mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 21:15:38 +01:00
Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input to the testing function, this allows to test more kinds of incorrect data, with less test cases in the .data file and more important no manually-generated non-trivial data in the test case parameters, making it much easier to complete the testing matrix. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
0ac01a1c59
commit
527c1ff71a
@ -9374,101 +9374,21 @@ Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good min pad, good mac
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":0
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good min pad, bad mac
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad min pad (byte 0), good mac
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"0E0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad min pad (byte 0), bad mac
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"0E0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad min pad (len), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0E":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, overlong pad 1, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"10101010101010101010101010101010":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, overlong pad 2, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"30303030303030303030303030303030":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good maxlen pad, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good maxlen pad, bad mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad maxlen pad (byte 0), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"fEffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad maxlen pad (byte 0), bad mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"fEffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad maxlen (len), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffE":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, good min pad, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"050505050505":0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, good min pad, bad mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"050505050505":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad min pad (byte 0), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"040505050505":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad min pad (byte 0), bad mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"040505050505":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad min pad (len), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"050505050504":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, overlong pad 1, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"060606060606":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, overlong pad 2, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"101010101010":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, good maxlen pad, good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, good maxlen pad, bad mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad maxlen pad (byte 0), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"E5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad maxlen pad (byte 0), bad mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"E5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad maxlen (len), good mac
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f4":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1
|
||||
|
||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
@ -3454,12 +3454,11 @@ exit:
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
int plaintext_len, int badmac, data_t *padding,
|
||||
int exp_ret )
|
||||
int plaintext_len, int pad_long )
|
||||
{
|
||||
/*
|
||||
* Test record decryption for CBC without EtM with possibly incorrect
|
||||
* padding (provided as input) or MAC (generated by this function).
|
||||
* Test record decryption for CBC without EtM, focused on the verification
|
||||
* of padding and MAC.
|
||||
*
|
||||
* Actually depends on TLS >= 1.0 (SSL 3.0 computes the MAC differently),
|
||||
* but since the test framework doesn't support alternation in dependency
|
||||
@ -3467,12 +3466,14 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
*/
|
||||
mbedtls_ssl_context ssl; /* ONLY for debugging */
|
||||
mbedtls_ssl_transform t0, t1;
|
||||
mbedtls_record rec;
|
||||
unsigned char *buf = NULL;
|
||||
mbedtls_record rec, rec_save;
|
||||
unsigned char *buf = NULL, *buf_save = NULL;
|
||||
size_t buflen, olen = 0;
|
||||
const size_t rec_data_offset = 16; /* IV size */
|
||||
size_t block_size, i;
|
||||
unsigned char padlen;
|
||||
unsigned char add_data[13];
|
||||
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
||||
int exp_ret;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_transform_init( &t0 );
|
||||
@ -3484,12 +3485,21 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 , 0 ) == 0 );
|
||||
|
||||
/* Determine padding length */
|
||||
block_size = t0.ivlen;
|
||||
padlen = block_size - ( plaintext_len + t0.maclen + 1 ) % block_size;
|
||||
if( padlen == block_size )
|
||||
padlen = 0;
|
||||
if( pad_long )
|
||||
padlen += block_size * ( ( 255 - padlen ) / block_size );
|
||||
|
||||
/* Prepare a buffer for record data */
|
||||
buflen = rec_data_offset
|
||||
buflen = block_size
|
||||
+ plaintext_len
|
||||
+ t0.maclen
|
||||
+ padding->len;
|
||||
+ padlen + 1;
|
||||
ASSERT_ALLOC( buf, buflen );
|
||||
ASSERT_ALLOC( buf_save, buflen );
|
||||
|
||||
/* Prepare a dummy record header */
|
||||
memset( rec.ctr, 0, sizeof( rec.ctr ) );
|
||||
@ -3503,17 +3513,11 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
/* Prepare dummy record content */
|
||||
rec.buf = buf;
|
||||
rec.buf_len = buflen;
|
||||
rec.data_offset = rec_data_offset;
|
||||
rec.data_offset = block_size;
|
||||
rec.data_len = plaintext_len;
|
||||
memset( rec.buf + rec.data_offset, 42, rec.data_len );
|
||||
|
||||
/*
|
||||
* MAC, "pad" and encrypt - this near-duplicates the TLS 1.x non-EtM CBC
|
||||
* code path of mbedtls_ssl_encrypt_buf(), but with user-provided padding,
|
||||
* and possibly wrong HMAC. Also, without safety checks or CID support.
|
||||
*/
|
||||
|
||||
/* MAC with additional data */
|
||||
/* Serialized version of record header for MAC purposes */
|
||||
memcpy( add_data, rec.ctr, 8 );
|
||||
add_data[8] = rec.type;
|
||||
add_data[9] = rec.ver[0];
|
||||
@ -3521,6 +3525,15 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
add_data[11] = ( rec.data_len >> 8 ) & 0xff;
|
||||
add_data[12] = ( rec.data_len >> 0 ) & 0xff;
|
||||
|
||||
/* Set dummy IV */
|
||||
memset( t0.iv_enc, 0x55, t0.ivlen );
|
||||
memcpy( rec.buf, t0.iv_enc, t0.ivlen );
|
||||
|
||||
/*
|
||||
* Prepare a pre-encryption record (with MAC and padding), and save it.
|
||||
*/
|
||||
|
||||
/* MAC with additional data */
|
||||
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
|
||||
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
|
||||
rec.buf + rec.data_offset,
|
||||
@ -3530,18 +3543,18 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
|
||||
rec.data_len += t0.maclen;
|
||||
|
||||
/* Possibly falsify the MAC */
|
||||
rec.buf[rec.data_offset + rec.data_len - 1] ^= badmac;
|
||||
/* Pad */
|
||||
memset( rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1 );
|
||||
rec.data_len += padlen + 1;
|
||||
|
||||
/* Append the user-provided padding */
|
||||
memcpy( rec.buf + rec.data_offset + rec.data_len, padding->x, padding->len );
|
||||
rec.data_len += padding->len;
|
||||
|
||||
/* Set dummy IV and encrypt */
|
||||
memset( t0.iv_enc, 0x55, t0.ivlen );
|
||||
TEST_ASSERT( t0.ivlen == rec_data_offset );
|
||||
memcpy( rec.buf, t0.iv_enc, rec_data_offset );
|
||||
/* Save correct pre-encryption record */
|
||||
rec_save = rec;
|
||||
rec_save.buf = buf_save;
|
||||
memcpy( buf_save, buf, buflen );
|
||||
|
||||
/*
|
||||
* Encrypt and decrypt the correct record, expecting success
|
||||
*/
|
||||
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
|
||||
t0.iv_enc, t0.ivlen,
|
||||
rec.buf + rec.data_offset, rec.data_len,
|
||||
@ -3549,16 +3562,80 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
|
||||
|
||||
/*
|
||||
* Try to decrypt and check that we get the expected result
|
||||
* Modify each byte of the pre-encryption record before encrypting and
|
||||
* decrypting it, expecting failure every time.
|
||||
*/
|
||||
for( i = block_size; i < buflen; i++ )
|
||||
{
|
||||
test_set_step( i );
|
||||
|
||||
/* Restore correct pre-encryption record */
|
||||
rec = rec_save;
|
||||
rec.buf = buf;
|
||||
memcpy( buf, buf_save, buflen );
|
||||
|
||||
/* Flip one bit of the data (could be plaintext, MAC or padding) */
|
||||
rec.buf[i] ^= 0x01;
|
||||
|
||||
/* Encrypt */
|
||||
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
|
||||
t0.iv_enc, t0.ivlen,
|
||||
rec.buf + rec.data_offset, rec.data_len,
|
||||
rec.buf + rec.data_offset, &olen ) );
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
/* Decrypt and expect failure */
|
||||
TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
|
||||
mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Use larger values of the padding bytes - with small buffers, this tests
|
||||
* the case where the announced padlen would be larger than the buffer
|
||||
* (and before that, than the buffer minus the size of the MAC), to make
|
||||
* sure our padding checking code does not perform any out-of-bounds reads
|
||||
* in this case. (With larger buffers, ie when the plaintext is long or
|
||||
* maximal length padding is used, this is less relevant but still doesn't
|
||||
* hurt to test.)
|
||||
*
|
||||
* (Start the loop with correct padding, just to double-check that record
|
||||
* saving did work, and that we're overwriting the correct bytes.)
|
||||
*/
|
||||
for( i = padlen; i <= 255; i++ )
|
||||
{
|
||||
test_set_step( i );
|
||||
|
||||
/* Restore correct pre-encryption record */
|
||||
rec = rec_save;
|
||||
rec.buf = buf;
|
||||
memcpy( buf, buf_save, buflen );
|
||||
|
||||
/* Set padding bytes to new value */
|
||||
memset( buf + buflen - padlen - 1, i, padlen + 1 );
|
||||
|
||||
/* Encrypt */
|
||||
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
|
||||
t0.iv_enc, t0.ivlen,
|
||||
rec.buf + rec.data_offset, rec.data_len,
|
||||
rec.buf + rec.data_offset, &olen ) );
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
/* Decrypt and expect failure except the first time */
|
||||
exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_transform_free( &t0 );
|
||||
mbedtls_ssl_transform_free( &t1 );
|
||||
mbedtls_free( buf );
|
||||
mbedtls_free( buf_save );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user