Commit graph

27 commits

Author SHA1 Message Date
Waleed Elmelegy
d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Waleed Elmelegy
57d09b72ef Return back to modifying input parameters in pkcs12_parse_pbe_params
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 14:05:10 +01:00
Waleed Elmelegy
e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-08 16:51:26 +01:00
Waleed Elmelegy
1f59ee078f Add correct dependencies to pkcs12 tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:59:35 +01:00
Waleed Elmelegy
096017023d Fix identation error in pkcs12 tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:48:40 +01:00
Waleed Elmelegy
75b9eb36b4 Change pkcs12 test comparison macro to the new macro
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:02:37 +01:00
Waleed Elmelegy
8317e91b1e Change pkcs12 test allocation macros to the new macros
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 15:46:58 +01:00
Waleed Elmelegy
15de809e1a Improve pkcs12 pbe tests
* Simplify pkcs12 tests to use algo parameters instead of asn1 buffers.
* Fix output buffers allocation size.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-05 16:34:55 +01:00
Waleed Elmelegy
255db80910 Improve & test legacy mbedtls_pkcs12_pbe
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
2023-09-05 15:45:55 +01:00
Tom Cosgrove
0540fe74e3 Fix code style
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-27 14:17:27 +01:00
Tom Cosgrove
e4e9e7da58 For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:45:25 +01:00
Tom Cosgrove
05b2a87ea0 For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:32:25 +01:00
Tom Cosgrove
f9ffd11e7a For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:51:21 +01:00
Tom Cosgrove
65cd8519f7 For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:51:15 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Gilles Peskine
a844b4b370 No need to use MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED in tests
Initializing return status variables to CORRUPTION_DETECTED is a second line
of defense in library code in case there's a code path where we forget to
assign to the variable. This isn't useful in test code. In any case, here,
we might as well define the variable at the point of use.

This fixes a build error in configurations with MBEDTLS_ERROR_C and
MBEDTLS_PSA_CRYPTO_C both disabled, because then mbedtls/error.h isn't
included so MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED isn't defined.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 21:05:04 +02:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
Paul Elliott
6e7deb1d55 Add expected output for tests
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 20:53:59 +00:00
Paul Elliott
4768a30d9b Simplify Input usage macros
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:39:51 +00:00
Paul Elliott
df00695bfc Rename (and relabel) pkcs12 test case
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:31:10 +00:00
Paul Elliott
3584ae4d5f Remove incorrect test dependency
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:21:27 +00:00
Paul Elliott
bfa273e507 Fix missing test dependancies
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-22 17:50:26 +00:00
Paul Elliott
d663543004 Add PKCS12 tests
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-22 10:10:24 +00:00