mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-29 08:27:02 +00:00
cmac: add parameter validation
Improve documentation o
This commit is contained in:
Unknown
parent
0026080132
commit
1ad679e6e2
|
|
@ -77,7 +77,8 @@ struct mbedtls_cmac_context_t
|
||||||
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
|
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
|
||||||
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
|
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
|
||||||
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
|
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
|
||||||
* \param key The CMAC key. This must not be \c NULL.
|
* \param key The CMAC key. This must be a readable buffer of length
|
||||||
|
* \p keybits Bits.
|
||||||
* \param keybits The length of the CMAC key in bits.
|
* \param keybits The length of the CMAC key in bits.
|
||||||
* Must be supported by the cipher.
|
* Must be supported by the cipher.
|
||||||
*
|
*
|
||||||
|
|
@ -97,7 +98,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||||
*
|
*
|
||||||
* \param ctx The cipher context used for the CMAC operation.
|
* \param ctx The cipher context used for the CMAC operation.
|
||||||
* This must be initialized.
|
* This must be initialized.
|
||||||
* \param input The buffer holding the input data. This must not be \c NULL.
|
* \param input The buffer holding the input data. This must be a
|
||||||
|
* readable buffer of length \p ilen Bytes. It may be
|
||||||
|
* \c NULL if ilen == 0.
|
||||||
* \param ilen The length of the input data.
|
* \param ilen The length of the input data.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
|
|
@ -158,9 +161,12 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
||||||
* \param cipher_info The cipher information. This must not be \c NULL.
|
* \param cipher_info The cipher information. This must not be \c NULL.
|
||||||
* \param key The CMAC key. This must not be \c NULL.
|
* \param key The CMAC key. This must not be \c NULL.
|
||||||
* \param keylen The length of the CMAC key in bits.
|
* \param keylen The length of the CMAC key in bits.
|
||||||
* \param input The buffer holding the input data. This must not be \c NULL.
|
* \param input The buffer holding the input data. This must be a
|
||||||
|
* readable buffer of length \p ilen Bytes. It may be
|
||||||
|
* \c NULL if ilen == 0.
|
||||||
* \param ilen The length of the input data.
|
* \param ilen The length of the input data.
|
||||||
* \param output The buffer for the generic CMAC result. This must not be \c NULL.
|
* \param output The buffer for the generic CMAC result.
|
||||||
|
* This must not be \c NULL.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||||
|
|
|
||||||
|
|
@ -68,6 +68,10 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
|
#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
|
||||||
|
|
||||||
|
#define MBEDTLS_CMAC_VALIDATE_RET(cond) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
|
||||||
|
#define MBEDTLS_CMAC_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Multiplication by u in the Galois field of GF(2^n)
|
* Multiplication by u in the Galois field of GF(2^n)
|
||||||
*
|
*
|
||||||
|
|
@ -206,8 +210,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||||
mbedtls_cmac_context_t *cmac_ctx;
|
mbedtls_cmac_context_t *cmac_ctx;
|
||||||
int retval;
|
int retval;
|
||||||
|
|
||||||
if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
|
MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL );
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL );
|
||||||
|
MBEDTLS_CMAC_VALIDATE_RET( key != NULL );
|
||||||
|
|
||||||
if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
|
if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
|
||||||
MBEDTLS_ENCRYPT ) ) != 0 )
|
MBEDTLS_ENCRYPT ) ) != 0 )
|
||||||
|
|
@ -247,9 +252,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
size_t n, j, olen, block_size;
|
size_t n, j, olen, block_size;
|
||||||
|
|
||||||
if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
|
MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL );
|
||||||
ctx->cmac_ctx == NULL )
|
MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL );
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
MBEDTLS_CMAC_VALIDATE_RET( input != NULL );
|
||||||
|
|
||||||
cmac_ctx = ctx->cmac_ctx;
|
cmac_ctx = ctx->cmac_ctx;
|
||||||
block_size = ctx->cipher_info->block_size;
|
block_size = ctx->cipher_info->block_size;
|
||||||
|
|
@ -318,9 +323,9 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
size_t olen, block_size;
|
size_t olen, block_size;
|
||||||
|
|
||||||
if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
|
MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL );
|
||||||
output == NULL )
|
MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL );
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
MBEDTLS_CMAC_VALIDATE_RET( ctx->cmac_ctx != NULL );
|
||||||
|
|
||||||
cmac_ctx = ctx->cmac_ctx;
|
cmac_ctx = ctx->cmac_ctx;
|
||||||
block_size = ctx->cipher_info->block_size;
|
block_size = ctx->cipher_info->block_size;
|
||||||
|
|
@ -372,8 +377,9 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
|
||||||
{
|
{
|
||||||
mbedtls_cmac_context_t* cmac_ctx;
|
mbedtls_cmac_context_t* cmac_ctx;
|
||||||
|
|
||||||
if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
|
MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL );
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL );
|
||||||
|
MBEDTLS_CMAC_VALIDATE_RET( ctx->cmac_ctx != NULL );
|
||||||
|
|
||||||
cmac_ctx = ctx->cmac_ctx;
|
cmac_ctx = ctx->cmac_ctx;
|
||||||
|
|
||||||
|
|
@ -395,8 +401,10 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||||
mbedtls_cipher_context_t ctx;
|
mbedtls_cipher_context_t ctx;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
|
MBEDTLS_CMAC_VALIDATE_RET( cipher_info != NULL );
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
MBEDTLS_CMAC_VALIDATE_RET( key != NULL );
|
||||||
|
MBEDTLS_CMAC_VALIDATE_RET( input != NULL );
|
||||||
|
MBEDTLS_CMAC_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
mbedtls_cipher_init( &ctx );
|
mbedtls_cipher_init( &ctx );
|
||||||
|
|
||||||
|
|
@ -432,8 +440,9 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
|
||||||
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
|
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
|
||||||
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
|
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
|
||||||
|
|
||||||
if( key == NULL || input == NULL || output == NULL )
|
MBEDTLS_CMAC_VALIDATE_RET( key != NULL );
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
MBEDTLS_CMAC_VALIDATE_RET( input != NULL );
|
||||||
|
MBEDTLS_CMAC_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
|
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
|
||||||
if( cipher_info == NULL )
|
if( cipher_info == NULL )
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ void mbedtls_cmac_self_test( )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||||
void mbedtls_cmac_null_args( )
|
void mbedtls_cmac_null_args( )
|
||||||
{
|
{
|
||||||
mbedtls_cipher_context_t ctx;
|
mbedtls_cipher_context_t ctx;
|
||||||
|
|
@ -27,71 +27,56 @@ void mbedtls_cmac_null_args( )
|
||||||
mbedtls_cipher_init( &ctx );
|
mbedtls_cipher_init( &ctx );
|
||||||
|
|
||||||
/* Test NULL cipher info */
|
/* Test NULL cipher info */
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
|
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
|
||||||
TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
|
TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_finish( NULL, test_output ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_finish( NULL, test_output ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, NULL ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_finish( &ctx, NULL ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac_reset( NULL ) ==
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac_reset( NULL ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac( NULL,
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac( NULL,
|
||||||
test_key, 128,
|
test_key, 128,
|
||||||
test_data, 16,
|
test_data, 16,
|
||||||
test_output ) ==
|
test_output ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac( cipher_info,
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac( cipher_info,
|
||||||
NULL, 128,
|
NULL, 128,
|
||||||
test_data, 16,
|
test_data, 16,
|
||||||
test_output ) ==
|
test_output ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac( cipher_info,
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac( cipher_info,
|
||||||
test_key, 128,
|
test_key, 128,
|
||||||
NULL, 16,
|
NULL, 16,
|
||||||
test_output ) ==
|
test_output ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_cipher_cmac( cipher_info,
|
TEST_INVALID_PARAM( mbedtls_cipher_cmac( cipher_info,
|
||||||
test_key, 128,
|
test_key, 128,
|
||||||
test_data, 16,
|
test_data, 16,
|
||||||
NULL ) ==
|
NULL ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16,
|
TEST_INVALID_PARAM( mbedtls_aes_cmac_prf_128( NULL, 16,
|
||||||
test_data, 16,
|
test_data, 16,
|
||||||
test_output ) ==
|
test_output ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16,
|
TEST_INVALID_PARAM( mbedtls_aes_cmac_prf_128( test_key, 16,
|
||||||
NULL, 16,
|
NULL, 16,
|
||||||
test_output ) ==
|
test_output ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16,
|
TEST_INVALID_PARAM( mbedtls_aes_cmac_prf_128( test_key, 16,
|
||||||
test_data, 16,
|
test_data, 16,
|
||||||
NULL ) ==
|
NULL ) );
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_cipher_free( &ctx );
|
mbedtls_cipher_free( &ctx );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue