diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index 14a467457..fa149bdec 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,10 +1,2 @@ -execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result) -execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_PSA_P256M_DRIVER_ENABLED RESULT_VARIABLE p256m_result) - -if(${everest_result} EQUAL 0) - add_subdirectory(everest) -endif() - -if(${p256m_result} EQUAL 0) - add_subdirectory(p256-m) -endif() +add_subdirectory(everest) +add_subdirectory(p256-m) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 4ad367e17..e0e5adecd 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -1,9 +1,11 @@ -add_library(everest +set(everest_target "${MBEDTLS_TARGET_PREFIX}everest") + +add_library(${everest_target} library/everest.c library/x25519.c library/Hacl_Curve25519_joined.c) -target_include_directories(everest +target_include_directories(${everest_target} PUBLIC $ $ $ @@ -11,6 +13,19 @@ target_include_directories(everest include/everest/kremlib ${MBEDTLS_DIR}/library/) +# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE +# This must be duplicated from library/CMakeLists.txt because +# everest is not directly linked against any mbedtls targets +# so does not inherit the compile definitions. +if(MBEDTLS_CONFIG_FILE) + target_compile_definitions(${everest_target} + PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") +endif() +if(MBEDTLS_USER_CONFIG_FILE) + target_compile_definitions(${everest_target} + PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") +endif() + if(INSTALL_MBEDTLS_HEADERS) install(DIRECTORY include/everest @@ -21,7 +36,7 @@ if(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS) -install(TARGETS everest +install(TARGETS ${everest_target} EXPORT MbedTLSTargets DESTINATION ${CMAKE_INSTALL_LIBDIR} PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt index 0001dd2a8..2ef0d48b7 100644 --- a/3rdparty/p256-m/CMakeLists.txt +++ b/3rdparty/p256-m/CMakeLists.txt @@ -1,14 +1,29 @@ -add_library(p256m +set(p256m_target ${MBEDTLS_TARGET_PREFIX}p256m) + +add_library(${p256m_target} p256-m_driver_entrypoints.c p256-m/p256-m.c) -target_include_directories(p256m +target_include_directories(${p256m_target} PUBLIC $ $ $ $ PRIVATE ${MBEDTLS_DIR}/library/) +# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE +# This must be duplicated from library/CMakeLists.txt because +# p256m is not directly linked against any mbedtls targets +# so does not inherit the compile definitions. +if(MBEDTLS_CONFIG_FILE) + target_compile_definitions(${p256m_target} + PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") +endif() +if(MBEDTLS_USER_CONFIG_FILE) + target_compile_definitions(${p256m_target} + PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") +endif() + if(INSTALL_MBEDTLS_HEADERS) install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR} @@ -19,7 +34,7 @@ if(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS) -install(TARGETS p256m +install(TARGETS ${p256m_target} EXPORT MbedTLSTargets DESTINATION ${CMAKE_INSTALL_LIBDIR} PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) diff --git a/BRANCHES.md b/BRANCHES.md index 0aaacb0fb..d3bd75eff 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - . + . Users are urged to always use the latest version of a maintained branch. diff --git a/CMakeLists.txt b/CMakeLists.txt index 508f524a2..cbe57486f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -377,7 +377,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 3.4.1) + VERSION 3.5.0) install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" diff --git a/ChangeLog b/ChangeLog index bc1d32e4d..85f3665c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,293 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 3.5.0 branch released 2023-10-05 + +API changes + * Mbed TLS 3.4 introduced support for omitting the built-in implementation + of ECDSA and/or EC J-PAKE when those are provided by a driver. However, + their was a flaw in the logic checking if the built-in implementation, in + that if failed to check if all the relevant curves were supported by the + accelerator. As a result, it was possible to declare no curves as + accelerated and still have the built-in implementation compiled out. + Starting with this release, it is necessary to declare which curves are + accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be + considered not accelerated, and the built-in implementation of the curves + and any algorithm possible using them will be included in the build. + * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()` + function, needed for TLS 1.3 ticket lifetimes. Alternative implementations + can be created using an ALT interface. + +Requirement changes + * Officially require Python 3.8 now that earlier versions are out of support. + * Minimum required Windows version is now Windows Vista, or + Windows Server 2008. + +New deprecations + * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and + MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA, + are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and + MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC, + IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about + the capabilities of the PSA side for either key. + * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of + MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests: + maximum size of any supported block cipher) or the new name + MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics: + maximum size of a block cipher supported by the CMAC module). + * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now + deprecated in favor of mbedtls_pkcs5_pbes2_ext() and + mbedtls_pkcs12_pbe_ext() as they offer more security by checking + for overflow of the output buffer and reporting the actual length + of the output. + +Features + * All modules that use hashes or HMAC can now take advantage of PSA Crypto + drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has + been called. Previously (in 3.3), this was restricted to a few modules, + and only in builds where MBEDTLS_MD_C was disabled; in particular the + entropy module was not covered which meant an external RNG had to be + provided - these limitations are lifted in this version. A new set of + feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used + to check for availability of hash algorithms, regardless of whether + they're provided by a built-in implementation, a driver or both. See + docs/driver-only-builds.md. + * When a PSA driver for ECDH is present, it is now possible to disable + MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2 + key exchanges based on ECDH(E) to work, this requires + MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in + TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet, + as PSA does not have an API for restartable ECDH yet. + * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by + a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C + if not required by another module) and still get support for ECC keys and + algorithms in PSA, with some limitations. See docs/driver-only-builds.txt + for details. + * Add parsing of directoryName subtype for subjectAltName extension in + x509 certificates. + * Add support for server-side TLS version negotiation. If both TLS 1.2 and + TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or + TLS 1.3 depending on the capabilities and preferences of TLS clients. + Fixes #6867. + * X.509 hostname verification now supports IPAddress Subject Alternate Names. + * Add support for reading and writing X25519 and X448 + public and private keys in RFC 8410 format using the existing PK APIs. + * When parsing X.509 certificates, support the extensions + SignatureKeyIdentifier and AuthorityKeyIdentifier. + * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc) + if no PAKE algorithms are requested + * Add support for the FFDH algorithm and DH key types in PSA, with + parameters from RFC 7919. This includes a built-in implementation based + on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative + implementations of FFDH through the driver entry points. + * It is now possible to generate certificates with SubjectAltNames. + Currently supported subtypes: DnsName, UniformResourceIdentifier, + IP address, OtherName, and DirectoryName, as defined in RFC 5280. + See mbedtls_x509write_crt_set_subject_alternative_name for + more information. + * X.509 hostname verification now partially supports URI Subject Alternate + Names. Only exact matching, without any normalization procedures + described in 7.4 of RFC5280, will result in a positive URI verification. + * Add function mbedtls_oid_from_numeric_string() to parse an OID from a + string to a DER-encoded mbedtls_asn1_buf. + * Add SHA-3 family hash functions. + * Add support to restrict AES to 128-bit keys in order to save code size. + A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be + used to enable this feature. + * AES performance improvements. Uplift varies by platform, + toolchain, optimisation flags and mode. + Aarch64, gcc -Os and CCM, GCM and XTS benefit the most. + On Aarch64, uplift is typically around 20 - 110%. + When compiling with gcc -Os on Aarch64, AES-XTS improves + by 4.5x. + * Add support for PBKDF2-HMAC through the PSA API. + * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and + MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA + or DH) were introduced in order to have finer accuracy in defining the + PSA capabilities for each key. These capabilities, named yyy above, can be + any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE. + - DERIVE is only available for ECC keys, not for RSA or DH ones. + - implementations are free to enable more than what it was strictly + requested. For example BASIC internally enables IMPORT and EXPORT + (useful for testing purposes), but this might change in the future. + * Add support for FFDH key exchange in TLS 1.3. + This is automatically enabled as soon as PSA_WANT_ALG_FFDH + and the ephemeral or psk-ephemeral key exchange mode are enabled. + By default, all groups are offered; the list of groups can be + configured using the existing API function mbedtls_ssl_conf_groups(). + * Improve mbedtls_x509_time performance and reduce memory use. + * Reduce syscalls to time() during certificate verification. + * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by + setting the CMake variable of the same name at configuration time. + * Add getter (mbedtls_ssl_cache_get_timeout()) to access + `mbedtls_ssl_cache_context.timeout`. + * Add getter (mbedtls_ssl_get_hostname()) to access + `mbedtls_ssl_context.hostname`. + * Add getter (mbedtls_ssl_conf_get_endpoint()) to access + `mbedtls_ssl_config.endpoint`. + * Support for "opaque" (PSA-held) ECC keys in the PK module has been + extended: it is now possible to use mbedtls_pk_write_key_der(), + mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and + mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes + allow it). + * The documentation of mbedtls_ecp_group now describes the optimized + representation of A for some curves. Fixes #8045. + * Add a possibility to generate CSR's with RCF822 and directoryName subtype + of subjectAltName extension in x509 certificates. + * Add support for PBKDF2-CMAC through the PSA API. + * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When + using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option + disables the plain C implementation and the run-time detection for the + CPU feature, which reduces code size and avoids the vulnerability of the + plain C implementation. + * Accept arbitrary AttributeType and AttributeValue in certificate + Distinguished Names using RFC 4514 syntax. + * Applications using ECC over secp256r1 through the PSA API can use a + new implementation with a much smaller footprint, but some minor + usage restrictions. See the documentation of the new configuration + option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details. + +Security + * Fix a case where potentially sensitive information held in memory would not + be completely zeroized during TLS 1.2 handshake, in both server and client + configurations. + * In configurations with ARIA or Camellia but not AES, the value of + MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might + suggest. This did not affect any library code, because this macro was + only used in relation with CMAC which does not support these ciphers. + This may affect application code that uses this macro. + * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should + review the size of the output buffer passed to this function, and note + that the output after decryption may include CBC padding. Consider moving + to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() + which checks for overflow of the output buffer and reports the actual + length of the output. + * Improve padding calculations in CBC decryption, NIST key unwrapping and + RSA OAEP decryption. With the previous implementation, some compilers + (notably recent versions of Clang and IAR) could produce non-constant + time code, which could allow a padding oracle attack if the attacker + has access to precise timing measurements. + * Updates to constant-time C code so that compilers are less likely to use + conditional instructions, which can have an observable difference in + timing. (Clang has been seen to do this.) Also introduce assembly + implementations for 32- and 64-bit Arm and for x86 and x86-64, which are + guaranteed not to use conditional instructions. + * Fix definition of MBEDTLS_MD_MAX_BLOCK_SIZE, which was too + small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was + undefined. Mbed TLS itself was unaffected by this, but user code + which used MBEDTLS_MD_MAX_BLOCK_SIZE could be affected. The only + release containing this bug was Mbed TLS 3.4.0. + * Fix a buffer overread when parsing short TLS application data records in + null-cipher cipher suites. Credit to OSS-Fuzz. + * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing. + In TLS 1.3, all configurations are affected except PSK-only ones, and + both clients and servers are affected. + In TLS 1.2, the affected configurations are those with + MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled, + and only servers are affected, not clients. + Credit to OSS-Fuzz. + +Bugfix + * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and + PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger + than all built-in ones and RSA is disabled. + Resolves #6622. + * Add missing md.h includes to some of the external programs from + the programs directory. Without this, even though the configuration + was sufficient for a particular program to work, it would only print + a message that one of the required defines is missing. + * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function + in the ecdsa.h header file. There was a build warning when the + configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined. + Resolves #7407. + * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not + MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498. + * Fix missing PSA initialization in sample programs when + MBEDTLS_USE_PSA_CRYPTO is enabled. + * Fix the J-PAKE driver interface for user and peer to accept any values + (previously accepted values were limited to "client" or "server"). + * Fix clang and armclang compilation error when targeting certain Arm + M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, + SecurCore SC000). Fixes #1077. + * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when + built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a + way to detect the crypto extensions required. A warning is still issued. + * Fixed an issue that caused compile errors when using CMake and the IAR + toolchain. + * Fix very high stack usage in SSL debug code. Reported by Maximilian + Gerhardt in #7804. + * Fix a compilation failure in the constant_time module when + building for arm64_32 (e.g., for watchos). Reported by Paulo + Coutinho in #7787. + * Fix crypt_and_hash decryption fail when used with a stream cipher + mode of operation due to the input not being multiple of block size. + Resolves #7417. + * Fix a bug in which mbedtls_x509_string_to_names() would return success + when given a invalid name string if it did not contain '=' or ','. + * Fix compilation warnings in aes.c, which prevented the + example TF-M configuration in configs/ from building cleanly: + tfm_mbedcrypto_config_profile_medium.h with + crypto_config_profile_medium.h. + * In TLS 1.3, fix handshake failure when a client in its ClientHello + proposes an handshake based on PSK only key exchange mode or at least + one of the key exchange modes using ephemeral keys to a server that + supports only the PSK key exchange mode. + * Fix CCM* with no tag being not supported in a build with CCM as the only + symmetric encryption algorithm and the PSA configuration enabled. + * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516. + * Fix a compilation error on some platforms when including mbedtls/ssl.h + with all TLS support disabled. Fixes #6628. + * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when + using ECC key. The certificate was rejected by some crypto frameworks. + Fixes #2924. + * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc() + is called with zero length and padlock is not enabled. + * Fix compile failure due to empty enum in cipher_wrap.c, when building + with a very minimal configuration. Fixes #7625. + * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA + signature can silently return an incorrect result in low memory conditions. + * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when + MBEDTLS_PSA_CRYPTO_CONFIG is disabled. + * Fix IAR compiler warnings. + * Fix an issue when parsing an otherName subject alternative name into a + mbedtls_x509_san_other_name struct. The type-id of the otherName was not + copied to the struct. This meant that the struct had incomplete + information about the otherName SAN and contained uninitialized memory. + * Fix the detection of HardwareModuleName otherName SANs. These were being + detected by comparing the wrong field and the check was erroneously + inverted. + * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG + enabled, where some low-level modules required by requested PSA crypto + features were not getting automatically enabled. Fixes #7420. + * Fix undefined symbols in some builds using TLS 1.3 with a custom + configuration file. + * Fix log level for the got supported group message. Fixes #6765 + * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx + error code on failure. Before, they returned 1 to indicate failure in + some cases involving a missing entry or a full cache. + * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys. + * Fix the build with CMake when Everest or P256-m is enabled through + a user configuration file or the compiler command line. Fixes #8165. + +Changes + * Enable Arm / Thumb bignum assembly for most Arm platforms when + compiling with gcc, clang or armclang and -O0. + * Enforce minimum RSA key size when generating a key + to avoid accidental misuse. + * Use heap memory to allocate DER encoded RSA private key. + This reduces stack usage significantly for RSA signature + operations when MBEDTLS_PSA_CRYPTO_C is defined. + * Update Windows code to use BCryptGenRandom and wcslen, and + ensure that conversions between size_t, ULONG, and int are + always done safely. Original contribution by Kevin Kane #635, #730 + followed by Simon Butcher #1453. + * Users integrating their own PSA drivers should be aware that + the file library/psa_crypto_driver_wrappers.c has been renamed + to psa_crypto_driver_wrappers_no_static.c. + * When using CBC with the cipher module, the requirement to call + mbedtls_cipher_set_padding_mode() is now enforced. Previously, omitting + this call accidentally applied a default padding mode chosen at compile + time. + = Mbed TLS 3.4.1 branch released 2023-08-04 Bugfix diff --git a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt deleted file mode 100644 index 014eec657..000000000 --- a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt +++ /dev/null @@ -1,18 +0,0 @@ -New deprecations - * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA, - are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC, - IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about - the capabilities of the PSA side for either key. - -Features - * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA - or DH) were introduced in order to have finer accuracy in defining the - PSA capabilities for each key. These capabilities, named yyy above, can be - any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE. - - DERIVE is only available for ECC keys, not for RSA or DH ones. - - implementations are free to enable more than what it was strictly - requested. For example BASIC internally enables IMPORT and EXPORT - (useful for testing purposes), but this might change in the future. diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt deleted file mode 100644 index 9aa3ff91d..000000000 --- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * When parsing X.509 certificates, support the extensions - SignatureKeyIdentifier and AuthorityKeyIdentifier. diff --git a/ChangeLog.d/add-aes-128bit-only.txt b/ChangeLog.d/add-aes-128bit-only.txt deleted file mode 100644 index b080cac5e..000000000 --- a/ChangeLog.d/add-aes-128bit-only.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add support to restrict AES to 128-bit keys in order to save code size. - A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be - used to enable this feature. diff --git a/ChangeLog.d/add-aes-hardware-only-option.txt b/ChangeLog.d/add-aes-hardware-only-option.txt deleted file mode 100644 index a185aff2a..000000000 --- a/ChangeLog.d/add-aes-hardware-only-option.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When - using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option - disables the plain C implementation and the run-time detection for the - CPU feature, which reduces code size and avoids the vulnerability of the - plain C implementation. diff --git a/ChangeLog.d/add-directoryname-san.txt b/ChangeLog.d/add-directoryname-san.txt deleted file mode 100644 index e11629878..000000000 --- a/ChangeLog.d/add-directoryname-san.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add parsing of directoryName subtype for subjectAltName extension in - x509 certificates. diff --git a/ChangeLog.d/add-getters-for-some-fields.txt b/ChangeLog.d/add-getters-for-some-fields.txt deleted file mode 100644 index 6a6fbad67..000000000 --- a/ChangeLog.d/add-getters-for-some-fields.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Add getter (mbedtls_ssl_cache_get_timeout()) to access - `mbedtls_ssl_cache_context.timeout`. - * Add getter (mbedtls_ssl_get_hostname()) to access - `mbedtls_ssl_context.hostname`. - * Add getter (mbedtls_ssl_conf_get_endpoint()) to access - `mbedtls_ssl_config.endpoint`. diff --git a/ChangeLog.d/add-milliseconds-time-api.txt b/ChangeLog.d/add-milliseconds-time-api.txt deleted file mode 100644 index d9e939fad..000000000 --- a/ChangeLog.d/add-milliseconds-time-api.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()` - function, needed for TLS 1.3 ticket lifetimes. Alternative implementations - can be created using an ALT interface. - diff --git a/ChangeLog.d/add-missing-md-includes.txt b/ChangeLog.d/add-missing-md-includes.txt deleted file mode 100644 index 408c3615e..000000000 --- a/ChangeLog.d/add-missing-md-includes.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Add missing md.h includes to some of the external programs from - the programs directory. Without this, even though the configuration - was sufficient for a particular program to work, it would only print - a message that one of the required defines is missing. diff --git a/ChangeLog.d/add-pbkdf2-cmac.txt b/ChangeLog.d/add-pbkdf2-cmac.txt deleted file mode 100644 index 0ed84ea51..000000000 --- a/ChangeLog.d/add-pbkdf2-cmac.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add support for PBKDF2-CMAC through the PSA API. diff --git a/ChangeLog.d/add-pbkdf2-hmac.txt b/ChangeLog.d/add-pbkdf2-hmac.txt deleted file mode 100644 index 2708098a3..000000000 --- a/ChangeLog.d/add-pbkdf2-hmac.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add support for PBKDF2-HMAC through the PSA API. diff --git a/ChangeLog.d/add-psa_want_alg_some_pake.txt b/ChangeLog.d/add-psa_want_alg_some_pake.txt deleted file mode 100644 index 00b3002b6..000000000 --- a/ChangeLog.d/add-psa_want_alg_some_pake.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc) - if no PAKE algorithms are requested diff --git a/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt b/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt deleted file mode 100644 index ff8693c40..000000000 --- a/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a possibility to generate CSR's with RCF822 and directoryName subtype - of subjectAltName extension in x509 certificates. diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt deleted file mode 100644 index 487e5c656..000000000 --- a/ChangeLog.d/add-subjectAltName-certs.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * It is now possible to generate certificates with SubjectAltNames. - Currently supported subtypes: DnsName, UniformResourceIdentifier, - IP address, OtherName, and DirectoryName, as defined in RFC 5280. - See mbedtls_x509write_crt_set_subject_alternative_name for - more information. diff --git a/ChangeLog.d/aes-perf.txt b/ChangeLog.d/aes-perf.txt deleted file mode 100644 index ab716bce8..000000000 --- a/ChangeLog.d/aes-perf.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * AES performance improvements. Uplift varies by platform, - toolchain, optimisation flags and mode. - Aarch64, gcc -Os and CCM, GCM and XTS benefit the most. - On Aarch64, uplift is typically around 20 - 110%. - When compiling with gcc -Os on Aarch64, AES-XTS improves - by 4.5x. diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt deleted file mode 100644 index 59ae1cd9d..000000000 --- a/ChangeLog.d/armclang-compile-fix.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Fix clang and armclang compilation error when targeting certain Arm - M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, - SecurCore SC000). Fixes #1077. -Changes - * Enable Arm / Thumb bignum assembly for most Arm platforms when - compiling with gcc, clang or armclang and -O0. diff --git a/ChangeLog.d/basic-uri-verification.txt b/ChangeLog.d/basic-uri-verification.txt deleted file mode 100644 index aa039ea29..000000000 --- a/ChangeLog.d/basic-uri-verification.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * X.509 hostname verification now partially supports URI Subject Alternate - Names. Only exact matching, without any normalization procedures - described in 7.4 of RFC5280, will result in a positive URI verification. diff --git a/ChangeLog.d/bugfix_iar_typo.txt b/ChangeLog.d/bugfix_iar_typo.txt deleted file mode 100644 index 95f97b1cb..000000000 --- a/ChangeLog.d/bugfix_iar_typo.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fixed an issue that caused compile errors when using CMake and the IAR - toolchain. diff --git a/ChangeLog.d/cmake-pass-through-config-defines.txt b/ChangeLog.d/cmake-pass-through-config-defines.txt deleted file mode 100644 index 6122f37d2..000000000 --- a/ChangeLog.d/cmake-pass-through-config-defines.