The CTR test does not test decryption

[amosnier]

Hi,

In the CTR test (test.c), the test_xcrypt_ctr() function is invoked twice, once for encryption, once for decryption. However, the only difference between both invocations is the printed string, not the transformed data. Both invocations transform the in buffer and verify that the result is equal to the out buffer. Instead, the second invocation should transform (decrypt) the out buffer, and verify that the result is equal to the in buffer.

The change in code to achieve that is trivial, and fortunately, that test too passes on my old 16-bit DSP. :-)

Thanks again for sharing.

Best regards,

Alain Mosnier

[kokke]

Hi @amosnier -

When I uploaded the CTR-mode test code, I was pondering how long before someone would comment on that :D

The intuitive thing would be to decrypt the cipher text and check for equivalence with the plain text.

However, in the NIST test-vectors from 800-38A the test-vectors are equal for encryption and decryption. Same input and output to test both encryption and decryption.

I have done a lot more testing than what is in test.c and indeed encryption and decryption in CTR (all all the other modes) works as advertised even though the test-file doesn't test very thoroughly.

The test-code is meant to be a quick way for users to verify against the NIST vectors.
It is not meant to convince you of correctness or robustness.

Thanks again for pointing this out :)

[amosnier]

Hi @kokke ,

Thanks for your answer. I realize that you are right when checking again SP 800-38A. The test strings are inverted between Encrypt and Decrypt, but so are the field names "Cyphertext" and "Plaintext". :-)

Not so intuitive.

Anyway, thanks again.

Best regards,

Alain Mosnier

[kokke]

Hi @amosnier - yeah that surprised me as well when I implemented the test code :)