diff --git a/library/pkcs5.c b/library/pkcs5.c index 424952ab9..061f4738e 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -175,6 +175,10 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, if( cipher_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); + /* + * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored + * since it is optional and we don't know if it was set or not + */ keylen = cipher_info->key_length / 8; if( enc_scheme_params.tag != ASN1_OCTET_STRING || diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 7ee036006..c22ad0b6f 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -17,3 +17,107 @@ pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f726450415353574f524470617373776f7264": PBKDF2 RFC 6070 Test Vector #6 (SHA1) depends_on:POLARSSL_SHA1_C pbkdf2_hmac:POLARSSL_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" + +PBES2 Decrypt (OK) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" + +PBES2 Decrypt (bad params tag) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_SEQUENCE:"":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad KDF AlgId: not a sequence) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"31":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad KDF AlgId: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"3001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (KDF != PBKDF2) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE:"" + +PBES2 Decrypt (bad PBKDF2 params: not a sequence) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad PBKDF2 params: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (bad PBKDF2 params salt: not an octet string) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad PBKDF2 params salt: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (bad PBKDF2 params iter: not an int) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad PBKDF2 params iter: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (OK, PBKDF2 params explicit keylen) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" + +PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" + +PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA1) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0208":"":"":POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE:"" + +PBES2 Decrypt (bad, PBKDF2 params extra data) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH:"" + +PBES2 Decrypt (bad enc_scheme_alg: not a sequence) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG:"" + +PBES2 Decrypt (bad enc_scheme_alg: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (bad enc_scheme_alg: unkown oid) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE:"" + +PBES2 Decrypt (bad enc_scheme_alg params: not an octet string) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT:"" + +PBES2 Decrypt (bad enc_scheme_alg params: overlong) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA:"" + +PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":POLARSSL_ERR_PKCS5_INVALID_FORMAT:"" + +PBES2 Decrypt (bad password) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" + +PBES2 Decrypt (bad iter value) +depends_on:POLARSSL_SHA1_C:POLARSSL_DES_C +pkcs5_pbes2:ASN1_CONSTRUCTED | ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index adf7ffc70..5408e67e8 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -43,3 +43,37 @@ void pbkdf2_hmac( int hash, char *hex_password_string, TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 ); } /* END_CASE */ + +/* BEGIN_CASE */ +void pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex, + char *data_hex, int ref_ret, char *ref_out_hex ) +{ + int my_ret; + asn1_buf params; + unsigned char *my_out, *ref_out, *data, *pw; + size_t ref_out_len, data_len, pw_len; + + params.tag = params_tag; + params.p = unhexify_alloc( params_hex, ¶ms.len ); + + data = unhexify_alloc( data_hex, &data_len ); + pw = unhexify_alloc( pw_hex, &pw_len ); + ref_out = unhexify_alloc( ref_out_hex, &ref_out_len ); + my_out = polarssl_malloc( ref_out_len != 0 ? ref_out_len : 1 ); + TEST_ASSERT( my_out != NULL ); + memset( my_out, 0, ref_out_len ); + + my_ret = pkcs5_pbes2( ¶ms, PKCS5_DECRYPT, + pw, pw_len, data, data_len, my_out ); + TEST_ASSERT( my_ret == ref_ret ); + + if( ref_ret == 0 ) + TEST_ASSERT( memcmp( my_out, ref_out, ref_out_len ) == 0 ); + + polarssl_free( params.p ); + polarssl_free( data ); + polarssl_free( pw ); + polarssl_free( ref_out ); + polarssl_free( my_out ); +} +/* END_CASE */