mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 06:45:30 +00:00
Add param validation for mbedtls_aes_crypt_cbc()
This commit is contained in:
parent
1aca260571
commit
3178d1a997
|
@ -275,7 +275,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||||
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
|
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
|
||||||
* before the first call to this API with the same context.
|
* before the first call to this API with the same context.
|
||||||
*
|
*
|
||||||
* \note This function operates on aligned blocks, that is, the input size
|
* \note This function operates on full blocks, that is, the input size
|
||||||
* must be a multiple of the AES block size of 16 Bytes.
|
* must be a multiple of the AES block size of 16 Bytes.
|
||||||
*
|
*
|
||||||
* \note Upon exit, the content of the IV is updated so that you can
|
* \note Upon exit, the content of the IV is updated so that you can
|
||||||
|
@ -287,13 +287,17 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* \param ctx The AES context to use for encryption or decryption.
|
* \param ctx The AES context to use for encryption or decryption.
|
||||||
|
* It must be initialized and bound to a key.
|
||||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||||
* #MBEDTLS_AES_DECRYPT.
|
* #MBEDTLS_AES_DECRYPT.
|
||||||
* \param length The length of the input data in Bytes. This must be a
|
* \param length The length of the input data in Bytes. This must be a
|
||||||
* multiple of the block size (16 Bytes).
|
* multiple of the block size (16 Bytes).
|
||||||
* \param iv Initialization vector (updated after use).
|
* \param iv Initialization vector (updated after use).
|
||||||
|
* It must be a readable and writeable buffer of 16 Bytes.
|
||||||
* \param input The buffer holding the input data.
|
* \param input The buffer holding the input data.
|
||||||
|
* It must be readable and of size \p length.
|
||||||
* \param output The buffer holding the output data.
|
* \param output The buffer holding the output data.
|
||||||
|
* It must be writeable and of size \p length.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||||
|
|
|
@ -1049,6 +1049,14 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||||
int i;
|
int i;
|
||||||
unsigned char temp[16];
|
unsigned char temp[16];
|
||||||
|
|
||||||
|
AES_VALIDATE_RET( ctx != NULL );
|
||||||
|
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||||
|
mode == MBEDTLS_AES_DECRYPT );
|
||||||
|
AES_VALIDATE_RET( iv != NULL );
|
||||||
|
AES_VALIDATE_RET( input != NULL );
|
||||||
|
AES_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
|
|
||||||
if( length % 16 )
|
if( length % 16 )
|
||||||
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
||||||
|
|
||||||
|
|
|
@ -372,7 +372,7 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||||
void aes_invalid_param( )
|
void aes_check_params( )
|
||||||
{
|
{
|
||||||
mbedtls_aes_context aes_ctx;
|
mbedtls_aes_context aes_ctx;
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||||
|
@ -422,17 +422,54 @@ void aes_invalid_param( )
|
||||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
||||||
mbedtls_aes_crypt_ecb( &aes_ctx,
|
mbedtls_aes_crypt_ecb( &aes_ctx,
|
||||||
MBEDTLS_AES_ENCRYPT, in, NULL ) );
|
MBEDTLS_AES_ENCRYPT, in, NULL ) );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
||||||
|
mbedtls_aes_crypt_cbc( NULL,
|
||||||
|
MBEDTLS_AES_ENCRYPT, 16,
|
||||||
|
out, in, out ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
||||||
|
mbedtls_aes_crypt_cbc( &aes_ctx,
|
||||||
|
42, 16,
|
||||||
|
out, in, out ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
||||||
|
mbedtls_aes_crypt_cbc( &aes_ctx,
|
||||||
|
MBEDTLS_AES_ENCRYPT, 16,
|
||||||
|
NULL, in, out ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
||||||
|
mbedtls_aes_crypt_cbc( &aes_ctx,
|
||||||
|
MBEDTLS_AES_ENCRYPT, 16,
|
||||||
|
out, NULL, out ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
|
||||||
|
mbedtls_aes_crypt_cbc( &aes_ctx,
|
||||||
|
MBEDTLS_AES_ENCRYPT, 16,
|
||||||
|
out, in, NULL ) );
|
||||||
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void aes_valid_param( )
|
void aes_misc_params( )
|
||||||
{
|
{
|
||||||
|
mbedtls_aes_context aes_ctx;
|
||||||
|
const unsigned char in[16] = { 0 };
|
||||||
|
unsigned char out[16];
|
||||||
|
|
||||||
/* These calls accept NULL */
|
/* These calls accept NULL */
|
||||||
TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
|
TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||||
TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
|
TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||||
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
|
||||||
|
15, out, in, out )
|
||||||
|
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
||||||
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
|
||||||
|
17, out, in, out )
|
||||||
|
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
||||||
|
#endif
|
||||||
|
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
|
|
@ -10,11 +10,11 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000
|
||||||
AES-256-CBC Decrypt (Invalid input length)
|
AES-256-CBC Decrypt (Invalid input length)
|
||||||
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||||
|
|
||||||
AES - Invalid parameters
|
AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS)
|
||||||
aes_invalid_param:
|
aes_check_params:
|
||||||
|
|
||||||
AES - Valid parameters
|
AES - Mandatory Parameter Validation and Valid Parameters
|
||||||
aes_valid_param:
|
aes_misc_params:
|
||||||
|
|
||||||
AES Selftest
|
AES Selftest
|
||||||
depends_on:MBEDTLS_SELF_TEST
|
depends_on:MBEDTLS_SELF_TEST
|
||||||
|
|
Loading…
Reference in a new issue