mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 23:15:43 +01:00
Initial prototype and demonstrator for parameter validation
Adds a new configurable option for the parameter validation level.
This commit is contained in:
parent
cdd97fd632
commit
1a925bc0aa
@ -56,6 +56,17 @@
|
|||||||
/* Error codes in range 0x0023-0x0025 */
|
/* Error codes in range 0x0023-0x0025 */
|
||||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||||
|
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0027 /**< Invalid
|
||||||
|
input data. */
|
||||||
|
|
||||||
|
#if defined( MBEDTLS_CHECK_PARAMS )
|
||||||
|
#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) \
|
||||||
|
return MBEDTLS_ERR_AES_BAD_INPUT_DATA; \
|
||||||
|
} while(0);
|
||||||
|
#else
|
||||||
|
/* No validation of parameters will be performed */
|
||||||
|
#define MBEDTLS_AES_VALIDATE( cond)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||||
!defined(inline) && !defined(__cplusplus)
|
!defined(inline) && !defined(__cplusplus)
|
||||||
|
@ -221,6 +221,25 @@
|
|||||||
*/
|
*/
|
||||||
//#define MBEDTLS_DEPRECATED_REMOVED
|
//#define MBEDTLS_DEPRECATED_REMOVED
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PARAM_VALIDATION_LEVEL
|
||||||
|
*
|
||||||
|
* The defined parameter validation level for the library. This configuration
|
||||||
|
* controls whether the library validates parameters passed to it.
|
||||||
|
*
|
||||||
|
* Application code that deals with 3rd party input may wish to enable such
|
||||||
|
* validation, whilst code on closed systems, such as embedded systems, where
|
||||||
|
* the input is controlled and predictable, may wish to disable it entirely to
|
||||||
|
* reduce the code size of the library.
|
||||||
|
*
|
||||||
|
* When the symbol is not defined, no parameter validation except that required
|
||||||
|
* to ensure the integrity or security of the library are performed.
|
||||||
|
*
|
||||||
|
* When the symbol is defined, all parameters will be validated, and an error
|
||||||
|
* code returned where appropriate.
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_CHECK_PARAMS
|
||||||
|
|
||||||
/* \} name SECTION: System support */
|
/* \} name SECTION: System support */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -531,14 +531,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||||||
unsigned int i;
|
unsigned int i;
|
||||||
uint32_t *RK;
|
uint32_t *RK;
|
||||||
|
|
||||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
MBEDTLS_AES_VALIDATE( ctx != NULL && key != NULL );
|
||||||
if( aes_init_done == 0 )
|
|
||||||
{
|
|
||||||
aes_gen_tables();
|
|
||||||
aes_init_done = 1;
|
|
||||||
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
switch( keybits )
|
switch( keybits )
|
||||||
{
|
{
|
||||||
@ -548,6 +541,15 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||||
|
if( aes_init_done == 0 )
|
||||||
|
{
|
||||||
|
aes_gen_tables();
|
||||||
|
aes_init_done = 1;
|
||||||
|
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||||
if( aes_padlock_ace == -1 )
|
if( aes_padlock_ace == -1 )
|
||||||
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
||||||
|
@ -289,6 +289,23 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void aes_invalid_param( )
|
||||||
|
{
|
||||||
|
mbedtls_aes_context dummy_ctx;
|
||||||
|
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
|
||||||
|
|
||||||
|
/* mbedtls_aes_setkey_enc() */
|
||||||
|
TEST_ASSERT( mbedtls_aes_setkey_enc( NULL, key, 128 )
|
||||||
|
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||||
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 )
|
||||||
|
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
||||||
void aes_selftest()
|
void aes_selftest()
|
||||||
{
|
{
|
||||||
|
@ -10,6 +10,10 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000
|
|||||||
AES-256-CBC Decrypt (Invalid input length)
|
AES-256-CBC Decrypt (Invalid input length)
|
||||||
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||||
|
|
||||||
|
AES - Invalid parameters
|
||||||
|
depends_on:MBEDTLS_CHECK_PARAMS
|
||||||
|
aes_invalid_param:
|
||||||
|
|
||||||
AES Selftest
|
AES Selftest
|
||||||
depends_on:MBEDTLS_SELF_TEST
|
depends_on:MBEDTLS_SELF_TEST
|
||||||
aes_selftest:
|
aes_selftest:
|
||||||
|
Loading…
Reference in New Issue
Block a user