - threshold = (1U << TEST_KEY_ROTATION_BIT); + threshold = (1U << sk.rot_bit); /* Encrypt and decrypt across multiple rotations */ for (i = 0; i < threshold * 3; i++) { @@ -345,8 +348,9 @@ static int test_key_phase_bit(void) struct crypt_ctx * ctx; uint8_t key[SYMMKEYSZ]; struct crypt_sk sk = { - .nid = NID_aes_256_gcm, - .key = key + .nid = NID_aes_256_gcm, + .key = key, + .rot_bit = 7 }; buffer_t in; buffer_t out; @@ -384,7 +388,7 @@ static int test_key_phase_bit(void) in.data = pkt; /* Encrypt packets up to just before rotation threshold */ - threshold = (1U << KEY_ROTATION_BIT); + threshold = (1U << sk.rot_bit); /* Encrypt threshold - 1 packets (indices 0 to threshold-2) */ for (count = 0; count < threshold - 1; count++) { |