Add tests for pkcs5_pbes2

2024-10-18 14:21:06 +00:00 · 2014-06-12 13:14:55 +02:00 · 2014-06-12 13:14:55 +02:00 · 66aca931bc
parent 2a8afa98e2
commit 66aca931bc
3 changed files with 142 additions and 0 deletions
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@ -175,6 +175,10 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
    if( cipher_info == NULL )
        return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );

+    /*
+     * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
+     * since it is optional and we don't know if it was set or not
+     */
    keylen = cipher_info->key_length / 8;

    if( enc_scheme_params.tag != ASN1_OCTET_STRING ||
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@ -17,3 +17,107 @@ pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f726450415353574f524470617373776f7264":
 PBKDF2 RFC 6070 Test Vector #6 (SHA1)
 depends_on:POLARSSL_SHA1_C
 pbkdf2_hmac:POLARSSL_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
+
+PBES2 Decrypt (OK)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+
+PBES2 Decrypt (bad params tag)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_SEQUENCE:"":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad KDF AlgId: not a sequence)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"31":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad KDF AlgId: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"3001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (KDF != PBKDF2)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+
+PBES2 Decrypt (bad PBKDF2 params: not a sequence)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad PBKDF2 params: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad PBKDF2 params salt: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (bad PBKDF2 params iter: not an int)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad PBKDF2 params iter: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+
+PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+
+PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA1)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0208":"":"":POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+
+PBES2 Decrypt (bad, PBKDF2 params extra data)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH:""
+
+PBES2 Decrypt (bad enc_scheme_alg: not a sequence)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:""
+
+PBES2 Decrypt (bad enc_scheme_alg: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (bad enc_scheme_alg: unkown oid)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+
+PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT:""
+
+PBES2 Decrypt (bad enc_scheme_alg params: overlong)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:""
+
+PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT:""
+
+PBES2 Decrypt (bad password)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+
+PBES2 Decrypt (bad iter value)
+depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C
+pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@ -43,3 +43,37 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
    TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex,
+                  char *data_hex, int ref_ret, char *ref_out_hex )
+{
+    int my_ret;
+    asn1_buf params;
+    unsigned char *my_out, *ref_out, *data, *pw;
+    size_t ref_out_len, data_len, pw_len;
+
+    params.tag = params_tag;
+    params.p = unhexify_alloc( params_hex, &params.len );
+
+    data = unhexify_alloc( data_hex, &data_len );
+    pw = unhexify_alloc( pw_hex, &pw_len );
+    ref_out = unhexify_alloc( ref_out_hex, &ref_out_len );
+    my_out = polarssl_malloc( ref_out_len != 0 ? ref_out_len : 1 );
+    TEST_ASSERT( my_out != NULL );
+    memset( my_out, 0, ref_out_len );
+
+    my_ret = pkcs5_pbes2( &params, PKCS5_DECRYPT,
+                          pw, pw_len, data, data_len, my_out );
+    TEST_ASSERT( my_ret == ref_ret );
+
+    if( ref_ret == 0 )
+        TEST_ASSERT( memcmp( my_out, ref_out, ref_out_len ) == 0 );
+
+    polarssl_free( params.p );
+    polarssl_free( data );
+    polarssl_free( pw );
+    polarssl_free( ref_out );
+    polarssl_free( my_out );
+}
+/* END_CASE */