From ad249f509fd62a3bbea7ccd1fef605dbd482a7bd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 26 Jun 2016 13:10:00 +0100 Subject: [PATCH 001/272] Fixes all.sh script for filesystem IO test build MBEDTLS_ENTROPY_NV_SEED is dependent on platform code unless an alternative implementation is provided, therefore needs to be disabled in the disabled filesystem IO build. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 209c106c16b7..2d1cb08cdaec 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -231,6 +231,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO CC=gcc CFLAGS='-Werror -O0' make From 1d46a2d5aaf90e53f9e2f6e58df2b129e41f0cd7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 11 Jul 2016 10:17:03 +0100 Subject: [PATCH 002/272] Fix issue with reuse of custom yotta configs for target_config.h (#530) --- include/mbedtls/config.h | 6 +++++- yotta/data/adjust-config.sh | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3b7c85b394cb..8e263b04a3ec 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2567,7 +2567,11 @@ /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ -//#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h" +//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" + +#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) +#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE +#endif /* * Allow user to override any previous default. diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh index 6580c0900041..3fa84908f48a 100755 --- a/yotta/data/adjust-config.sh +++ b/yotta/data/adjust-config.sh @@ -16,7 +16,7 @@ conf() { # Set the target specific header -conf set YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE \"target_config.h\" +conf set YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE \"mbedtls/target_config.h\" # not supported on mbed OS, nor used by mbed Client conf unset MBEDTLS_NET_C From 7247f99b3e068a2b90b7776a2cdd438fddb7a38b Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Mon, 11 Jul 2016 13:57:05 +0100 Subject: [PATCH 003/272] Fixes missing dependency in ss.h on platform.h Fixes #522 - 'mbedtls_time_t does not name a type in ssl.h' --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 82c07607f512..bc62336915e8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -52,7 +52,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include +#include "platform.h" #endif /* From 8631143ae0babd830d1478d0a7ea680268c4b8f9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Jul 2016 13:11:00 +0100 Subject: [PATCH 004/272] Puts platform time abstraction into a own header Places the platform time abstraction into a separate header file to avoid dependency issues where a build may need time but not the libc abstraction. --- include/mbedtls/platform.h | 38 ++-------------- include/mbedtls/platform_time.h | 81 +++++++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 2 +- 3 files changed, 87 insertions(+), 34 deletions(-) create mode 100644 include/mbedtls/platform_time.h diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index caf8f25271aa..ce0f63d74e45 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -29,6 +29,11 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_HAVE_TIME) +#include "platform_time.h" +#endif + + #ifdef __cplusplus extern "C" { #endif @@ -243,39 +248,6 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #define MBEDTLS_EXIT_FAILURE 1 #endif -/* - * The time_t datatype - */ -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) -typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; -#else -/* For time_t */ -#include -typedef time_t mbedtls_time_t; -#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ - -/* - * The function pointers for time - */ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); - -/** - * \brief Set your own time function pointer - * - * \param time_func the time function implementation - * - * \return 0 - */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); -#else -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) -#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO -#else -#define mbedtls_time time -#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ -#endif /* MBEDTLS_PLATFORM_TIME_ALT */ - /* * The function pointers for reading from and writing a seed file to * Non-Volatile storage (NV) in a platform-independent way diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h new file mode 100644 index 000000000000..abb3431420fe --- /dev/null +++ b/include/mbedtls/platform_time.h @@ -0,0 +1,81 @@ +/** + * \file platform_time.h + * + * \brief mbed TLS Platform time abstraction + * + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_PLATFORM_TIME_H +#define MBEDTLS_PLATFORM_TIME_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +/* + * The time_t datatype + */ +#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) +typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; +#else +/* For time_t */ +#include +typedef time_t mbedtls_time_t; +#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ + +/* + * The function pointers