Initial prototype and demonstrator for parameter validation

Adds a new configurable option for the parameter validation level.

include/mbedtls/aes.h

@@ -56,6 +56,17 @@
 /* Error codes in range 0x0023-0x0025 */
 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023  /**< Feature not available. For example, an unsupported AES key size. */
 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED                   -0x0025  /**< AES hardware accelerator failed. */
+#define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0027  /**< Invalid
+input data. */
+
+#if defined( MBEDTLS_CHECK_PARAMS )
+#define MBEDTLS_AES_VALIDATE( cond )  do{ if( !(cond)  ) \
+                                        return MBEDTLS_ERR_AES_BAD_INPUT_DATA; \
+                                      } while(0);
+#else
+/* No validation of parameters will be performed */
+#define MBEDTLS_AES_VALIDATE( cond)
+#endif
 
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
     !defined(inline) && !defined(__cplusplus)

include/mbedtls/config.h

@@ -221,6 +221,25 @@
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
+/**
+ * \def MBEDTLS_PARAM_VALIDATION_LEVEL
+ *
+ * The defined parameter validation level for the library. This configuration
+ * controls whether the library validates parameters passed to it.
+ *
+ * Application code that deals with 3rd party input may wish to enable such
+ * validation, whilst code on closed systems, such as embedded systems, where
+ * the input is controlled and predictable, may wish to disable it entirely to
+ * reduce the code size of the library.
+ *
+ * When the symbol is not defined, no parameter validation except that required
+ * to ensure the integrity or security of the library are performed.
+ *
+ * When the symbol is defined, all parameters will be validated, and an error
+ * code returned where appropriate.
+ */
+#define MBEDTLS_CHECK_PARAMS
+
 /* \} name SECTION: System support */
 
 /**

library/aes.c

@@ -531,14 +531,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
     unsigned int i;
     uint32_t *RK;
 
-#if !defined(MBEDTLS_AES_ROM_TABLES)
-    if( aes_init_done == 0 )
-    {
-        aes_gen_tables();
-        aes_init_done = 1;
-
-    }
-#endif
+    MBEDTLS_AES_VALIDATE( ctx != NULL && key != NULL );
 
     switch( keybits )
     {
@@ -548,6 +541,15 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
         default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
 
+#if !defined(MBEDTLS_AES_ROM_TABLES)
+    if( aes_init_done == 0 )
+    {
+        aes_gen_tables();
+        aes_init_done = 1;
+
+    }
+#endif
+
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
     if( aes_padlock_ace == -1 )
         aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );

tests/suites/test_suite_aes.function

@@ -289,6 +289,23 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aes_invalid_param( )
+{
+    mbedtls_aes_context dummy_ctx;
+    const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+
+    /* mbedtls_aes_setkey_enc() */
+    TEST_ASSERT( mbedtls_aes_setkey_enc( NULL, key, 128  )
+                                            == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128  )
+                                            == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+
+exit:
+    return;
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void aes_selftest()
 {

tests/suites/test_suite_aes.rest.data

@@ -10,6 +10,10 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000
 AES-256-CBC Decrypt (Invalid input length)
 aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
 
+AES - Invalid parameters
+depends_on:MBEDTLS_CHECK_PARAMS
+aes_invalid_param:
+
 AES Selftest
 depends_on:MBEDTLS_SELF_TEST
 aes_selftest: