Merge remote-tracking branch 'public/pr/2287' into development

This commit is contained in:
Simon Butcher 2018-12-20 12:00:50 +00:00
commit 2a8d32c6c1
6 changed files with 410 additions and 68 deletions

View File

@ -197,8 +197,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
* sets the encryption key. * sets the encryption key.
* *
* \param ctx The AES XTS context to which the key should be bound. * \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The encryption key. This is comprised of the XTS key1 * \param key The encryption key. This is comprised of the XTS key1
* concatenated with the XTS key2. * concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are: * \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@ -215,8 +217,10 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
* sets the decryption key. * sets the decryption key.
* *
* \param ctx The AES XTS context to which the key should be bound. * \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The decryption key. This is comprised of the XTS key1 * \param key The decryption key. This is comprised of the XTS key1
* concatenated with the XTS key2. * concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are: * \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@ -242,10 +246,13 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
* call to this API with the same context. * call to this API with the same context.
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT. * #MBEDTLS_AES_DECRYPT.
* \param input The 16-Byte buffer holding the input data. * \param input The buffer holding the input data.
* \param output The 16-Byte buffer holding the output data. * It must be readable and at least \c 16 Bytes long.
* \param output The buffer where the output data will be written.
* It must be writeable and at least \c 16 Bytes long.
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -268,8 +275,8 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
* before the first call to this API with the same context. * before the first call to this API with the same context.
* *
* \note This function operates on aligned blocks, that is, the input size * \note This function operates on full blocks, that is, the input size
* must be a multiple of the AES block size of 16 Bytes. * must be a multiple of the AES block size of \c 16 Bytes.
* *
* \note Upon exit, the content of the IV is updated so that you can * \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next * call the same function again on the next
@ -280,13 +287,17 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
* *
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT. * #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data in Bytes. This must be a * \param length The length of the input data in Bytes. This must be a
* multiple of the block size (16 Bytes). * multiple of the block size (\c 16 Bytes).
* \param iv Initialization vector (updated after use). * \param iv Initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
@ -314,9 +325,10 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
* *
* \param ctx The AES XTS context to use for AES XTS operations. * \param ctx The AES XTS context to use for AES XTS operations.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT. * #MBEDTLS_AES_DECRYPT.
* \param length The length of a data unit in bytes. This can be any * \param length The length of a data unit in Bytes. This can be any
* length between 16 bytes and 2^24 bytes inclusive * length between 16 bytes and 2^24 bytes inclusive
* (between 1 and 2^20 block cipher blocks). * (between 1 and 2^20 block cipher blocks).
* \param data_unit The address of the data unit encoded as an array of 16 * \param data_unit The address of the data unit encoded as an array of 16
@ -324,15 +336,15 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
* is typically the index of the block device sector that * is typically the index of the block device sector that
* contains the data. * contains the data.
* \param input The buffer holding the input data (which is an entire * \param input The buffer holding the input data (which is an entire
* data unit). This function reads \p length bytes from \p * data unit). This function reads \p length Bytes from \p
* input. * input.
* \param output The buffer holding the output data (which is an entire * \param output The buffer holding the output data (which is an entire
* data unit). This function writes \p length bytes to \p * data unit). This function writes \p length Bytes to \p
* output. * output.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
* smaller than an AES block in size (16 bytes) or if \p * smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB). * length is larger than 2^20 blocks (16 MiB).
*/ */
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
@ -368,13 +380,18 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
* *
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT. * #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data. * \param length The length of the input data in Bytes.
* \param iv_off The offset in IV (updated after use). * \param iv_off The offset in IV (updated after use).
* It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use). * \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -409,12 +426,16 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
* *
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT * #MBEDTLS_AES_DECRYPT
* \param length The length of the input data. * \param length The length of the input data.
* \param iv The initialization vector (updated after use). * \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -459,11 +480,16 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
* will compromise security. * will compromise security.
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data. * \param length The length of the input data.
* \param iv_off The offset in IV (updated after use). * \param iv_off The offset in IV (updated after use).
* It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use). * \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -535,15 +561,21 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
* securely discarded as soon as it's no longer needed. * securely discarded as soon as it's no longer needed.
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data. * \param length The length of the input data.
* \param nc_off The offset in the current \p stream_block, for * \param nc_off The offset in the current \p stream_block, for
* resuming within the current cipher stream. The * resuming within the current cipher stream. The
* offset pointer should be 0 at the start of a stream. * offset pointer should be 0 at the start of a stream.
* It must point to a valid \c size_t.
* \param nonce_counter The 128-bit nonce and counter. * \param nonce_counter The 128-bit nonce and counter.
* It must be a readable-writeable buffer of \c 16 Bytes.
* \param stream_block The saved stream block for resuming. This is * \param stream_block The saved stream block for resuming. This is
* overwritten by the function. * overwritten by the function.
* It must be a readable-writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -596,7 +628,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
* \brief Deprecated internal AES block encryption function * \brief Deprecated internal AES block encryption function
* without return value. * without return value.
* *
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0. * \deprecated Superseded by mbedtls_internal_aes_encrypt()
* *
* \param ctx The AES context to use for encryption. * \param ctx The AES context to use for encryption.
* \param input Plaintext block. * \param input Plaintext block.
@ -610,7 +642,7 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
* \brief Deprecated internal AES block decryption function * \brief Deprecated internal AES block decryption function
* without return value. * without return value.
* *
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0. * \deprecated Superseded by mbedtls_internal_aes_decrypt()
* *
* \param ctx The AES context to use for decryption. * \param ctx The AES context to use for decryption.
* \param input Ciphertext block. * \param input Ciphertext block.