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by - setting the CMake variable of the same name at configuration time. diff --git a/ChangeLog.d/config_psa-include-order.txt b/ChangeLog.d/config_psa-include-order.txt deleted file mode 100644 index 674c28653..000000000 --- a/ChangeLog.d/config_psa-include-order.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG - enabled, where some low-level modules required by requested PSA crypto - features were not getting automatically enabled. Fixes #7420. diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt deleted file mode 100644 index 118513304..000000000 --- a/ChangeLog.d/driver-ffdh.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a driver dispatch layer for FFDH keys, enabling alternative - implementations of FFDH through the driver entry points. diff --git a/ChangeLog.d/driver-only-ecc.txt b/ChangeLog.d/driver-only-ecc.txt deleted file mode 100644 index 887808511..000000000 --- a/ChangeLog.d/driver-only-ecc.txt +++ /dev/null @@ -1,23 +0,0 @@ -Features - * When a PSA driver for ECDH is present, it is now possible to disable - MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2 - key exchanges based on ECDH(E) to work, this requires - MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in - TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet, - as PSA does not have an API for restartable ECDH yet. - * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by - a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C - if not required by another module) and still get support for ECC keys and - algorithms in PSA, with some limitations. See docs/driver-only-builds.txt - for details. -API changes - * Mbed TLS 3.4 introduced support for omitting the built-in implementation - of ECDSA and/or EC J-PAKE when those are provided by a driver. However, - their was a flaw in the logic checking if the built-in implementation, in - that if failed to check if all the relevant curves were supported by the - accelerator. As a result, it was possible to declare no curves as - accelerated and still have the built-in implementation compiled out. - Starting with this release, it is necessary to declare which curves are - accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be - considered not accelerated, and the built-in implementation of the curves - and any algorithm possible using them will be included in the build. diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt deleted file mode 100644 index cd1e030d1..000000000 --- a/ChangeLog.d/driver-only-hashes.txt +++ /dev/null @@ -1,11 +0,0 @@ -Features - * All modules that use hashes or HMAC can now take advantage of PSA Crypto - drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has - been called. Previously (in 3.3), this was restricted to a few modules, - and only in builds where MBEDTLS_MD_C was disabled; in particular the - entropy module was not covered which meant an external RNG had to be - provided - these limitations are lifted in this version. A new set of - feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used - to check for availability of hash algorithms, regardless of whether - they're provided by a built-in implementation, a driver or both. See - docs/driver-only-builds.md. diff --git a/ChangeLog.d/ec_jpake_user_peer_2.txt b/ChangeLog.d/ec_jpake_user_peer_2.txt deleted file mode 100644 index 9572ac7c1..000000000 --- a/ChangeLog.d/ec_jpake_user_peer_2.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the J-PAKE driver interface for user and peer to accept any values - (previously accepted values were limited to "client" or "server"). diff --git a/ChangeLog.d/enforce-min-RSA-key-size.txt b/ChangeLog.d/enforce-min-RSA-key-size.txt deleted file mode 100644 index 06cd2a276..000000000 --- a/ChangeLog.d/enforce-min-RSA-key-size.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Enforce minimum RSA key size when generating a key - to avoid accidental misuse. diff --git a/ChangeLog.d/extend-distinguished-names.txt b/ChangeLog.d/extend-distinguished-names.txt deleted file mode 100644 index b148424cf..000000000 --- a/ChangeLog.d/extend-distinguished-names.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Accept arbitrary AttributeType and AttributeValue in certificate - Distinguished Names using RFC 4514 syntax. diff --git a/ChangeLog.d/extend-pk-opaque-ecc.txt b/ChangeLog.d/extend-pk-opaque-ecc.txt deleted file mode 100644 index ad5bdc096..000000000 --- a/ChangeLog.d/extend-pk-opaque-ecc.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Support for "opaque" (PSA-held) ECC keys in the PK module has been - extended: it is now possible to use mbedtls_pk_write_key_der(), - mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and - mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes - allow it). diff --git a/ChangeLog.d/ffdh-tls-1-3.txt b/ChangeLog.d/ffdh-tls-1-3.txt deleted file mode 100644 index c5d07d69f..000000000 --- a/ChangeLog.d/ffdh-tls-1-3.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add support for FFDH key exchange in TLS 1.3. - This is automatically enabled as soon as PSA_WANT_ALG_FFDH - and the ephemeral or psk-ephemeral key exchange mode are enabled. - By default, all groups are offered; the list of groups can be - configured using the existing API function mbedtls_ssl_conf_groups(). diff --git a/ChangeLog.d/fix-3rdparty-target-prefix.txt b/ChangeLog.d/fix-3rdparty-target-prefix.txt new file mode 100644 index 000000000..db8ed07ee --- /dev/null +++ b/ChangeLog.d/fix-3rdparty-target-prefix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules + in CMake. diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt deleted file mode 100644 index aadde3631..000000000 --- a/ChangeLog.d/fix-a-few-unchecked-return.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA - signature can silently return an incorrect result in low memory conditions. diff --git a/ChangeLog.d/fix-aes-cbc-iv-corruption b/ChangeLog.d/fix-aes-cbc-iv-corruption deleted file mode 100644 index 11eb9463e..000000000 --- a/ChangeLog.d/fix-aes-cbc-iv-corruption +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc() - is called with zero length and padlock is not enabled. diff --git a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt new file mode 100644 index 000000000..ec543aafc --- /dev/null +++ b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the build with CMake when Everest or P256-m is enabled through + a user configuration file or the compiler command line. Fixes #8165. diff --git a/ChangeLog.d/fix-cpp-compilation-error.txt b/ChangeLog.d/fix-cpp-compilation-error.txt new file mode 100644 index 000000000..32d86dced --- /dev/null +++ b/ChangeLog.d/fix-cpp-compilation-error.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is + disabled. diff --git a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt b/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt deleted file mode 100644 index ded9b2d47..000000000 --- a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix crypt_and_hash decryption fail when used with a stream cipher - mode of operation due to the input not being multiple of block size. - Resolves #7417. diff --git a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt deleted file mode 100644 index c30e07451..000000000 --- a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function - in the ecdsa.h header file. There was a build warning when the - configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined. - Resolves #7407. diff --git a/ChangeLog.d/fix-empty-enum.txt b/ChangeLog.d/fix-empty-enum.txt deleted file mode 100644 index 458d58f3b..000000000 --- a/ChangeLog.d/fix-empty-enum.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix compile failure due to empty enum in cipher_wrap.c, when building - with a very minimal configuration. Fixes #7625. diff --git a/ChangeLog.d/fix-hrr-in-psk-kem.txt b/ChangeLog.d/fix-hrr-in-psk-kem.txt deleted file mode 100644 index 037771184..000000000 --- a/ChangeLog.d/fix-hrr-in-psk-kem.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * In TLS 1.3, fix handshake failure when a client in its ClientHello - proposes an handshake based on PSK only key exchange mode or at least - one of the key exchange modes using ephemeral keys to a server that - supports only the PSK key exchange mode. diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt deleted file mode 100644 index 0dc2623f8..000000000 --- a/ChangeLog.d/fix-iar-compiler-warnings.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix IAR compiler warnings. diff --git a/ChangeLog.d/fix-ilp32.txt b/ChangeLog.d/fix-ilp32.txt deleted file mode 100644 index 3f18ac5c5..000000000 --- a/ChangeLog.d/fix-ilp32.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a compilation failure in the constant_time module when - building for arm64_32 (e.g., for watchos). Reported by Paulo - Coutinho in #7787. diff --git a/ChangeLog.d/fix-log-level-msg.txt b/ChangeLog.d/fix-log-level-msg.txt deleted file mode 100644 index 4e82ad150..000000000 --- a/ChangeLog.d/fix-log-level-msg.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix log level for the got supported group message. Fixes #6765 diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt deleted file mode 100644 index ac4b3d176..000000000 --- a/ChangeLog.d/fix-string-to-names-retcode.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a bug in which mbedtls_x509_string_to_names() would return success - when given a invalid name string if it did not contain '=' or ','. diff --git a/ChangeLog.d/fix-tfm-build.txt b/ChangeLog.d/fix-tfm-build.txt deleted file mode 100644 index 64cb837ae..000000000 --- a/ChangeLog.d/fix-tfm-build.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix compilation warnings in aes.c, which prevented the - example TF-M configuration in configs/ from building cleanly: - tfm_mbedcrypto_config_profile_medium.h with - crypto_config_profile_medium.h. diff --git a/ChangeLog.d/fix-tls-padbuf-zeroization b/ChangeLog.d/fix-tls-padbuf-zeroization deleted file mode 100644 index 36451cb4b..000000000 --- a/ChangeLog.d/fix-tls-padbuf-zeroization +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Fix a case where potentially sensitive information held in memory would not - be completely zeroized during TLS 1.2 handshake, in both server and client - configurations. diff --git a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt deleted file mode 100644 index 7fcb5ec29..000000000 --- a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when - built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a - way to detect the crypto extensions required. A warning is still issued. diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt deleted file mode 100644 index 8fdc588b1..000000000 --- a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The documentation of mbedtls_ecp_group now describes the optimized - representation of A for some curves. Fixes #8045. diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt deleted file mode 100644 index dc8395d40..000000000 --- a/ChangeLog.d/initialize-struct-get-other-name.txt +++ /dev/null @@ -1,8 +0,0 @@ -Bugfix - * Fix an issue when parsing an otherName subject alternative name into a - mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete - information about the otherName SAN and contained uninitialized memory. - * Fix the detection of HardwareModuleName otherName SANs. These were being - detected by comparing the wrong field and the check was erroneously - inverted. diff --git a/ChangeLog.d/inject-entropy.txt b/ChangeLog.d/inject-entropy.txt deleted file mode 100644 index 762662969..000000000 --- a/ChangeLog.d/inject-entropy.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516. diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt deleted file mode 100644 index 22e8adbc5..000000000 --- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not - MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498. diff --git a/ChangeLog.d/mbedtls_x509_time.txt b/ChangeLog.d/mbedtls_x509_time.txt deleted file mode 100644 index 557f1910d..000000000 --- a/ChangeLog.d/mbedtls_x509_time.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Improve mbedtls_x509_time performance and reduce memory use. - * Reduce syscalls to time() during certificate verification. diff --git a/ChangeLog.d/misc-from-psa-crypto.txt b/ChangeLog.d/misc-from-psa-crypto.txt deleted file mode 100644 index 40a043a4f..000000000 --- a/ChangeLog.d/misc-from-psa-crypto.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix CCM* with no tag being not supported in a build with CCM as the only - symmetric encryption algorithm and the PSA configuration enabled. diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt deleted file mode 100644 index 82ed2fd71..000000000 --- a/ChangeLog.d/oid-parse-from-numeric-string.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add function mbedtls_oid_from_numeric_string() to parse an OID from a - string to a DER-encoded mbedtls_asn1_buf. diff --git a/ChangeLog.d/p256-m.txt b/ChangeLog.d/p256-m.txt deleted file mode 100644 index e47358052..000000000 --- a/ChangeLog.d/p256-m.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Applications using ECC over secp256r1 through the PSA API can use a - new implementation with a much smaller footprint, but some minor - usage restrictions. See the documentation of the new configuration - option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details. diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt deleted file mode 100644 index fe2099ecc..000000000 --- a/ChangeLog.d/programs_psa_fix.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix missing PSA initialization in sample programs when - MBEDTLS_USE_PSA_CRYPTO is enabled. diff --git a/ChangeLog.d/psa_crypto_user_config_file.txt b/ChangeLog.d/psa_crypto_user_config_file.txt deleted file mode 100644 index f538f4707..000000000 --- a/ChangeLog.d/psa_crypto_user_config_file.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when - MBEDTLS_PSA_CRYPTO_CONFIG is disabled. diff --git a/ChangeLog.d/python3.8.txt b/ChangeLog.d/python3.8.txt deleted file mode 100644 index 32a7c09a8..000000000 --- a/ChangeLog.d/python3.8.txt +++ /dev/null @@ -1,2 +0,0 @@ -Requirement changes - * Officially require Python 3.8 now that earlier versions are out of support. diff --git a/ChangeLog.d/rfc8410.txt b/ChangeLog.d/rfc8410.txt deleted file mode 100644 index e2984ee4b..000000000 --- a/ChangeLog.d/rfc8410.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add support for reading and writing X25519 and X448 - public and private keys in RFC 8410 format using the existing PK APIs. diff --git a/ChangeLog.d/sha3.txt b/ChangeLog.d/sha3.txt deleted file mode 100644 index 9426f879f..000000000 --- a/ChangeLog.d/sha3.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add SHA-3 family hash functions. - diff --git a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt b/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt deleted file mode 100644 index 8cc6e5eab..000000000 --- a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and - PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger - than all built-in ones and RSA is disabled. - Resolves #6622. diff --git a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt b/ChangeLog.d/ssl_debug_helpers-stack_usage.txt deleted file mode 100644 index e2c24759f..000000000 --- a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix very high stack usage in SSL debug code. Reported by Maximilian - Gerhardt in #7804. diff --git a/ChangeLog.d/ssl_premaster_secret-empty.txt b/ChangeLog.d/ssl_premaster_secret-empty.txt deleted file mode 100644 index 0ce5f36ea..000000000 --- a/ChangeLog.d/ssl_premaster_secret-empty.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a compilation error on some platforms when including mbedtls/ssl.h - with all TLS support disabled. Fixes #6628. diff --git a/ChangeLog.d/tls13-custom-config.txt b/ChangeLog.d/tls13-custom-config.txt deleted file mode 100644 index da2e25d95..000000000 --- a/ChangeLog.d/tls13-custom-config.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined symbols in some builds using TLS 1.3 with a custom - configuration file. diff --git a/ChangeLog.d/tls13-server-version-negotiation.txt b/ChangeLog.d/tls13-server-version-negotiation.txt deleted file mode 100644 index 989018b40..000000000 --- a/ChangeLog.d/tls13-server-version-negotiation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add support for server-side TLS version negotiation. If both TLS 1.2 and - TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or - TLS 1.3 depending on the capabilities and preferences of TLS clients. - Fixes #6867. diff --git a/ChangeLog.d/updated_windows_apis.txt b/ChangeLog.d/updated_windows_apis.txt deleted file mode 100644 index 73b17df9d..000000000 --- a/ChangeLog.d/updated_windows_apis.txt +++ /dev/null @@ -1,9 +0,0 @@ -Requirement changes - * Minimum required Windows version is now Windows Vista, or - Windows Server 2008. - -Changes - * Update Windows code to use BCryptGenRandom and wcslen, and - ensure that conversions between size_t, ULONG, and int are - always done safely. Original contribution by Kevin Kane #635, #730 - followed by Simon Butcher #1453. diff --git a/ChangeLog.d/use_heap_rsa_signature.txt b/ChangeLog.d/use_heap_rsa_signature.txt deleted file mode 100644 index e6d7b1255..000000000 --- a/ChangeLog.d/use_heap_rsa_signature.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Use heap memory to allocate DER encoded RSA private key. - This reduces stack usage significantly for RSA signature - operations when MBEDTLS_PSA_CRYPTO_C is defined. diff --git a/ChangeLog.d/verify-ip-sans-properly.txt b/ChangeLog.d/verify-ip-sans-properly.txt deleted file mode 100644 index 00203a8ca..000000000 --- a/ChangeLog.d/verify-ip-sans-properly.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * X.509 hostname verification now supports IPAddress Subject Alternate Names. diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt deleted file mode 100644 index c1de491e6..000000000 --- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when - using ECC key. The certificate was rejected by some crypto frameworks. - Fixes #2924. diff --git a/SECURITY.md b/SECURITY.md index 61e39361a..7ed72de92 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -135,3 +135,12 @@ Guide](docs/architecture/alternative-implementations.md) for more information. - Use cryptographic mechanisms that are not based on block ciphers. In particular, for authenticated encryption, use ChaCha20/Poly1305 instead of block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG. + +#### Everest + +The HACL* implementation of X25519 taken from the Everest project only protects +against remote timing attacks. (See their [Security +Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) + +The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` +configuration option is defined. This option is off by default. diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index b0ca8088f..06bdcc056 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -67,16 +67,32 @@ In the medium to long term, performing a slow or blocking operation (for example We may want to go directly to a more sophisticated approach because when a system works with a global lock, it's typically hard to get rid of it to get more fine-grained concurrency. +### Key destruction short-term requirements + +#### Summary of guarantees in the short term + +When `psa_destroy_key` returns: + +1. The key identifier doesn't exist. Rationale: this is a functional requirement for persistent keys: the caller can immediately create a new key with the same identifier. +2. The resources from the key have been freed. Rationale: in a low-resource condition, this may be necessary for the caller to re-create a similar key, which should be possible. +3. The call must not block indefinitely, and in particular cannot wait for an event that is triggered by application code such as calling an abort function. Rationale: this may not strictly be a functional requirement, but it is an expectation `psa_destroy_key` does not block forever due to another thread, which could potentially be another process on a multi-process system. In particular, it is only acceptable for `psa_destroy_key` to block, when waiting for another thread to complete a PSA Cryptography API call that it had already started. + +When `psa_destroy_key` is called on a key that is in use, guarantee 2. might be violated. (This is consistent with the requirement [“Correctness out of the box”](#correctness-out-of-the-box), as destroying a key while it's in use is undefined behavior.) + ### Key destruction long-term requirements -As noted above in [“Correctness out of the box”](#correctness-out-of-the-box), when a key is destroyed, it's ok if `psa_destroy_key` allows copies of the key to live until ongoing operations using the key return. In the long term, it would be good to guarantee that `psa_destroy_key` wipes all copies of the key material. +The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#key-destruction) mandates that implementations make a best effort to ensure that the key material cannot be recovered. In the long term, it would be good to guarantee that `psa_destroy_key` wipes all copies of the key material. -#### Summary of guarantees when `psa_destroy_key` returns +#### Summary of guarantees in the long term -* The key identifier doesn't exist. Rationale: this is a functional requirement for persistent keys: the caller can immediately create a new key with the same identifier. -* The resources from the key have been freed. Rationale: in a low-resource condition, this may be necessary for the caller to re-create a similar key, which should be possible. -* The call must not block indefinitely, and in particular cannot wait for an event that is triggered by application code such as calling an abort function. Rationale: this may not strictly be a functional requirement, but it is an expectation `psa_destroy_key` does not block forever due to another thread, which could potentially be another process on a multi-process system. -* In the long term, no copy of the key material exists. Rationale: this is a security requirement. We do not have this requirement yet, but we need to document this as a security weakness, and we would like to become compliant. +When `psa_destroy_key` returns: + +1. The key identifier doesn't exist. Rationale: this is a functional requirement for persistent keys: the caller can immediately create a new key with the same identifier. +2. The resources from the key have been freed. Rationale: in a low-resource condition, this may be necessary for the caller to re-create a similar key, which should be possible. +3. The call must not block indefinitely, and in particular cannot wait for an event that is triggered by application code such as calling an abort function. Rationale: this may not strictly be a functional requirement, but it is an expectation `psa_destroy_key` does not block forever due to another thread, which could potentially be another process on a multi-process system. In particular, it is only acceptable for `psa_destroy_key` to block, when waiting for another thread to complete a PSA Cryptography API call that it had already started. +4. No copy of the key material exists. Rationale: this is a security requirement. We do not have this requirement yet, but we need to document this as a security weakness, and we would like to satisfy this security requirement in the future. + +As opposed to the short term requirements, all the above guarantees hold even if `psa_destroy_key` is called on a key that is in use. ## Resources to protect diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 837cec540..b67237fbc 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -22,7 +22,7 @@ */ /** - * @mainpage Mbed TLS v3.4.1 API Documentation + * @mainpage Mbed TLS v3.5.0 API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index c8a47d9ea..98b2d7973 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v3.4.1" +PROJECT_NAME = "Mbed TLS v3.5.0" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index c7aae0ff8..a044543af 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -644,10 +644,10 @@ void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name); /** \} name Functions to parse ASN.1 data structures */ /** \} addtogroup asn1_module */ +#endif /* MBEDTLS_ASN1_PARSE_C */ + #ifdef __cplusplus } #endif -#endif /* MBEDTLS_ASN1_PARSE_C */ - #endif /* asn1.h */ diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 533e076e0..842f15c58 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -37,17 +37,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 3 -#define MBEDTLS_VERSION_MINOR 4 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 5 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03040100 -#define MBEDTLS_VERSION_STRING "3.4.1" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.4.1" +#define MBEDTLS_VERSION_NUMBER 0x03050000 +#define MBEDTLS_VERSION_STRING "3.5.0" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.0" /* Macros for build-time platform detection */ diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 53ef2ad0d..9c8701d38 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -852,7 +852,6 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, * \brief This function sets the padding mode, for cipher modes * that use padding. * - * The default passing mode is PKCS7 padding. * * \param ctx The generic cipher context. This must be initialized and * bound to a cipher information structure. diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 3125e702e..b2aca5d04 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -5,6 +5,7 @@ * * The Cipher-based Message Authentication Code (CMAC) Mode for * Authentication is defined in RFC-4493: The AES-CMAC Algorithm. + * It is supported with AES and DES. */ /* * Copyright The Mbed TLS Contributors @@ -38,12 +39,30 @@ extern "C" { #define MBEDTLS_AES_BLOCK_SIZE 16 #define MBEDTLS_DES3_BLOCK_SIZE 8 +/* We don't support Camellia or ARIA in this module */ #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */ +#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 16 /**< The longest block used by CMAC is that of AES. */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */ +#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 8 /**< The longest block used by CMAC is that of 3DES. */ #endif +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +/** The longest block supported by the cipher module. + * + * \deprecated + * For the maximum block size of a cipher supported by the CMAC module, + * use #MBEDTLS_CMAC_MAX_BLOCK_SIZE. + * For the maximum block size of a cipher supported by the cipher module, + * use #MBEDTLS_MAX_BLOCK_LENGTH. + */ +/* Before Mbed TLS 3.5, this was the maximum block size supported by the CMAC + * module, so it didn't take Camellia or ARIA into account. Since the name + * of the macro doesn't even convey "CMAC", this was misleading. Now the size + * is sufficient for any cipher, but the name is defined in cmac.h for + * backward compatibility. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + #if !defined(MBEDTLS_CMAC_ALT) /** @@ -51,11 +70,11 @@ extern "C" { */ struct mbedtls_cmac_context_t { /** The internal state of the CMAC algorithm. */ - unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; /** Unprocessed data - either data that was not block aligned and is still * pending processing, or the final block. */ - unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; /** The length of data pending processing. */ size_t MBEDTLS_PRIVATE(unprocessed_len); diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 65bea1a6e..495cd5ab3 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -79,7 +79,7 @@ #define MBEDTLS_ECP_LIGHT #endif -/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while +/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while * in previous version compressed points were automatically supported as long * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions @@ -184,4 +184,12 @@ #define MBEDTLS_PK_HAVE_ECC_KEYS #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ +/* Historically pkparse did not check the CBC padding when decrypting + * a key. This was a bug, which is now fixed. As a consequence, pkparse + * now needs PKCS7 padding support, but existing configurations might not + * enable it, so we enable it here. */ +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#endif + #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */ diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index eb9e2d9df..ba1a2edf0 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -52,10 +52,30 @@ extern "C" { #if defined(MBEDTLS_ASN1_PARSE_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief PKCS12 Password Based function (encryption / decryption) * for cipher-based and mbedtls_md-based PBE's * + * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must + * be enabled at compile time. + * + * \deprecated This function is deprecated and will be removed in a + * future version of the library. + * Please use mbedtls_pkcs12_pbe_ext() instead. + * + * \warning When decrypting: + * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile + * time, this function validates the CBC padding and returns + * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is + * invalid. Note that this can help active adversaries + * attempting to brute-forcing the password. Note also that + * there is no guarantee that an invalid password will be + * detected (the chances of a valid padding with a random + * password are about 1/255). + * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile + * time, this function does not validate the CBC padding. + * * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or * #MBEDTLS_PKCS12_PBE_DECRYPT @@ -64,17 +84,78 @@ extern "C" { * \param pwd Latin1-encoded password used. This may only be \c NULL when * \p pwdlen is 0. No null terminator should be used. * \param pwdlen length of the password (may be 0) - * \param input the input data + * \param data the input data * \param len data length - * \param output the output buffer + * \param output Output buffer. + * On success, it contains the encrypted or decrypted data, + * possibly followed by the CBC padding. + * On failure, the content is indeterminate. + * For decryption, there must be enough room for \p len + * bytes. + * For encryption, there must be enough room for + * \p len + 1 bytes, rounded up to the block size of + * the block cipher identified by \p pbe_params. * * \return 0 if successful, or a MBEDTLS_ERR_XXX code */ -int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, - mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output); +int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, + mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + +/** + * \brief PKCS12 Password Based function (encryption / decryption) + * for cipher-based and mbedtls_md-based PBE's + * + * + * \warning When decrypting: + * - This function validates the CBC padding and returns + * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is + * invalid. Note that this can help active adversaries + * attempting to brute-forcing the password. Note also that + * there is no guarantee that an invalid password will be + * detected (the chances of a valid padding with a random + * password are about 1/255). + * + * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure + * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or + * #MBEDTLS_PKCS12_PBE_DECRYPT + * \param cipher_type the cipher used + * \param md_type the mbedtls_md used + * \param pwd Latin1-encoded password used. This may only be \c NULL when + * \p pwdlen is 0. No null terminator should be used. + * \param pwdlen length of the password (may be 0) + * \param data the input data + * \param len data length + * \param output Output buffer. + * On success, it contains the encrypted or decrypted data, + * possibly followed by the CBC padding. + * On failure, the content is indeterminate. + * For decryption, there must be enough room for \p len + * bytes. + * For encryption, there must be enough room for + * \p len + 1 bytes, rounded up to the block size of + * the block cipher identified by \p pbe_params. + * \param output_size size of output buffer. + * This must be big enough to accommodate for output plus + * padding data. + * \param output_len On success, length of actual data written to the output buffer. + * + * \return 0 if successful, or a MBEDTLS_ERR_XXX code + */ +int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output, size_t output_size, + size_t *output_len); + +#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ #endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index 152b45fb1..8b086aa2e 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -25,6 +25,7 @@ #define MBEDTLS_PKCS5_H #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" #include "mbedtls/asn1.h" #include "mbedtls/md.h" @@ -50,23 +51,95 @@ extern "C" { #if defined(MBEDTLS_ASN1_PARSE_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief PKCS#5 PBES2 function * + * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must + * be enabled at compile time. + * + * \deprecated This function is deprecated and will be removed in a + * future version of the library. + * Please use mbedtls_pkcs5_pbes2_ext() instead. + * + * \warning When decrypting: + * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile + * time, this function validates the CBC padding and returns + * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is + * invalid. Note that this can help active adversaries + * attempting to brute-forcing the password. Note also that + * there is no guarantee that an invalid password will be + * detected (the chances of a valid padding with a random + * password are about 1/255). + * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile + * time, this function does not validate the CBC padding. + * * \param pbe_params the ASN.1 algorithm parameters - * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT + * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT * \param pwd password to use when generating key * \param pwdlen length of password * \param data data to process * \param datalen length of data - * \param output output buffer + * \param output Output buffer. + * On success, it contains the encrypted or decrypted data, + * possibly followed by the CBC padding. + * On failure, the content is indeterminate. + * For decryption, there must be enough room for \p datalen + * bytes. + * For encryption, there must be enough room for + * \p datalen + 1 bytes, rounded up to the block size of + * the block cipher identified by \p pbe_params. * * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. */ -int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output); +int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + +/** + * \brief PKCS#5 PBES2 function + * + * \warning When decrypting: + * - This function validates the CBC padding and returns + * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is + * invalid. Note that this can help active adversaries + * attempting to brute-forcing the password. Note also that + * there is no guarantee that an invalid password will be + * detected (the chances of a valid padding with a random + * password are about 1/255). + * + * \param pbe_params the ASN.1 algorithm parameters + * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT + * \param pwd password to use when generating key + * \param pwdlen length of password + * \param data data to process + * \param datalen length of data + * \param output Output buffer. + * On success, it contains the decrypted data. + * On failure, the content is indetermidate. + * For decryption, there must be enough room for \p datalen + * bytes. + * For encryption, there must be enough room for + * \p datalen + 1 bytes, rounded up to the block size of + * the block cipher identified by \p pbe_params. + * \param output_size size of output buffer. + * This must be big enough to accommodate for output plus + * padding data. + * \param output_len On success, length of actual data written to the output buffer. + * + * \returns 0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails. + */ +int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output, size_t output_size, + size_t *output_len); + +#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ #endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 87e259f5b..45a5f902a 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -53,8 +53,10 @@ typedef struct mbedtls_sha256_context { unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */ +#if defined(MBEDTLS_SHA224_C) int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use: 0: Use SHA-256, or 1: Use SHA-224. */ +#endif } mbedtls_sha256_context; diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index ee41c897f..8c81ded34 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -35,10 +35,10 @@ #include "mbedtls/private_access.h" /* - * Include the build-time configuration information file. Here, we do not + * Include the build-time configuration information header. Here, we do not * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which * is basically just an alias to it. This is to ease the maintenance of the - * PSA cryptography repository which has a different build system and + * TF-PSA-Crypto repository which has a different build system and * configuration. */ #include "psa/build_info.h" diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 1d5ed6c26..31e45fe6a 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -41,10 +41,10 @@ #define PSA_CRYPTO_SIZES_H /* - * Include the build-time configuration information file. Here, we do not + * Include the build-time configuration information header. Here, we do not * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which * is basically just an alias to it. This is to ease the maintenance of the - * PSA cryptography repository which has a different build system and + * TF-PSA-Crypto repository which has a different build system and * configuration. */ #include "psa/build_info.h" diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index b309bc854..6c461914d 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -66,9 +66,14 @@ extern "C" { #endif -/* Include the Mbed TLS configuration file, the way Mbed TLS does it - * in each of its header files. */ -#include "mbedtls/build_info.h" +/* + * Include the build-time configuration information header. Here, we do not + * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which + * is basically just an alias to it. This is to ease the maintenance of the + * TF-PSA-Crypto repository which has a different build system and + * configuration. + */ +#include "psa/build_info.h" /* Include the context definition for the compiled-in drivers for the primitive * algorithms. */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 445657eb9..8d894b470 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -33,8 +33,15 @@ #ifndef PSA_CRYPTO_TYPES_H #define PSA_CRYPTO_TYPES_H -/* Make sure the Mbed TLS configuration is visible. */ -#include "mbedtls/build_info.h" +/* + * Include the build-time configuration information header. Here, we do not + * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which + * is basically just an alias to it. This is to ease the maintenance of the + * TF-PSA-Crypto repository which has a different build system and + * configuration. + */ +#include "psa/build_info.h" + /* Define the MBEDTLS_PRIVATE macro. */ #include "mbedtls/private_access.h" diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 2b1fd43d1..6a4ce51b4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -268,17 +268,20 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) ${mbedtls_static_target}) endif() +set(p256m_target "${MBEDTLS_TARGET_PREFIX}p256m") +set(everest_target "${MBEDTLS_TARGET_PREFIX}everest") + if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) - if(TARGET everest) - target_link_libraries(${mbedcrypto_static_target} PUBLIC everest) + if(TARGET ${everest_target}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${everest_target}) endif() - if(TARGET p256m) - target_link_libraries(${mbedcrypto_static_target} PUBLIC p256m) + if(TARGET ${p256m_target}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${p256m_target}) endif() add_library(${mbedx509_static_target} STATIC ${src_x509}) @@ -293,23 +296,23 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) - set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.4.1 SOVERSION 14) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.0 SOVERSION 15) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) - if(TARGET everest) - target_link_libraries(${mbedcrypto_target} PUBLIC everest) + if(TARGET ${everest_target}) + target_link_libraries(${mbedcrypto_target} PUBLIC ${everest_target}) endif() - if(TARGET p256m) - target_link_libraries(${mbedcrypto_target} PUBLIC p256m) + if(TARGET ${p256m_target}) + target_link_libraries(${mbedcrypto_target} PUBLIC ${p256m_target}) endif() add_library(${mbedx509_target} SHARED ${src_x509}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.1 SOVERSION 5) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.0 SOVERSION 6) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.1 SOVERSION 19) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.0 SOVERSION 20) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/library/Makefile b/library/Makefile index a5b1ef02b..9e2d72310 100644 --- a/library/Makefile +++ b/library/Makefile @@ -51,9 +51,9 @@ LOCAL_CFLAGS += -fPIC -fpic endif endif -SOEXT_TLS?=so.19 -SOEXT_X509?=so.5 -SOEXT_CRYPTO?=so.14 +SOEXT_TLS?=so.20 +SOEXT_X509?=so.6 +SOEXT_CRYPTO?=so.15 # Set AR_DASH= (empty string) to use an ar implementation that does not accept # the - prefix for command line options (e.g. llvm-ar) diff --git a/library/aes.c b/library/aes.c index d23222981..b61d089fa 100644 --- a/library/aes.c +++ b/library/aes.c @@ -34,23 +34,15 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#if defined(MBEDTLS_ARCH_IS_ARM64) -#if !defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" -#endif -#endif - -#if defined(MBEDTLS_ARCH_IS_X64) -#if !defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY) +#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) +#if !((defined(MBEDTLS_ARCH_IS_ARM64) && defined(MBEDTLS_AESCE_C)) || \ + (defined(MBEDTLS_ARCH_IS_X64) && defined(MBEDTLS_AESNI_C)) || \ + (defined(MBEDTLS_ARCH_IS_X86) && defined(MBEDTLS_AESNI_C))) #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" #endif #endif #if defined(MBEDTLS_ARCH_IS_X86) -#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_AESNI_C) -#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_PADLOCK_C) #if !defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_PADLOCK_C defined, but not all prerequisites" @@ -339,7 +331,7 @@ MBEDTLS_MAYBE_UNUSED static const uint32_t RT3[256] = { RT }; /* * Round constants */ -MBEDTLS_MAYBE_UNUSED static const uint32_t RCON[10] = +MBEDTLS_MAYBE_UNUSED static const uint32_t round_constants[10] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, @@ -370,7 +362,7 @@ MBEDTLS_MAYBE_UNUSED static uint32_t RT3[256]; /* * Round constants */ -MBEDTLS_MAYBE_UNUSED static uint32_t RCON[10]; +MBEDTLS_MAYBE_UNUSED static uint32_t round_constants[10]; /* * Tables generation code @@ -401,7 +393,7 @@ MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) * calculate the round constants */ for (i = 0, x = 1; i < 10; i++) { - RCON[i] = x; + round_constants[i] = x; x = XTIME(x); } @@ -625,7 +617,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, case 10: for (unsigned int i = 0; i < 10; i++, RK += 4) { - RK[4] = RK[0] ^ RCON[i] ^ + RK[4] = RK[0] ^ round_constants[i] ^ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^ @@ -641,7 +633,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, case 12: for (unsigned int i = 0; i < 8; i++, RK += 6) { - RK[6] = RK[0] ^ RCON[i] ^ + RK[6] = RK[0] ^ round_constants[i] ^ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^ @@ -658,7 +650,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, case 14: for (unsigned int i = 0; i < 7; i++, RK += 8) { - RK[8] = RK[0] ^ RCON[i] ^ + RK[8] = RK[0] ^ round_constants[i] ^ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^ diff --git a/library/bignum.c b/library/bignum.c index 61353ca53..7c265e04d 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -83,7 +83,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - different_sign = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // true if different sign + different_sign = mbedtls_ct_bool_ne(X_is_negative, Y_is_negative); // true if different sign result = mbedtls_ct_bool_and(different_sign, X_is_negative); /* @@ -131,15 +131,17 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); + { + mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); - X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s); + X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s); - mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); + mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); - mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); - for (size_t i = Y->n; i < X->n; i++) { - X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]); + mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); + for (size_t i = Y->n; i < X->n; i++) { + X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]); + } } cleanup: @@ -386,7 +388,7 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) /* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative. * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */ -#define TO_SIGN(x) ((((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) +#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) /* * Set value from integer diff --git a/library/ccm.c b/library/ccm.c index bc613762d..237ef9f31 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -33,6 +33,7 @@ #include "mbedtls/ccm.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/constant_time.h" #include @@ -532,13 +533,8 @@ static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len) { - unsigned char i; - int diff; - /* Check tag in "constant-time" */ - for (diff = 0, i = 0; i < tag_len; i++) { - diff |= tag1[i] ^ tag2[i]; - } + int diff = mbedtls_ct_memcmp(tag1, tag2, tag_len); if (diff != 0) { return MBEDTLS_ERR_CCM_AUTH_FAILED; diff --git a/library/chachapoly.c b/library/chachapoly.c index 0124d7570..aebc646aa 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -25,6 +25,7 @@ #include "mbedtls/chachapoly.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/constant_time.h" #include @@ -310,7 +311,6 @@ int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; - size_t i; int diff; if ((ret = chachapoly_crypt_and_tag(ctx, @@ -320,9 +320,7 @@ int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, } /* Check tag in "constant-time" */ - for (diff = 0, i = 0; i < sizeof(check_tag); i++) { - diff |= tag[i] ^ check_tag[i]; - } + diff = mbedtls_ct_memcmp(tag, check_tag, sizeof(check_tag)); if (diff != 0) { mbedtls_platform_zeroize(output, length); diff --git a/library/cipher.c b/library/cipher.c index 69ee6d79c..9f9f1075c 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -30,6 +30,7 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" +#include "constant_time_internal.h" #include #include @@ -268,17 +269,6 @@ int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, ctx->cipher_info = cipher_info; -#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - /* - * Ignore possible errors caused by a cipher mode that doesn't use padding - */ -#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7); -#else - (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE); -#endif -#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - return 0; } @@ -848,7 +838,7 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len) { size_t i, pad_idx; - unsigned char padding_len, bad = 0; + unsigned char padding_len; if (NULL == input || NULL == data_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -857,18 +847,19 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len, padding_len = input[input_len - 1]; *data_len = input_len - padding_len; - /* Avoid logical || since it results in a branch */ - bad |= padding_len > input_len; - bad |= padding_len == 0; + mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_eq(padding_len, 0)); /* The number of bytes checked must be independent of padding_len, * so pick input_len, which is usually 8 or 16 (one block) */ pad_idx = input_len - padding_len; for (i = 0; i < input_len; i++) { - bad |= (input[i] ^ padding_len) * (i >= pad_idx); + mbedtls_ct_condition_t in_padding = mbedtls_ct_uint_ge(i, pad_idx); + mbedtls_ct_condition_t different = mbedtls_ct_uint_ne(input[i], padding_len); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_and(in_padding, different)); } - return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0); + return mbedtls_ct_error_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING); } #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ @@ -891,24 +882,28 @@ static void add_one_and_zeros_padding(unsigned char *output, static int get_one_and_zeros_padding(unsigned char *input, size_t input_len, size_t *data_len) { - size_t i; - unsigned char done = 0, prev_done, bad; - if (NULL == input || NULL == data_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - bad = 0x80; + mbedtls_ct_condition_t in_padding = MBEDTLS_CT_TRUE; + mbedtls_ct_condition_t bad = MBEDTLS_CT_TRUE; + *data_len = 0; - for (i = input_len; i > 0; i--) { - prev_done = done; - done |= (input[i - 1] != 0); - *data_len |= (i - 1) * (done != prev_done); - bad ^= input[i - 1] * (done != prev_done); + + for (ptrdiff_t i = (ptrdiff_t) (input_len) - 1; i >= 0; i--) { + mbedtls_ct_condition_t is_nonzero = mbedtls_ct_bool(input[i]); + + mbedtls_ct_condition_t hit_first_nonzero = mbedtls_ct_bool_and(is_nonzero, in_padding); + + *data_len = mbedtls_ct_size_if(hit_first_nonzero, i, *data_len); + + bad = mbedtls_ct_bool_if(hit_first_nonzero, mbedtls_ct_uint_ne(input[i], 0x80), bad); + + in_padding = mbedtls_ct_bool_and(in_padding, mbedtls_ct_bool_not(is_nonzero)); } - return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0); - + return mbedtls_ct_error_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING); } #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ @@ -932,7 +927,8 @@ static int get_zeros_and_len_padding(unsigned char *input, size_t input_len, size_t *data_len) { size_t i, pad_idx; - unsigned char padding_len, bad = 0; + unsigned char padding_len; + mbedtls_ct_condition_t bad; if (NULL == input || NULL == data_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -942,16 +938,19 @@ static int get_zeros_and_len_padding(unsigned char *input, size_t input_len, *data_len = input_len - padding_len; /* Avoid logical || since it results in a branch */ - bad |= padding_len > input_len; - bad |= padding_len == 0; + bad = mbedtls_ct_uint_gt(padding_len, input_len); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_eq(padding_len, 0)); /* The number of bytes checked must be independent of padding_len */ pad_idx = input_len - padding_len; for (i = 0; i < input_len - 1; i++) { - bad |= input[i] * (i >= pad_idx); + mbedtls_ct_condition_t is_padding = mbedtls_ct_uint_ge(i, pad_idx); + mbedtls_ct_condition_t nonzero_pad_byte; + nonzero_pad_byte = mbedtls_ct_bool_if_else_0(is_padding, mbedtls_ct_bool(input[i])); + bad = mbedtls_ct_bool_or(bad, nonzero_pad_byte); } - return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0); + return mbedtls_ct_error_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING); } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ @@ -962,18 +961,14 @@ static int get_zeros_and_len_padding(unsigned char *input, size_t input_len, static void add_zeros_padding(unsigned char *output, size_t output_len, size_t data_len) { - size_t i; - - for (i = data_len; i < output_len; i++) { - output[i] = 0x00; - } + memset(output + data_len, 0, output_len - data_len); } static int get_zeros_padding(unsigned char *input, size_t input_len, size_t *data_len) { size_t i; - unsigned char done = 0, prev_done; + mbedtls_ct_condition_t done = MBEDTLS_CT_FALSE, prev_done; if (NULL == input || NULL == data_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -982,8 +977,8 @@ static int get_zeros_padding(unsigned char *input, size_t input_len, *data_len = 0; for (i = input_len; i > 0; i--) { prev_done = done; - done |= (input[i-1] != 0); - *data_len |= i * (done != prev_done); + done = mbedtls_ct_bool_or(done, mbedtls_ct_uint_ne(input[i-1], 0)); + *data_len = mbedtls_ct_size_if(mbedtls_ct_bool_ne(done, prev_done), i, *data_len); } return 0; @@ -1027,6 +1022,16 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, *olen = 0; +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + /* CBC mode requires padding so we make sure a call to + * mbedtls_cipher_set_padding_mode has been done successfully. */ + if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { + if (ctx->get_padding == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + } +#endif + if (MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || diff --git a/library/cmac.c b/library/cmac.c index 333248e2b..c07968685 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -114,7 +114,7 @@ static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx, unsigned char *K1, unsigned char *K2) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char L[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; size_t olen, block_size; mbedtls_platform_zeroize(L, sizeof(L)); @@ -152,7 +152,7 @@ exit: * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], +static void cmac_pad(unsigned char padded_block[MBEDTLS_CMAC_MAX_BLOCK_SIZE], size_t padded_block_len, const unsigned char *last_block, size_t last_block_len) @@ -283,9 +283,9 @@ int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx, { mbedtls_cmac_context_t *cmac_ctx; unsigned char *state, *last_block; - unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; - unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; - unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char K1[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; + unsigned char K2[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; + unsigned char M_last[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen, block_size; @@ -332,7 +332,7 @@ exit: mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, sizeof(cmac_ctx->unprocessed_block)); - mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX); + mbedtls_platform_zeroize(state, MBEDTLS_CMAC_MAX_BLOCK_SIZE); return ret; } @@ -750,8 +750,8 @@ static int cmac_test_subkeys(int verbose, int i, ret = 0; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; - unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; - unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char K1[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; + unsigned char K2[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; cipher_info = mbedtls_cipher_info_from_type(cipher_type); if (cipher_info == NULL) { @@ -845,7 +845,7 @@ static int cmac_test_wth_cipher(int verbose, { const mbedtls_cipher_info_t *cipher_info; int i, ret = 0; - unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; cipher_info = mbedtls_cipher_info_from_type(cipher_type); if (cipher_info == NULL) { diff --git a/library/constant_time.c b/library/constant_time.c index d3c69cfa8..8b41aed19 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -22,6 +22,7 @@ * might be translated to branches by some compilers on some platforms. */ +#include #include #include "common.h" @@ -120,9 +121,56 @@ int mbedtls_ct_memcmp(const void *a, diff |= x ^ y; } + +#if (INT_MAX < INT32_MAX) + /* We don't support int smaller than 32-bits, but if someone tried to build + * with this configuration, there is a risk that, for differing data, the + * only bits set in diff are in the top 16-bits, and would be lost by a + * simple cast from uint32 to int. + * This would have significant security implications, so protect against it. */ +#error "mbedtls_ct_memcmp() requires minimum 32-bit ints" +#else + /* The bit-twiddling ensures that when we cast uint32_t to int, we are casting + * a value that is in the range 0..INT_MAX - a value larger than this would + * result in implementation defined behaviour. + * + * This ensures that the value returned by the function is non-zero iff + * diff is non-zero. + */ + return (int) ((diff & 0xffff) | (diff >> 16)); +#endif +} + +#if defined(MBEDTLS_NIST_KW_C) + +int mbedtls_ct_memcmp_partial(const void *a, + const void *b, + size_t n, + size_t skip_head, + size_t skip_tail) +{ + unsigned int diff = 0; + + volatile const unsigned char *A = (volatile const unsigned char *) a; + volatile const unsigned char *B = (volatile const unsigned char *) b; + + size_t valid_end = n - skip_tail; + + for (size_t i = 0; i < n; i++) { + unsigned char x = A[i], y = B[i]; + unsigned int d = x ^ y; + mbedtls_ct_condition_t valid = mbedtls_ct_bool_and(mbedtls_ct_uint_ge(i, skip_head), + mbedtls_ct_uint_lt(i, valid_end)); + diff |= mbedtls_ct_uint_if_else_0(valid, d); + } + + /* Since we go byte-by-byte, the only bits set will be in the bottom 8 bits, so the + * cast from uint to int is safe. */ return (int) diff; } +#endif + #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 4290e6024..7759ac384 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -429,7 +429,6 @@ static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, return (unsigned char) (~(low_mask | high_mask)) & to; } - /* ============================================================================ * Everything below here is trivial wrapper functions */ @@ -448,6 +447,14 @@ static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition, return (unsigned) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); } +static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t condition, + mbedtls_ct_condition_t if1, + mbedtls_ct_condition_t if0) +{ + return (mbedtls_ct_condition_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, + (mbedtls_ct_uint_t) if0); +} + #if defined(MBEDTLS_BIGNUM_C) static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, @@ -471,6 +478,12 @@ static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t conditio return (unsigned) (condition & if1); } +static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condition_t condition, + mbedtls_ct_condition_t if1) +{ + return (mbedtls_ct_condition_t) (condition & if1); +} + #if defined(MBEDTLS_BIGNUM_C) static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition, @@ -481,6 +494,23 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_conditio #endif /* MBEDTLS_BIGNUM_C */ +static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0) +{ + /* Coverting int -> uint -> int here is safe, because we require if1 and if0 to be + * in the range -32767..0, and we require 32-bit int and uint types. + * + * This means that (0 <= -if0 < INT_MAX), so negating if0 is safe, and similarly for + * converting back to int. + */ + return -((int) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) (-if1), + (mbedtls_ct_uint_t) (-if0))); +} + +static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1) +{ + return -((int) (condition & (-if1))); +} + static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { @@ -505,8 +535,8 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, return ~mbedtls_ct_uint_gt(x, y); } -static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, - mbedtls_ct_condition_t y) +static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y) { return (mbedtls_ct_condition_t) (x ^ y); } diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index ff7ccc17b..cc26edcd1 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -194,11 +194,11 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x, static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); -/** Boolean "xor" operation. +/** Boolean not-equals operation. * * Functionally equivalent to: * - * \p x ^ \p y + * \p x != \p y * * \param x The first value to analyze. * \param y The second value to analyze. @@ -206,11 +206,11 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, * \note This is more efficient than mbedtls_ct_uint_ne if both arguments are * mbedtls_ct_condition_t. * - * \return MBEDTLS_CT_TRUE if \p x ^ \p y, + * \return MBEDTLS_CT_TRUE if \p x != \p y, * otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, - mbedtls_ct_condition_t y); +static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y); /** Boolean "and" operation. * @@ -291,6 +291,22 @@ static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition, unsigned if1, unsigned if0); +/** Choose between two mbedtls_ct_condition_t values. + * + * Functionally equivalent to: + * + * condition ? if1 : if0. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t condition, + mbedtls_ct_condition_t if1, + mbedtls_ct_condition_t if0); + #if defined(MBEDTLS_BIGNUM_C) /** Choose between two mbedtls_mpi_uint values. @@ -327,6 +343,23 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con */ static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1); +/** Choose between an mbedtls_ct_condition_t and 0. + * + * Functionally equivalent to: + * + * condition ? if1 : 0. + * + * Functionally equivalent to mbedtls_ct_bool_if(condition, if1, 0) but + * results in smaller code size. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condition_t condition, + mbedtls_ct_condition_t if1); + /** Choose between a size_t value and 0. * * Functionally equivalent to: @@ -378,6 +411,35 @@ static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, unsigned char c, unsigned char t); +/** Choose between two error values. The values must be in the range [-32767..0]. + * + * Functionally equivalent to: + * + * condition ? if1 : if0. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. + */ +static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0); + +/** Choose between an error value and 0. The error value must be in the range [-32767..0]. + * + * Functionally equivalent to: + * + * condition ? if1 : 0. + * + * Functionally equivalent to mbedtls_ct_error_if(condition, if1, 0) but + * results in smaller code size. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. + */ +static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1); /* ============================================================================ * Block memory operations @@ -492,6 +554,37 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t n); */ +#if defined(MBEDTLS_NIST_KW_C) + +/** Constant-time buffer comparison without branches. + * + * Similar to mbedtls_ct_memcmp, except that the result only depends on part of + * the input data - differences in the head or tail are ignored. Functionally equivalent to: + * + * memcmp(a + skip_head, b + skip_head, size - skip_head - skip_tail) + * + * Time taken depends on \p n, but not on \p skip_head or \p skip_tail . + * + * Behaviour is undefined if ( \p skip_head + \p skip_tail) > \p n. + * + * \param a Secret. Pointer to the first buffer, containing at least \p n bytes. May not be NULL. + * \param b Secret. Pointer to the second buffer, containing at least \p n bytes. May not be NULL. + * \param n The number of bytes to examine (total size of the buffers). + * \param skip_head Secret. The number of bytes to treat as non-significant at the start of the buffer. + * These bytes will still be read. + * \param skip_tail Secret. The number of bytes to treat as non-significant at the end of the buffer. + * These bytes will still be read. + * + * \return Zero if the contents of the two buffers are the same, otherwise non-zero. + */ +int mbedtls_ct_memcmp_partial(const void *a, + const void *b, + size_t n, + size_t skip_head, + size_t skip_tail); + +#endif + /* Include the implementation of static inline functions above. */ #include "constant_time_impl.h" diff --git a/library/gcm.c b/library/gcm.c index b06ca4a31..c8618be7c 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -35,6 +35,7 @@ #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/constant_time.h" #include @@ -601,7 +602,6 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; - size_t i; int diff; if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length, @@ -611,9 +611,7 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, } /* Check tag in "constant-time" */ - for (diff = 0, i = 0; i < tag_len; i++) { - diff |= tag[i] ^ check_tag[i]; - } + diff = mbedtls_ct_memcmp(tag, check_tag, tag_len); if (diff != 0) { mbedtls_platform_zeroize(output, length); diff --git a/library/nist_kw.c b/library/nist_kw.c index fbd7221a4..7bdc807bc 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -35,6 +35,7 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" +#include "constant_time_internal.h" #include #include @@ -333,9 +334,9 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, unsigned char *output, size_t *out_len, size_t out_size) { int ret = 0; - size_t i, olen; + size_t olen; unsigned char A[KW_SEMIBLOCK_LENGTH]; - unsigned char diff, bad_padding = 0; + int diff; *out_len = 0; if (out_size < in_len - KW_SEMIBLOCK_LENGTH) { @@ -420,19 +421,15 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, * larger than 8, because of the type wrap around. */ padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen; - if (padlen > 7) { - padlen &= 7; - ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; - } + ret = mbedtls_ct_error_if(mbedtls_ct_uint_gt(padlen, 7), + MBEDTLS_ERR_CIPHER_AUTH_FAILED, ret); + padlen &= 7; /* Check padding in "constant-time" */ - for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) { - if (i >= KW_SEMIBLOCK_LENGTH - padlen) { - diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; - } else { - bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; - } - } + const uint8_t zero[KW_SEMIBLOCK_LENGTH] = { 0 }; + diff = mbedtls_ct_memcmp_partial( + &output[*out_len - KW_SEMIBLOCK_LENGTH], zero, + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH - padlen, 0); if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; @@ -454,7 +451,6 @@ cleanup: *out_len = 0; } - mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding)); mbedtls_platform_zeroize(&diff, sizeof(diff)); mbedtls_platform_zeroize(A, sizeof(A)); diff --git a/library/pk.c b/library/pk.c index 03c1e353b..96b8ef922 100644 --- a/library/pk.c +++ b/library/pk.c @@ -514,9 +514,11 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_rsassa_pss_options *pss_opts; +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif if (options == NULL) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; diff --git a/library/pk_internal.h b/library/pk_internal.h index 67ee5fea2..004660e09 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -117,5 +117,14 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#if defined(MBEDTLS_TEST_HOOKS) + +MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( + mbedtls_pk_context *pk, + unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + +#endif #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e67138b26..436876a5d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -208,9 +208,11 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; @@ -262,9 +264,11 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx; size_t rsa_len = mbedtls_rsa_get_len(rsa); +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; @@ -382,9 +386,11 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, { mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx; +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif *sig_len = mbedtls_rsa_get_len(rsa); if (sig_size < *sig_len) { @@ -1565,9 +1571,11 @@ static int rsa_alt_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx; +#if SIZE_MAX > UINT_MAX if (UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif *sig_len = rsa_alt->key_len_func(rsa_alt->key); if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) { diff --git a/library/pkcs12.c b/library/pkcs12.c index db31722c1..4db2a4bbf 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -129,18 +129,49 @@ static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_typ #undef PKCS12_MAX_PWDLEN +#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) +int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output, size_t output_size, + size_t *output_len); +#endif + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t len, unsigned char *output) +{ + size_t output_len = 0; + + /* We assume caller of the function is providing a big enough output buffer + * so we pass output_size as SIZE_MAX to pass checks, However, no guarantees + * for the output size actually being correct. + */ + return mbedtls_pkcs12_pbe_ext(pbe_params, mode, cipher_type, md_type, + pwd, pwdlen, data, len, output, SIZE_MAX, + &output_len); +} +#endif + +int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output, size_t output_size, + size_t *output_len) { int ret, keylen = 0; unsigned char key[32]; unsigned char iv[16]; const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_context_t cipher_ctx; - size_t olen = 0; + size_t iv_len = 0; + size_t finish_olen = 0; + unsigned int padlen = 0; if (pwd == NULL && pwdlen != 0) { return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; @@ -153,9 +184,23 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; + if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) { + if (output_size < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + } + + if (mode == MBEDTLS_PKCS12_PBE_ENCRYPT) { + padlen = cipher_info->block_size - (len % cipher_info->block_size); + if (output_size < (len + padlen)) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + } + + iv_len = mbedtls_cipher_info_get_iv_size(cipher_info); if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen, key, keylen, - iv, mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) { + iv, iv_len)) != 0) { return ret; } @@ -165,31 +210,37 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, goto exit; } - if ((ret = - mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen, - (mbedtls_operation_t) mode)) != 0) { + if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen, + (mbedtls_operation_t) mode)) != 0) { goto exit; } - if ((ret = - mbedtls_cipher_set_iv(&cipher_ctx, iv, - mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) { +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + /* PKCS12 uses CBC with PKCS7 padding */ + + mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; +#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) + /* For historical reasons, when decrypting, this function works when + * decrypting even when support for PKCS7 padding is disabled. In this + * case, it ignores the padding, and so will never report a + * password mismatch. + */ + if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) { + padding = MBEDTLS_PADDING_NONE; + } +#endif + if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) { goto exit; } +#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) { - goto exit; - } - - if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len, - output, &olen)) != 0) { - goto exit; - } - - if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) { + ret = mbedtls_cipher_crypt(&cipher_ctx, iv, iv_len, data, len, output, &finish_olen); + if (ret == MBEDTLS_ERR_CIPHER_INVALID_PADDING) { ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; } + *output_len += finish_olen; + exit: mbedtls_platform_zeroize(key, sizeof(key)); mbedtls_platform_zeroize(iv, sizeof(iv)); diff --git a/library/pkcs5.c b/library/pkcs5.c index 5d415ca41..2756d058e 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -111,10 +111,36 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, return 0; } +#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) +int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output, size_t output_size, + size_t *output_len); +#endif + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output) +{ + size_t output_len = 0; + + /* We assume caller of the function is providing a big enough output buffer + * so we pass output_size as SIZE_MAX to pass checks, However, no guarantees + * for the output size actually being correct. + */ + return mbedtls_pkcs5_pbes2_ext(pbe_params, mode, pwd, pwdlen, data, + datalen, output, SIZE_MAX, &output_len); +} +#endif + +int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output, size_t output_size, + size_t *output_len) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end; @@ -122,10 +148,10 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, mbedtls_asn1_buf salt; mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1; unsigned char key[32], iv[32]; - size_t olen = 0; const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_type_t cipher_alg; mbedtls_cipher_context_t cipher_ctx; + unsigned int padlen = 0; p = pbe_params->p; end = p + pbe_params->len; @@ -183,6 +209,19 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, return MBEDTLS_ERR_PKCS5_INVALID_FORMAT; } + if (mode == MBEDTLS_PKCS5_DECRYPT) { + if (output_size < datalen) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + } + + if (mode == MBEDTLS_PKCS5_ENCRYPT) { + padlen = cipher_info->block_size - (datalen % cipher_info->block_size); + if (output_size < (datalen + padlen)) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + } + mbedtls_cipher_init(&cipher_ctx); memcpy(iv, enc_scheme_params.p, enc_scheme_params.len); @@ -202,8 +241,28 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, goto exit; } +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + /* PKCS5 uses CBC with PKCS7 padding (which is the same as + * "PKCS5 padding" except that it's typically only called PKCS5 + * with 64-bit-block ciphers). + */ + mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; +#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) + /* For historical reasons, when decrypting, this function works when + * decrypting even when support for PKCS7 padding is disabled. In this + * case, it ignores the padding, and so will never report a + * password mismatch. + */ + if (mode == MBEDTLS_DECRYPT) { + padding = MBEDTLS_PADDING_NONE; + } +#endif + if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) { + goto exit; + } +#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len, - data, datalen, output, &olen)) != 0) { + data, datalen, output, output_len)) != 0) { ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH; } diff --git a/library/pkparse.c b/library/pkparse.c index 83291c4c7..e1422df77 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1417,6 +1417,12 @@ static int pk_parse_key_pkcs8_unencrypted_der( #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + end = p + len; + if (end != (key + keylen)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + return 0; } @@ -1430,7 +1436,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( * */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) -static int pk_parse_key_pkcs8_encrypted_der( +MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( mbedtls_pk_context *pk, unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, @@ -1445,6 +1451,7 @@ static int pk_parse_key_pkcs8_encrypted_der( mbedtls_cipher_type_t cipher_alg; mbedtls_md_type_t md_alg; #endif + size_t outlen = 0; p = key; end = p + keylen; @@ -1490,9 +1497,9 @@ static int pk_parse_key_pkcs8_encrypted_der( */ #if defined(MBEDTLS_PKCS12_C) if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) { - if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, - cipher_alg, md_alg, - pwd, pwdlen, p, len, buf)) != 0) { + if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, + cipher_alg, md_alg, + pwd, pwdlen, p, len, buf, len, &outlen)) != 0) { if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) { return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; } @@ -1505,8 +1512,8 @@ static int pk_parse_key_pkcs8_encrypted_der( #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) { - if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, - p, len, buf)) != 0) { + if ((ret = mbedtls_pkcs5_pbes2_ext(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, + p, len, buf, len, &outlen)) != 0) { if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) { return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; } @@ -1524,8 +1531,7 @@ static int pk_parse_key_pkcs8_encrypted_der( if (decrypted == 0) { return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } - - return pk_parse_key_pkcs8_unencrypted_der(pk, buf, len, f_rng, p_rng); + return pk_parse_key_pkcs8_unencrypted_der(pk, buf, outlen, f_rng, p_rng); } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ @@ -1644,8 +1650,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, key, NULL, 0, &len); } if (ret == 0) { - if ((ret = pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen, - pwd, pwdlen, f_rng, p_rng)) != 0) { + if ((ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen, + pwd, pwdlen, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); } @@ -1677,8 +1683,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, memcpy(key_copy, key, keylen); - ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen, - pwd, pwdlen, f_rng, p_rng); + ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen, + pwd, pwdlen, f_rng, p_rng); mbedtls_zeroize_and_free(key_copy, keylen); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 575f302d4..29b3b94bf 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -21,7 +21,14 @@ #ifndef PSA_CRYPTO_CORE_H #define PSA_CRYPTO_CORE_H -#include "mbedtls/build_info.h" +/* + * Include the build-time configuration information header. Here, we do not + * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which + * is basically just an alias to it. This is to ease the maintenance of the + * TF-PSA-Crypto repository which has a different build system and + * configuration. + */ +#include "psa/build_info.h" #include "psa/crypto.h" #include "psa/crypto_se_driver.h" diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index a900dd8ff..408c39bfe 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -28,7 +28,14 @@ #ifndef PSA_CRYPTO_INVASIVE_H #define PSA_CRYPTO_INVASIVE_H -#include "mbedtls/build_info.h" +/* + * Include the build-time configuration information header. Here, we do not + * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which + * is basically just an alias to it. This is to ease the maintenance of the + * TF-PSA-Crypto repository which has a different build system and + * configuration. + */ +#include "psa/build_info.h" #include "psa/crypto.h" #include "common.h" diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 7a904d9de..db00cbd28 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -304,10 +304,10 @@ static psa_status_t mbedtls_psa_pake_output_internal( #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* - * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different + * The PSA CRYPTO PAKE and Mbed TLS JPAKE API have a different * handling of output sequencing. * - * The MbedTLS JPAKE API outputs the whole X1+X2 and X2S steps data + * The Mbed TLS JPAKE API outputs the whole X1+X2 and X2S steps data * at once, on the other side the PSA CRYPTO PAKE api requires * the KEY_SHARE/ZP_PUBLIC/ZK_PROOF parts of X1, X2 & X2S to be * retrieved in sequence. @@ -423,17 +423,17 @@ static psa_status_t mbedtls_psa_pake_input_internal( #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* - * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different + * The PSA CRYPTO PAKE and Mbed TLS JPAKE API have a different * handling of input sequencing. * - * The MbedTLS JPAKE API takes the whole X1+X2 or X4S steps data + * The Mbed TLS JPAKE API takes the whole X1+X2 or X4S steps data * at once as input, on the other side the PSA CRYPTO PAKE api requires * the KEY_SHARE/ZP_PUBLIC/ZK_PROOF parts of X1, X2 & X4S to be * given in sequence. * * In order to achieve API compatibility, each X1+X2 or X4S step data * is stored sequentially in an intermediate buffer and given to the - * MbedTLS JPAKE API on the last step. + * Mbed TLS JPAKE API on the last step. * * This causes any input error to be only detected on the last step. */ diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 508a68b03..065e55af1 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -328,9 +328,11 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an * overflow later. */ +#if SIZE_MAX > UINT_MAX if (hash_length > UINT_MAX) { return PSA_ERROR_INVALID_ARGUMENT; } +#endif /* For signatures using a hash, the hash length must be correct. */ if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index a1e5e0922..850ea8f6f 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -21,7 +21,14 @@ #ifndef PSA_CRYPTO_SE_H #define PSA_CRYPTO_SE_H -#include "mbedtls/build_info.h" +/* + * Include the build-time configuration information header. Here, we do not + * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which + * is basically just an alias to it. This is to ease the maintenance of the + * TF-PSA-Crypto repository which has a different build system and + * configuration. + */ +#include "psa/build_info.h" #include "psa/crypto.h" #include "psa/crypto_se_driver.h" diff --git a/library/rsa.c b/library/rsa.c index d0782f53c..3c538bf43 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -158,12 +158,10 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * - OUTPUT_TOO_LARGE if the padding is good but the decrypted * plaintext does not fit in the output buffer. * - 0 if the padding is correct. */ - ret = -(int) mbedtls_ct_uint_if( + ret = mbedtls_ct_error_if( bad, - (unsigned) (-(MBEDTLS_ERR_RSA_INVALID_PADDING)), - mbedtls_ct_uint_if_else_0( - output_too_large, - (unsigned) (-(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE))) + MBEDTLS_ERR_RSA_INVALID_PADDING, + mbedtls_ct_error_if_else_0(output_too_large, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) ); /* If the padding is bad or the plaintext is too large, zero the @@ -1541,7 +1539,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen, i, pad_len; - unsigned char *p, bad, pad_done; + unsigned char *p; + mbedtls_ct_condition_t bad, in_padding; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char lhash[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; @@ -1601,28 +1600,26 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, * Check contents, in "constant-time" */ p = buf; - bad = 0; - bad |= *p++; /* First byte must be 0 */ + bad = mbedtls_ct_bool(*p++); /* First byte must be 0 */ p += hlen; /* Skip seed */ /* Check lHash */ - for (i = 0; i < hlen; i++) { - bad |= lhash[i] ^ *p++; - } + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool(mbedtls_ct_memcmp(lhash, p, hlen))); + p += hlen; /* Get zero-padding len, but always read till end of buffer * (minus one, for the 01 byte) */ pad_len = 0; - pad_done = 0; + in_padding = MBEDTLS_CT_TRUE; for (i = 0; i < ilen - 2 * hlen - 2; i++) { - pad_done |= p[i]; - pad_len += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1; + in_padding = mbedtls_ct_bool_and(in_padding, mbedtls_ct_uint_eq(p[i], 0)); + pad_len += mbedtls_ct_uint_if_else_0(in_padding, 1); } p += pad_len; - bad |= *p++ ^ 0x01; + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(*p++, 0x01)); /* * The only information "leaked" is whether the padding was correct or not @@ -1630,7 +1627,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between * the different error conditions. */ - if (bad != 0) { + if (bad != MBEDTLS_CT_FALSE) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto cleanup; } diff --git a/library/sha256.c b/library/sha256.c index 5375255a8..223badf00 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -681,6 +681,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; + int truncated = 0; /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -728,7 +729,6 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20); MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24); - int truncated = 0; #if defined(MBEDTLS_SHA224_C) truncated = ctx->is224; #endif diff --git a/library/sha512.c b/library/sha512.c index a91d7922a..e739af254 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -828,6 +828,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; uint64_t high, low; + int truncated = 0; /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length @@ -874,7 +875,6 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, sha512_put_uint64_be(ctx->state[4], output, 32); sha512_put_uint64_be(ctx->state[5], output, 40); - int truncated = 0; #if defined(MBEDTLS_SHA384_C) truncated = ctx->is384; #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 736b1423b..2368489df 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1920,7 +1920,7 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui psa_algorithm_t alg; size_t key_bits; - status = mbedtls_ssl_cipher_to_psa(info->cipher, + status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, &alg, &key_type, &key_bits); @@ -1969,10 +1969,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_md_psa_alg_from_type(info->mac)); + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac)); + return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 47a206dd4..c312d816e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1547,8 +1547,16 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { + if (rec->data_len < transform->maclen) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Record too short for MAC:" + " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET, + rec->data_len, transform->maclen)); + return MBEDTLS_ERR_SSL_INVALID_MAC; + } + /* The only supported stream cipher is "NULL", - * so there's nothing to do here.