You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Alex Remily (Jira)" <ji...@apache.org> on 2020/08/06 23:39:00 UTC

[jira] [Updated] (CRYPTO-149) testGMacTamperedData() in GCMCipherTest Intermittent Failure

     [ https://issues.apache.org/jira/browse/CRYPTO-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex Remily updated CRYPTO-149:
-------------------------------
    Description: 
Gary Gregory 
Aug 5, 2020, 10:53 PM (20 hours ago)
to Commons

Hi All:

I am seeing what may be a random AEADBadTagException in GcmCipherTest?

For example:

[ERROR] testGcmTamperedData(org.apache.commons.crypto.cipher.GcmCipherTest)
 Time elapsed: 0.015 s  <<< ERROR!
881java.lang.Exception: Unexpected exception,
expected<javax.crypto.AEADBadTagException> but
was<java.lang.InternalError>
882     at org.apache.commons.crypto.cipher.GcmCipherTest.testGcmTamperedData(GcmCipherTest.java:224)
883
884

Any thoughts?

The above is from
https://travis-ci.org/github/apache/commons-crypto/jobs/715348986

Gary

Alex Remily 
8:10 AM (11 hours ago)
to Commons

That is an intermittent issue that I haven't been able to reliably reproduce.  As I recall, the test that's failing is supposed to fail, but in a different way.  I think it's supposed to fail because of a short buffer but occasionally fails because of an internal error, and when that happens this test fails.  I don't know when it was introduced.  We should probably document it in jira and or realese notes.

Matt Sicker 
10:33 AM (8 hours ago)
to Commons

Now I hope we don't have unit tests depending on non-static state for
its random number generator! ;) I'd expect a crypto library's test
suites to include several hard-coded known-good and known-bad
ciphertexts with static keys/IVs similar to the test cases presented
in their RFCs (especially since said tests are typically small enough
to copy/paste the binary data fairly easily).
--
Matt Sicker 

Rob Tompkins 
10:37 AM (8 hours ago)
to Commons

We actually do have a considerable number of those in our projects where we use probabilistic epsilons on the output. See commons-rng. Note, Gilles is quite good at writing such tests.

-Rob

Matt Sicker 
10:42 AM (8 hours ago)
to Commons

Well, for testing RNGs, I can understand using property testing, yes.
It would also be useful for testing fuzzing scenarios like making sure
the GCM tag is invalid for any random input data (giving a near zero
probability of valid data) or that an elliptic curve implementation
doesn't leak out information about points outside the curve or respond
to invalid inputs improperly or things like that.


Rob Tompkins 
10:50 AM (8 hours ago)
to Commons

+1 - the elliptic curve stuff I’ll have to defer to you on as I’m less a number theorist and more of a logician.

-Rob

Gary Gregory  
10:56 AM (8 hours ago)
to Commons

This is all fine and good but how would you fix the test such that it does
not fail randomly. PR anyone?

Gary

Rob Tompkins 
10:57 AM (8 hours ago)
to Commons

Either static inputs for determinism, or putting a probabilistic boundary in which the solution can fall.

-Rob

Matt Sicker 
11:00 AM (8 hours ago)
to Commons

Choose a seed value for the `new Random()` constructor and the tests
will be deterministic.

Matt Sicker 
11:02 AM (8 hours ago)
to Commons

Or alternatively, if using random values each time, have it retry the
test with a different value. It's typically better to use an actual
property testing library for these types of tests anyways. One example
library I found is https://jqwik.net/ (these types of testing
libraries are more common in functional programming like in Scala).


Rob Tompkins 
11:03 AM (8 hours ago)
to Commons

Precisely. That’s another technique we’ve used in rng.

-Ropb

  was:
Gary Gregory garydgregory@gmail.com via commons.apache.org 
Aug 5, 2020, 10:53 PM (20 hours ago)
to Commons

Hi All:

I am seeing what may be a random AEADBadTagException in GcmCipherTest?

For example:

[ERROR] testGcmTamperedData(org.apache.commons.crypto.cipher.GcmCipherTest)
 Time elapsed: 0.015 s  <<< ERROR!
881java.lang.Exception: Unexpected exception,
expected<javax.crypto.AEADBadTagException> but
was<java.lang.InternalError>
882     at org.apache.commons.crypto.cipher.GcmCipherTest.testGcmTamperedData(GcmCipherTest.java:224)
883
884

Any thoughts?

The above is from
https://travis-ci.org/github/apache/commons-crypto/jobs/715348986

Gary

Alex Remily <al...@gmail.com>
8:10 AM (11 hours ago)
to Commons

That is an intermittent issue that I haven't been able to reliably reproduce.  As I recall, the test that's failing is supposed to fail, but in a different way.  I think it's supposed to fail because of a short buffer but occasionally fails because of an internal error, and when that happens this test fails.  I don't know when it was introduced.  We should probably document it in jira and or realese notes.

Matt Sicker boards@gmail.com via commons.apache.org 
10:33 AM (8 hours ago)
to Commons

Now I hope we don't have unit tests depending on non-static state for
its random number generator! ;) I'd expect a crypto library's test
suites to include several hard-coded known-good and known-bad
ciphertexts with static keys/IVs similar to the test cases presented
in their RFCs (especially since said tests are typically small enough
to copy/paste the binary data fairly easily).
--
Matt Sicker <bo...@gmail.com>

Rob Tompkins chtompki@gmail.com via commons.apache.org 
10:37 AM (8 hours ago)
to Commons

We actually do have a considerable number of those in our projects where we use probabilistic epsilons on the output. See commons-rng. Note, Gilles is quite good at writing such tests.

