mbedtls/tests/suites/test_suite_pkcs12.function

/* BEGIN_HEADER */
#include "mbedtls/pkcs12.h"
#include "common.h"

typedef enum {
    USE_NULL_INPUT = 0,
    USE_GIVEN_INPUT = 1,
} input_usage_method_t;

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_PKCS12_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void pkcs12_derive_key(int md_type, int key_size_arg,
                       data_t *password_arg, int password_usage,
                       data_t *salt_arg, int salt_usage,
                       int iterations,
                       data_t *expected_output, int expected_status)

{
    unsigned char *output_data = NULL;

    unsigned char *password = NULL;
    size_t password_len = 0;
    unsigned char *salt = NULL;
    size_t salt_len = 0;
    size_t key_size = key_size_arg;

    MD_PSA_INIT();

    if (password_usage == USE_GIVEN_INPUT) {
        password = password_arg->x;
    }

    password_len = password_arg->len;

    if (salt_usage == USE_GIVEN_INPUT) {
        salt = salt_arg->x;
    }

    salt_len = salt_arg->len;

    ASSERT_ALLOC(output_data, key_size);

    int ret = mbedtls_pkcs12_derivation(output_data,
                                        key_size,
                                        password,
                                        password_len,
                                        salt,
                                        salt_len,
                                        md_type,
                                        MBEDTLS_PKCS12_DERIVE_KEY,
                                        iterations);

    TEST_EQUAL(ret, expected_status);

    if (expected_status == 0) {
        ASSERT_COMPARE(expected_output->x, expected_output->len,
                       output_data, key_size);
    }

exit:
    mbedtls_free(output_data);
    MD_PSA_DONE();
}
/* END_CASE */
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00			`/* BEGIN_HEADER */`
			`#include "mbedtls/pkcs12.h"`
Add expected output for tests Expected output generated by OpenSSL (see below) apart from the case where both password and salt are either NULL or zero length, as OpenSSL does not support this. For these test cases we have had to use our own output as that which is expected. Code to generate test cases is as follows: #include <openssl/pkcs12.h> #include <openssl/evp.h> #include <string.h> int Keygen_Uni( const char * test_name, unsigned char pass, int passlen, unsigned char salt, int saltlen, int id, int iter, int n, unsigned char out, const EVP_MD md_type ) { size_t index; printf( "%s\n", test_name ); int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter, n, out, md_type ); if( ret != 1 ) { printf( "Key generation returned %d\n", ret ); } else { for( index = 0; index < n; ++index ) { printf( "%02x", out[index] ); } printf( "\n" ); } printf( "\n" ); } int main(void) { unsigned char out_buf[48]; unsigned char pass[64]; int pass_len; unsigned char salt[64]; int salt_len; /* If ID=1, then the pseudorandom bits being produced are to be used as key material for performing encryption or decryption. If ID=2, then the pseudorandom bits being produced are to be used as an IV (Initial Value) for encryption or decryption. If ID=3, then the pseudorandom bits being produced are to be used as an integrity key for MACing. */ int id = 1; int iter = 3; memset( out_buf, 0, sizeof( out_buf ) ); memset( pass, 0, sizeof( pass ) ); memset( salt, 0, sizeof( salt ) ); Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); salt[0] = 0x01; salt[1] = 0x23; salt[2] = 0x45; salt[3] = 0x67; salt[4] = 0x89; salt[5] = 0xab; salt[6] = 0xcd; salt[7] = 0xef; Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); memset( salt, 0, sizeof( salt ) ); pass[0] = 0x01; pass[1] = 0x23; pass[2] = 0x45; pass[3] = 0x67; pass[4] = 0x89; pass[5] = 0xab; pass[6] = 0xcd; pass[7] = 0xef; Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); salt[0] = 0x01; salt[1] = 0x23; salt[2] = 0x45; salt[3] = 0x67; salt[4] = 0x89; salt[5] = 0xab; salt[6] = 0xcd; salt[7] = 0xef; Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); return 0; } Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-12-03 19:55:31 +01:00			`#include "common.h"`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`typedef enum {`
			`USE_NULL_INPUT = 0,`
			`USE_GIVEN_INPUT = 1,`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00			`} input_usage_method_t;`

			`/* END_HEADER */`

			`/* BEGIN_DEPENDENCIES`
Remove incorrect test dependency Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-30 17:21:27 +01:00			`* depends_on:MBEDTLS_PKCS12_C`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00			`* END_DEPENDENCIES`
			`*/`

			`/* BEGIN_CASE */`
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`void pkcs12_derive_key(int md_type, int key_size_arg,`
			`data_t *password_arg, int password_usage,`
			`data_t *salt_arg, int salt_usage,`
			`int iterations,`
			`data_t *expected_output, int expected_status)`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
			`{`
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`unsigned char *output_data = NULL;`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`unsigned char *password = NULL;`
			`size_t password_len = 0;`
			`unsigned char *salt = NULL;`
			`size_t salt_len = 0;`
			`size_t key_size = key_size_arg;`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
PKCS12: always use MD light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2023-03-16 10:00:54 +01:00			`MD_PSA_INIT();`

Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`if (password_usage == USE_GIVEN_INPUT) {`
			`password = password_arg->x;`
			`}`
Simplify Input usage macros Also ensure they are used in test data rather than values Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-30 17:39:51 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`password_len = password_arg->len;`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`if (salt_usage == USE_GIVEN_INPUT) {`
			`salt = salt_arg->x;`
			`}`
Simplify Input usage macros Also ensure they are used in test data rather than values Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-30 17:39:51 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`salt_len = salt_arg->len;`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`ASSERT_ALLOC(output_data, key_size);`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`int ret = mbedtls_pkcs12_derivation(output_data,`
No need to use MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED in tests Initializing return status variables to CORRUPTION_DETECTED is a second line of defense in library code in case there's a code path where we forget to assign to the variable. This isn't useful in test code. In any case, here, we might as well define the variable at the point of use. This fixes a build error in configurations with MBEDTLS_ERROR_C and MBEDTLS_PSA_CRYPTO_C both disabled, because then mbedtls/error.h isn't included so MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED isn't defined. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2022-09-15 21:05:04 +02:00			`key_size,`
			`password,`
			`password_len,`
			`salt,`
			`salt_len,`
			`md_type,`
			`MBEDTLS_PKCS12_DERIVE_KEY,`
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`iterations);`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`TEST_EQUAL(ret, expected_status);`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`if (expected_status == 0) {`
			`ASSERT_COMPARE(expected_output->x, expected_output->len,`
			`output_data, key_size);`
			`}`
Add expected output for tests Expected output generated by OpenSSL (see below) apart from the case where both password and salt are either NULL or zero length, as OpenSSL does not support this. For these test cases we have had to use our own output as that which is expected. Code to generate test cases is as follows: #include <openssl/pkcs12.h> #include <openssl/evp.h> #include <string.h> int Keygen_Uni( const char * test_name, unsigned char pass, int passlen, unsigned char salt, int saltlen, int id, int iter, int n, unsigned char out, const EVP_MD md_type ) { size_t index; printf( "%s\n", test_name ); int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter, n, out, md_type ); if( ret != 1 ) { printf( "Key generation returned %d\n", ret ); } else { for( index = 0; index < n; ++index ) { printf( "%02x", out[index] ); } printf( "\n" ); } printf( "\n" ); } int main(void) { unsigned char out_buf[48]; unsigned char pass[64]; int pass_len; unsigned char salt[64]; int salt_len; /* If ID=1, then the pseudorandom bits being produced are to be used as key material for performing encryption or decryption. If ID=2, then the pseudorandom bits being produced are to be used as an IV (Initial Value) for encryption or decryption. If ID=3, then the pseudorandom bits being produced are to be used as an integrity key for MACing. */ int id = 1; int iter = 3; memset( out_buf, 0, sizeof( out_buf ) ); memset( pass, 0, sizeof( pass ) ); memset( salt, 0, sizeof( salt ) ); Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); salt[0] = 0x01; salt[1] = 0x23; salt[2] = 0x45; salt[3] = 0x67; salt[4] = 0x89; salt[5] = 0xab; salt[6] = 0xcd; salt[7] = 0xef; Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); memset( salt, 0, sizeof( salt ) ); pass[0] = 0x01; pass[1] = 0x23; pass[2] = 0x45; pass[3] = 0x67; pass[4] = 0x89; pass[5] = 0xab; pass[6] = 0xcd; pass[7] = 0xef; Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); salt[0] = 0x01; salt[1] = 0x23; salt[2] = 0x45; salt[3] = 0x67; salt[4] = 0x89; salt[5] = 0xab; salt[6] = 0xcd; salt[7] = 0xef; Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); return 0; } Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-12-03 19:55:31 +01:00
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00			`exit:`
Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2023-01-11 14:50:10 +01:00			`mbedtls_free(output_data);`
PKCS12: always use MD light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2023-03-16 10:00:54 +01:00			`MD_PSA_DONE();`
Add PKCS12 tests Only regression tests for the empty password bugs for now. Further tests will follow later. Signed-off-by: Paul Elliott <paul.elliott@arm.com> 2021-11-18 23:35:48 +01:00			`}`
			`/* END_CASE */`