*/ + * so there's no encryption to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ #if defined(MBEDTLS_GCM_C) || \ @@ -2011,7 +2019,7 @@ hmac_failed_etm_enabled: unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 }; unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 }; - /* If the initial value of padlen was such that + /* For CBC+MAC, If the initial value of padlen was such that * data_len < maclen + padlen + 1, then padlen * got reset to 1, and the initial check * data_len >= minlen + maclen + 1 @@ -2023,6 +2031,9 @@ hmac_failed_etm_enabled: * subtracted either padlen + 1 (if the padding was correct) * or 0 (if the padding was incorrect) since then, * hence data_len >= maclen in any case. + * + * For stream ciphers, we checked above that + * data_len >= maclen. */ rec->data_len -= transform->maclen; ssl_extract_add_data_from_record(add_data, &add_data_len, rec, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fc3fb85d7..d3a7ddb42 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2427,7 +2427,8 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( psa_algorithm_t alg; psa_key_type_t type; size_t size; - status = mbedtls_ssl_cipher_to_psa(suite->cipher, 0, &alg, &type, &size); + status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher, + 0, &alg, &type, &size); if (status == PSA_SUCCESS) { base_mode = mbedtls_ssl_get_base_mode(alg); } @@ -6406,7 +6407,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, mbedtls_svc_key_id_t psk; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; - mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; + mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); @@ -8208,7 +8209,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, + if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, transform->taglen, &alg, &key_type, @@ -8227,7 +8228,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); if (mac_alg == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", (unsigned) ciphersuite_info->mac)); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index cc22a3fe1..27bbafa06 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1727,7 +1727,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, unsigned char *end) { uint16_t tls_id; - uint8_t ecpoint_len; + size_t ecpoint_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; psa_key_type_t key_type = PSA_KEY_TYPE_NONE; size_t ec_bits = 0; @@ -1779,7 +1779,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } - if (ecpoint_len > PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) { + if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } @@ -2059,7 +2059,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, ssl->handshake->xxdh_psa_peerkey, - MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH); + sizeof(ssl->handshake->xxdh_psa_peerkey)); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d2143ac15..6ebd5064f 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3718,22 +3718,32 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) psa_status_t status = PSA_ERROR_GENERIC_ERROR; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - MBEDTLS_SSL_DEBUG_MSG(1, ("Read the peer's public key.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Read the peer's public key.")); /* * We must have at least two bytes (1 for length, at least 1 for data) */ if (buf_len < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length")); - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length: %" MBEDTLS_PRINTF_SIZET, + buf_len)); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } if (data_len < 1 || data_len > buf_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length")); - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length: %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + data_len, buf_len)); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } /* Store peer's ECDH public key. */ + if (data_len > sizeof(handshake->xxdh_psa_peerkey)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + data_len, + sizeof(handshake->xxdh_psa_peerkey))); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } memcpy(handshake->xxdh_psa_peerkey, p, data_len); handshake->xxdh_psa_peerkey_len = data_len; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d018bee74..c6fa3b390 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -686,7 +686,7 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); if (ciphersuite_info != NULL) { - return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + return mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); } return PSA_ALG_NONE; @@ -1140,7 +1140,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, return ret; } - if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac) + if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac) != hash_alg) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Invalid ciphersuite for external psk.")); @@ -2858,7 +2858,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 81fa514f6..3c8d448c6 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -369,7 +369,7 @@ int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) */ ret = mbedtls_ssl_get_handshake_transcript( ssl, - ssl->handshake->ciphersuite_info->mac, + (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, transcript, sizeof(transcript), &transcript_len); if (ret != 0) { @@ -967,7 +967,7 @@ cleanup: int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg, mbedtls_pk_context *key) { - mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk(key); + mbedtls_pk_type_t pk_type = (mbedtls_pk_type_t) mbedtls_ssl_sig_from_pk(key); size_t key_size = mbedtls_pk_get_bitlen(key); switch (pk_type) { @@ -1035,7 +1035,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, } ret = mbedtls_ssl_get_handshake_transcript( - ssl, ssl->handshake->ciphersuite_info->mac, + ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, handshake_hash, sizeof(handshake_hash), &handshake_hash_len); if (ret != 0) { return ret; @@ -1464,7 +1464,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR")); - ret = mbedtls_ssl_get_handshake_transcript(ssl, ciphersuite_info->mac, + ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, hash_transcript + 4, PSA_HASH_MAX_SIZE, &hash_len); @@ -1516,7 +1516,13 @@ int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, /* Check if key size is consistent with given buffer length. */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len); - /* Store peer's ECDH public key. */ + /* Store peer's ECDH/FFDH public key. */ + if (peerkey_len > sizeof(handshake->xxdh_psa_peerkey)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %u > %" MBEDTLS_PRINTF_SIZET, + (unsigned) peerkey_len, + sizeof(handshake->xxdh_psa_peerkey))); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len); handshake->xxdh_psa_peerkey_len = peerkey_len; diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index afd84a974..6905d926a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -685,7 +685,7 @@ static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - handshake->ciphersuite_info->mac); + (mbedtls_md_type_t) handshake->ciphersuite_info->mac); /* * Compute MasterSecret @@ -797,10 +797,10 @@ int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &ssl->handshake->tls13_hs_secrets; - mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; + mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( - ssl->handshake->ciphersuite_info->mac); + (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac); size_t const hash_len = PSA_HASH_LENGTH(hash_alg); MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data")); @@ -1059,7 +1059,7 @@ int mbedtls_ssl_tls13_populate_transform( /* * Setup psa keys and alg */ - if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, + if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, transform->taglen, &alg, &key_type, @@ -1118,7 +1118,7 @@ static int ssl_tls13_get_cipher_key_info( taglen = 16; } - status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen, + status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, taglen, &alg, &key_type, &key_bits); if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); @@ -1168,9 +1168,9 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, goto cleanup; } - md_type = ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1298,7 +1298,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); @@ -1370,9 +1370,9 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, return ret; } - md_type = ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1480,7 +1480,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - handshake->ciphersuite_info->mac); + (mbedtls_md_type_t) handshake->ciphersuite_info->mac); unsigned char *shared_secret = NULL; size_t shared_secret_len = 0; @@ -1617,9 +1617,9 @@ static int ssl_tls13_generate_application_keys( goto cleanup; } - md_type = handshake->ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); /* Compute current handshake transcript. It's the caller's responsibility @@ -1767,7 +1767,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG( 2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret")); - md_type = handshake->ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, transcript, sizeof(transcript), diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 89bba04b3..b8201f086 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -408,7 +408,8 @@ static int ssl_tls13_select_ciphersuite_for_psk( /* MAC of selected ciphersuite MUST be same with PSK binder if exist. * Otherwise, client should reject. */ - if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) { + if (psk_hash_alg == + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) { *selected_ciphersuite = cipher_suite; *selected_ciphersuite_info = ciphersuite_info; return 0; @@ -614,7 +615,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( ret = ssl_tls13_offered_psks_check_binder_match( ssl, binder, binder_len, psk_type, - mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)); + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)); if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { /* For security reasons, the handshake should be aborted when we * fail to validate a binder value. See RFC 8446 section 4.2.11.2 @@ -2793,7 +2794,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, ciphersuite_info = (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; - psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { @@ -3015,7 +3016,7 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) } MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)", - mbedtls_ssl_states_str(ssl->state), + mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), ssl->state)); switch (ssl->state) { diff --git a/library/x509_create.c b/library/x509_create.c index 1c489a3ca..2583cdd0f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -185,51 +185,107 @@ static int parse_attribute_value_string(const char *s, return 0; } -static int parse_attribute_value_der_encoded(const char *s, - int len, - unsigned char *data, - size_t *data_len, - int *tag) +/** Parse a hexstring containing a DER-encoded string. + * + * \param s A string of \p len bytes hexadecimal digits. + * \param len Number of bytes to read from \p s. + * \param data Output buffer of size \p data_size. + * On success, it contains the payload that's DER-encoded + * in the input (content without the tag and length). + * If the DER tag is a string tag, the payload is guaranteed + * not to contain null bytes. + * \param data_size Length of the \p data buffer. + * \param data_len On success, the length of the parsed string. + * It is guaranteed to be less than + * #MBEDTLS_X509_MAX_DN_NAME_SIZE. + * \param tag The ASN.1 tag that the payload in \p data is encoded in. + * + * \retval 0 on success. + * \retval #MBEDTLS_ERR_X509_INVALID_NAME if \p s does not contain + * a valid hexstring, + * or if the decoded hexstring is not valid DER, + * or if the payload does not fit in \p data, + * or if the payload is more than + * #MBEDTLS_X509_MAX_DN_NAME_SIZE bytes, + * of if \p *tag is an ASN.1 string tag and the payload + * contains a null byte. + * \retval #MBEDTLS_ERR_X509_ALLOC_FAILED on low memory. + */ +static int parse_attribute_value_hex_der_encoded(const char *s, + size_t len, + unsigned char *data, + size_t data_size, + size_t *data_len, + int *tag) { - const char *c = s; - const char *end = c + len; - unsigned char asn1_der_buf[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - unsigned char *asn1_der_end; - unsigned char *p; - unsigned char *d = data; - int n; + /* Step 1: preliminary length checks. */ + /* Each byte is encoded by exactly two hexadecimal digits. */ + if (len % 2 != 0) { + /* Odd number of hex digits */ + return MBEDTLS_ERR_X509_INVALID_NAME; + } + size_t const der_length = len / 2; + if (der_length > MBEDTLS_X509_MAX_DN_NAME_SIZE + 4) { + /* The payload would be more than MBEDTLS_X509_MAX_DN_NAME_SIZE + * (after subtracting the ASN.1 tag and length). Reject this early + * to avoid allocating a large intermediate buffer. */ + return MBEDTLS_ERR_X509_INVALID_NAME; + } + if (der_length < 1) { + /* Avoid empty-buffer shenanigans. A valid DER encoding is never + * empty. */ + return MBEDTLS_ERR_X509_INVALID_NAME; + } - /* Converting from hexstring to raw binary so we can use asn1parse.c */ - if ((len < 5) || (*c != '#')) { - return MBEDTLS_ERR_X509_INVALID_NAME; + /* Step 2: Decode the hex string into an intermediate buffer. */ + unsigned char *der = mbedtls_calloc(1, der_length); + if (der == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; } - c++; - if ((*tag = hexpair_to_int(c)) == -1) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - c += 2; - p = asn1_der_buf; - for (p = asn1_der_buf; c < end; c += 2) { - if ((c + 1 >= end) || (n = hexpair_to_int(c)) == -1) { - return MBEDTLS_ERR_X509_INVALID_NAME; + /* Beyond this point, der needs to be freed on exit. */ + for (size_t i = 0; i < der_length; i++) { + int c = hexpair_to_int(s + 2 * i); + if (c < 0) { + goto error; } - if (MBEDTLS_ASN1_IS_STRING_TAG(*tag) && n == 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; + der[i] = c; + } + + /* Step 3: decode the DER. */ + /* We've checked that der_length >= 1 above. */ + *tag = der[0]; + unsigned char *p = der + 1; + if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { + goto error; + } + /* Now p points to the first byte of the payload inside der, + * and *data_len is the length of the payload. */ + + /* Step 4: payload validation */ + if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { + goto error; + } + /* Strings must not contain null bytes. */ + if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { + for (size_t i = 0; i < *data_len; i++) { + if (p[i] == 0) { + goto error; + } } - *(p++) = n; - } - asn1_der_end = p; - - p = asn1_der_buf; - if (mbedtls_asn1_get_len(&p, asn1_der_end, data_len) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; } - while (p < asn1_der_end) { - *(d++) = *(p++); + /* Step 5: output the payload. */ + if (*data_len > data_size) { + goto error; } + memcpy(data, p, *data_len); + mbedtls_free(der); return 0; + +error: + mbedtls_free(der); + return MBEDTLS_ERR_X509_INVALID_NAME; } int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) @@ -273,11 +329,14 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; } else if (*s == '#') { - if ((parse_ret = - parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, - &tag)) != 0) { + /* We know that c >= s (loop invariant) and c != s (in this + * else branch), hence c - s - 1 >= 0. */ + parse_ret = parse_attribute_value_hex_der_encoded( + s + 1, c - s - 1, + data, sizeof(data), &data_len, &tag); + if (parse_ret != 0) { mbedtls_free(oid.p); - return MBEDTLS_ERR_X509_INVALID_NAME; + return parse_ret; } } else { if (numericoid) { diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 855b0911f..9744c58d5 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1,5 +1,5 @@ /* - * MbedTLS SSL context deserializer from base64 code + * Mbed TLS SSL context deserializer from base64 code * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index ecc4e94a6..d8237f544 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -113,13 +113,13 @@ static void mbedtls_set_alarm(int seconds); #define HEADER_FORMAT " %-24s : " #define TITLE_LEN 25 -#define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ - "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ - "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ +#define OPTIONS \ + "md5, ripemd160, sha1, sha256, sha512,\n" \ + "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ + "des3, des, camellia, chacha20,\n" \ + "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \ + "aes_cmac, des3_cmac, poly1305\n" \ + "ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" #if defined(MBEDTLS_ERROR_C) @@ -510,7 +510,7 @@ typedef struct { char md5, ripemd160, sha1, sha256, sha512, sha3_224, sha3_256, sha3_384, sha3_512, des3, des, - aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly, + aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly, aes_cmac, des3_cmac, aria, camellia, chacha20, poly1305, @@ -570,6 +570,10 @@ int main(int argc, char *argv[]) todo.des = 1; } else if (strcmp(argv[i], "aes_cbc") == 0) { todo.aes_cbc = 1; + } else if (strcmp(argv[i], "aes_cfb128") == 0) { + todo.aes_cfb128 = 1; + } else if (strcmp(argv[i], "aes_cfb8") == 0) { + todo.aes_cfb8 = 1; } else if (strcmp(argv[i], "aes_xts") == 0) { todo.aes_xts = 1; } else if (strcmp(argv[i], "aes_gcm") == 0) { @@ -675,6 +679,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_CIPHER_MODE_CBC) if (todo.des3) { mbedtls_des3_context des3; + mbedtls_des3_init(&des3); if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) { mbedtls_exit(1); @@ -686,6 +691,7 @@ int main(int argc, char *argv[]) if (todo.des) { mbedtls_des_context des; + mbedtls_des_init(&des); if (mbedtls_des_setkey_enc(&des, tmp) != 0) { mbedtls_exit(1); @@ -718,6 +724,7 @@ int main(int argc, char *argv[]) if (todo.aes_cbc) { int keysize; mbedtls_aes_context aes; + mbedtls_aes_init(&aes); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize); @@ -732,6 +739,44 @@ int main(int argc, char *argv[]) mbedtls_aes_free(&aes); } #endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + if (todo.aes_cfb128) { + int keysize; + size_t iv_off = 0; + mbedtls_aes_context aes; + + mbedtls_aes_init(&aes); + for (keysize = 128; keysize <= 256; keysize += 64) { + mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); + + TIME_AND_TSC(title, + mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, + &iv_off, tmp, buf, buf)); + } + mbedtls_aes_free(&aes); + } + if (todo.aes_cfb8) { + int keysize; + mbedtls_aes_context aes; + + mbedtls_aes_init(&aes); + for (keysize = 128; keysize <= 256; keysize += 64) { + mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); + + TIME_AND_TSC(title, + mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); + } + mbedtls_aes_free(&aes); + } +#endif #if defined(MBEDTLS_CIPHER_MODE_XTS) if (todo.aes_xts) { int keysize; @@ -849,6 +894,7 @@ int main(int argc, char *argv[]) if (todo.aria) { int keysize; mbedtls_aria_context aria; + mbedtls_aria_init(&aria); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize); @@ -869,6 +915,7 @@ int main(int argc, char *argv[]) if (todo.camellia) { int keysize; mbedtls_camellia_context camellia; + mbedtls_camellia_init(&camellia); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize); @@ -975,6 +1022,7 @@ int main(int argc, char *argv[]) if (todo.rsa) { int keysize; mbedtls_rsa_context rsa; + for (keysize = 2048; keysize <= 4096; keysize *= 2) { mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); @@ -1017,6 +1065,7 @@ int main(int argc, char *argv[]) mbedtls_dhm_context dhm; size_t olen; size_t n; + for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { mbedtls_dhm_init(&dhm); @@ -1130,6 +1179,7 @@ int main(int argc, char *argv[]) if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) { mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) { mbedtls_exit(1); diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index f3aca7070..e8081012a 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -60,6 +60,11 @@ class LostContent(Exception): message = ('Lost content from {}: "{}"'.format(filename, line)) super().__init__(message) +class FilePathError(Exception): + def __init__(self, filenames): + message = ('Changelog filenames do not end with .txt: {}'.format(", ".join(filenames))) + super().__init__(message) + # The category names we use in the changelog. # If you edit this, update ChangeLog.d/README.md. STANDARD_CATEGORIES = ( @@ -443,8 +448,21 @@ def list_files_to_merge(options): """List the entry files to merge, oldest first. "Oldest" is defined by `EntryFileSortKey`. + + Also check for required .txt extension """ - files_to_merge = glob.glob(os.path.join(options.dir, '*.txt')) + files_to_merge = glob.glob(os.path.join(options.dir, '*')) + + # Ignore 00README.md + readme = os.path.join(options.dir, "00README.md") + if readme in files_to_merge: + files_to_merge.remove(readme) + + # Identify files without the required .txt extension + bad_files = [x for x in files_to_merge if not x.endswith(".txt")] + if bad_files: + raise FilePathError(bad_files) + files_to_merge.sort(key=EntryFileSortKey) return files_to_merge @@ -452,6 +470,7 @@ def merge_entries(options): """Merge changelog entries into the changelog file. Read the changelog file from options.input. + Check that all entries have a .txt extension Read entries to merge from the directory options.dir. Write the new changelog to options.output. Remove the merged entries if options.keep_entries is false. diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 53d859edf..e764e9d22 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -901,7 +901,7 @@ def main(): '-c', '--config', type=str, default=SupportedConfig.DEFAULT.value, choices=list(map(lambda s: s.value, SupportedConfig)), help='Specify configuration type for code size comparison. ' - '(Default is the current MbedTLS configuration.)') + '(Default is the current Mbed TLS configuration.)') group_optional.add_argument( '--markdown', action='store_true', dest='markdown', help='Show comparision of code size in a markdown table. ' diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index 3d116b396..8670bbde5 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -492,7 +492,8 @@ static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } - return( PSA_ERROR_INVALID_ARGUMENT ); + /* Can't happen (see discussion in #8271) */ + return 0; } static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops( @@ -516,7 +517,8 @@ static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops( } - return( PSA_ERROR_INVALID_ARGUMENT ); + /* Can't happen (see discussion in #8271) */ + return 0; } static inline psa_status_t psa_driver_wrapper_sign_hash_start( @@ -526,8 +528,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start( const uint8_t *hash, size_t hash_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) @@ -548,28 +549,21 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start( /* Fell through, meaning no accelerator supports this operation */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx, - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length ) ); + status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length ); break; /* Add cases for opaque driver here */ default: /* Key is declared with a lifetime not known to us */ - ( void ) status; - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + break; } - ( void ) operation; - ( void ) key_buffer; - ( void ) key_buffer_size; - ( void ) alg; - ( void ) hash; - ( void ) hash_length; - - return( status ); + return( status ); } static inline psa_status_t psa_driver_wrapper_sign_hash_complete( @@ -625,7 +619,6 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -648,31 +641,21 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start( /* Fell through, meaning no accelerator supports this operation */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx, - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length - ) ); + status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); break; /* Add cases for opaque driver here */ default: /* Key is declared with a lifetime not known to us */ - ( void ) status; - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + break; } - ( void ) operation; - ( void ) key_buffer; - ( void ) key_buffer_size; - ( void ) alg; - ( void ) hash; - ( void ) hash_length; - ( void ) signature; - ( void ) signature_length; - return( status ); } @@ -2724,6 +2707,7 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ + status = PSA_ERROR_NOT_SUPPORTED; #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_pake_setup( @@ -2741,15 +2725,12 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( inputs ); if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return status; #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return status; /* Add cases for opaque driver here */ default: /* Key is declared with a lifetime not known to us */ (void)operation; - (void)inputs; - (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } } diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index b48a27711..2e10c88e2 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -19,7 +19,7 @@ import os import inspect -def looks_like_psa_crypto_root(path: str) -> bool: +def looks_like_tf_psa_crypto_root(path: str) -> bool: """Whether the given directory looks like the root of the PSA Crypto source tree.""" return all(os.path.isdir(os.path.join(path, subdir)) for subdir in ['include', 'core', 'drivers', 'programs', 'tests']) @@ -30,7 +30,7 @@ def looks_like_mbedtls_root(path: str) -> bool: for subdir in ['include', 'library', 'programs', 'tests']) def looks_like_root(path: str) -> bool: - return looks_like_psa_crypto_root(path) or looks_like_mbedtls_root(path) + return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) def check_repo_path(): """ diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py index a2e4c74a4..737760fd4 100644 --- a/scripts/mbedtls_dev/psa_storage.py +++ b/scripts/mbedtls_dev/psa_storage.py @@ -53,7 +53,7 @@ class Expr: """Update `value_cache` for expressions registered in `unknown_values`.""" expressions = sorted(self.unknown_values) includes = ['include'] - if build_tree.looks_like_psa_crypto_root('.'): + if build_tree.looks_like_tf_psa_crypto_root('.'): includes.append('drivers/builtin/include') values = c_build_helper.get_c_expression_values( 'unsigned long', '%lu', diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 7edc991ad..3bfbe3333 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -143,6 +143,38 @@ } \ } while (0) +/** Allocate memory dynamically and fail the test case if this fails. + * The allocated memory will be filled with zeros. + * + * You must set \p pointer to \c NULL before calling this macro and + * put `mbedtls_free(pointer)` in the test's cleanup code. + * + * If \p item_count is zero, the resulting \p pointer will not be \c NULL. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param item_count Number of elements to allocate. + * This expression may be evaluated multiple times. + * + * Note: if passing size 0, mbedtls_calloc may return NULL. In this case, + * we reattempt to allocate with the smallest possible buffer to assure a + * non-NULL pointer. + */ +#define TEST_CALLOC_NONNULL(pointer, item_count) \ + do { \ + TEST_ASSERT((pointer) == NULL); \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ + (item_count)); \ + if (((pointer) == NULL) && ((item_count) == 0)) { \ + (pointer) = mbedtls_calloc(1, 1); \ + } \ + TEST_ASSERT((pointer) != NULL); \ + } while (0) + /* For backwards compatibility */ #define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 1f160c7eb..ddbd6a39e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -516,6 +516,27 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t cid0_len, size_t cid1_len); +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +/** + * \param[in,out] record The record to prepare. + * It must contain the data to MAC at offset + * `record->data_offset`, of length + * `record->data_length`. + * On success, write the MAC immediately + * after the data and increment + * `record->data_length` accordingly. + * \param[in,out] transform_out The out transform, typically prepared by + * mbedtls_test_ssl_build_transforms(). + * Its HMAC context may be used. Other than that + * it is treated as an input parameter. + * + * \return 0 on success, an `MBEDTLS_ERR_xxx` error code + * or -1 on error. + */ +int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, + mbedtls_ssl_transform *transform_out); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + /* * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 90e5f1bd7..fec46cc50 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -127,13 +127,13 @@ in_mbedtls_repo () { test -d include -a -d library -a -d programs -a -d tests } -in_psa_crypto_repo () { +in_tf_psa_crypto_repo () { test -d include -a -d core -a -d drivers -a -d programs -a -d tests } pre_check_environment () { - if in_mbedtls_repo || in_psa_crypto_repo; then :; else - echo "Must be run from Mbed TLS / psa-crypto root" >&2 + if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else + echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2 exit 1 fi } @@ -1164,21 +1164,6 @@ component_test_full_cmake_gcc_asan_new_bignum () { tests/context-info.sh } -component_test_full_cmake_gcc_asan_new_bignum_test_hooks () { - msg "build: full config, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (full config, ASan build)" - make test - - msg "test: selftest (ASan build)" # ~ 10s - programs/test/selftest -} - component_test_psa_crypto_key_id_encodes_owner () { msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" scripts/config.py full diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 81adb7190..1f20734b1 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -206,6 +206,7 @@ TASKS = { 'ignored_suites': [ 'shax', 'mdx', # the software implementations that are being excluded 'md.psa', # purposefully depends on whether drivers are present + 'psa_crypto_low_hash.generated', # testing the builtins ], 'ignored_tests': { } diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 623fd2352..5128dc788 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -276,7 +276,7 @@ class Auditor: @staticmethod def find_test_dir(): - """Get the relative path for the MbedTLS test directory.""" + """Get the relative path for the Mbed TLS test directory.""" return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 9140b4c25..d03e5cf6d 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -128,7 +128,7 @@ check() check scripts/generate_errors.pl library/error.c check scripts/generate_query_config.pl programs/test/query_config.c -check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h +check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h library/psa_crypto_driver_wrappers_no_static.c check scripts/generate_features.pl library/version_features.c check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c # generate_visualc_files enumerates source files (library/*.c). It doesn't diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index f812929c7..86a7c0903 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -941,7 +941,7 @@ def main(): "This script confirms that the naming of all symbols and identifiers " "in Mbed TLS are consistent with the house style and are also " "self-consistent.\n\n" - "Expected to be run from the MbedTLS root directory.") + "Expected to be run from the Mbed TLS root directory.") ) parser.add_argument( "-v", "--verbose", diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 359043620..9cd220f85 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -2,7 +2,7 @@ """Run the PSA Crypto API compliance test suite. Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, then compile and run the test suite. The clone is stored at /psa-arch-tests. -Known defects in either the test suite or mbedtls / psa-crypto - identified by their test +Known defects in either the test suite or mbedtls / TF-PSA-Crypto - identified by their test number - are ignored, while unexpected failures AND successes are reported as errors, to help keep the list of known defects as up to date as possible. """ @@ -34,8 +34,8 @@ from typing import List import scripts_path from mbedtls_dev import build_tree -# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / PSA Crypto -# (or the test suite). +# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / +# TF-PSA-Crypto (or the test suite). # The test numbers correspond to the numbers used by the console output of the test suite. # Test number 2xx corresponds to the files in the folder # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx @@ -46,7 +46,7 @@ EXPECTED_FAILURES = { } # We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches -# that allow it to build with MbedTLS 3, and fixes a couple of issues in the compliance test suite. +# that allow it to build with Mbed TLS 3, and fixes a couple of issues in the compliance test suite. # These fixes allow the tests numbered 216, 248 and 249 to complete successfully. # # Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag. @@ -60,10 +60,10 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736' def main(library_build_dir: str): root_dir = os.getcwd() - in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir) + in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - if in_psa_crypto_repo: - crypto_name = 'psacrypto' + if in_tf_psa_crypto_repo: + crypto_name = 'tfpsacrypto' library_subdir = 'core' else: crypto_name = 'mbedcrypto' @@ -102,7 +102,7 @@ def main(library_build_dir: str): os.chdir(build_dir) extra_includes = (';{}/drivers/builtin/include'.format(root_dir) - if in_psa_crypto_repo else '') + if in_tf_psa_crypto_repo else '') #pylint: disable=bad-continuation subprocess.check_call([ @@ -178,7 +178,7 @@ if __name__ == '__main__': # pylint: disable=invalid-name parser = argparse.ArgumentParser() parser.add_argument('--build-dir', nargs=1, - help='path to Mbed TLS / PSA Crypto build directory') + help='path to Mbed TLS / TF-PSA-Crypto build directory') args = parser.parse_args() if args.build_dir is not None: diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 9144d85ba..5c305cb0a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1467,6 +1467,64 @@ cleanup: return ret; } +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, + mbedtls_ssl_transform *transform_out) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; +#endif + + /* Serialized version of record header for MAC purposes */ + unsigned char add_data[13]; + memcpy(add_data, record->ctr, 8); + add_data[8] = record->type; + add_data[9] = record->ver[0]; + add_data[10] = record->ver[1]; + add_data[11] = (record->data_len >> 8) & 0xff; + add_data[12] = (record->data_len >> 0) & 0xff; + + /* MAC with additional data */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t sign_mac_length = 0; + TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, + transform_out->psa_mac_enc, + transform_out->psa_mac_alg)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, + record->buf + record->data_offset, + record->data_len)); + /* Use a temporary buffer for the MAC, because with the truncated HMAC + * extension, there might not be enough room in the record for the + * full-length MAC. */ + unsigned char mac[PSA_HASH_MAX_SIZE]; + TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, + mac, sizeof(mac), + &sign_mac_length)); +#else + TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); + TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, + record->buf + record->data_offset, + record->data_len)); + /* Use a temporary buffer for the MAC, because with the truncated HMAC + * extension, there might not be enough room in the record for the + * full-length MAC. */ + unsigned char mac[MBEDTLS_MD_MAX_SIZE]; + TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); +#endif + memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); + record->data_len += transform_out->maclen; + + return 0; + +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_mac_abort(&operation); +#endif + return -1; +} +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 134970f5f..92e9cdd7b 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -8,63 +8,63 @@ dec_empty_buf:MBEDTLS_CIPHER_AES_128_XTS:MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:0 AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_PKCS7 AES-128 CBC - Encrypt and decrypt 0 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS @@ -251,15 +251,15 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_NONE AES-128 CBC - Encrypt and decrypt 16 bytes with no padding -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_NONE AES-128 CBC - Encrypt and decrypt 32 bytes with no padding -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_NONE AES-128 CBC - Encrypt and decrypt 48 bytes with no padding -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_NONE AES-128 CBC - Try encrypting 1 bytes with no padding @@ -1272,107 +1272,107 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16:-1:16:16:16:16 AES-192 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:-1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:MBEDTLS_PADDING_PKCS7 AES-192 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 AES-192 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 AES-192 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 AES-256 CBC - Decrypt empty buffer depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -1380,107 +1380,107 @@ dec_empty_buf:MBEDTLS_CIPHER_AES_256_CBC:0:0 AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:-1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:MBEDTLS_PADDING_PKCS7 AES-256 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 AES-256 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 AES-256 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:-1:16:16:0:32 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 AES Decrypt test vector #0 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -2257,3 +2257,15 @@ test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3 Cipher Corner Case behaviours depends_on:MBEDTLS_AES_C cipher_special_behaviours: + +Check set padding - 128 bit key +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_AES_128_CBC + +Check set padding - 192 bit key +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +check_set_padding:MBEDTLS_CIPHER_AES_192_CBC + +Check set padding - 256 bit key +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +check_set_padding:MBEDTLS_CIPHER_AES_256_CBC diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data index 3f011e889..be1dfb24e 100644 --- a/tests/suites/test_suite_cipher.aria.data +++ b/tests/suites/test_suite_cipher.aria.data @@ -337,3 +337,15 @@ test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3 ARIA-256-CCM*-NO-TAG crypt Decrypt depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0 + +Check set padding - 128 bit key +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_ARIA_128_CBC + +Check set padding - 192 bit key +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_ARIA_192_CBC + +Check set padding - 256 bit key +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_ARIA_256_CBC diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index df4ebcc1b..18a09cadd 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -8,63 +8,63 @@ dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:0:0 CAMELLIA Encrypt and decrypt 0 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 1 byte [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 2 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 7 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 8 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 9 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 15 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 16 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 17 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 31 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 32 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_PKCS7 -CAMELLIA Encrypt and decrypt 32 bytes [#2] +CAMELLIA Encrypt and decrypt 33 bytes [#2] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 47 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 48 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 49 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 0 bytes with one and zeros padding depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS @@ -251,15 +251,15 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_NONE CAMELLIA Encrypt and decrypt 16 bytes with no padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_NONE CAMELLIA Encrypt and decrypt 32 bytes with no padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_NONE CAMELLIA Encrypt and decrypt 48 bytes with no padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_NONE CAMELLIA Try encrypting 1 bytes with no padding @@ -308,47 +308,47 @@ enc_fail:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR CAMELLIA Encrypt and decrypt 0 bytes in multiple parts [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#2] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#3] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:-1:16:16:0:32 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 CAMELLIA Encrypt and decrypt 0 bytes [#2] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB @@ -560,211 +560,211 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16:-1:16:16:16:16 CAMELLIA Encrypt and decrypt 0 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:0:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 1 byte [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:1:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 2 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:2:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 7 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:7:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 8 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:8:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 9 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:9:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 15 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:15:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 16 bytes [#4] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:16:-1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:16:MBEDTLS_PADDING_NONE CAMELLIA Encrypt and decrypt 17 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:17:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 31 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:31:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 32 bytes [#7] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:32:-1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:32:MBEDTLS_PADDING_NONE -CAMELLIA Encrypt and decrypt 32 bytes [#8] +CAMELLIA Encrypt and decrypt 33 bytes [#8] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:33:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 47 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:47:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 48 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:48:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 49 bytes [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:49:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#10] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#11] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#12] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#4] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:-1:16:16:0:32 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 CAMELLIA Encrypt and decrypt 0 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:0:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 1 byte [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:1:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 2 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:2:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 7 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:7:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 8 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:8:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 9 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:9:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 15 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:15:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 16 bytes [#5] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:16:-1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:16:MBEDTLS_PADDING_NONE CAMELLIA Encrypt and decrypt 17 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:17:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 31 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:31:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 32 bytes [#9] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:32:-1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:32:MBEDTLS_PADDING_NONE -CAMELLIA Encrypt and decrypt 32 bytes [#10] +CAMELLIA Encrypt and decrypt 33 bytes [#10] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:33:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 47 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:47:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 48 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:48:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 49 bytes [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:49:MBEDTLS_PADDING_PKCS7 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#13] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#14] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:-1:16:0:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#15] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C @@ -1101,3 +1101,15 @@ test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1 CAMELLIA-256-CCM*-NO-TAG crypt Decrypt depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0 + +Check set padding - 128 bit key +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_CAMELLIA_128_CBC + +Check set padding - 192 bit key +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_CAMELLIA_192_CBC + +Check set padding - 256 bit key +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_CAMELLIA_256_CBC diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 77f7515b9..066ea35a5 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -12,63 +12,63 @@ dec_empty_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:0:0 DES Encrypt and decrypt 0 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 1 byte depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 2 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 7 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 8 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 9 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 15 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 16 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 17 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 31 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 32 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_PKCS7 -DES Encrypt and decrypt 32 bytes [#2] +DES Encrypt and decrypt 33 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 47 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 48 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 49 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_PKCS7 DES Encrypt and decrypt 0 bytes with one and zeros padding depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS @@ -312,255 +312,267 @@ enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:49:MBEDTLS_ERR_CIPHER_FU DES Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:-1:16:0:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:MBEDTLS_PADDING_PKCS7:16:0:8:8 DES Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 DES Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 DES Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:-1:8:8:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:MBEDTLS_PADDING_PKCS7:8:8:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:-1:8:8:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:MBEDTLS_PADDING_PKCS7:8:8:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:-1:16:0:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:MBEDTLS_PADDING_PKCS7:16:0:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 [#3] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 DES Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:-1:16:16:8:24 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:MBEDTLS_PADDING_PKCS7:16:16:8:24 DES Encrypt and decrypt 0 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:0:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 1 byte [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:1:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 2 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:2:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 7 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:7:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 8 bytes [#1] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:8:-1 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:8:MBEDTLS_PADDING_NONE DES3 Encrypt and decrypt 9 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:9:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 15 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:15:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 16 bytes [#1] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:16:-1 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:16:MBEDTLS_PADDING_NONE DES3 Encrypt and decrypt 17 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:17:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 31 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:31:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 32 bytes [#1] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:32:-1 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:32:MBEDTLS_PADDING_NONE -DES3 Encrypt and decrypt 32 bytes [#2] +DES3 Encrypt and decrypt 33 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:33:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 47 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:47:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 48 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:48:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 49 bytes [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:49:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 0 bytes in multiple parts [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 2 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES3 Encrypt and decrypt 16 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:-1:16:0:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:8:8 DES3 Encrypt and decrypt 16 bytes in multiple parts 2 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 3 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 4 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:-1:8:8:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:-1:8:8:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:-1:16:0:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#3] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 DES3 Encrypt and decrypt 32 bytes in multiple parts 1 [#1] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:-1:16:16:8:24 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:8:24 DES3 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:0:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:0:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 1 byte [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:1:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:1:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 2 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:2:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:2:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 7 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:7:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:7:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 8 bytes [#2] +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:8:MBEDTLS_PADDING_NONE + +DES3 Encrypt and decrypt 8 bytes (PKCS7 padding) [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:8:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:8:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 9 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:9:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:9:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 15 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:15:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:15:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 16 bytes [#2] +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:16:MBEDTLS_PADDING_NONE + +DES3 Encrypt and decrypt 16 bytes (PKCS7 padding) [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:16:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:16:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 17 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:17:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:17:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 31 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:31:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:31:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 32 bytes [#3] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:32:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:32:MBEDTLS_PADDING_PKCS7 -DES3 Encrypt and decrypt 32 bytes [#4] +DES3 Encrypt and decrypt 32 bytes (PKCS7 padding) [#3] +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:32:MBEDTLS_PADDING_NONE + +DES3 Encrypt and decrypt 33 bytes [#4] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:33:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:33:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 47 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:47:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:47:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 48 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:48:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:48:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 49 bytes [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:49:-1 +enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:49:MBEDTLS_PADDING_PKCS7 DES3 Encrypt and decrypt 0 bytes in multiple parts [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 1 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 2 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:-1:0:0:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 DES3 Encrypt and decrypt 16 bytes in multiple parts 1 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:-1:16:0:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:MBEDTLS_PADDING_PKCS7:16:0:8:8 DES3 Encrypt and decrypt 16 bytes in multiple parts 2 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 3 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:-1:0:16:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 4 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:-1:8:8:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:MBEDTLS_PADDING_PKCS7:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#4] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:-1:8:8:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:MBEDTLS_PADDING_PKCS7:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#5] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:-1:16:0:8:8 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:MBEDTLS_PADDING_PKCS7:16:0:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#6] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:-1:16:0:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 DES3 Encrypt and decrypt 32 bytes in multiple parts 1 [#2] depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:-1:16:16:8:24 +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:MBEDTLS_PADDING_PKCS7:16:16:8:24 DES ECB Encrypt test vector (OpenSSL) #1 depends_on:MBEDTLS_DES_C @@ -601,3 +613,11 @@ test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"0000000000000000FFFFFFF DES3-EDE ECB Decrypt test vector (OpenSSL) #2 depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"199E9D6DF39AA816":"FFFFFFFFFFFFFFFF":0 + +Check set padding - DES +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_DES_EDE_CBC + +Check set padding - Triple DES +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +check_set_padding:MBEDTLS_CIPHER_DES_EDE3_CBC diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 40907ad94..fdf22a92f 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -63,6 +63,9 @@ static int check_cipher_info(mbedtls_cipher_type_t type, key_bitlen == 192 || key_bitlen == 256); } + TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); + TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); + TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); if (strstr(info->name, "-ECB") != NULL) { TEST_ASSERT(iv_size == 0); @@ -598,6 +601,13 @@ void dec_empty_buf(int cipher, TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) + if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { + TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, + MBEDTLS_PADDING_PKCS7)); + } +#endif + #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? @@ -1195,3 +1205,46 @@ exit: mbedtls_cipher_free(&ctx_enc); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ +void check_set_padding(int cipher_id) +{ + mbedtls_cipher_context_t ctx; + unsigned char *key = NULL; + unsigned char iv[16] = { 0 }; + unsigned char input[16] = { 0 }; + unsigned char output[32] = { 0 }; + size_t outlen = 0; + const mbedtls_cipher_info_t *cipher_info; + size_t keylen = 0; + + cipher_info = mbedtls_cipher_info_from_type(cipher_id); + + if (cipher_info->mode != MBEDTLS_MODE_CBC) { + TEST_FAIL("Cipher mode must be CBC"); + } + + keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); + TEST_CALLOC(key, keylen/8); + memset(key, 0, keylen/8); + + mbedtls_cipher_init(&ctx); + + TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); + + TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, + MBEDTLS_ENCRYPT)); + + TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, + sizeof(input), output, &outlen)); + + TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); + TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, + sizeof(input), output, &outlen)); + +exit: + mbedtls_cipher_free(&ctx); + mbedtls_free(key); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data index 282c4a93b..03c799f33 100644 --- a/tests/suites/test_suite_cmac.data +++ b/tests/suites/test_suite_cmac.data @@ -29,9 +29,29 @@ CMAC init #6 AES-0: bad key size depends_on:MBEDTLS_AES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -CMAC init #7 Camellia: wrong cipher +CMAC init Camellia-128: wrong cipher depends_on:MBEDTLS_CAMELLIA_C -mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_128_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init Camellia-192: wrong cipher +depends_on:MBEDTLS_CAMELLIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:192:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init Camellia-256: wrong cipher +depends_on:MBEDTLS_CAMELLIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #8 ARIA-128: wrong cipher +depends_on:MBEDTLS_ARIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_128_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #8 ARIA-192: wrong cipher +depends_on:MBEDTLS_ARIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_192_ECB:192:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #8 ARIA-256: wrong cipher +depends_on:MBEDTLS_ARIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA CMAC Single Blocks #1 - Empty block, no updates depends_on:MBEDTLS_AES_C diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 9624e8fea..2d7bcd1ab 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -20,9 +20,9 @@ void mbedtls_cmac_null_args() { mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; - unsigned char test_key[MBEDTLS_CIPHER_BLKSIZE_MAX]; - unsigned char test_data[MBEDTLS_CIPHER_BLKSIZE_MAX]; - unsigned char test_output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char test_key[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; + unsigned char test_data[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; + unsigned char test_output[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; mbedtls_cipher_init(&ctx); @@ -111,6 +111,12 @@ void mbedtls_cmac_setkey(int cipher_type, int key_size, int result) TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type)) != NULL); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info), + MBEDTLS_CIPHER_BLKSIZE_MAX); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info), + MBEDTLS_CMAC_MAX_BLOCK_SIZE); memset(buf, 0x2A, sizeof(buf)); TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size, @@ -129,7 +135,7 @@ void mbedtls_cmac_multiple_blocks(int cipher_type, data_t *key, { const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_context_t ctx; - unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; /* Convert the test parameters to binary data */ @@ -208,7 +214,7 @@ void mbedtls_cmac_multiple_operations_same_key(int cipher_type, { const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_context_t ctx; - unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE]; /* Convert the test parameters to binary data */ diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data index 1b0b964da..111fef6c4 100644 --- a/tests/suites/test_suite_constant_time.data +++ b/tests/suites/test_suite_constant_time.data @@ -91,6 +91,9 @@ mbedtls_ct_memcmp:-1:17:2 mbedtls_ct_memcmp len 17 offset 3 mbedtls_ct_memcmp:-1:17:3 +mbedtls_ct_memcmp_single_bit_diff +mbedtls_ct_memcmp_single_bit_diff: + mbedtls_ct_memcpy_if len 1 offset 0 mbedtls_ct_memcpy_if:1:1:0 @@ -643,6 +646,102 @@ mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffffffffffff" mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffffffffffff mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffffffffffff" +mbedtls_ct_error_if 0 0 0 +mbedtls_ct_error_if:0:0:0 + +mbedtls_ct_error_if 0 0 -1 +mbedtls_ct_error_if:0:0:-1 + +mbedtls_ct_error_if 0 0 -32766 +mbedtls_ct_error_if:0:0:-32766 + +mbedtls_ct_error_if 0 0 -32767 +mbedtls_ct_error_if:0:0:-32767 + +mbedtls_ct_error_if 0 -1 0 +mbedtls_ct_error_if:0:-1:0 + +mbedtls_ct_error_if 0 -1 -1 +mbedtls_ct_error_if:0:-1:-1 + +mbedtls_ct_error_if 0 -1 -32766 +mbedtls_ct_error_if:0:-1:-32766 + +mbedtls_ct_error_if 0 -1 -32767 +mbedtls_ct_error_if:0:-1:-32767 + +mbedtls_ct_error_if 0 -32766 0 +mbedtls_ct_error_if:0:-32766:0 + +mbedtls_ct_error_if 0 -32766 -1 +mbedtls_ct_error_if:0:-32766:-1 + +mbedtls_ct_error_if 0 -32766 -32766 +mbedtls_ct_error_if:0:-32766:-32766 + +mbedtls_ct_error_if 0 -32766 -32767 +mbedtls_ct_error_if:0:-32766:-32767 + +mbedtls_ct_error_if 0 -32767 0 +mbedtls_ct_error_if:0:-32767:0 + +mbedtls_ct_error_if 0 -32767 -1 +mbedtls_ct_error_if:0:-32767:-1 + +mbedtls_ct_error_if 0 -32767 -32766 +mbedtls_ct_error_if:0:-32767:-32766 + +mbedtls_ct_error_if 0 -32767 -32767 +mbedtls_ct_error_if:0:-32767:-32767 + +mbedtls_ct_error_if 1 0 0 +mbedtls_ct_error_if:1:0:0 + +mbedtls_ct_error_if 1 0 -1 +mbedtls_ct_error_if:1:0:-1 + +mbedtls_ct_error_if 1 0 -32766 +mbedtls_ct_error_if:1:0:-32766 + +mbedtls_ct_error_if 1 0 -32767 +mbedtls_ct_error_if:1:0:-32767 + +mbedtls_ct_error_if 1 -1 0 +mbedtls_ct_error_if:1:-1:0 + +mbedtls_ct_error_if 1 -1 -1 +mbedtls_ct_error_if:1:-1:-1 + +mbedtls_ct_error_if 1 -1 -32766 +mbedtls_ct_error_if:1:-1:-32766 + +mbedtls_ct_error_if 1 -1 -32767 +mbedtls_ct_error_if:1:-1:-32767 + +mbedtls_ct_error_if 1 -32766 0 +mbedtls_ct_error_if:1:-32766:0 + +mbedtls_ct_error_if 1 -32766 -1 +mbedtls_ct_error_if:1:-32766:-1 + +mbedtls_ct_error_if 1 -32766 -32766 +mbedtls_ct_error_if:1:-32766:-32766 + +mbedtls_ct_error_if 1 -32766 -32767 +mbedtls_ct_error_if:1:-32766:-32767 + +mbedtls_ct_error_if 1 -32767 0 +mbedtls_ct_error_if:1:-32767:0 + +mbedtls_ct_error_if 1 -32767 -1 +mbedtls_ct_error_if:1:-32767:-1 + +mbedtls_ct_error_if 1 -32767 -32766 +mbedtls_ct_error_if:1:-32767:-32766 + +mbedtls_ct_error_if 1 -32767 -32767 +mbedtls_ct_error_if:1:-32767:-32767 + mbedtls_ct_zeroize_if 0x0 0 mbedtls_ct_zeroize_if:"0x0":0 @@ -699,3 +798,69 @@ mbedtls_ct_memmove_left:16:15 mbedtls_ct_memmove_left 16 16 mbedtls_ct_memmove_left:16:16 + +mbedtls_ct_memcmp_partial -1 0 0 0 +mbedtls_ct_memcmp_partial:-1:0:0:0 + +mbedtls_ct_memcmp_partial 0 1 0 0 +mbedtls_ct_memcmp_partial:0:1:0:0 + +mbedtls_ct_memcmp_partial 0 1 1 0 +mbedtls_ct_memcmp_partial:0:1:1:0 + +mbedtls_ct_memcmp_partial 0 1 0 1 +mbedtls_ct_memcmp_partial:0:1:0:1 + +mbedtls_ct_memcmp_partial -1 1 0 0 +mbedtls_ct_memcmp_partial:-1:1:0:0 + +mbedtls_ct_memcmp_partial 0 2 0 1 +mbedtls_ct_memcmp_partial:0:2:0:1 + +mbedtls_ct_memcmp_partial 0 2 1 0 +mbedtls_ct_memcmp_partial:0:2:1:0 + +mbedtls_ct_memcmp_partial 0 16 4 4 +mbedtls_ct_memcmp_partial:0:16:4:4 + +mbedtls_ct_memcmp_partial 2 16 4 4 +mbedtls_ct_memcmp_partial:2:16:4:4 + +mbedtls_ct_memcmp_partial 3 16 4 4 +mbedtls_ct_memcmp_partial:3:16:4:4 + +mbedtls_ct_memcmp_partial 4 16 4 4 +mbedtls_ct_memcmp_partial:4:16:4:4 + +mbedtls_ct_memcmp_partial 7 16 4 4 +mbedtls_ct_memcmp_partial:7:16:4:4 + +mbedtls_ct_memcmp_partial 11 16 4 4 +mbedtls_ct_memcmp_partial:11:16:4:4 + +mbedtls_ct_memcmp_partial 12 16 4 4 +mbedtls_ct_memcmp_partial:12:16:4:4 + +mbedtls_ct_memcmp_partial 15 16 4 4 +mbedtls_ct_memcmp_partial:15:16:4:4 + +mbedtls_ct_memcmp_partial 15 16 4 0 +mbedtls_ct_memcmp_partial:15:16:4:0 + +mbedtls_ct_memcmp_partial 15 16 0 4 +mbedtls_ct_memcmp_partial:15:16:0:4 + +mbedtls_ct_memcmp_partial 0 16 0 0 +mbedtls_ct_memcmp_partial:0:16:0:0 + +mbedtls_ct_memcmp_partial 15 16 0 0 +mbedtls_ct_memcmp_partial:15:16:0:0 + +mbedtls_ct_memcmp_partial -1 16 0 0 +mbedtls_ct_memcmp_partial:-1:16:0:0 + +mbedtls_ct_memcmp_partial -1 16 12 4 +mbedtls_ct_memcmp_partial:-1:16:12:4 + +mbedtls_ct_memcmp_partial -1 16 8 8 +mbedtls_ct_memcmp_partial:-1:16:8:8 diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 0e2cfdc0c..31273652d 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -77,8 +77,8 @@ void mbedtls_ct_bool_xxx(char *x_str, char *y_str) expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_uint_le(x, y), expected); - expected = (!!x1) ^ (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); + expected = (!!x1) != (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_ne(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); expected = (!!x1) && (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_and(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); @@ -114,6 +114,27 @@ void mbedtls_ct_uchar_in_range_if(int li, int hi, int ti) } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_ct_error_if(int cond, int t, int f) +{ + mbedtls_ct_condition_t c = mbedtls_ct_bool(cond); + + int expected = c ? t : f; + int expected0 = c ? t : 0; + + TEST_CF_SECRET(&c, sizeof(c)); + TEST_CF_SECRET(&t, sizeof(t)); + TEST_CF_SECRET(&f, sizeof(f)); + + TEST_EQUAL(mbedtls_ct_error_if(c, t, f), expected); + TEST_EQUAL(mbedtls_ct_error_if_else_0(c, t), expected0); + + TEST_CF_PUBLIC(&c, sizeof(c)); + TEST_CF_PUBLIC(&t, sizeof(t)); + TEST_CF_PUBLIC(&f, sizeof(f)); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) { @@ -131,12 +152,15 @@ void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) TEST_EQUAL(mbedtls_ct_if(c, t, f), expected); TEST_EQUAL(mbedtls_ct_size_if(c, t, f), (size_t) expected); TEST_EQUAL(mbedtls_ct_uint_if(c, t, f), (unsigned) expected); + TEST_EQUAL(mbedtls_ct_bool_if(c, mbedtls_ct_bool(t), mbedtls_ct_bool(f)), + mbedtls_ct_bool(expected)); #if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_ct_mpi_uint_if(c, t, f), (mbedtls_mpi_uint) expected); #endif TEST_EQUAL(mbedtls_ct_uint_if_else_0(c, t), (unsigned) expected0); TEST_EQUAL(mbedtls_ct_size_if_else_0(c, (size_t) t), (size_t) expected0); + TEST_EQUAL(mbedtls_ct_bool_if_else_0(c, mbedtls_ct_bool(t)), mbedtls_ct_bool(expected0)); #if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_ct_mpi_uint_if_else_0(c, t), (mbedtls_mpi_uint) expected0); #endif @@ -172,6 +196,49 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_ct_memcmp_single_bit_diff() +{ + uint8_t *a = NULL, *b = NULL; + size_t size = 32; + TEST_CALLOC(a, size); + TEST_CALLOC(b, size); + + TEST_CF_SECRET(a, size); + TEST_CF_SECRET(b, size); + int result = mbedtls_ct_memcmp(a, b, size); + TEST_CF_PUBLIC(a, size); + TEST_CF_PUBLIC(b, size); + TEST_CF_PUBLIC(&result, sizeof(result)); + + TEST_EQUAL(result, 0); + + for (size_t offset = 0; offset < size; offset++) { + for (size_t bit_offset = 0; bit_offset < 8; bit_offset++) { + /* Set a single bit to be different at given offset, to test that we + detect single-bit differences */ + a[offset] = 1 << bit_offset; + + TEST_CF_SECRET(a, size); + TEST_CF_SECRET(b, size); + result = mbedtls_ct_memcmp(a, b, size); + TEST_CF_PUBLIC(a, size); + TEST_CF_PUBLIC(b, size); + TEST_CF_PUBLIC(&result, sizeof(result)); + + TEST_ASSERT(result != 0); + + a[offset] = 0; + } + } + + +exit: + mbedtls_free(a); + mbedtls_free(b); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ct_memcmp(int same, int size, int offset) { @@ -216,6 +283,55 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_NIST_KW_C */ + +/** + * Generate two arrays of the given size, and test mbedtls_ct_memcmp_partial + * over them. The arrays will be identical, except that one byte may be specified + * to be different. + * + * \p diff Index of byte that differs (if out of range, the arrays will match). + * \p size Size of arrays to compare + * \p skip_head Leading bytes to skip, as per mbedtls_ct_memcmp_partial + * \p skip_tail Trailing bytes to skip, as per mbedtls_ct_memcmp_partial + */ +void mbedtls_ct_memcmp_partial(int diff, int size, int skip_head, int skip_tail) +{ + uint8_t *a = NULL, *b = NULL; + + TEST_CALLOC_NONNULL(a, size); + TEST_CALLOC_NONNULL(b, size); + + TEST_ASSERT((skip_head + skip_tail) <= size); + + /* Construct data that matches, except for specified byte (if in range). */ + for (int i = 0; i < size; i++) { + a[i] = i & 0xff; + b[i] = a[i]; + if (i == diff) { + // modify the specified byte + b[i] ^= 1; + } + } + + int reference = memcmp(a + skip_head, b + skip_head, size - skip_head - skip_tail); + + TEST_CF_SECRET(a, size); + TEST_CF_SECRET(b, size); + + int actual = mbedtls_ct_memcmp_partial(a, b, size, skip_head, skip_tail); + + TEST_CF_PUBLIC(a, size); + TEST_CF_PUBLIC(b, size); + TEST_CF_PUBLIC(&actual, sizeof(actual)); + + TEST_EQUAL(!!reference, !!actual); +exit: + mbedtls_free(a); + mbedtls_free(b); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ct_memcpy_if(int eq, int size, int offset) { diff --git a/tests/suites/test_suite_pkcs12.data b/tests/suites/test_suite_pkcs12.data index d8e41fe4f..64c999187 100644 --- a/tests/suites/test_suite_pkcs12.data +++ b/tests/suites/test_suite_pkcs12.data @@ -1,4 +1,4 @@ -PKCS#12 derive key : MD5: Zero length password and hash +PKCS#12 derive key: MD5: Zero length password and hash depends_on:MBEDTLS_MD_CAN_MD5 pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0 @@ -33,3 +33,39 @@ pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"01234567 PKCS#12 derive key: MD5: Valid password and salt depends_on:MBEDTLS_MD_CAN_MD5 pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0 + +PBE Encrypt, pad = 7 (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAAAA":16:0:"5F2C15056A36F3A78856E9E662DD27CB" + +PBE Encrypt, pad = 8 (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":16:0:"5F2C15056A36F3A70F70A3D4EC4004A8" + +PBE Encrypt, pad = 8 (Invalid output size) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":15:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"5F2C15056A36F3A70F70A3D4EC4004A8" + +PBE Encrypt, pad = 8 (PKCS7 padding disabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":0:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:"" + +PBE Decrypt, pad = 7 (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A78856E9E662DD27CB":16:0:"AAAAAAAAAAAAAAAAAA" + +PBE Decrypt, pad = 8 (Invalid output size) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":15:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"AAAAAAAAAAAAAAAA" + +PBE Decrypt, pad = 8 (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":16:0:"AAAAAAAAAAAAAAAA" + +PBE Decrypt, (Invalid padding & PKCS7 padding disabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":16:0:"AAAAAAAAAAAAAAAAAA07070707070708" + +PBE Decrypt, (Invalid padding & PKCS7 padding enabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":16:MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH:"AAAAAAAAAAAAAAAAAA07070707070708" diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 2c93c1380..1d0c287fd 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -68,3 +68,114 @@ exit: MD_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw, + data_t *data, int outsize, int ref_ret, data_t *ref_out) +{ + int my_ret; + mbedtls_asn1_buf pbe_params; + unsigned char *my_out = NULL; + mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher; + mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md; +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + size_t my_out_len = 0; +#endif + + MD_PSA_INIT(); + + TEST_CALLOC(my_out, outsize); + + pbe_params.tag = params_tag; + pbe_params.len = params_hex->len; + pbe_params.p = params_hex->x; + +#if defined(MBEDTLS_TEST_DEPRECATED) + if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { + my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg, + md_alg, pw->x, pw->len, data->x, data->len, my_out); + TEST_EQUAL(my_ret, ref_ret); + } + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, ref_out->len, + ref_out->x, ref_out->len); + } +#endif + +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + + pbe_params.tag = params_tag; + pbe_params.len = params_hex->len; + pbe_params.p = params_hex->x; + + my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg, + md_alg, pw->x, pw->len, data->x, data->len, my_out, + outsize, &my_out_len); + TEST_EQUAL(my_ret, ref_ret); + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, my_out_len, + ref_out->x, ref_out->len); + } +#endif + +exit: + mbedtls_free(my_out); + MD_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw, + data_t *data, int outsize, int ref_ret, data_t *ref_out) +{ + int my_ret; + mbedtls_asn1_buf pbe_params; + unsigned char *my_out = NULL; + mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher; + mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md; +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + size_t my_out_len = 0; +#endif + + MD_PSA_INIT(); + + TEST_CALLOC(my_out, outsize); + + pbe_params.tag = params_tag; + pbe_params.len = params_hex->len; + pbe_params.p = params_hex->x; + +#if defined(MBEDTLS_TEST_DEPRECATED) + if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { + my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg, + md_alg, pw->x, pw->len, data->x, data->len, my_out); + TEST_EQUAL(my_ret, ref_ret); + } + + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, ref_out->len, + ref_out->x, ref_out->len); + } +#endif + +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + + pbe_params.tag = params_tag; + pbe_params.len = params_hex->len; + pbe_params.p = params_hex->x; + + my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg, + md_alg, pw->x, pw->len, data->x, data->len, my_out, + outsize, &my_out_len); + TEST_EQUAL(my_ret, ref_ret); + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, my_out_len, + ref_out->x, ref_out->len); + } +#endif + +exit: + mbedtls_free(my_out); + MD_PSA_DONE(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 06d620a12..f3ea5536f 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -106,109 +106,141 @@ PBKDF2 Python hashlib Test Vector #6 (SHA512) depends_on:MBEDTLS_MD_CAN_SHA512 pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665" +PBES2 Encrypt, pad=6 (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":144:0:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7" + +PBES2 Encrypt, pad=8 (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55":136:0:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC2262AD99FBD6C3B0AB" + +PBES2 Encrypt, pad=8 (Invalid output size) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":151:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22D8D337E00CB5D1B5B76BE4AE393414050646A102DEF61A9F" + +PBES2 Encrypt, pad=6 (PKCS7 padding disabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:"" + +PBES2 Encrypt, pad=8 (PKCS7 padding disabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:"" + PBES2 Decrypt (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF" + +PBES2 Decrypt (Invalid output size) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":143:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" + +PBES2 Decrypt (Invalid padding & PKCS7 padding disabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" + +PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_SEQUENCE:"":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad KDF AlgId: not a sequence) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad KDF AlgId: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (KDF != PBKDF2) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" PBES2 Decrypt (bad PBKDF2 params: not a sequence) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad PBKDF2 params: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad PBKDF2 params salt: not an octet string) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad PBKDF2 params salt: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad PBKDF2 params iter: not an int) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad PBKDF2 params iter: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (OK, PBKDF2 params explicit keylen) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF" PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF" PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" PBES2 Decrypt (bad, PBKDF2 params extra data) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:"" PBES2 Decrypt (bad enc_scheme_alg: not a sequence) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad enc_scheme_alg: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad enc_scheme_alg: unknown oid) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" PBES2 Decrypt (bad enc_scheme_alg params: not an octet string) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" PBES2 Decrypt (bad enc_scheme_alg params: overlong) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" PBES2 Decrypt (bad password) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PBES2 Decrypt (bad iter value) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PKCS#5 Selftest pkcs5_selftest: diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 9f9958697..2b0b0c1e0 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/pkcs5.h" +#include "mbedtls/cipher.