mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 11:55:41 +01:00
Initial prototype and demonstrator for parameter validation
Adds a new configurable option for the parameter validation level.
This commit is contained in:
parent
cdd97fd632
commit
1a925bc0aa
@ -56,6 +56,17 @@
|
||||
/* Error codes in range 0x0023-0x0025 */
|
||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0027 /**< Invalid
|
||||
input data. */
|
||||
|
||||
#if defined( MBEDTLS_CHECK_PARAMS )
|
||||
#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) \
|
||||
return MBEDTLS_ERR_AES_BAD_INPUT_DATA; \
|
||||
} while(0);
|
||||
#else
|
||||
/* No validation of parameters will be performed */
|
||||
#define MBEDTLS_AES_VALIDATE( cond)
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
|
@ -221,6 +221,25 @@
|
||||
*/
|
||||
//#define MBEDTLS_DEPRECATED_REMOVED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PARAM_VALIDATION_LEVEL
|
||||
*
|
||||
* The defined parameter validation level for the library. This configuration
|
||||
* controls whether the library validates parameters passed to it.
|
||||
*
|
||||
* Application code that deals with 3rd party input may wish to enable such
|
||||
* validation, whilst code on closed systems, such as embedded systems, where
|
||||
* the input is controlled and predictable, may wish to disable it entirely to
|
||||
* reduce the code size of the library.
|
||||
*
|
||||
* When the symbol is not defined, no parameter validation except that required
|
||||
* to ensure the integrity or security of the library are performed.
|
||||
*
|
||||
* When the symbol is defined, all parameters will be validated, and an error
|
||||
* code returned where appropriate.
|
||||
*/
|
||||
#define MBEDTLS_CHECK_PARAMS
|
||||
|
||||
/* \} name SECTION: System support */
|
||||
|
||||
/**
|
||||
|
@ -531,14 +531,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int i;
|
||||
uint32_t *RK;
|
||||
|
||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||
if( aes_init_done == 0 )
|
||||
{
|
||||
aes_gen_tables();
|
||||
aes_init_done = 1;
|
||||
|
||||
}
|
||||
#endif
|
||||
MBEDTLS_AES_VALIDATE( ctx != NULL && key != NULL );
|
||||
|
||||
switch( keybits )
|
||||
{
|
||||
@ -548,6 +541,15 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||
if( aes_init_done == 0 )
|
||||
{
|
||||
aes_gen_tables();
|
||||
aes_init_done = 1;
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||
if( aes_padlock_ace == -1 )
|
||||
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
||||
|
@ -289,6 +289,23 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void aes_invalid_param( )
|
||||
{
|
||||
mbedtls_aes_context dummy_ctx;
|
||||
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
|
||||
|
||||
/* mbedtls_aes_setkey_enc() */
|
||||
TEST_ASSERT( mbedtls_aes_setkey_enc( NULL, key, 128 )
|
||||
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 )
|
||||
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
exit:
|
||||
return;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
||||
void aes_selftest()
|
||||
{
|
||||
|
@ -10,6 +10,10 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000
|
||||
AES-256-CBC Decrypt (Invalid input length)
|
||||
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
|
||||
AES - Invalid parameters
|
||||
depends_on:MBEDTLS_CHECK_PARAMS
|
||||
aes_invalid_param:
|
||||
|
||||
AES Selftest
|
||||
depends_on:MBEDTLS_SELF_TEST
|
||||
aes_selftest:
|
||||
|
Loading…
Reference in New Issue
Block a user