-Rob

Matt Sicker boards@gmail.com via commons.apache.org 
10:42 AM (8 hours ago)
to Commons

Well, for testing RNGs, I can understand using property testing, yes.
It would also be useful for testing fuzzing scenarios like making sure
the GCM tag is invalid for any random input data (giving a near zero
probability of valid data) or that an elliptic curve implementation
doesn't leak out information about points outside the curve or respond
to invalid inputs improperly or things like that.


Rob Tompkins chtompki@gmail.com via commons.apache.org 
10:50 AM (8 hours ago)
to Commons

+1 - the elliptic curve stuff I’ll have to defer to you on as I’m less a number theorist and more of a logician.

-Rob

Gary Gregory garydgregory@gmail.com via commons.apache.org 
10:56 AM (8 hours ago)
to Commons

This is all fine and good but how would you fix the test such that it does
not fail randomly. PR anyone?

Gary

Rob Tompkins chtompki@gmail.com via commons.apache.org 
10:57 AM (8 hours ago)
to Commons

Either static inputs for determinism, or putting a probabilistic boundary in which the solution can fall.

-Rob

Matt Sicker boards@gmail.com via commons.apache.org 
11:00 AM (8 hours ago)
to Commons

Choose a seed value for the `new Random()` constructor and the tests
will be deterministic.

Matt Sicker boards@gmail.com via commons.apache.org 
11:02 AM (8 hours ago)
to Commons

Or alternatively, if using random values each time, have it retry the
test with a different value. It's typically better to use an actual
property testing library for these types of tests anyways. One example
library I found is https://jqwik.net/ (these types of testing
libraries are more common in functional programming like in Scala).


Rob Tompkins chtompki@gmail.com via commons.apache.org 
11:03 AM (8 hours ago)
to Commons

Precisely. That’s another technique we’ve used in rng.

-Ropb


> testGMacTamperedData() in GCMCipherTest Intermittent Failure
> ------------------------------------------------------------
>
>                 Key: CRYPTO-149
>                 URL: https://issues.apache.org/jira/browse/CRYPTO-149
>             Project: Commons Crypto
>          Issue Type: Bug
>          Components: Native
>    Affects Versions: 1.0.0
>            Reporter: Alex Remily
>            Priority: Major
>
> Gary Gregory 
> Aug 5, 2020, 10:53 PM (20 hours ago)
> to Commons
> Hi All:
> I am seeing what may be a random AEADBadTagException in GcmCipherTest?
> For example:
> [ERROR] testGcmTamperedData(org.apache.commons.crypto.cipher.GcmCipherTest)
>  Time elapsed: 0.015 s  <<< ERROR!
> 881java.lang.Exception: Unexpected exception,
> expected<javax.crypto.AEADBadTagException> but
> was<java.lang.InternalError>
> 882     at org.apache.commons.crypto.cipher.GcmCipherTest.testGcmTamperedData(GcmCipherTest.java:224)
> 883
> 884
> Any thoughts?
> The above is from
> https://travis-ci.org/github/apache/commons-crypto/jobs/715348986
> Gary
> Alex Remily 
> 8:10 AM (11 hours ago)
> to Commons
> That is an intermittent issue that I haven't been able to reliably reproduce.  As I recall, the test that's failing is supposed to fail, but in a different way.  I think it's supposed to fail because of a short buffer but occasionally fails because of an internal error, and when that happens this test fails.  I don't know when it was introduced.  We should probably document it in jira and or realese notes.
> Matt Sicker 
> 10:33 AM (8 hours ago)
> to Commons
> Now I hope we don't have unit tests depending on non-static state for
> its random number generator! ;) I'd expect a crypto library's test
> suites to include several hard-coded known-good and known-bad
> ciphertexts with static keys/IVs similar to the test cases presented
> in their RFCs (especially since said tests are typically small enough
> to copy/paste the binary data fairly easily).
> --
> Matt Sicker 
> Rob Tompkins 
> 10:37 AM (8 hours ago)
> to Commons
> We actually do have a considerable number of those in our projects where we use probabilistic epsilons on the output. See commons-rng. Note, Gilles is quite good at writing such tests.
> -Rob
> Matt Sicker 
> 10:42 AM (8 hours ago)
> to Commons
> Well, for testing RNGs, I can understand using property testing, yes.
> It would also be useful for testing fuzzing scenarios like making sure
> the GCM tag is invalid for any random input data (giving a near zero
> probability of valid data) or that an elliptic curve implementation
> doesn't leak out information about points outside the curve or respond
> to invalid inputs improperly or things like that.
> Rob Tompkins 
> 10:50 AM (8 hours ago)
> to Commons
> +1 - the elliptic curve stuff I’ll have to defer to you on as I’m less a number theorist and more of a logician.
> -Rob
> Gary Gregory  
> 10:56 AM (8 hours ago)
> to Commons
> This is all fine and good but how would you fix the test such that it does
> not fail randomly. PR anyone?
> Gary
> Rob Tompkins 
> 10:57 AM (8 hours ago)
> to Commons
> Either static inputs for determinism, or putting a probabilistic boundary in which the solution can fall.
> -Rob
> Matt Sicker 
> 11:00 AM (8 hours ago)
> to Commons
> Choose a seed value for the `new Random()` constructor and the tests
> will be deterministic.
> Matt Sicker 
> 11:02 AM (8 hours ago)
> to Commons
> Or alternatively, if using random values each time, have it retry the
> test with a different value. It's typically better to use an actual
> property testing library for these types of tests anyways. One example
> library I found is https://jqwik.net/ (these types of testing
> libraries are more common in functional programming like in Scala).
> Rob Tompkins 
> 11:03 AM (8 hours ago)
> to Commons
> Precisely. That’s another technique we’ve used in rng.
> -Ropb



--
This message was sent by Atlassian Jira
(v8.3.4#803005)