diff --git a/ChangeLog b/ChangeLog index 0ead78009..9f0bb400a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,7 @@ API Changes in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. + * Add validation checks for input parameters to functions in the CCM module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index dfb1b5e56..3f6b8f670 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -57,7 +57,6 @@ /* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ - #ifdef __cplusplus extern "C" { #endif @@ -85,7 +84,7 @@ mbedtls_ccm_context; * to make references valid, and prepare the context * for mbedtls_ccm_setkey() or mbedtls_ccm_free(). * - * \param ctx The CCM context to initialize. + * \param ctx The CCM context to initialize. This must not be \c NULL. */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); @@ -93,9 +92,10 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \brief This function initializes the CCM context set in the * \p ctx parameter and sets the encryption key. * - * \param ctx The CCM context to initialize. + * \param ctx The CCM context to initialize. This must be an initialized + * context. * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. + * \param key The encryption key. This must not be \c NULL. * \param keybits The key size in bits. This must be acceptable by the cipher. * * \return \c 0 on success. @@ -110,7 +110,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \brief This function releases and clears the specified CCM context * and underlying cipher sub-context. * - * \param ctx The CCM context to clear. + * \param ctx The CCM context to clear. If this is \c NULL, the function + * has no effect. Otherwise, this must be initialized. */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); @@ -123,19 +124,27 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \p tag = \p output + \p length, and make sure that the * output buffer is at least \p length + \p tag_len wide. * - * \param ctx The CCM context to use for encryption. + * \param ctx The CCM context to use for encryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv The initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. If \p add_len is greater than + * zero, \p add must be a readable buffer of at least that + * length. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * This must be less than `2^16 - 2^8`. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -161,23 +170,30 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * the tag length has to be encoded into the \p iv passed to * this function. * - * \param ctx The CCM context to use for encryption. + * \param ctx The CCM context to use for encryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv The initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. This must be a readable buffer of + * at least \p add_len Bytes. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * This must be less than 2^16 - 2^8. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * - * \warning Passing 0 as \p tag_len means that the message is no + * \warning Passing \c 0 as \p tag_len means that the message is no * longer authenticated. * * \return \c 0 on success. @@ -193,20 +209,27 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \brief This function performs a CCM authenticated decryption of a * buffer. * - * \param ctx The CCM context to use for decryption. + * \param ctx The CCM context to use for decryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv The initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. This must be a readable buffer + * of at least that \p add_len Bytes.. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. - * \param tag_len The length of the authentication field in Bytes. + * This must be less than 2^16 - 2^8. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. + * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. This indicates that the message is authentic. @@ -228,23 +251,30 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * this function as \p tag_len. (\p tag needs to be adjusted * accordingly.) * - * \param ctx The CCM context to use for decryption. + * \param ctx The CCM context to use for decryption. This must be + * initialized and bound to a key. * \param length The length of the input data in Bytes. - * \param iv Initialization vector (nonce). + * \param iv The initialization vector (nonce). This must be a readable + * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * or 13. The length L of the message length field is * 15 - \p iv_len. - * \param add The additional data field. + * \param add The additional data field. This must be a readable buffer of + * at least that \p add_len Bytes. * \param add_len The length of additional data in Bytes. - * Must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. - * \param output The buffer holding the output data. - * Must be at least \p length Bytes wide. - * \param tag The buffer holding the authentication field. + * This must be less than 2^16 - 2^8. + * \param input The buffer holding the input data. If \p length is greater + * than zero, \p input must be a readable buffer of at least + * that length. + * \param output The buffer holding the output data. If \p length is greater + * than zero, \p output must be a writable buffer of at least + * that length. + * \param tag The buffer holding the authentication field. This must be a + * readable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field in Bytes. * 0, 4, 6, 8, 10, 12, 14 or 16. * - * \warning Passing 0 as \p tag_len means that the message is no + * \warning Passing \c 0 as \p tag_len means that the message is nos * longer authenticated. * * \return \c 0 on success. diff --git a/library/ccm.c b/library/ccm.c index 90cab8e14..01e58b043 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -52,6 +52,11 @@ #if !defined(MBEDTLS_CCM_ALT) +#define CCM_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT ) +#define CCM_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define CCM_ENCRYPT 0 #define CCM_DECRYPT 1 @@ -60,6 +65,7 @@ */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) { + CCM_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); } @@ -71,6 +77,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, int ret; const mbedtls_cipher_info_t *cipher_info; + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( key != NULL ); + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -97,6 +106,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) { + if( ctx == NULL ) + return; mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } @@ -310,6 +321,12 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); } @@ -320,6 +337,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -341,6 +364,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, unsigned char i; int diff; + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, iv, iv_len, add, add_len, input, output, check_tag, tag_len ) ) != 0 ) @@ -367,6 +397,13 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ) { + CCM_VALIDATE_RET( ctx != NULL ); + CCM_VALIDATE_RET( iv != NULL ); + CCM_VALIDATE_RET( add_len == 0 || add != NULL ); + CCM_VALIDATE_RET( length == 0 || input != NULL ); + CCM_VALIDATE_RET( length == 0 || output != NULL ); + CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index a2d877841..819b3b71f 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -1,6 +1,12 @@ CCM self test mbedtls_ccm_self_test: +CCM - Invalid parameters +ccm_invalid_param: + +CCM - Valid parameters +ccm_valid_param: + CCM init #1 AES-128: OK depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 9951ca168..16f9f8e3b 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -326,3 +326,216 @@ exit: mbedtls_ccm_free( &ctx ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void ccm_invalid_param( ) +{ + struct mbedtls_ccm_context ctx; + unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; + int valid_len = sizeof(valid_buffer); + int valid_bitlen = valid_len * 8; + + mbedtls_ccm_init( &ctx ); + + /* mbedtls_ccm_init() */ + TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) ); + + /* mbedtls_ccm_setkey() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); + + /* mbedtls_ccm_encrypt_and_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_star_encrypt_and_tag() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_auth_decrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + + /* mbedtls_ccm_star_auth_decrypt() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + NULL, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + NULL, valid_len, + valid_buffer, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + NULL, valid_buffer, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, NULL, + valid_buffer, valid_len ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_ERR_CCM_BAD_INPUT, + mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_len, + valid_buffer, valid_buffer, + NULL, valid_len ) ); + +exit: + mbedtls_ccm_free( &ctx ); + return; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ccm_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) ); +exit: + return; +} +/* END_CASE */