7820a574f1
Declare all AES and DES functions that return int as needing to have their result checked, and do check the result in our code. A DES or AES block operation can fail in alternative implementations of mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT), mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT), mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT), mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT). A failure can happen if the accelerator peripheral is in a bad state. Several block modes were not catching the error. This commit does the following code changes, grouped together to avoid having an intermediate commit where the build fails: * Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h. * Fix all places where this causes a GCC warning, indicating that our code was not properly checking the result of an AES operation: * In library code: on failure, goto exit and return ret. * In pkey programs: goto exit. * In the benchmark program: exit (not ideal since there's no error message, but it's what the code currently does for failures). * In test code: TEST_ASSERT. * Changelog entry. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
469 lines
14 KiB
Plaintext
469 lines
14 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/aes.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_AES_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
|
|
data_t * dst, int setkey_result )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
|
|
memset(output, 0x00, 100);
|
|
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
|
|
if( setkey_result == 0 )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
|
|
data_t * dst, int setkey_result )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
|
|
memset(output, 0x00, 100);
|
|
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
|
|
if( setkey_result == 0 )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
|
|
void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
|
|
data_t * src_str, data_t * dst,
|
|
int cbc_result )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
|
|
memset(output, 0x00, 100);
|
|
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
|
|
if( cbc_result == 0 )
|
|
{
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
|
|
src_str->len, dst->len ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
|
|
void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
|
|
data_t * src_str, data_t * dst,
|
|
int cbc_result )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
|
|
if( cbc_result == 0)
|
|
{
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
|
|
src_str->len, dst->len ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
|
|
void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string,
|
|
char *hex_src_string, char *hex_dst_string )
|
|
{
|
|
enum { AES_BLOCK_SIZE = 16 };
|
|
unsigned char *data_unit = NULL;
|
|
unsigned char *key = NULL;
|
|
unsigned char *src = NULL;
|
|
unsigned char *dst = NULL;
|
|
unsigned char *output = NULL;
|
|
mbedtls_aes_xts_context ctx;
|
|
size_t key_len, src_len, dst_len, data_unit_len;
|
|
|
|
mbedtls_aes_xts_init( &ctx );
|
|
|
|
data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
|
|
&data_unit_len );
|
|
TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
|
|
|
|
key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
|
|
TEST_ASSERT( key_len % 2 == 0 );
|
|
|
|
src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
|
|
dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
|
|
TEST_ASSERT( src_len == dst_len );
|
|
|
|
output = mbedtls_test_zero_alloc( dst_len );
|
|
|
|
TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, src_len,
|
|
data_unit, src, output ) == 0 );
|
|
|
|
TEST_ASSERT( memcmp( output, dst, dst_len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_xts_free( &ctx );
|
|
mbedtls_free( data_unit );
|
|
mbedtls_free( key );
|
|
mbedtls_free( src );
|
|
mbedtls_free( dst );
|
|
mbedtls_free( output );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
|
|
void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string,
|
|
char *hex_dst_string, char *hex_src_string )
|
|
{
|
|
enum { AES_BLOCK_SIZE = 16 };
|
|
unsigned char *data_unit = NULL;
|
|
unsigned char *key = NULL;
|
|
unsigned char *src = NULL;
|
|
unsigned char *dst = NULL;
|
|
unsigned char *output = NULL;
|
|
mbedtls_aes_xts_context ctx;
|
|
size_t key_len, src_len, dst_len, data_unit_len;
|
|
|
|
mbedtls_aes_xts_init( &ctx );
|
|
|
|
data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
|
|
&data_unit_len );
|
|
TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
|
|
|
|
key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
|
|
TEST_ASSERT( key_len % 2 == 0 );
|
|
|
|
src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
|
|
dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
|
|
TEST_ASSERT( src_len == dst_len );
|
|
|
|
output = mbedtls_test_zero_alloc( dst_len );
|
|
|
|
TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, src_len,
|
|
data_unit, src, output ) == 0 );
|
|
|
|
TEST_ASSERT( memcmp( output, dst, dst_len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_xts_free( &ctx );
|
|
mbedtls_free( data_unit );
|
|
mbedtls_free( key );
|
|
mbedtls_free( src );
|
|
mbedtls_free( dst );
|
|
mbedtls_free( output );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
|
|
void aes_crypt_xts_size( int size, int retval )
|
|
{
|
|
mbedtls_aes_xts_context ctx;
|
|
const unsigned char src[16] = { 0 };
|
|
unsigned char output[16];
|
|
unsigned char data_unit[16];
|
|
size_t length = size;
|
|
|
|
mbedtls_aes_xts_init( &ctx );
|
|
memset( data_unit, 0x00, sizeof( data_unit ) );
|
|
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
|
|
exit:
|
|
mbedtls_aes_xts_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
|
|
void aes_crypt_xts_keysize( int size, int retval )
|
|
{
|
|
mbedtls_aes_xts_context ctx;
|
|
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
|
|
size_t key_len = size;
|
|
|
|
mbedtls_aes_xts_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == retval );
|
|
TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == retval );
|
|
exit:
|
|
mbedtls_aes_xts_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
|
|
data_t * src_str, data_t * dst )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
size_t iv_offset = 0;
|
|
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
|
|
data_t * src_str, data_t * dst )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
size_t iv_offset = 0;
|
|
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
|
|
data_t * src_str, data_t * dst )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
|
|
src_str->len, dst->len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
|
|
data_t * src_str, data_t * dst )
|
|
{
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
|
|
src_str->len, dst->len ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */
|
|
void aes_encrypt_ofb( int fragment_size, data_t *key_str,
|
|
data_t *iv_str, data_t *src_str,
|
|
data_t *expected_output )
|
|
{
|
|
unsigned char output[32];
|
|
mbedtls_aes_context ctx;
|
|
size_t iv_offset = 0;
|
|
int in_buffer_len;
|
|
unsigned char* src_str_next;
|
|
|
|
memset( output, 0x00, sizeof( output ) );
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
TEST_ASSERT( (size_t)fragment_size < sizeof( output ) );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x,
|
|
key_str->len * 8 ) == 0 );
|
|
in_buffer_len = src_str->len;
|
|
src_str_next = src_str->x;
|
|
|
|
while( in_buffer_len > 0 )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
|
|
iv_str->x, src_str_next, output ) == 0 );
|
|
|
|
TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 );
|
|
|
|
in_buffer_len -= fragment_size;
|
|
expected_output->x += fragment_size;
|
|
src_str_next += fragment_size;
|
|
|
|
if( in_buffer_len < fragment_size )
|
|
fragment_size = in_buffer_len;
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:NOT_DEFINED */
|
|
void aes_invalid_mode( )
|
|
{
|
|
mbedtls_aes_context aes_ctx;
|
|
const unsigned char in[16] = { 0 };
|
|
unsigned char out[16];
|
|
const int invalid_mode = 42;
|
|
|
|
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
|
mbedtls_aes_crypt_ecb( &aes_ctx, invalid_mode, in, out ) );
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
|
mbedtls_aes_crypt_cbc( &aes_ctx, invalid_mode, 16,
|
|
out, in, out ) );
|
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
|
mbedtls_aes_xts_context xts_ctx;
|
|
|
|
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
|
mbedtls_aes_crypt_xts( &xts_ctx, invalid_mode, 16,
|
|
in, in, out ) );
|
|
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
|
size_t size;
|
|
|
|
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
|
mbedtls_aes_crypt_cfb128( &aes_ctx, invalid_mode, 16,
|
|
&size, out, in, out ) );
|
|
TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
|
mbedtls_aes_crypt_cfb8( &aes_ctx, invalid_mode, 16,
|
|
out, in, out ) );
|
|
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void aes_misc_params( )
|
|
{
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
|
|
defined(MBEDTLS_CIPHER_MODE_XTS) || \
|
|
defined(MBEDTLS_CIPHER_MODE_CFB) || \
|
|
defined(MBEDTLS_CIPHER_MODE_OFB)
|
|
mbedtls_aes_context aes_ctx;
|
|
const unsigned char in[16] = { 0 };
|
|
unsigned char out[16];
|
|
#endif
|
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
|
mbedtls_aes_xts_context xts_ctx;
|
|
#endif
|
|
#if defined(MBEDTLS_CIPHER_MODE_CFB) || \
|
|
defined(MBEDTLS_CIPHER_MODE_OFB)
|
|
size_t size;
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
|
|
15,
|
|
out, in, out )
|
|
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
|
|
17,
|
|
out, in, out )
|
|
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
|
|
15,
|
|
in, in, out )
|
|
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
|
|
(1 << 24) + 1,
|
|
in, in, out )
|
|
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
|
size = 16;
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
|
|
&size, out, in, out )
|
|
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_OFB)
|
|
size = 16;
|
|
TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
|
|
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
|
#endif
|
|
|
|
/*
|
|
* The following line needs to be added to make the code compilable
|
|
* when all the conditions above will be not define in a specific
|
|
* choice of features.
|
|
*/
|
|
TEST_ASSERT( 1 );
|
|
/* TODO: It will be removed when the whole test will be reworked */
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
|
void aes_selftest( )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 );
|
|
}
|
|
/* END_CASE */
|