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -27,12 +28,64 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ -void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw, - data_t *data, int ref_ret, data_t *ref_out) +void pbes2_encrypt(int params_tag, data_t *params_hex, data_t *pw, + data_t *data, int outsize, int ref_ret, + data_t *ref_out) { int my_ret; mbedtls_asn1_buf params; unsigned char *my_out = NULL; +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + size_t my_out_len = 0; +#endif + MD_PSA_INIT(); + + params.tag = params_tag; + params.p = params_hex->x; + params.len = params_hex->len; + + ASSERT_ALLOC(my_out, outsize); + +#if defined(MBEDTLS_TEST_DEPRECATED) + if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { + my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_ENCRYPT, + pw->x, pw->len, data->x, data->len, my_out); + TEST_EQUAL(my_ret, ref_ret); + } + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, ref_out->len, + ref_out->x, ref_out->len); + } +#endif + +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_ENCRYPT, + pw->x, pw->len, data->x, data->len, my_out, + outsize, &my_out_len); + TEST_EQUAL(my_ret, ref_ret); + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, my_out_len, + ref_out->x, ref_out->len); + } +#endif + +exit: + mbedtls_free(my_out); + MD_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +void pbes2_decrypt(int params_tag, data_t *params_hex, data_t *pw, + data_t *data, int outsize, int ref_ret, + data_t *ref_out) +{ + int my_ret; + mbedtls_asn1_buf params; + unsigned char *my_out = NULL; +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + size_t my_out_len = 0; +#endif MD_PSA_INIT(); @@ -40,15 +93,30 @@ void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw, params.p = params_hex->x; params.len = params_hex->len; - my_out = mbedtls_test_zero_alloc(ref_out->len); + ASSERT_ALLOC(my_out, outsize); - my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT, - pw->x, pw->len, data->x, data->len, my_out); - TEST_ASSERT(my_ret == ref_ret); - - if (ref_ret == 0) { - TEST_ASSERT(memcmp(my_out, ref_out->x, ref_out->len) == 0); +#if defined(MBEDTLS_TEST_DEPRECATED) + if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { + my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT, + pw->x, pw->len, data->x, data->len, my_out); + TEST_EQUAL(my_ret, ref_ret); } + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, ref_out->len, + ref_out->x, ref_out->len); + } +#endif + +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) + my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_DECRYPT, + pw->x, pw->len, data->x, data->len, my_out, + outsize, &my_out_len); + TEST_EQUAL(my_ret, ref_ret); + if (ref_ret == 0) { + ASSERT_COMPARE(my_out, my_out_len, + ref_out->x, ref_out->len); + } +#endif exit: mbedtls_free(my_out); diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 88b2fc97c..f82dcb5e2 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1219,6 +1219,14 @@ Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and uns depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519 pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Key ASN1 (Encrypted key PKCS5, trailing garbage data) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C +pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +Key ASN1 (Encrypted key PKCS12, trailing garbage data) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C +pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + # From RFC8410 Appendix A but made into version 0 OneAsymmetricKey X25519, doesn't match masking requirements #1 depends_on:MBEDTLS_ECP_HAVE_CURVE25519 diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 0d9a0c8fc..64a3175bc 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -5,6 +5,11 @@ #include "mbedtls/ecp.h" #include "mbedtls/psa_util.h" #include "pk_internal.h" + +#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) +#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der +#endif + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -150,6 +155,24 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */ +void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result) +{ + mbedtls_pk_context pk; + + mbedtls_pk_init(&pk); + USE_PSA_INIT(); + + TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len, + pass->x, pass->len, + mbedtls_test_rnd_std_rand, + NULL), result); +exit: + mbedtls_pk_free(&pk); + USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) { diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index cf679832d..faf44e4be 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2681,390 +2681,6 @@ Record crypt, little space, NULL cipher, 1.2, MD5, EtM depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 - SSL TLS 1.3 Key schedule: Secret evolution #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Initial secret to Early Secret diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3ad1e19ac..eb2407d2e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1461,235 +1461,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ -void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, - int length_selector) -{ - /* - * Test record decryption for CBC without EtM, focused on the verification - * of padding and MAC. - * - * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since - * the test framework doesn't support alternation in dependency statements, - * just depend on AES. - * - * The length_selector argument is interpreted as follows: - * - if it's -1, the plaintext length is 0 and minimal padding is applied - * - if it's -2, the plaintext length is 0 and maximal padding is applied - * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: - * it's the length of the rest of the padding, that is, excluding the - * byte that encodes the length. The minimal non-zero plaintext length - * that gives this padding_length is automatically selected. - */ - mbedtls_ssl_context ssl; /* ONLY for debugging */ - mbedtls_ssl_transform t0, t1; - mbedtls_record rec, rec_save; - unsigned char *buf = NULL, *buf_save = NULL; - size_t buflen, olen = 0; - size_t plaintext_len, block_size, i; - unsigned char padlen; /* excluding the padding_length byte */ - unsigned char add_data[13]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - size_t sign_mac_length = 0; - unsigned char mac[PSA_HASH_MAX_SIZE]; -#else - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; -#endif - int exp_ret; - int ret; - const unsigned char pad_max_len = 255; /* Per the standard */ - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - /* Set up transforms with dummy keys */ - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - 0, trunc_hmac, - MBEDTLS_SSL_VERSION_TLS1_2, - 0, 0); - - TEST_ASSERT(ret == 0); - - /* Determine padding/plaintext length */ - TEST_ASSERT(length_selector >= -2 && length_selector <= 255); - block_size = t0.ivlen; - if (length_selector < 0) { - plaintext_len = 0; - - /* Minimal padding - * The +1 is for the padding_length byte, not counted in padlen. */ - padlen = block_size - (t0.maclen + 1) % block_size; - - /* Maximal padding? */ - if (length_selector == -2) { - padlen += block_size * ((pad_max_len - padlen) / block_size); - } - } else { - padlen = length_selector; - - /* Minimal non-zero plaintext_length giving desired padding. - * The +1 is for the padding_length byte, not counted in padlen. */ - plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; - } - - /* Prepare a buffer for record data */ - buflen = block_size - + plaintext_len - + t0.maclen - + padlen + 1; - TEST_CALLOC(buf, buflen); - TEST_CALLOC(buf_save, buflen); - - /* Prepare a dummy record header */ - memset(rec.ctr, 0, sizeof(rec.ctr)); - rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* Prepare dummy record content */ - rec.buf = buf; - rec.buf_len = buflen; - rec.data_offset = block_size; - rec.data_len = plaintext_len; - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Serialized version of record header for MAC purposes */ - memcpy(add_data, rec.ctr, 8); - add_data[8] = rec.type; - add_data[9] = rec.ver[0]; - add_data[10] = rec.ver[1]; - add_data[11] = (rec.data_len >> 8) & 0xff; - add_data[12] = (rec.data_len >> 0) & 0xff; - - /* Set dummy IV */ - memset(t0.iv_enc, 0x55, t0.ivlen); - memcpy(rec.buf, t0.iv_enc, t0.ivlen); - - /* - * Prepare a pre-encryption record (with MAC and padding), and save it. - */ - - /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, - t0.psa_mac_enc, - t0.psa_mac_alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - rec.buf + rec.data_offset, - rec.data_len)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, - rec.buf + rec.data_offset, - rec.data_len)); - TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac)); -#endif - - memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen); - rec.data_len += t0.maclen; - - /* Pad */ - memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); - rec.data_len += padlen + 1; - - /* Save correct pre-encryption record */ - rec_save = rec; - rec_save.buf = buf_save; - memcpy(buf_save, buf, buflen); - - /* - * Encrypt and decrypt the correct record, expecting success - */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - - /* - * Modify each byte of the pre-encryption record before encrypting and - * decrypting it, expecting failure every time. - */ - for (i = block_size; i < buflen; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ - rec.buf[i] ^= 0x01; - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure */ - TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, - mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - - /* - * Use larger values of the padding bytes - with small buffers, this tests - * the case where the announced padlen would be larger than the buffer - * (and before that, than the buffer minus the size of the MAC), to make - * sure our padding checking code does not perform any out-of-bounds reads - * in this case. (With larger buffers, ie when the plaintext is long or - * maximal length padding is used, this is less relevant but still doesn't - * hurt to test.) - * - * (Start the loop with correct padding, just to double-check that record - * saving did work, and that we're overwriting the correct bytes.) - */ - for (i = padlen; i <= pad_max_len; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Set padding bytes to new value */ - memset(buf + buflen - padlen - 1, i, padlen + 1); - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure except the first time */ - exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; - TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - mbedtls_free(buf); - mbedtls_free(buf_save); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ void ssl_tls13_hkdf_expand_label(int hash_alg, data_t *secret, diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function new file mode 100644 index 000000000..ad94a5839 --- /dev/null +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -0,0 +1,312 @@ +/* BEGIN_HEADER */ +/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative + * testing (using malformed inputs). */ + +#include +#include +#include + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_SSL_TLS_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */ +void ssl_decrypt_null(int hash_id) +{ + mbedtls_ssl_transform transform_in, transform_out; + mbedtls_ssl_transform_init(&transform_in); + mbedtls_ssl_transform_init(&transform_out); + const mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2; + const mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NULL; + mbedtls_record rec_good = { + .ctr = { 0 }, + .type = MBEDTLS_SSL_MSG_APPLICATION_DATA, + .ver = { 0, 0 }, /* Will be set by a function call below */ + .buf = NULL, + .buf_len = 0, + .data_offset = 0, + .data_len = 0, +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + .cid_len = 0, + .cid = { 0 }, +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + }; + mbedtls_ssl_write_version(rec_good.ver, + MBEDTLS_SSL_TRANSPORT_STREAM, + version); + const char sample_plaintext[3] = "ABC"; + mbedtls_ssl_context ssl; + mbedtls_ssl_init(&ssl); + uint8_t *buf = NULL; + + MD_OR_USE_PSA_INIT(); + + TEST_EQUAL(mbedtls_test_ssl_build_transforms(&transform_in, &transform_out, + cipher_type, hash_id, 0, 0, + version, + 0, 0), 0); + + const size_t plaintext_length = sizeof(sample_plaintext); + rec_good.buf_len = plaintext_length + transform_in.maclen; + rec_good.data_len = plaintext_length; + TEST_CALLOC(rec_good.buf, rec_good.buf_len); + memcpy(rec_good.buf, sample_plaintext, plaintext_length); + TEST_EQUAL(mbedtls_test_ssl_prepare_record_mac(&rec_good, + &transform_out), 0); + + /* Good case */ + mbedtls_record rec = rec_good; + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), 0); + + /* Change any one byte of the plaintext or MAC. The MAC will be wrong. */ + TEST_CALLOC(buf, rec.buf_len); + for (size_t i = 0; i < rec.buf_len; i++) { + mbedtls_test_set_step(i); + rec = rec_good; + rec.buf = buf; + memcpy(buf, rec_good.buf, rec.buf_len); + buf[i] ^= 1; + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), + MBEDTLS_ERR_SSL_INVALID_MAC); + } + mbedtls_free(buf); + buf = NULL; + + /* Shorter input buffer. Either the MAC will be wrong, or there isn't + * enough room for a MAC. */ + for (size_t n = 1; n < rec.buf_len; n++) { + mbedtls_test_set_step(n); + rec = rec_good; + TEST_CALLOC(buf, n); + rec.buf = buf; + rec.buf_len = n; + rec.data_len = n; + memcpy(buf, rec_good.buf, n); + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), + MBEDTLS_ERR_SSL_INVALID_MAC); + mbedtls_free(buf); + buf = NULL; + } + + /* For robustness, check a 0-length buffer (non-null, then null). + * This should not reach mbedtls_ssl_decrypt_buf() as used in the library, + * so the exact error doesn't matter, but we don't want a crash. */ + { + const uint8_t buf1[1] = { 'a' }; + rec = rec_good; + /* We won't write to buf1[0] since it's out of range, so we can cast + * the const away. */ + rec.buf = (uint8_t *) buf1; + rec.buf_len = 0; + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), + MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } + rec = rec_good; + rec.buf = NULL; + rec.buf_len = 0; + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), + MBEDTLS_ERR_SSL_INTERNAL_ERROR); + +exit: + mbedtls_ssl_transform_free(&transform_in); + mbedtls_ssl_transform_free(&transform_out); + mbedtls_free(rec_good.buf); + mbedtls_ssl_free(&ssl); + mbedtls_free(buf); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ +void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, + int length_selector) +{ + /* + * Test record decryption for CBC without EtM, focused on the verification + * of padding and MAC. + * + * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since + * the test framework doesn't support alternation in dependency statements, + * just depend on AES. + * + * The length_selector argument is interpreted as follows: + * - if it's -1, the plaintext length is 0 and minimal padding is applied + * - if it's -2, the plaintext length is 0 and maximal padding is applied + * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: + * it's the length of the rest of the padding, that is, excluding the + * byte that encodes the length. The minimal non-zero plaintext length + * that gives this padding_length is automatically selected. + */ + mbedtls_ssl_context ssl; /* ONLY for debugging */ + mbedtls_ssl_transform t0, t1; + mbedtls_record rec, rec_save; + unsigned char *buf = NULL, *buf_save = NULL; + size_t buflen, olen = 0; + size_t plaintext_len, block_size, i; + unsigned char padlen; /* excluding the padding_length byte */ + int exp_ret; + int ret; + const unsigned char pad_max_len = 255; /* Per the standard */ + + mbedtls_ssl_init(&ssl); + mbedtls_ssl_transform_init(&t0); + mbedtls_ssl_transform_init(&t1); + MD_OR_USE_PSA_INIT(); + + /* Set up transforms with dummy keys */ + ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + 0, trunc_hmac, + MBEDTLS_SSL_VERSION_TLS1_2, + 0, 0); + + TEST_ASSERT(ret == 0); + + /* Determine padding/plaintext length */ + TEST_ASSERT(length_selector >= -2 && length_selector <= 255); + block_size = t0.ivlen; + if (length_selector < 0) { + plaintext_len = 0; + + /* Minimal padding + * The +1 is for the padding_length byte, not counted in padlen. */ + padlen = block_size - (t0.maclen + 1) % block_size; + + /* Maximal padding? */ + if (length_selector == -2) { + padlen += block_size * ((pad_max_len - padlen) / block_size); + } + } else { + padlen = length_selector; + + /* Minimal non-zero plaintext_length giving desired padding. + * The +1 is for the padding_length byte, not counted in padlen. */ + plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; + } + + /* Prepare a buffer for record data */ + buflen = block_size + + plaintext_len + + t0.maclen + + padlen + 1; + TEST_CALLOC(buf, buflen); + TEST_CALLOC(buf_save, buflen); + + /* Prepare a dummy record header */ + memset(rec.ctr, 0, sizeof(rec.ctr)); + rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; + mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_VERSION_TLS1_2); +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + rec.cid_len = 0; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + /* Prepare dummy record content */ + rec.buf = buf; + rec.buf_len = buflen; + rec.data_offset = block_size; + rec.data_len = plaintext_len; + memset(rec.buf + rec.data_offset, 42, rec.data_len); + + /* Set dummy IV */ + memset(t0.iv_enc, 0x55, t0.ivlen); + memcpy(rec.buf, t0.iv_enc, t0.ivlen); + + /* + * Prepare a pre-encryption record (with MAC and padding), and save it. + */ + TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0)); + + /* Pad */ + memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); + rec.data_len += padlen + 1; + + /* Save correct pre-encryption record */ + rec_save = rec; + rec_save.buf = buf_save; + memcpy(buf_save, buf, buflen); + + /* + * Encrypt and decrypt the correct record, expecting success + */ + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); + rec.data_offset -= t0.ivlen; + rec.data_len += t0.ivlen; + + TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); + + /* + * Modify each byte of the pre-encryption record before encrypting and + * decrypting it, expecting failure every time. + */ + for (i = block_size; i < buflen; i++) { + mbedtls_test_set_step(i); + + /* Restore correct pre-encryption record */ + rec = rec_save; + rec.buf = buf; + memcpy(buf, buf_save, buflen); + + /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ + rec.buf[i] ^= 0x01; + + /* Encrypt */ + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); + rec.data_offset -= t0.ivlen; + rec.data_len += t0.ivlen; + + /* Decrypt and expect failure */ + TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, + mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); + } + + /* + * Use larger values of the padding bytes - with small buffers, this tests + * the case where the announced padlen would be larger than the buffer + * (and before that, than the buffer minus the size of the MAC), to make + * sure our padding checking code does not perform any out-of-bounds reads + * in this case. (With larger buffers, ie when the plaintext is long or + * maximal length padding is used, this is less relevant but still doesn't + * hurt to test.) + * + * (Start the loop with correct padding, just to double-check that record + * saving did work, and that we're overwriting the correct bytes.) + */ + for (i = padlen; i <= pad_max_len; i++) { + mbedtls_test_set_step(i); + + /* Restore correct pre-encryption record */ + rec = rec_save; + rec.buf = buf; + memcpy(buf, buf_save, buflen); + + /* Set padding bytes to new value */ + memset(buf + buflen - padlen - 1, i, padlen + 1); + + /* Encrypt */ + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); + rec.data_offset -= t0.ivlen; + rec.data_len += t0.ivlen; + + /* Decrypt and expect failure except the first time */ + exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; + TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); + } + +exit: + mbedtls_ssl_free(&ssl); + mbedtls_ssl_transform_free(&t0); + mbedtls_ssl_transform_free(&t1); + mbedtls_free(buf); + mbedtls_free(buf_save); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data new file mode 100644 index 000000000..f663b262d --- /dev/null +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -0,0 +1,399 @@ +Decrypt null cipher, MD5 +depends_on:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_null:MBEDTLS_MD_MD5 + +Decrypt null cipher, SHA-1 +depends_on:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_null:MBEDTLS_MD_SHA1 + +Decrypt null cipher, SHA-256 +depends_on:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_null:MBEDTLS_MD_SHA256 + +Decrypt null cipher, SHA-384 +depends_on:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_null:MBEDTLS_MD_SHA384 + +Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 + +Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 + +Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 + +Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 + +Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 + +Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 + +Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 + +Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 + +Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 + +Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index dac3f7095..11c41b0d0 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"3.4.1" +check_compiletime_version:"3.5.0" Check runtime library version -check_runtime_version:"3.4.1" +check_runtime_version:"3.5.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index b278a2050..0f190286b 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -167,73 +167,101 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 -mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0:0 X509 String to Names #2 -mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #3 (Name precisely 255 bytes) -mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0:0 X509 String to Names #4 (Name larger than 255 bytes) -mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #5 (Escape non-allowed characters) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #6 (Escape at end) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #7 (Invalid, no '=' or ',') -mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #8 (Escaped valid characters) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0:0 X509 String to Names #9 (Escaped ascii hexpairs uppercase encoded) -mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 X509 String to Names #10 (Escaped ascii hexpairs lowercase encoded) -mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 X509 String to Names #11 (Invalid hexpair escape at end of string) -mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #12 (Reject escaped null hexpair) -mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #13 (Invalid hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #14 (Accept numercoid/hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 + +# TODO: Should the trailing garbage be ignored? +X509 String to Names (hexstring: trailing garbage after DER is ignored) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726Baa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 + +X509 String to Names: long hexstring (payload=256 bytes) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C82010041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141, OU=PolarSSL":"C=NL, O=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, OU=PolarSSL":0:MAY_FAIL_DN_GETS + +X509 String to Names: long hexstring (payload=257 bytes) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C820101aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #15 (Odd length DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 -X509 String to Names #16 (Length mismatch DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +X509 String to Names (empty DER hexstring) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 -X509 String to Names #17 (Invalid OID) -mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +X509 String to Names (empty DER hexstring at end) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#":"":MBEDTLS_ERR_X509_INVALID_NAME:0 + +X509 String to Names (1-byte DER hexstring) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 + +X509 String to Names (1-byte DER hexstring at end) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C":"":MBEDTLS_ERR_X509_INVALID_NAME:0 + +X509 String to Names #16 (hexstring: DER length exceeds available data) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 + +X509 String to Names #17 (hexstring: Invalid OID) +mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 String to Names #18 (short name and hexstring) -mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 + +X509 String to Names (null byte in hexstring with string type) +mbedtls_x509_string_to_names:"C=NL, O=#0C0100, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0 + +X509 String to Names (null byte in hexstring with non-string type) +mbedtls_x509_string_to_names:"C=NL, O=#040100, OU=PolarSSL":"C=NL, O=\\x00, OU=PolarSSL":0:MAY_FAIL_GET_NAME X509 String to Names #19 (Accept non-ascii hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0:0 X509 String to Names #20 (Reject empty AttributeValue) -mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 X509 Round trip test (Escaped characters) -mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 X509 Round trip test (hexstring output for non string input) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0:0 X509 Round trip test (numercoid hexstring output for unknown OID) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0 +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0:0 Check max serial length x509_set_serial_check: diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 26988ce69..a7ed26295 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -125,6 +125,12 @@ static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx, return ret; } #endif /* MBEDTLS_X509_CSR_WRITE_C */ + +/* Due to inconsistencies in the input size limits applied by different + * library functions, some write-parse tests may fail. */ +#define MAY_FAIL_GET_NAME 0x0001 +#define MAY_FAIL_DN_GETS 0x0002 + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -687,8 +693,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */ -void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result - ) +void mbedtls_x509_string_to_names(char *name, char *parsed_name, + int result, int may_fail) { int ret; size_t len = 0; @@ -704,22 +710,32 @@ void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result c = buf + sizeof(buf); ret = mbedtls_x509_string_to_names(&names, name); - TEST_ASSERT(ret == result); + TEST_EQUAL(ret, result); if (ret != 0) { goto exit; } ret = mbedtls_x509_write_names(&c, buf, names); - TEST_ASSERT(ret > 0); + TEST_LE_S(1, ret); - TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) == 0); - TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0); + TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0); + ret = mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed); + if ((may_fail & MAY_FAIL_GET_NAME) && ret < 0) { + /* Validation inconsistency between mbedtls_x509_string_to_names() and + * mbedtls_x509_get_name(). Accept it for now. */ + goto exit; + } + TEST_EQUAL(ret, 0); ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed); - TEST_ASSERT(ret > 0); - + if ((may_fail & MAY_FAIL_DN_GETS) && ret < 0) { + /* Validation inconsistency between mbedtls_x509_string_to_names() and + * mbedtls_x509_dn_gets(). Accept it for now. */ + goto exit; + } + TEST_LE_S(1, ret); TEST_ASSERT(strcmp((char *) out, parsed_name) == 0); exit: