From 79e593f617e8862b0d5991ef048f3c57313d3c8c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 20:41:20 +0000 Subject: [PATCH 01/12] Add parameter validation to SHA-256 module --- ChangeLog | 2 ++ include/mbedtls/error.h | 2 +- include/mbedtls/sha256.h | 1 + library/sha256.c | 23 +++++++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 66a8ce92f..5d6e40831 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Add validation checks for input parameters to functions in the SHA-256 + module. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..5f6e8efb9 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -75,7 +75,7 @@ * MD5 1 0x002F-0x002F * RIPEMD160 1 0x0031-0x0031 * SHA1 1 0x0035-0x0035 - * SHA256 1 0x0037-0x0037 + * SHA256 1 0x0037-0x0037 0x0074-0x0074 * SHA512 1 0x0039-0x0039 * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 47a31e83a..bd323dd5b 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -38,6 +38,7 @@ /* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ +#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< Invalid input data. */ #ifdef __cplusplus extern "C" { diff --git a/library/sha256.c b/library/sha256.c index dbb4a8986..2f1968530 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -74,8 +74,14 @@ do { \ } while( 0 ) #endif +#define MBEDTLS_SHA256_VALIDATE_RET(cond) \ + MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, cond ) +#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { + MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); } @@ -90,6 +96,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ) { + MBEDTLS_SHA256_VALIDATE( dst != NULL ); + MBEDTLS_SHA256_VALIDATE( src != NULL ); + *dst = *src; } @@ -98,6 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { + MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + ctx->total[0] = 0; ctx->total[1] = 0; @@ -192,6 +203,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, uint32_t A[8]; unsigned int i; + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); + for( i = 0; i < 8; i++ ) A[i] = ctx->state[i]; @@ -266,6 +280,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, if( ilen == 0 ) return( 0 ); + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( input != NULL ); + left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -321,6 +338,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, uint32_t used; uint32_t high, low; + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length */ @@ -395,6 +415,9 @@ int mbedtls_sha256_ret( const unsigned char *input, int ret; mbedtls_sha256_context ctx; + MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + mbedtls_sha256_init( &ctx ); if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) From 9e76c0e77f696f7bb9d0220c002e82080f502b03 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 9 Dec 2018 20:42:05 +0000 Subject: [PATCH 02/12] Add MBEDTLS_ERR_SHA256_BAD_INPUT_DATA to error.{h,c} --- library/error.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/error.c b/library/error.c index eabee9e21..701c7920f 100644 --- a/library/error.c +++ b/library/error.c @@ -860,6 +860,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_SHA256_C) if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); + if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "SHA256 - Invalid input data" ); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) From 0152f1e948a9d81c22a7a1524efb5d973b1beed6 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 10 Dec 2018 10:22:27 +0000 Subject: [PATCH 03/12] Document valid function params for SHA-256 functions --- include/mbedtls/sha256.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index bd323dd5b..8d90ca01c 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -38,7 +38,7 @@ /* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< Invalid input data. */ +#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */ #ifdef __cplusplus extern "C" { @@ -73,6 +73,7 @@ mbedtls_sha256_context; * \brief This function initializes a SHA-256 context. * * \param ctx The SHA-256 context to initialize. + * Must not be \c NULL. */ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); @@ -87,7 +88,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); * \brief This function clones the state of a SHA-256 context. * * \param dst The destination context. + * Must not be \c NULL. * \param src The context to clone. + * Must not be \c NULL. */ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ); @@ -97,6 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * calculation. * * \param ctx The context to initialize. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. * @@ -109,7 +113,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * SHA-256 checksum calculation. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * * \return \c 0 on success. @@ -123,7 +129,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * the result to the output buffer. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -136,7 +144,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * internal use only. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param data The buffer holding one block of data. + * Must not be \c NULL. * * \return \c 0 on success. */ @@ -157,6 +167,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * * \param ctx The context to initialize. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */ @@ -170,7 +181,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0. * * \param ctx The SHA-256 context to initialize. + * Must not be \c NULL. * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. */ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, @@ -184,7 +197,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. */ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -197,7 +212,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * * \param ctx The SHA-256 context. + * Must not be \c NULL. * \param data The buffer holding one block of data. + * Must not be \c NULL. */ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -216,8 +233,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * output = SHA-256(input buffer). * * \param input The buffer holding the input data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */ @@ -246,8 +265,10 @@ int mbedtls_sha256_ret( const unsigned char *input, * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0. * * \param input The buffer holding the data. + * Must not be \c NULL if \p ilen is greater than 0. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. + * Must not be \c NULL. * \param is224 Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */ From 77886af63e6a8db9c64d0fad40a6a6a4213ac013 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:54:04 +0000 Subject: [PATCH 04/12] Improve SHA-256 documentation on parameter preconditions --- include/mbedtls/sha256.h | 110 +++++++++++++++++++-------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 8d90ca01c..aac48b212 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -72,25 +72,24 @@ mbedtls_sha256_context; /** * \brief This function initializes a SHA-256 context. * - * \param ctx The SHA-256 context to initialize. - * Must not be \c NULL. + * \param ctx The SHA-256 context to initialize. This must not be \c NULL. */ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); /** * \brief This function clears a SHA-256 context. * - * \param ctx The SHA-256 context to clear. + * \param ctx The SHA-256 context to clear. This may be \c NULL, in which + * case this function returns immediately. If it is not \c NULL, + * it must point to an initialized SHA-256 context. */ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); /** * \brief This function clones the state of a SHA-256 context. * - * \param dst The destination context. - * Must not be \c NULL. - * \param src The context to clone. - * Must not be \c NULL. + * \param dst The destination context. This must be initialized. + * \param src The context to clone. This must be initialized. */ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ); @@ -99,12 +98,12 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \brief This function starts a SHA-224 or SHA-256 checksum * calculation. * - * \param ctx The context to initialize. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param ctx The context to use. This must be initialized. + * \param is224 This determines which function to use. This must be + * either \c 0 for SHA-256, or \c 1 for SHA-224. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); @@ -112,13 +111,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \brief This function feeds an input buffer into an ongoing * SHA-256 checksum calculation. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param ctx The SHA-256 context. This must be initialized + * and have a hash operation started. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, @@ -128,12 +128,13 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \brief This function finishes the SHA-256 operation, and writes * the result to the output buffer. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized + * and have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. + * This must be a writable buffer of length \c 32 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -143,12 +144,13 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * the ongoing SHA-256 computation. This function is for * internal use only. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param data The buffer holding one block of data. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized + * and have a hash operation started. + * \param data The buffer holding one block of data. This must + * be a readable buffer of length \c 64 Bytes. * * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -163,13 +165,11 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \brief This function starts a SHA-224 or SHA-256 checksum * calculation. * - * * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * - * \param ctx The context to initialize. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param ctx The context to use. This must be initialized. + * \param is224 Determines which function to use. This must be + * either \c 0 for SHA-256, or \c 1 for SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); @@ -180,11 +180,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0. * - * \param ctx The SHA-256 context to initialize. - * Must not be \c NULL. - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. + * \param ctx The SHA-256 context to use. This must be + * initialized and have a hash operation started. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, @@ -196,10 +196,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized and + * have a has hoperation started. + * \param output The SHA-224 or SHA-256 checksum result. This must be + * a writable buffer of length \c 32 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -211,10 +211,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * - * \param ctx The SHA-256 context. - * Must not be \c NULL. - * \param data The buffer holding one block of data. - * Must not be \c NULL. + * \param ctx The SHA-256 context. This must be initialized and + * have a hash operation started. + * \param data The buffer holding one block of data. This must be + * a readable buffer of size \c 64 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -232,13 +232,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * The SHA-256 result is calculated as * output = SHA-256(input buffer). * - * \param input The buffer holding the input data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. - * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. + * \param output The SHA-224 or SHA-256 checksum result. This must + * be a writable buffer of length \c 32 Bytes. + * \param is224 Determines which function to use. This must be + * either \c 0 for SHA-256, or \c 1 for SHA-224. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -264,13 +264,13 @@ int mbedtls_sha256_ret( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0. * - * \param input The buffer holding the data. - * Must not be \c NULL if \p ilen is greater than 0. - * \param ilen The length of the input data. - * \param output The SHA-224 or SHA-256 checksum result. - * Must not be \c NULL. - * \param is224 Determines which function to use: - * 0: Use SHA-256, or 1: Use SHA-224. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data \p input in Bytes. + * \param output The SHA-224 or SHA-256 checksum result. This must be + * a writable buffer of length \c 32 Bytes. + * \param is224 Determines which function to use. This must be eithern + * \c 0 for SHA-256, or \c 1 for SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, size_t ilen, From 36beb04fd5a44e7ed39bc644c0e1bd2d5609eb95 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:58:02 +0000 Subject: [PATCH 05/12] Add tests or SHA-256 parameter validation --- tests/suites/test_suite_shax.data | 6 +++ tests/suites/test_suite_shax.function | 56 +++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ee8074dc0..a4c75e5be 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -39,6 +39,12 @@ SHA-1 Test Vector NIST CAVS #10 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" +SHA-256 Valid parameters +sha256_valid_param: + +SHA-256 Invalid parameters +sha256_invalid_param: + SHA-224 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA256_C sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 147ae0e1f..1d646d124 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,6 +18,62 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +void sha256_valid_param( ) +{ + TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +void sha256_invalid_param( ) +{ + mbedtls_sha256_context ctx; + unsigned char buf[64] = { 0 }; + size_t const buflen = sizeof( buf ); + int valid_type = 0; + int invalid_type = 42; + + TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) ); + + TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) ); + TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_starts_ret( NULL, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_starts_ret( &ctx, invalid_type ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_update_ret( NULL, buf, buflen ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_update_ret( &ctx, NULL, buflen ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_finish_ret( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_finish_ret( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_internal_sha256_process( NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_internal_sha256_process( &ctx, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_ret( NULL, buflen, + buf, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_ret( buf, buflen, + NULL, valid_type ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + mbedtls_sha256_ret( buf, buflen, + buf, invalid_type ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ void sha224( data_t * src_str, data_t * hex_hash_string ) { From 230b4f415926c608e898b4b5879e278b8ecb90a1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:58:32 +0000 Subject: [PATCH 06/12] Fix definition of MBEDTLS_SHA256_VALIDATE[_RET] in sha256.c --- library/sha256.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 2f1968530..5092091e6 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -75,8 +75,8 @@ do { \ #endif #define MBEDTLS_SHA256_VALIDATE_RET(cond) \ - MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, cond ) -#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) +#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { From 596e014a06d9b3c9e3ad86231e1eb8c713b73bb3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 15:00:38 +0000 Subject: [PATCH 07/12] Add validation is `is224` argument in mbedtls_sha256_starts_ret() --- library/sha256.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 5092091e6..8df4fb1e7 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -107,7 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { - MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -277,12 +278,12 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, size_t fill; uint32_t left; + MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); + MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + if( ilen == 0 ) return( 0 ); - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( input != NULL ); - left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -415,6 +416,7 @@ int mbedtls_sha256_ret( const unsigned char *input, int ret; mbedtls_sha256_context ctx; + MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); From fc2a0b2e6721f8d6eedf6c6a9bbc7a31a1179ea6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 16:31:48 +0000 Subject: [PATCH 08/12] Minor SHA-256 documentation improvement --- include/mbedtls/sha256.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index aac48b212..ce14d85ee 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -115,7 +115,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * and have a hash operation started. * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * * \return \c 0 on success. * \return A negative error code on failure. @@ -184,7 +184,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * initialized and have a hash operation started. * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, @@ -197,7 +197,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * * \param ctx The SHA-256 context. This must be initialized and - * have a has hoperation started. + * have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. This must be * a writable buffer of length \c 32 Bytes. */ @@ -234,7 +234,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * \param output The SHA-224 or SHA-256 checksum result. This must * be a writable buffer of length \c 32 Bytes. * \param is224 Determines which function to use. This must be @@ -266,10 +266,10 @@ int mbedtls_sha256_ret( const unsigned char *input, * * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. + * \param ilen The length of the input data in Bytes. * \param output The SHA-224 or SHA-256 checksum result. This must be * a writable buffer of length \c 32 Bytes. - * \param is224 Determines which function to use. This must be eithern + * \param is224 Determines which function to use. This must be either * \c 0 for SHA-256, or \c 1 for SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, From 8d215e713012b2c0ffb2dfa0f93f9974ac223280 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 17:53:21 +0000 Subject: [PATCH 09/12] Don't define MBEDTLS-namespace macros in sha256.c --- library/sha256.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 8df4fb1e7..9967d52f6 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -74,13 +74,13 @@ do { \ } while( 0 ) #endif -#define MBEDTLS_SHA256_VALIDATE_RET(cond) \ +#define SHA256_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) -#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) +#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { - MBEDTLS_SHA256_VALIDATE( ctx != NULL ); + SHA256_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); } @@ -96,8 +96,8 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ) { - MBEDTLS_SHA256_VALIDATE( dst != NULL ); - MBEDTLS_SHA256_VALIDATE( src != NULL ); + SHA256_VALIDATE( dst != NULL ); + SHA256_VALIDATE( src != NULL ); *dst = *src; } @@ -107,8 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); ctx->total[0] = 0; ctx->total[1] = 0; @@ -204,8 +204,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, uint32_t A[8]; unsigned int i; - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); for( i = 0; i < 8; i++ ) A[i] = ctx->state[i]; @@ -278,8 +278,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, size_t fill; uint32_t left; - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); if( ilen == 0 ) return( 0 ); @@ -339,8 +339,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, uint32_t used; uint32_t high, low; - MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -416,9 +416,9 @@ int mbedtls_sha256_ret( const unsigned char *input, int ret; mbedtls_sha256_context ctx; - MBEDTLS_SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); - MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); - MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); mbedtls_sha256_init( &ctx ); From 3f1f4ad9bd3393dd641d85e198279db9d6288e39 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 23:19:37 +0000 Subject: [PATCH 10/12] Weaken preconditions on mbedtls_[internal_]sha256_process() --- include/mbedtls/sha256.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ce14d85ee..0e42f0abb 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -144,8 +144,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * the ongoing SHA-256 computation. This function is for * internal use only. * - * \param ctx The SHA-256 context. This must be initialized - * and have a hash operation started. + * \param ctx The SHA-256 context. This must be initialized. * \param data The buffer holding one block of data. This must * be a readable buffer of length \c 64 Bytes. * @@ -211,8 +210,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * - * \param ctx The SHA-256 context. This must be initialized and - * have a hash operation started. + * \param ctx The SHA-256 context. This must be initialized. * \param data The buffer holding one block of data. This must be * a readable buffer of size \c 64 Bytes. */ From d8e4f4a76425d46c5855dfc6b57f3c81f85ab3bd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 09:54:55 +0000 Subject: [PATCH 11/12] Regenerate errors.c --- library/error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/error.c b/library/error.c index 701c7920f..d7e85a551 100644 --- a/library/error.c +++ b/library/error.c @@ -861,7 +861,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA256 - Invalid input data" ); + mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" ); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) From 2f6de42622988d80335c8c014a2d54a935e79e7d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Dec 2018 10:22:32 +0000 Subject: [PATCH 12/12] Move SHA256_VALIDATE[_RET] outside of MBEDTLS_SHA256_ALT guard Somehow, mbedtls_sha256_ret() is defined even if MBEDTLS_SHA256_ALT is set, and it is using SHA256_VALIDATE_RET. The documentation should be enhanced to indicate that MBEDTLS_SHA256_ALT does _not_ replace the entire module, but only the core SHA-256 functions. --- library/sha256.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 9967d52f6..8a540adfb 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -49,6 +49,10 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ +#define SHA256_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) +#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + #if !defined(MBEDTLS_SHA256_ALT) /* @@ -74,10 +78,6 @@ do { \ } while( 0 ) #endif -#define SHA256_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) -#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { SHA256_VALIDATE( ctx != NULL );