cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 03:00:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add parameter validation XTS setkey functions

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2018-12-12 12:48:04 +01:00
parent af0c6cb9e0
commit 68e3dff3f1
3 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mbedtls/aes.h
View File

@ -197,8 +197,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
* sets the encryption key. * sets the encryption key.
* *
* \param ctx The AES XTS context to which the key should be bound. * \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The encryption key. This is comprised of the XTS key1 * \param key The encryption key. This is comprised of the XTS key1
* concatenated with the XTS key2. * concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are: * \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@ -215,8 +217,10 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
* sets the decryption key. * sets the decryption key.
* *
* \param ctx The AES XTS context to which the key should be bound. * \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The decryption key. This is comprised of the XTS key1 * \param key The decryption key. This is comprised of the XTS key1
* concatenated with the XTS key2. * concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are: * \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>

6
library/aes.c
View File

@ -771,6 +771,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key1, *key2; const unsigned char *key1, *key2;
unsigned int key1bits, key2bits; unsigned int key1bits, key2bits;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL );
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits ); &key2, &key2bits );
if( ret != 0 ) if( ret != 0 )
@ -793,6 +796,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key1, *key2; const unsigned char *key1, *key2;
unsigned int key1bits, key2bits; unsigned int key1bits, key2bits;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL );
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits ); &key2, &key2bits );
if( ret != 0 ) if( ret != 0 )

28
tests/suites/test_suite_aes.function
View File

@ -215,7 +215,7 @@ void aes_crypt_xts_size( int size, int retval )
void aes_crypt_xts_keysize( int size, int retval ) void aes_crypt_xts_keysize( int size, int retval )
{ {
mbedtls_aes_xts_context ctx; mbedtls_aes_xts_context ctx;
const unsigned char *key = NULL; const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
size_t key_len = size; size_t key_len = size;
mbedtls_aes_xts_init( &ctx ); mbedtls_aes_xts_init( &ctx );
@ -374,26 +374,38 @@ exit:
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void aes_invalid_param( ) void aes_invalid_param( )
{ {
mbedtls_aes_context dummy_ctx; mbedtls_aes_context aes_ctx;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
mbedtls_aes_xts_context xts_ctx;
#endif
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
#endif
/* mbedtls_aes_setkey_enc() */
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_enc( NULL, key, 128 ) ); mbedtls_aes_setkey_enc( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 ) ); mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
/* mbedtls_aes_setkey_dec() */
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_dec( NULL, key, 128 ) ); mbedtls_aes_setkey_dec( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
#if defined(MBEDTLS_CIPHER_MODE_XTS)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
#endif
} }
/* END_CASE */ /* END_CASE */