for time + */ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); + +/** + * \brief Set your own time function pointer + * + * \param time_func the time function implementation + * + * \return 0 + */ +int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); +#else +#if defined(MBEDTLS_PLATFORM_TIME_MACRO) +#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO +#else +#define mbedtls_time time +#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ +#endif /* MBEDTLS_PLATFORM_TIME_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif /* platform_time.h */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bc62336915e8..c0bfd3e0773d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -52,7 +52,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include "platform.h" +#include "mbedtls/platform_time.h" #endif /* From b5b6af2663fdb7f57c30494607bade90810f6844 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Jul 2016 14:46:18 +0100 Subject: [PATCH 005/272] Puts platform time abstraction into its own header Separates platform time abstraction into it's own header from the general platform abstraction as both depend on different build options. (MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME) --- include/mbedtls/platform.h | 37 ++------------- include/mbedtls/platform_time.h | 81 +++++++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 2 +- library/net.c | 1 - library/ssl_cache.c | 2 - library/ssl_ciphersuites.c | 1 - library/ssl_cli.c | 4 +- library/ssl_cookie.c | 2 - library/ssl_srv.c | 4 +- library/ssl_ticket.c | 2 - library/ssl_tls.c | 1 - library/x509.c | 7 ++- programs/ssl/dtls_client.c | 1 - 13 files changed, 93 insertions(+), 52 deletions(-) create mode 100644 include/mbedtls/platform_time.h diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index caf8f25271aa..b1b019e55eb9 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -29,6 +29,10 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif + #ifdef __cplusplus extern "C" { #endif @@ -243,39 +247,6 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #define MBEDTLS_EXIT_FAILURE 1 #endif -/* - * The time_t datatype - */ -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) -typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; -#else -/* For time_t */ -#include -typedef time_t mbedtls_time_t; -#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ - -/* - * The function pointers for time - */ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); - -/** - * \brief Set your own time function pointer - * - * \param time_func the time function implementation - * - * \return 0 - */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); -#else -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) -#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO -#else -#define mbedtls_time time -#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ -#endif /* MBEDTLS_PLATFORM_TIME_ALT */ - /* * The function pointers for reading from and writing a seed file to * Non-Volatile storage (NV) in a platform-independent way diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h new file mode 100644 index 000000000000..abb3431420fe --- /dev/null +++ b/include/mbedtls/platform_time.h @@ -0,0 +1,81 @@ +/** + * \file platform_time.h + * + * \brief mbed TLS Platform time abstraction + * + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_PLATFORM_TIME_H +#define MBEDTLS_PLATFORM_TIME_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +/* + * The time_t datatype + */ +#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) +typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; +#else +/* For time_t */ +#include +typedef time_t mbedtls_time_t; +#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ + +/* + * The function pointers for time + */ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); + +/** + * \brief Set your own time function pointer + * + * \param time_func the time function implementation + * + * \return 0 + */ +int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); +#else +#if defined(MBEDTLS_PLATFORM_TIME_MACRO) +#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO +#else +#define mbedtls_time time +#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ +#endif /* MBEDTLS_PLATFORM_TIME_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif /* platform_time.h */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bc62336915e8..c0bfd3e0773d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -52,7 +52,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include "platform.h" +#include "mbedtls/platform_time.h" #endif /* diff --git a/library/net.c b/library/net.c index 4142bc061eb6..8b96321bc648 100644 --- a/library/net.c +++ b/library/net.c @@ -36,7 +36,6 @@ #include "mbedtls/platform.h" #else #include -#define mbedtls_time_t time_t #endif #include "mbedtls/net.h" diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 01c66aed1429..9b62de2dccf7 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -37,8 +37,6 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_cache.h" diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 35463317fd84..a762bf7c4f88 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -33,7 +33,6 @@ #include "mbedtls/platform.h" #else #include -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_ciphersuites.h" diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cd39db027ea3..358dc467e278 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -33,8 +33,6 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/debug.h" @@ -46,7 +44,7 @@ #include #if defined(MBEDTLS_HAVE_TIME) -#include +#include "mbedtls/platform_time.h" #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index f241c86d8c73..9fb32de7a64b 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -36,8 +36,6 @@ #else #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_cookie.h" diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 727104529749..ec59cc192d77 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -33,8 +33,6 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/debug.h" @@ -48,7 +46,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include +#include "mbedtls/platform_time.h" #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5d77403e5522..4d9116d2148b 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -33,8 +33,6 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_ticket.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 80a908d9c577..505bb6cb3a5c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -41,7 +41,6 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time_t time_t #endif #include "mbedtls/debug.h" diff --git a/library/x509.c b/library/x509.c index a0df817081ef..bc3bfe018f51 100644 --- a/library/x509.c +++ b/library/x509.c @@ -55,12 +55,15 @@ #include #define mbedtls_free free #define mbedtls_calloc calloc -#define mbedtls_time time -#define mbedtls_time_t time_t #define mbedtls_printf printf #define mbedtls_snprintf snprintf #endif + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include #else diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 14fb612029b4..b37eb838cdc0 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,7 +31,6 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf -#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ From b92834324f29768a5bf39c58c674c5f3c09b6763 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Jul 2016 11:02:41 +0100 Subject: [PATCH 006/272] Fixes all.sh for full config MBEDTLS_PLATFORM_TIME_ALT was accidentally left in the full config test leading to linker problems. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 526239768a76..a2b0995ba83d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -231,6 +231,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C From 23e9778684ba734dbfba1445e145b04dd6b59e76 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Jul 2016 13:31:08 +0100 Subject: [PATCH 007/272] Adds missing conditions for platform time In platform.c, made the time functions dependent on the configuration MBEDTLS_HAVE_TIME to fix a build break where the functions could be built but the mbedtls_time_t was not defined. --- library/platform.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/platform.c b/library/platform.c index 68ca45d10b30..2591c45d750f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -190,6 +190,8 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) } #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ +#if defined(MBEDTLS_HAVE_TIME) + #if defined(MBEDTLS_PLATFORM_TIME_ALT) #if !defined(MBEDTLS_PLATFORM_STD_TIME) /* @@ -213,6 +215,8 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time } #endif /* MBEDTLS_PLATFORM_TIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME */ + #if defined(MBEDTLS_ENTROPY_NV_SEED) #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) /* Default implementations for the platform independent seed functions use From b72c67804a6e0e25b3cc2b3a48a4c1b2e98b7c77 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 19 Jul 2016 14:54:17 +0100 Subject: [PATCH 008/272] Add script to print build environment info. (#539) * Add script to print build environment info. The new script is also included in: - all.sh - basic-build-test.sh * Tidy up environment reporting script. Changes include: - making the echo calls portable - removing unnecessary brackets - using more efficient checks for the existance of commands - correcting typos and copyright year * Update references to output_env.sh --- scripts/output_env.sh | 109 ++++++++++++++++++++++++++++++ tests/scripts/all.sh | 3 + tests/scripts/basic-build-test.sh | 4 ++ 3 files changed, 116 insertions(+) create mode 100755 scripts/output_env.sh diff --git a/scripts/output_env.sh b/scripts/output_env.sh new file mode 100755 index 000000000000..0b7c153c26ad --- /dev/null +++ b/scripts/output_env.sh @@ -0,0 +1,109 @@ +#!/bin/sh +# +# output_env.