mbedtls/tests/suites/test_suite_aes.function
Gilles Peskine 7820a574f1 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 16:22:08 +02:00

469 lines
14 KiB
Plaintext

/* BEGIN_HEADER */
#include "mbedtls/aes.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_AES_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
src_str->len, dst->len ) == 0 );
}
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0)
{
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
src_str->len, dst->len ) == 0 );
}
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string,
char *hex_src_string, char *hex_dst_string )
{
enum { AES_BLOCK_SIZE = 16 };
unsigned char *data_unit = NULL;
unsigned char *key = NULL;
unsigned char *src = NULL;
unsigned char *dst = NULL;
unsigned char *output = NULL;
mbedtls_aes_xts_context ctx;
size_t key_len, src_len, dst_len, data_unit_len;
mbedtls_aes_xts_init( &ctx );
data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
&data_unit_len );
TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
TEST_ASSERT( key_len % 2 == 0 );
src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
TEST_ASSERT( src_len == dst_len );
output = mbedtls_test_zero_alloc( dst_len );
TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, src_len,
data_unit, src, output ) == 0 );
TEST_ASSERT( memcmp( output, dst, dst_len ) == 0 );
exit:
mbedtls_aes_xts_free( &ctx );
mbedtls_free( data_unit );
mbedtls_free( key );
mbedtls_free( src );
mbedtls_free( dst );
mbedtls_free( output );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string,
char *hex_dst_string, char *hex_src_string )
{
enum { AES_BLOCK_SIZE = 16 };
unsigned char *data_unit = NULL;
unsigned char *key = NULL;
unsigned char *src = NULL;
unsigned char *dst = NULL;
unsigned char *output = NULL;
mbedtls_aes_xts_context ctx;
size_t key_len, src_len, dst_len, data_unit_len;
mbedtls_aes_xts_init( &ctx );
data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
&data_unit_len );
TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
TEST_ASSERT( key_len % 2 == 0 );
src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
TEST_ASSERT( src_len == dst_len );
output = mbedtls_test_zero_alloc( dst_len );
TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, src_len,
data_unit, src, output ) == 0 );
TEST_ASSERT( memcmp( output, dst, dst_len ) == 0 );
exit:
mbedtls_aes_xts_free( &ctx );
mbedtls_free( data_unit );
mbedtls_free( key );
mbedtls_free( src );
mbedtls_free( dst );
mbedtls_free( output );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
void aes_crypt_xts_size( int size, int retval )
{
mbedtls_aes_xts_context ctx;
const unsigned char src[16] = { 0 };
unsigned char output[16];
unsigned char data_unit[16];
size_t length = size;
mbedtls_aes_xts_init( &ctx );
memset( data_unit, 0x00, sizeof( data_unit ) );
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
exit:
mbedtls_aes_xts_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
void aes_crypt_xts_keysize( int size, int retval )
{
mbedtls_aes_xts_context ctx;
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
size_t key_len = size;
mbedtls_aes_xts_init( &ctx );
TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == retval );
TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == retval );
exit:
mbedtls_aes_xts_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
src_str->len, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
src_str->len, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */
void aes_encrypt_ofb( int fragment_size, data_t *key_str,
data_t *iv_str, data_t *src_str,
data_t *expected_output )
{
unsigned char output[32];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
int in_buffer_len;
unsigned char* src_str_next;
memset( output, 0x00, sizeof( output ) );
mbedtls_aes_init( &ctx );
TEST_ASSERT( (size_t)fragment_size < sizeof( output ) );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x,
key_str->len * 8 ) == 0 );
in_buffer_len = src_str->len;
src_str_next = src_str->x;
while( in_buffer_len > 0 )
{
TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
iv_str->x, src_str_next, output ) == 0 );
TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 );
in_buffer_len -= fragment_size;
expected_output->x += fragment_size;
src_str_next += fragment_size;
if( in_buffer_len < fragment_size )
fragment_size = in_buffer_len;
}
exit:
mbedtls_aes_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:NOT_DEFINED */
void aes_invalid_mode( )
{
mbedtls_aes_context aes_ctx;
const unsigned char in[16] = { 0 };
unsigned char out[16];
const int invalid_mode = 42;
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx, invalid_mode, in, out ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cbc( &aes_ctx, invalid_mode, 16,
out, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
mbedtls_aes_xts_context xts_ctx;
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_xts( &xts_ctx, invalid_mode, 16,
in, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
size_t size;
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb128( &aes_ctx, invalid_mode, 16,
&size, out, in, out ) );
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_cfb8( &aes_ctx, invalid_mode, 16,
out, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
}
/* END_CASE */
/* BEGIN_CASE */
void aes_misc_params( )
{
#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
defined(MBEDTLS_CIPHER_MODE_XTS) || \
defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
mbedtls_aes_context aes_ctx;
const unsigned char in[16] = { 0 };
unsigned char out[16];
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
mbedtls_aes_xts_context xts_ctx;
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
size_t size;
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
15,
out, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
17,
out, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
15,
in, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
(1 << 24) + 1,
in, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
size = 16;
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
&size, out, in, out )
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
size = 16;
TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
#endif
/*
* The following line needs to be added to make the code compilable
* when all the conditions above will be not define in a specific
* choice of features.
*/
TEST_ASSERT( 1 );
/* TODO: It will be removed when the whole test will be reworked */
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void aes_selftest( )
{
TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 );
}
/* END_CASE */