From 31da29d6869989dd0b049596df77c0c8aef37e8f Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Thu, 27 Apr 2023 15:07:36 +0700
Subject: Fix Ascon decryption buffering bug

- add test coverage for all buffer splits
---
 crypto/test/src/crypto/test/AsconTest.cs | 70 ++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

(limited to 'crypto/test')

diff --git a/crypto/test/src/crypto/test/AsconTest.cs b/crypto/test/src/crypto/test/AsconTest.cs
index eabf7e043..400767df0 100644
--- a/crypto/test/src/crypto/test/AsconTest.cs
+++ b/crypto/test/src/crypto/test/AsconTest.cs
@@ -94,6 +94,24 @@ namespace Org.BouncyCastle.Crypto.Tests
             ImplBenchXof(AsconXof.AsconParameters.AsconXofA);
         }
 
+        [Test]
+        public void TestBufferingEngine_ascon128()
+        {
+            ImplTestBufferingEngine(AsconEngine.AsconParameters.ascon128);
+        }
+
+        [Test]
+        public void TestBufferingEngine_ascon128a()
+        {
+            ImplTestBufferingEngine(AsconEngine.AsconParameters.ascon128a);
+        }
+
+        [Test]
+        public void TestBufferingEngine_ascon80()
+        {
+            ImplTestBufferingEngine(AsconEngine.AsconParameters.ascon80pq);
+        }
+
         [Test]
         public void TestExceptionsDigest_AsconHash()
         {
@@ -327,6 +345,58 @@ namespace Org.BouncyCastle.Crypto.Tests
             }
         }
 
+        private static void ImplTestBufferingEngine(AsconEngine.AsconParameters asconParameters)
+        {
+            Random random = new Random();
+
+            int plaintextLength = 256;
+            byte[] plaintext = new byte[plaintextLength];
+            random.NextBytes(plaintext);
+
+            var ascon0 = CreateEngine(asconParameters);
+            InitEngine(ascon0, true);
+
+            byte[] ciphertext = new byte[ascon0.GetOutputSize(plaintextLength)];
+            random.NextBytes(ciphertext);
+
+            int ciphertextLength = ascon0.ProcessBytes(plaintext, 0, plaintextLength, ciphertext, 0);
+            ciphertextLength += ascon0.DoFinal(ciphertext, ciphertextLength);
+
+            byte[] output = new byte[ciphertextLength];
+
+            // Encryption
+            for (int split = 1; split < plaintextLength; ++split)
+            {
+                var ascon = CreateEngine(asconParameters);
+                InitEngine(ascon, true);
+
+                random.NextBytes(output);
+
+                int length = ascon.ProcessBytes(plaintext, 0, split, output, 0);
+                length += ascon.ProcessBytes(plaintext, split, plaintextLength - split, output, length);
+                length += ascon.DoFinal(output, length);
+
+                Assert.IsTrue(Arrays.AreEqual(ciphertext, 0, ciphertextLength, output, 0, length),
+                    "encryption failed with split: " + split);
+            }
+
+            // Decryption
+            for (int split = 1; split < ciphertextLength; ++split)
+            {
+                var ascon = CreateEngine(asconParameters);
+                InitEngine(ascon, false);
+
+                random.NextBytes(output);
+
+                int length = ascon.ProcessBytes(ciphertext, 0, split, output, 0);
+                length += ascon.ProcessBytes(ciphertext, split, ciphertextLength - split, output, length);
+                length += ascon.DoFinal(output, length);
+
+                Assert.IsTrue(Arrays.AreEqual(plaintext, 0, plaintextLength, output, 0, length),
+                    "decryption failed with split: " + split);
+            }
+        }
+
         private static void ImplTestExceptionsDigest(AsconDigest.AsconParameters asconParameters)
         {
             var ascon = new AsconDigest(asconParameters);
-- 
cgit 1.4.1