View File

@ -2,6 +2,9 @@
* \file aesni.h * \file aesni.h
* *
* \brief AES-NI for hardware AES acceleration on some Intel processors * \brief AES-NI for hardware AES acceleration on some Intel processors
*
* \warning These functions are only for internal use by other library
* functions; you must not call them directly.
*/ */
/* /*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@ -42,7 +45,10 @@ extern "C" {
#endif #endif
/** /**
* \brief AES-NI features detection routine * \brief Internal function to detect the AES-NI feature in CPUs.
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param what The feature to detect * \param what The feature to detect
* (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL) * (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
@ -52,7 +58,10 @@ extern "C" {
int mbedtls_aesni_has_support( unsigned int what ); int mbedtls_aesni_has_support( unsigned int what );
/** /**
* \brief AES-NI AES-ECB block en(de)cryption * \brief Internal AES-NI AES-ECB block encryption and decryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param ctx AES context * \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@ -67,7 +76,10 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief GCM multiplication: c = a * b in GF(2^128) * \brief Internal GCM multiplication: c = a * b in GF(2^128)
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param c Result * \param c Result
* \param a First operand * \param a First operand
@ -81,17 +93,25 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
const unsigned char b[16] ); const unsigned char b[16] );
/** /**
* \brief Compute decryption round keys from encryption round keys * \brief Internal round key inversion. This function computes
* decryption round keys from the encryption round keys.
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param invkey Round keys for the equivalent inverse cipher * \param invkey Round keys for the equivalent inverse cipher
* \param fwdkey Original round keys (for encryption) * \param fwdkey Original round keys (for encryption)
* \param nr Number of rounds (that is, number of round keys minus one) * \param nr Number of rounds (that is, number of round keys minus one)
*/ */
void mbedtls_aesni_inverse_key( unsigned char *invkey, void mbedtls_aesni_inverse_key( unsigned char *invkey,
const unsigned char *fwdkey, int nr ); const unsigned char *fwdkey,
int nr );
/** /**
* \brief Perform key expansion (for encryption) * \brief Internal key expansion for encryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param rk Destination buffer where the round keys are written * \param rk Destination buffer where the round keys are written
* \param key Encryption key * \param key Encryption key

