From 90b8d4a11e36928d9258985f3aa914e9cd2eda1a Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 18 Dec 2018 16:12:34 +0100 Subject: [PATCH] Include static cipher functions in the parameter validation scheme --- include/mbedtls/cipher.h | 35 ++++++----- tests/suites/test_suite_cipher.function | 64 ++++++++++++++------- tests/suites/test_suite_cipher.padding.data | 3 - 3 files changed, 65 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 1e81ac256..3c6077b04 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -36,6 +36,7 @@ #endif #include +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) #define MBEDTLS_CIPHER_MODE_AEAD @@ -426,8 +427,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return 0; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); return ctx->cipher_info->block_size; } @@ -444,8 +445,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_MODE_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, MBEDTLS_MODE_NONE ); return ctx->cipher_info->mode; } @@ -463,8 +464,8 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return 0; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); if( ctx->iv_size != 0 ) return (int) ctx->iv_size; @@ -483,8 +484,10 @@ static inline int mbedtls_cipher_get_iv_size( static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_CIPHER_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx != NULL, MBEDTLS_CIPHER_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx->cipher_info != NULL, MBEDTLS_CIPHER_NONE ); return ctx->cipher_info->type; } @@ -501,8 +504,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return 0; + MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET( ctx->cipher_info != NULL, 0 ); return ctx->cipher_info->name; } @@ -519,8 +522,10 @@ static inline const char *mbedtls_cipher_get_name( static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_KEY_LENGTH_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx->cipher_info != NULL, MBEDTLS_KEY_LENGTH_NONE ); return (int) ctx->cipher_info->key_bitlen; } @@ -536,8 +541,10 @@ static inline int mbedtls_cipher_get_key_bitlen( static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) { - if( NULL == ctx || NULL == ctx->cipher_info ) - return MBEDTLS_OPERATION_NONE; + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx != NULL, MBEDTLS_OPERATION_NONE ); + MBEDTLS_INTERNAL_VALIDATE_RET( + ctx->cipher_info != NULL, MBEDTLS_OPERATION_NONE ); return ctx->operation; } diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index dd997b089..fba32fdd6 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -21,26 +21,6 @@ void mbedtls_cipher_list( ) } /* END_CASE */ -/* BEGIN_CASE */ -void cipher_null_args( ) -{ - mbedtls_cipher_context_t ctx; - - mbedtls_cipher_init( &ctx ); - - TEST_ASSERT( mbedtls_cipher_get_block_size( NULL ) == 0 ); - TEST_ASSERT( mbedtls_cipher_get_block_size( &ctx ) == 0 ); - - TEST_ASSERT( mbedtls_cipher_get_cipher_mode( NULL ) == MBEDTLS_MODE_NONE ); - TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &ctx ) == MBEDTLS_MODE_NONE ); - - TEST_ASSERT( mbedtls_cipher_get_iv_size( NULL ) == 0 ); - TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 ); - - TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void cipher_invalid_param( ) { @@ -72,6 +52,50 @@ void cipher_invalid_param( ) MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setup( &valid_ctx, NULL ) ); + /* mbedtls_cipher_get_block_size() */ + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( &invalid_ctx ) ); + + /* mbedtls_cipher_get_cipher_mode() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_MODE_NONE, + mbedtls_cipher_get_cipher_mode( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_MODE_NONE, + mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ); + + /* mbedtls_cipher_get_iv_size() */ + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( &invalid_ctx ) ); + + /* mbedtls_cipher_get_type() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_CIPHER_NONE, + mbedtls_cipher_get_type( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_CIPHER_NONE, + mbedtls_cipher_get_type( &invalid_ctx ) ); + + /* mbedtls_cipher_get_name() */ + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) ); + TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( &invalid_ctx ) ); + + /* mbedtls_cipher_get_key_bitlen() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_KEY_LENGTH_NONE, + mbedtls_cipher_get_key_bitlen( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_KEY_LENGTH_NONE, + mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ); + + /* mbedtls_cipher_get_operation() */ + TEST_INVALID_PARAM_RET( + MBEDTLS_OPERATION_NONE, + mbedtls_cipher_get_operation( NULL ) ); + TEST_INVALID_PARAM_RET( + MBEDTLS_OPERATION_NONE, + mbedtls_cipher_get_operation( &invalid_ctx ) ); + /* mbedtls_cipher_setkey() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data index 1c0ba0980..dc4c9d70b 100644 --- a/tests/suites/test_suite_cipher.padding.data +++ b/tests/suites/test_suite_cipher.padding.data @@ -1,9 +1,6 @@ Cipher list mbedtls_cipher_list: -Cipher null/uninitialised arguments -cipher_null_args: - Set padding with AES-CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 set_padding:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_PKCS7:0