Add PK tests to avoid hashlen overflow for RSA
This commit is contained in:
parent
72849877d0
commit
5c79d25d94
2 changed files with 39 additions and 0 deletions
|
@ -150,3 +150,6 @@ Check pair #5 (RSA vs EC)
|
||||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
|
||||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
|
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||||
|
|
||||||
|
RSA hash_len overflow (size_t vs unsigned int)
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64
|
||||||
|
pk_rsa_overflow:
|
||||||
|
|
|
@ -5,6 +5,9 @@
|
||||||
#include "mbedtls/ecp.h"
|
#include "mbedtls/ecp.h"
|
||||||
#include "mbedtls/rsa.h"
|
#include "mbedtls/rsa.h"
|
||||||
|
|
||||||
|
/* For detecting 64-bit compilation */
|
||||||
|
#include "mbedtls/bignum.h"
|
||||||
|
|
||||||
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
|
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
|
||||||
|
|
||||||
#define RSA_KEY_SIZE 512
|
#define RSA_KEY_SIZE 512
|
||||||
|
@ -414,6 +417,34 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 */
|
||||||
|
void pk_rsa_overflow( )
|
||||||
|
{
|
||||||
|
mbedtls_pk_context pk;
|
||||||
|
size_t hash_len = (size_t)-1;
|
||||||
|
|
||||||
|
mbedtls_pk_init( &pk );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_pk_setup( &pk,
|
||||||
|
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PKCS1_V21)
|
||||||
|
TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
|
||||||
|
MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) ==
|
||||||
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
#endif /* MBEDTLS_PKCS1_V21 */
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len,
|
||||||
|
NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0,
|
||||||
|
rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_pk_free( &pk );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
|
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
|
||||||
void pk_rsa_alt( )
|
void pk_rsa_alt( )
|
||||||
{
|
{
|
||||||
|
@ -461,6 +492,11 @@ void pk_rsa_alt( )
|
||||||
/* Test signature */
|
/* Test signature */
|
||||||
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
|
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
|
||||||
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
|
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
|
||||||
|
#if defined(MBEDTLS_HAVE_INT64)
|
||||||
|
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, (size_t)-1,
|
||||||
|
NULL, NULL, rnd_std_rand, NULL ) ==
|
||||||
|
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
#endif /* MBEDTLS_HAVE_INT64 */
|
||||||
TEST_ASSERT( sig_len == RSA_KEY_LEN );
|
TEST_ASSERT( sig_len == RSA_KEY_LEN );
|
||||||
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
|
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
|
||||||
hash, sizeof hash, sig, sig_len ) == 0 );
|
hash, sizeof hash, sig, sig_len ) == 0 );
|
||||||
|
|
Loading…
Reference in a new issue