mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 01:05:35 +00:00
fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters
This commit is contained in:
parent
2a47be5012
commit
5a21fd62bf
|
@ -1,6 +1,10 @@
|
|||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 2.x.x released xxxx-xx-xx
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Bugfix
|
||||
* Add a check if iv_len is zero, and return an error if it is zero. reported
|
||||
by roberto. #716
|
||||
|
||||
Security
|
||||
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
||||
|
|
|
@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
size_t use_len, olen = 0;
|
||||
|
||||
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
||||
if( ( (uint64_t) iv_len ) >> 61 != 0 ||
|
||||
( (uint64_t) add_len ) >> 61 != 0 )
|
||||
/* IV is not allowed to be zero length */
|
||||
if( iv_len == 0 ||
|
||||
( (uint64_t) iv_len ) >> 61 != 0 ||
|
||||
( (uint64_t) add_len ) >> 61 != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
}
|
||||
|
|
|
@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
|
|||
depends_on:MBEDTLS_AES_C
|
||||
gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0
|
||||
|
||||
AES-GCM Bad IV (AES-128,128,0,0,32) #0
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
|
||||
AES-GCM Selftest
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_selftest:
|
||||
|
|
|
@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
|
|||
depends_on:MBEDTLS_AES_C
|
||||
gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0
|
||||
|
||||
AES-GCM Bad IV (AES-128,128,0,0,32) #0
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
|
||||
AES-GCM Selftest
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_selftest:
|
||||
|
|
|
@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
|
|||
depends_on:MBEDTLS_AES_C
|
||||
gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0
|
||||
|
||||
AES-GCM Bad IV (AES-192,128,0,0,32) #0
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
|
||||
AES-GCM Selftest
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_selftest:
|
||||
|
|
|
@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
|
|||
depends_on:MBEDTLS_AES_C
|
||||
gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0
|
||||
|
||||
AES-GCM Bad IV (AES-192,128,0,0,32) #0
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
|
||||
AES-GCM Selftest
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_selftest:
|
||||
|
|
|
@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
|
|||
depends_on:MBEDTLS_AES_C
|
||||
gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0
|
||||
|
||||
AES-GCM Bad IV (AES-256,128,0,0,32) #0
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
|
||||
AES-GCM Selftest
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_selftest:
|
||||
|
|
|
@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
|
|||
depends_on:MBEDTLS_AES_C
|
||||
gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0
|
||||
|
||||
AES-GCM Bad IV (AES-256,128,0,0,32) #0
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
|
||||
AES-GCM Selftest
|
||||
depends_on:MBEDTLS_AES_C
|
||||
gcm_selftest:
|
||||
|
|
|
@ -7,6 +7,49 @@
|
|||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void gcm_bad_parameters( int cipher_id, int direction,
|
||||
char *hex_key_string, char *hex_src_string,
|
||||
char *hex_iv_string, char *hex_add_string,
|
||||
int tag_len_bits, int gcm_result )
|
||||
{
|
||||
unsigned char key_str[128];
|
||||
unsigned char src_str[128];
|
||||
unsigned char dst_str[257];
|
||||
unsigned char iv_str[128];
|
||||
unsigned char add_str[128];
|
||||
unsigned char tag_str[128];
|
||||
unsigned char output[128];
|
||||
unsigned char tag_output[16];
|
||||
mbedtls_gcm_context ctx;
|
||||
unsigned int key_len;
|
||||
size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
|
||||
|
||||
mbedtls_gcm_init( &ctx );
|
||||
|
||||
memset( key_str, 0x00, sizeof( key_str ) );
|
||||
memset( src_str, 0x00, sizeof( src_str ) );
|
||||
memset( dst_str, 0x00, sizeof( dst_str ) );
|
||||
memset( iv_str, 0x00, sizeof( iv_str ) );
|
||||
memset( add_str, 0x00, sizeof( add_str ) );
|
||||
memset( tag_str, 0x00, sizeof( tag_str ) );
|
||||
memset( output, 0x00, sizeof( output ) );
|
||||
memset( tag_output, 0x00, sizeof( tag_output ) );
|
||||
|
||||
key_len = unhexify( key_str, hex_key_string );
|
||||
pt_len = unhexify( src_str, hex_src_string );
|
||||
iv_len = unhexify( iv_str, hex_iv_string );
|
||||
add_len = unhexify( add_str, hex_add_string );
|
||||
|
||||
TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 );
|
||||
TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len,
|
||||
add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result );
|
||||
|
||||
exit:
|
||||
mbedtls_gcm_free( &ctx );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void gcm_encrypt_and_tag( int cipher_id,
|
||||
char *hex_key_string, char *hex_src_string,
|
||||
|
|
Loading…
Reference in a new issue