From 9df2b416b908b7ce206386a04980ac9f6c66b57c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Aug 2020 11:34:21 -0400 Subject: [PATCH 1/3] Add a CRC module to mbedtls and baremetal config Add a new CRC module along with some tests for it. The table and the CRC function body is generated using pycrc v0.9.2. Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 1 + include/mbedtls/config.h | 11 ++++++ include/mbedtls/crc.h | 47 ++++++++++++++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 3 +- library/crc.c | 55 ++++++++++++++++++++++++++++ library/version_features.c | 3 ++ programs/ssl/query_config.c | 8 ++++ tests/CMakeLists.txt | 1 + tests/suites/test_suite_crc.data | 44 ++++++++++++++++++++++ tests/suites/test_suite_crc.function | 26 +++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 + 12 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 include/mbedtls/crc.h create mode 100644 library/crc.c create mode 100644 tests/suites/test_suite_crc.data create mode 100644 tests/suites/test_suite_crc.function diff --git a/configs/baremetal.h b/configs/baremetal.h index c93f53af9..24af9b670 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -137,6 +137,7 @@ #define MBEDTLS_OID_C #define MBEDTLS_PLATFORM_C +#define MBEDTLS_CRC_C /* I/O buffer configuration */ #define MBEDTLS_SSL_MAX_CONTENT_LEN 2048 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9b885973b..98df7c58c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2728,6 +2728,17 @@ */ #define MBEDTLS_ERROR_C +/** + * \def MBEDTLS_CRC_C + * + * Enable the CRC calculating module + * + * Module: library/crc.c + * + * This module enables mbedtls_crc_update. + */ +//#define MBEDTLS_CRC_C + /** * \def MBEDTLS_GCM_C * diff --git a/include/mbedtls/crc.h b/include/mbedtls/crc.h new file mode 100644 index 000000000..013166674 --- /dev/null +++ b/include/mbedtls/crc.h @@ -0,0 +1,47 @@ +/* + * CRC-16/ARC implementation, generated using pycrc v0.9.2, https://pycrc.org. + * + * Used options: --model=crc-16 --algorithm=tbl --generate=h --std=C89 --table-idx-width 4 + * + * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_CRC_H +#define MBEDTLS_CRC_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Update the crc value with new data. + * + * \param[in] crc The current crc value. + * \param[in] data Pointer to a buffer of \a data_len bytes. + * \param[in] data_len Number of bytes in the \a data buffer. + * \return The updated crc value. + */ +uint16_t mbedtls_crc_update( uint16_t crc, const void *data, size_t data_len ); + +#ifdef __cplusplus +} +#endif +#endif /* MBEDTLS_CRC_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b59d318c8..9e0724f9b 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -20,6 +20,7 @@ set(src_crypto cipher.c cipher_wrap.c cmac.c + crc.c ctr_drbg.c des.c dhm.c diff --git a/library/Makefile b/library/Makefile index 96a9d6031..f11c4df2b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -99,7 +99,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o + version_features.o xtea.o \ + crc.o OBJS_X509= certs.o pkcs11.o x509.o diff --git a/library/crc.c b/library/crc.c new file mode 100644 index 000000000..9e21f2594 --- /dev/null +++ b/library/crc.c @@ -0,0 +1,55 @@ +/* + * CRC-16/ARC implementation, generated using pycrc v0.9.2, https://pycrc.org, + * with further FI countermeasures added manually. + * + * Used options: --model=crc-16 --algorithm=tbl --generate=c --std=C89 --table-idx-width 4 + * + * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_CRC_C) + +#include "mbedtls/crc.h" + +static const uint32_t crc_table[16] = { + 0x0000, 0xcc01, 0xd801, 0x1400, 0xf001, 0x3c00, 0x2800, 0xe401, + 0xa001, 0x6c00, 0x7800, 0xb401, 0x5000, 0x9c01, 0x8801, 0x4400 +}; + +uint16_t mbedtls_crc_update( uint16_t crc, const void *data, size_t data_len ) +{ + const unsigned char *d = (const unsigned char *)data; + unsigned int tbl_idx; + + while ( data_len -- ) { + tbl_idx = crc ^ *d; + crc = crc_table[tbl_idx & 0x0f] ^ ( crc >> 4 ); + tbl_idx = crc ^ ( *d >> 4 ); + crc = crc_table[tbl_idx & 0x0f] ^ ( crc >> 4 ); + d ++; + } + return crc; +} + +#endif /* MBEDTLS_CRC_C */ diff --git a/library/version_features.c b/library/version_features.c index 38a7ceee2..7c5dae79c 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -684,6 +684,9 @@ static const char *features[] = { #if defined(MBEDTLS_ERROR_C) "MBEDTLS_ERROR_C", #endif /* MBEDTLS_ERROR_C */ +#if defined(MBEDTLS_CRC_C) + "MBEDTLS_CRC_C", +#endif /* MBEDTLS_CRC_C */ #if defined(MBEDTLS_GCM_C) "MBEDTLS_GCM_C", #endif /* MBEDTLS_GCM_C */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 8db6d22be..e83671c16 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1866,6 +1866,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ERROR_C */ +#if defined(MBEDTLS_CRC_C) + if( strcmp( "MBEDTLS_CRC_C", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_CRC_C ); + return( 0 ); + } +#endif /* MBEDTLS_CRC_C */ + #if defined(MBEDTLS_GCM_C) if( strcmp( "MBEDTLS_GCM_C", config ) == 0 ) { diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 2ea77e7e7..0a3415e34 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -94,6 +94,7 @@ add_test_suite(cipher cipher.misc) add_test_suite(cipher cipher.null) add_test_suite(cipher cipher.padding) add_test_suite(cmac) +add_test_suite(crc) add_test_suite(ctr_drbg) add_test_suite(debug) add_test_suite(des) diff --git a/tests/suites/test_suite_crc.data b/tests/suites/test_suite_crc.data new file mode 100644 index 000000000..aa4c6861e --- /dev/null +++ b/tests/suites/test_suite_crc.data @@ -0,0 +1,44 @@ +CRC-16 1 byte of 0x00 +compute_crc:"00":0 + +CRC-16 8 bytes of 0x00 +compute_crc:"0000000000000000":0 + +CRC-16 16 bytes of 0x00 +compute_crc:"00000000000000000000000000000000":0 + +CRC-16 32 bytes of 0x00 +compute_crc:"0000000000000000000000000000000000000000000000000000000000000000":0 + +CRC-16 1 byte of 0xFF +compute_crc:"FF":16448 + +CRC-16 8 bytes of 0xFF +compute_crc:"FFFFFFFFFFFFFFFF":33857 + +CRC-16 16 bytes of 0xFF +compute_crc:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":28736 + +CRC-16 32 bytes of 0xFF +compute_crc:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":41985 + +CRC-16 1 byte of 0x01 +compute_crc:"01":49345 + +CRC-16 8 bytes incrementing +compute_crc:"0123456789abcdef":62374 + +CRC-16 16 bytes incrementing +compute_crc:"0123456789abcdef0123456789abcdef":44783 + +CRC-16 32 bytes incrementing +compute_crc:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":44749 + +CRC-16 64 bytes incrementing +compute_crc:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":53063 + +CRC-16 ascii 1 to 9 incrementing +compute_crc:"313233343536373839":47933 + +CRC-16 512 bytes of random data +compute_crc:"66870a93e17d4a5dd6ef84476dff6e2aa7d2ebd391cf4c54affff479a98a81360909f32eafbea98f4a3e4737de4c588d11c356860333ad7f4c334fb7dfce77cb04fafb50991f9b2e7957312a1b9dbcbebaf03f4eb9443938279f9b6c01e2b8c6022ee58f5840c7e86962830ca088174dc1b9912b64bde42877343c0b979b8ea376e4bf994a7ff6c629d5ba936958cc9f55db1c98151b16f7d918ff84f85b45e3ee49e7d166baac4dec81a174b3e496446a92c00d0859c2402f0110964effbdae9a6a3243530996029f4a428f1626837e55d32660cf6a2d4263c9fe23841d01b9410a9530bf9b1561fa83f6c42447d310bc991352ee9863b83b890b5aa0ea0bbf":49505 diff --git a/tests/suites/test_suite_crc.function b/tests/suites/test_suite_crc.function new file mode 100644 index 000000000..8d0995806 --- /dev/null +++ b/tests/suites/test_suite_crc.function @@ -0,0 +1,26 @@ +/* BEGIN_HEADER */ +#include "mbedtls/crc.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_CRC_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void compute_crc( data_t *input, unsigned int crc ) +{ + uint16_t result = mbedtls_crc_update( 0, input->x, input->len ); + uint32_t len = input->len; + TEST_ASSERT( crc == result ); + + result = 0; + while( len > 0 ) + { + uint8_t cur_len = ( len > 8 ? 8 : len ); + result = mbedtls_crc_update( result, &input->x[ input->len - len ], cur_len ); + len -= cur_len; + } + TEST_ASSERT( crc == result ); +} +/* END_CASE */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 0e5788117..4139879b0 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -166,6 +166,7 @@ + @@ -243,6 +244,7 @@ + From fba59211869f562d5b27110815bf9007d4fda87a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Aug 2020 21:02:25 -0400 Subject: [PATCH 2/3] aes: validate keys using crc before encryption/decryption CRC is calculated when the key is set. This commit also adds new tests for ecb encryption and decryption, simulating a fault injection after the key is set. Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 1 + include/mbedtls/aes.h | 3 + include/mbedtls/check_config.h | 4 ++ include/mbedtls/config.h | 14 ++++- library/aes.c | 75 +++++++++++++++++++++--- library/version_features.c | 3 + programs/ssl/query_config.c | 8 +++ tests/CMakeLists.txt | 1 + tests/suites/test_suite_aes.ecb.crc.data | 46 +++++++++++++++ tests/suites/test_suite_aes.function | 55 +++++++++++++++++ 10 files changed, 202 insertions(+), 8 deletions(-) create mode 100644 tests/suites/test_suite_aes.ecb.crc.data diff --git a/configs/baremetal.h b/configs/baremetal.h index 24af9b670..71bf463e7 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -138,6 +138,7 @@ #define MBEDTLS_OID_C #define MBEDTLS_PLATFORM_C #define MBEDTLS_CRC_C +#define MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY /* I/O buffer configuration */ #define MBEDTLS_SSL_MAX_CONTENT_LEN 2048 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index cb7d726ae..5fb020fa8 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -90,6 +90,9 @@ typedef struct mbedtls_aes_context #if defined(MBEDTLS_AES_SCA_COUNTERMEASURES) uint32_t frk[8]; /*!< Fake AES round keys. */ #endif +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + uint16_t crc; /*!< CRC-16 of the set key */ +#endif #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) uint32_t buf[44]; /*!< Unaligned data buffer */ #else /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7239557a0..974bf7b1f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -986,6 +986,10 @@ #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) && ( !defined(MBEDTLS_CRC_C) ) +#error "MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY defined, but not MBEDTLS_CRC_C" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 98df7c58c..db38e81cc 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2735,10 +2735,22 @@ * * Module: library/crc.c * - * This module enables mbedtls_crc_update. + * This module enables mbedtls_crc_update(). */ //#define MBEDTLS_CRC_C +/** + * \def MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY + * + * Enable validation of AES keys by checking their CRC + * during every encryption/decryption. + * + * Module: library/aes.c + * + * Requires: MBEDTLS_CRC_C + */ +//#define MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY + /** * \def MBEDTLS_GCM_C * diff --git a/library/aes.c b/library/aes.c index e7a888f1a..d6a6b0097 100644 --- a/library/aes.c +++ b/library/aes.c @@ -45,6 +45,10 @@ #include "mbedtls/aesni.h" #endif +#if defined(MBEDTLS_CRC_C) && defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) +#include "mbedtls/crc.h" +#endif + #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -703,6 +707,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( key != NULL ); + (void) ret; switch( keybits ) { @@ -821,8 +826,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ } - ret = 0; - /* Validate execution path */ if( ( flow_ctrl == keybits >> 5 ) && ( ( ctx->nr == 10 && i == 10 ) #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) @@ -831,7 +834,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, #endif ) ) { - return ret; +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + ctx->crc = mbedtls_crc_update( 0, ctx->rk, keybits >> 3 ); +#endif + return 0; } mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 ); @@ -926,6 +932,9 @@ exit: } else if( ( i == 0 ) && ( j == 4 ) ) { +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + ctx->crc = mbedtls_crc_update( 0, ctx->rk, keybits >> 3 ); +#endif return( ret ); } else @@ -1088,6 +1097,21 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, // reserve based on max rounds + dummy rounds + 2 (for initial key addition) uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + unsigned key_bytes = 0; + uint16_t check_crc = 0; + switch( ctx->nr ) + { + case 10: key_bytes = 16; break; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + case 12: key_bytes = 24; break; + case 14: key_bytes = 32; break; +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ + default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + } + check_crc = mbedtls_crc_update( 0, ctx->rk, key_bytes ); +#endif + aes_data_real.rk_ptr = ctx->rk; aes_data_fake.rk_ptr = ctx->frk; @@ -1182,9 +1206,20 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, flow_control++; } while( ( i = ( i + 1 ) % 4 ) != offset ); - if( flow_control == tindex + dummy_rounds + 8 ) + /* Double negation is used to silence an "extraneous parentheses" warning */ + if( ! ( flow_control != tindex + dummy_rounds + 8 ) +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + && check_crc == ctx->crc +#endif + ) { - return 0; +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + mbedtls_platform_random_delay(); + if( mbedtls_crc_update( 0, ctx->rk, key_bytes ) == ctx->crc ) +#endif + { + return 0; + } } // Clear the output in case of a FI @@ -1369,6 +1404,21 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, // reserve based on max rounds + dummy rounds + 2 (for initial key addition) uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + unsigned key_bytes = 0; + uint16_t check_crc = 0; + switch( ctx->nr ) + { + case 10: key_bytes = 16; break; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + case 12: key_bytes = 24; break; + case 14: key_bytes = 32; break; +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ + default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + } + check_crc = mbedtls_crc_update( 0, ctx->rk, key_bytes ); +#endif + aes_data_real.rk_ptr = ctx->rk; aes_data_fake.rk_ptr = ctx->frk; @@ -1463,9 +1513,20 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, flow_control++; } while( ( i = ( i + 1 ) % 4 ) != offset ); - if( flow_control == tindex + dummy_rounds + 8 ) + /* Double negation is used to silence an "extraneous parentheses" warning */ + if( ! ( flow_control != tindex + dummy_rounds + 8 ) +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + && check_crc == ctx->crc +#endif + ) { - return 0; +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + mbedtls_platform_random_delay(); + if( mbedtls_crc_update( 0, ctx->rk, key_bytes ) == ctx->crc ) +#endif + { + return 0; + } } // Clear the output in case of a FI diff --git a/library/version_features.c b/library/version_features.c index 7c5dae79c..84cb8a62b 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -687,6 +687,9 @@ static const char *features[] = { #if defined(MBEDTLS_CRC_C) "MBEDTLS_CRC_C", #endif /* MBEDTLS_CRC_C */ +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + "MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY", +#endif /* MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY */ #if defined(MBEDTLS_GCM_C) "MBEDTLS_GCM_C", #endif /* MBEDTLS_GCM_C */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index e83671c16..af77ed553 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1874,6 +1874,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_CRC_C */ +#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) + if( strcmp( "MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY ); + return( 0 ); + } +#endif /* MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY */ + #if defined(MBEDTLS_GCM_C) if( strcmp( "MBEDTLS_GCM_C", config ) == 0 ) { diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 0a3415e34..1a00ca0b0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -67,6 +67,7 @@ if(MSVC) endif(MSVC) add_test_suite(aes aes.ecb) +add_test_suite(aes aes.ecb.crc) add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) add_test_suite(aes aes.ofb) diff --git a/tests/suites/test_suite_aes.ecb.crc.data b/tests/suites/test_suite_aes.ecb.crc.data new file mode 100644 index 000000000..cd4262058 --- /dev/null +++ b/tests/suites/test_suite_aes.ecb.crc.data @@ -0,0 +1,46 @@ +AES-128-ECB Encrypt NIST KAT #1 good CRC +aes_encrypt_ecb_crc:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0:1 + +AES-128-ECB Encrypt NIST KAT #1 bad CRC +aes_encrypt_ecb_crc:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0 + +AES-128-ECB Decrypt NIST KAT #1 good CRC +depends_on:!MBEDTLS_AES_ONLY_ENCRYPT +aes_decrypt_ecb_crc:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":614:0:1 + +AES-128-ECB Decrypt NIST KAT #1 bad CRC +depends_on:!MBEDTLS_AES_ONLY_ENCRYPT +aes_decrypt_ecb_crc:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0 + +AES-192-ECB Encrypt NIST KAT #1 good CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +aes_encrypt_ecb_crc:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0:0:1 + +AES-192-ECB Encrypt NIST KAT #1 bad CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +aes_encrypt_ecb_crc:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0 + +AES-192-ECB Decrypt NIST KAT #1 good CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT +aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":31004:0:1 + +AES-192-ECB Decrypt NIST KAT #1 bad CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT +aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0 + +AES-256-ECB Encrypt NIST KAT #1 good CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +aes_encrypt_ecb_crc:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":61384:0:1 + +AES-256-ECB Encrypt NIST KAT #1 bad CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +aes_encrypt_ecb_crc:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0 + +AES-256-ECB Decrypt NIST KAT #1 good CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT +aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":32504:0:1 + +AES-256-ECB Decrypt NIST KAT #1 bad CRC +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT +aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0 + diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index da8c1e935..2a2f9cbcd 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/aes.h" +#include "mbedtls/platform.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -369,6 +370,60 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */ +void aes_encrypt_ecb_crc( data_t * key_str, data_t * src_str, + data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc ) +{ + unsigned char output[100]; + mbedtls_aes_context ctx; + + memset(output, 0x00, 100); + + mbedtls_aes_init( &ctx ); + + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 ); + + if( check_crc ) + TEST_ASSERT( ctx.crc == crc ); + else + ctx.crc = crc; + + TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == crypt_result ); + + TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + +exit: + mbedtls_aes_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */ +void aes_decrypt_ecb_crc( data_t * key_str, data_t * src_str, + data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc ) +{ + unsigned char output[100]; + mbedtls_aes_context ctx; + + memset(output, 0x00, 100); + + mbedtls_aes_init( &ctx ); + + TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 ); + + if( check_crc ) + TEST_ASSERT( ctx.crc == crc ); + else + ctx.crc = crc; + + TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == crypt_result ); + + TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + +exit: + mbedtls_aes_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void aes_check_params( ) { From e4f865d53c2fd64e869955c5e0448de1b82fdc1d Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 8 Aug 2020 18:07:40 -0400 Subject: [PATCH 3/3] Makefile: alphabetically order object files Signed-off-by: Andrzej Kurek --- library/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/Makefile b/library/Makefile index f11c4df2b..7e16bd895 100644 --- a/library/Makefile +++ b/library/Makefile @@ -83,9 +83,9 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ base64.o bignum.o blowfish.o \ camellia.o ccm.o chacha20.o \ chachapoly.o cipher.o cipher_wrap.o \ - cmac.o ctr_drbg.o des.o \ - dhm.o ecdh.o ecdsa.o \ - ecjpake.o ecp.o \ + cmac.o crc.o ctr_drbg.o \ + des.o dhm.o ecdh.o \ + ecdsa.o ecjpake.o ecp.o \ ecp_curves.o entropy.o entropy_poll.o \ error.o gcm.o havege.o \ hkdf.o \ @@ -99,8 +99,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o \ - crc.o + version_features.o xtea.o + OBJS_X509= certs.o pkcs11.o x509.o