View File

@ -3,6 +3,9 @@
* *
* \brief VIA PadLock ACE for HW encryption/decryption supported by some * \brief VIA PadLock ACE for HW encryption/decryption supported by some
* processors * processors
*
* \warning These functions are only for internal use by other library
* functions; you must not call them directly.
*/ */
/* /*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@ -57,7 +60,10 @@ extern "C" {
#endif #endif
/** /**
* \brief PadLock detection routine * \brief Internal PadLock detection routine
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param feature The feature to detect * \param feature The feature to detect
* *
@ -66,7 +72,10 @@ extern "C" {
int mbedtls_padlock_has_support( int feature ); int mbedtls_padlock_has_support( int feature );
/** /**
* \brief PadLock AES-ECB block en(de)cryption * \brief Internal PadLock AES-ECB block en(de)cryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param ctx AES context * \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@ -81,7 +90,10 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief PadLock AES-CBC buffer en(de)cryption * \brief Internal PadLock AES-CBC buffer en(de)cryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
* *
* \param ctx AES context * \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT

View File

@ -575,7 +575,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
{ {
aes_gen_tables(); aes_gen_tables();
aes_init_done = 1; aes_init_done = 1;
} }
#endif #endif
@ -771,6 +770,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key1, *key2; const unsigned char *key1, *key2;
unsigned int key1bits, key2bits; unsigned int key1bits, key2bits;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL );
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits ); &key2, &key2bits );
if( ret != 0 ) if( ret != 0 )
@ -793,6 +795,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key1, *key2; const unsigned char *key1, *key2;
unsigned int key1bits, key2bits; unsigned int key1bits, key2bits;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL );
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits ); &key2, &key2bits );
if( ret != 0 ) if( ret != 0 )
@ -1000,6 +1005,12 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ) unsigned char output[16] )
{ {
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) ); return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
@ -1037,6 +1048,13 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int i; int i;
unsigned char temp[16]; unsigned char temp[16];
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
if( length % 16 ) if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@ -1162,6 +1180,13 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
unsigned char prev_tweak[16]; unsigned char prev_tweak[16];
unsigned char tmp[16]; unsigned char tmp[16];
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( data_unit != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
/* Data units must be at least 16 bytes long. */ /* Data units must be at least 16 bytes long. */
if( length < 16 ) if( length < 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
@ -1261,7 +1286,20 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int c; int c;
size_t n = *iv_off; size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( iv_off != NULL );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *iv_off;
if( n > 15 )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
if( mode == MBEDTLS_AES_DECRYPT ) if( mode == MBEDTLS_AES_DECRYPT )
{ {
@ -1308,6 +1346,12 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
unsigned char c; unsigned char c;
unsigned char ov[17]; unsigned char ov[17];
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
while( length-- ) while( length-- )
{ {
memcpy( ov, iv, 16 ); memcpy( ov, iv, 16 );
@ -1340,7 +1384,18 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int ret = 0; int ret = 0;
size_t n = *iv_off; size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( iv_off != NULL );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *iv_off;
if( n > 15 )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- ) while( length-- )
{ {
@ -1375,7 +1430,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int c, i; int c, i;
size_t n = *nc_off; size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( nc_off != NULL );
AES_VALIDATE_RET( nonce_counter != NULL );
AES_VALIDATE_RET( stream_block != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *nc_off;
if ( n > 0x0F ) if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );

View File

@ -194,8 +194,8 @@ exit:
void aes_crypt_xts_size( int size, int retval ) void aes_crypt_xts_size( int size, int retval )
{ {
mbedtls_aes_xts_context ctx; mbedtls_aes_xts_context ctx;
const unsigned char *src = NULL; const unsigned char src[16] = { 0 };
unsigned char *output = NULL; unsigned char output[16];
unsigned char data_unit[16]; unsigned char data_unit[16];
size_t length = size; size_t length = size;
@ -203,10 +203,8 @@ void aes_crypt_xts_size( int size, int retval )
memset( data_unit, 0x00, sizeof( data_unit ) ); memset( data_unit, 0x00, sizeof( data_unit ) );
/* Note that this function will most likely crash on failure, as NULL /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
* parameters will be used. In the passing case, the length check in * otherwise we wouldn't get to the size check we're interested in. */
* mbedtls_aes_crypt_xts() will prevent any accesses to parameters by
* exiting the function early. */
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval ); TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
} }
/* END_CASE */ /* END_CASE */
@ -215,7 +213,7 @@ void aes_crypt_xts_size( int size, int retval )
void aes_crypt_xts_keysize( int size, int retval ) void aes_crypt_xts_keysize( int size, int retval )
{ {
mbedtls_aes_xts_context ctx; mbedtls_aes_xts_context ctx;
const unsigned char *key = NULL; const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
size_t key_len = size; size_t key_len = size;
mbedtls_aes_xts_init( &ctx ); mbedtls_aes_xts_init( &ctx );
@ -372,39 +370,255 @@ exit:
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void aes_invalid_param( ) void aes_check_params( )
{ {
mbedtls_aes_context dummy_ctx; mbedtls_aes_context aes_ctx;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
mbedtls_aes_xts_context xts_ctx;
#endif
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
const unsigned char in[16] = { 0 };
unsigned char out[16];
size_t size;
const int valid_mode = MBEDTLS_AES_ENCRYPT;
const int invalid_mode = 42;
TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
#endif
/* mbedtls_aes_setkey_enc() */
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_enc( NULL, key, 128 ) ); mbedtls_aes_setkey_enc( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 ) ); mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
/* mbedtls_aes_setkey_dec() */
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_dec( NULL, key, 128 ) ); mbedtls_aes_setkey_dec( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
#endif
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( NULL,
valid_mode, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx,
invalid_mode, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx,
valid_mode, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx,
valid_mode, in, NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cbc( NULL,
valid_mode, 16,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cbc( &aes_ctx,
invalid_mode, 16,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cbc( &aes_ctx,
valid_mode, 16,
NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cbc( &aes_ctx,
valid_mode, 16,
out, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cbc( &aes_ctx,
valid_mode, 16,
out, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_xts( NULL,
valid_mode, 16,
in, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_xts( &xts_ctx,
invalid_mode, 16,
in, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_xts( &xts_ctx,
valid_mode, 16,
NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_xts( &xts_ctx,
valid_mode, 16,
in, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_xts( &xts_ctx,
valid_mode, 16,
in, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( NULL,
valid_mode, 16,
&size, out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( &aes_ctx,
invalid_mode, 16,
&size, out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( &aes_ctx,
valid_mode, 16,
NULL, out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( &aes_ctx,
valid_mode, 16,
&size, NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( &aes_ctx,
valid_mode, 16,
&size, out, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( &aes_ctx,
valid_mode, 16,
&size, out, in, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb8( NULL,
valid_mode, 16,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb8( &aes_ctx,
invalid_mode, 16,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb8( &aes_ctx,
valid_mode, 16,
NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb8( &aes_ctx,
valid_mode, 16,
out, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb8( &aes_ctx,
valid_mode, 16,
out, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ofb( NULL, 16,
&size, out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ofb( &aes_ctx, 16,
NULL, out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ofb( &aes_ctx, 16,
&size, NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ofb( &aes_ctx, 16,
&size, out, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ofb( &aes_ctx, 16,
&size, out, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
out, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
out, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void aes_valid_param( ) void aes_misc_params( )
{ {
#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
defined(MBEDTLS_CIPHER_MODE_XTS) || \
defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
mbedtls_aes_context aes_ctx;
const unsigned char in[16] = { 0 };
unsigned char out[16];
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
mbedtls_aes_xts_context xts_ctx;
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
size_t size;
#endif
/* These calls accept NULL */ /* These calls accept NULL */
TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_XTS) #if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
#endif #endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
15,
out, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
17,
out, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
15,
in, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
(1 << 24) + 1,
in, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
size = 16;
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
&size, out, in, out )
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
size = 16;
TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
#endif
} }
/* END_CASE */ /* END_CASE */

View File

@ -10,11 +10,11 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000
AES-256-CBC Decrypt (Invalid input length) AES-256-CBC Decrypt (Invalid input length)
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
AES - Invalid parameters AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS)
aes_invalid_param: aes_check_params:
AES - Valid parameters AES - Mandatory Parameter Validation and Valid Parameters
aes_valid_param: aes_misc_params:
AES Selftest AES Selftest
depends_on:MBEDTLS_SELF_TEST depends_on:MBEDTLS_SELF_TEST