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# To print out all the relevant information about the development environment. +# +# This includes: +# - architecture of the system +# - type and version of the operating system +# - version of armcc, gcc-arm and gcc compilers +# - version of libc, clang, asan and valgrind +# - version of gnuTLS and OpenSSL + +echo +echo "1) Operating system and architecture:" +uname -a + +echo +if `hash armcc` > /dev/null; then + echo "2) armcc:" + armcc --vsn | head -n 2 +else + echo "2) armcc not found!" +fi + +echo +if `hash arm-none-eabi-gcc` > /dev/null; then + echo + echo "3) gcc-arm:" + arm-none-eabi-gcc --version | head -n 1 +else + echo + echo "3) gcc-arm not found!" +fi + +echo +if `hash gcc` > /dev/null; then + echo "4) gcc:" + gcc --version | head -n 1 +else + echo "4) gcc not found!" +fi + +echo +if `hash clang` > /dev/null; then + echo "5) clang:" + clang --version | head -n 2 + clang -v 2>&1 | grep Selected +else + echo "5) clang not found!" +fi + +echo +if `hash ldd` > /dev/null; then + echo "6) libc:" + ldd --version | head -n 1 +else + echo "6) No ldd present: can't determine libc version!" +fi + +echo +if `hash valgrind` > /dev/null; then + echo "7) valgrind:" + valgrind --version +else + echo "7) valgrind not found!" +fi + +echo +if `hash openssl` > /dev/null; then + echo "8) openssl:" + openssl version +else + echo "8) openssl not found!" +fi + +echo +if `hash gnutls-cli` > /dev/null; then + echo "9) gnuTLS client:" + gnutls-cli --version | head -n 1 +else + echo "9) gnuTLS client not found!" +fi + +echo +if `hash gnutls-serv` > /dev/null; then + echo "10) gnuTLS server:" + gnutls-serv --version | head -n 1 +else + echo "10) gnuTLS server not found!" +fi + +echo +if `hash dpkg` > /dev/null; then + echo "11) asan:" + dpkg -s libasan2 2> /dev/null | grep -i version + dpkg -s libasan1 2> /dev/null | grep -i version + dpkg -s libasan0 2> /dev/null | grep -i version +else + echo "11) No dpkg present: can't determine asan version!" +fi + +echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a2b0995ba83d..5c18f4dd0659 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -121,6 +121,9 @@ fi # # Indicative running times are given for reference. +msg "info: output_env.sh" +scripts/output_env.sh + msg "test: recursion.pl" # < 1s tests/scripts/recursion.pl library/*.c diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 9fab3963797e..9b8bd3c823cd 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -39,6 +39,10 @@ fi CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" +# Step 0 - print build environment info +scripts/output_env.sh +echo + # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' make clean From 1e4ec667a4dd5f06ccc41d69cdef3e07f92fa242 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 20 Jul 2016 10:16:25 +0100 Subject: [PATCH 009/272] Check time platform abstraction macro definitions (#534) * Check time platform abstraction macro definitions This patch adds some checks to check_config.h to ensure that macro definitions for the time platform abstraction are acceptable. In this case the requirements are: - MBEDTLS_PLATFORM_C and MBEDTLS_HAVE_TIME must be defined whenever MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_TYPE_MACRO or MBEDTLS_PLATFORM_TIME_MACRO is defined. - MBEDTLS_PLATFORM_STD_TIME and MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously with MBEDTLS_PLATFORM_TIME_TYPE_MACRO or MBEDTLS_PLATFORM_TIME_MACRO. - MBEDTLS_HAVE_TIME and MBEDTLS_PLATFORM_TIME_ALT must be defined whenever MBEDTLS_PLATFORM_STD_TIME is defined. * Document requirements for time abstraction macros Document that time platform abstraction macros MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME require MBEDTLS_HAVE_TIME to be defined in config.h. * Fix requires comment in config.h * Split preprocessor condition for simplicity --- include/mbedtls/check_config.h | 36 ++++++++++++++++++++++++++++++++++ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a95af6ca4c31..75cdcbc2f034 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -256,6 +256,36 @@ #error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously" #endif +#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\ + ( !defined(MBEDTLS_PLATFORM_C) ||\ + !defined(MBEDTLS_HAVE_TIME) ) +#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\ + ( !defined(MBEDTLS_PLATFORM_C) ||\ + !defined(MBEDTLS_HAVE_TIME) ) +#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\ + ( !defined(MBEDTLS_PLATFORM_C) ||\ + !defined(MBEDTLS_HAVE_TIME) ) +#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\ + defined(MBEDTLS_PLATFORM_TIME_ALT) ) +#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously" +#endif + +#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\ + defined(MBEDTLS_PLATFORM_TIME_ALT) ) +#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites" #endif @@ -352,6 +382,12 @@ #error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\ + ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\ + !defined(MBEDTLS_HAVE_TIME) ) +#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\ !defined(MBEDTLS_PLATFORM_FPRINTF_ALT) #error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8e263b04a3ec..456ec667d926 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -71,6 +71,10 @@ * The time does not need to be correct, only time differences are used, * by contrast with MBEDTLS_HAVE_TIME_DATE * + * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, + * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and + * MBEDTLS_PLATFORM_STD_TIME. + * * Comment if your system does not support time functions */ #define MBEDTLS_HAVE_TIME @@ -148,6 +152,8 @@ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as * MBEDTLS_PLATFORM_XXX_MACRO! * + * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME + * * Uncomment a macro to enable alternate implementation of specific base * platform function */ @@ -2512,7 +2518,7 @@ //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ @@ -2528,8 +2534,8 @@ //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ From e49404a95d047a04ba5238ef1ff8995b813af07c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 15 Jun 2016 11:29:45 +0100 Subject: [PATCH 010/272] Add morpheus integration test to Circle CI. * Tidy up the Circle CI script. * Add nightly build parameter to Circle CI. * Add comment in the Circle CI script explaining its purpose. --- circle.yml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 circle.yml diff --git a/circle.yml b/circle.yml new file mode 100644 index 000000000000..eaed02a815a6 --- /dev/null +++ b/circle.yml @@ -0,0 +1,44 @@ +# Purpose: +# - To test and prove that a new commit in the mbed TLS repository builds +# and integrates with mbed-os properly. +# AND +# - To test and prove that the current development head of mbed TLS builds +# and integrates with the current mbed-os master branch. +# +# The script fetches all the prerequisites and builds the mbed TLS 'tls-client' +# example. This script is triggered by every commit and once each night and the +# exact behaviour depends on how it was triggered: +# - If it is a nightly build then it builds the mbed TLS development head with +# mbed-os master. +# - If it was triggered by the commit, then it builds the example with mbed TLS +# at that commit and mbed-os at the commit pointed by mbed-os.lib in the +# example repository. + +test: + override: + - cd ../mbed-os-example-tls/tls-client/ && mbed compile -m K64F -t GCC_ARM -c + +dependencies: + pre: + # Install gcc-arm + - cd .. && wget "https://launchpad.net/gcc-arm-embedded/4.9/4.9-2015-q3-update/+download/gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2" + - cd .. && tar -xvjf gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2 + - ln -s ../gcc-arm-none-eabi-4_9-2015q3/bin/* ../bin/ + # Install mbed-cli + - cd ../ && git clone https://github.com/ARMmbed/mbed-cli.git + - cd ../mbed-cli && sudo -H pip install -e . + # Get the sample application + - cd ../ && git clone git@github.com:ARMmbed/mbed-os-example-tls.git + # Get mbed-os + - cd ../mbed-os-example-tls/tls-client && mbed deploy + # Update mbed-os to master only if it is a nightly build + - > + if [ -n "${RUN_NIGHTLY_BUILD}" ]; then + cd ../mbed-os-example-tls/tls-client/mbed-os/ && mbed update master; + fi + # Import mbedtls current revision + - ln -s ../../../../../../../mbedtls/ ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/TARGET_IGNORE/mbedtls + - cd ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/ && make + override: + # Install the missing python packages + - cd ../mbed-os-example-tls/tls-client/mbed-os/ && sudo -H pip install -r requirements.txt From cdb3ad03ed63a8f4177d8b208d699cd57fd480a1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 24 Aug 2016 20:09:06 +0300 Subject: [PATCH 011/272] Remove redundant definitions of exit codes In the ssl/mini_client.c sample application the exit codes were redundantly being redefined, causing compiler warnings. --- programs/ssl/mini_client.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index d3954c571af7..1d787313e1eb 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -64,9 +64,6 @@ int main( void ) #include "mbedtls/platform.h" #else #include -#define mbedtls_time_t time_t -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #include From 4982e527c6232a78e622515e14499fba234ed519 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 24 Aug 2016 20:20:20 +0300 Subject: [PATCH 012/272] Adds stdlib.h header to dh_genprime sample app Use of the atoi() function requires stdlib.h to be included when MBEDTLS_PLATFORM_C is not defined. --- programs/pkey/dh_genprime.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 072fe138f556..84a94a18bd26 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_time_t time_t #endif From a4ed19c7c09493b4d3d7e4333330f44cdb73500d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 24 Aug 2016 22:37:43 +0300 Subject: [PATCH 013/272] Fixes test script all.sh to output errors from armcc The test script tests/scripts/all.sh exits on first error, although it also attempted to redirect error output from armcc and then output it after armcc had completed. This never occurred because as soon as armcc failed the script would end and the redirected output wouldn't be displayed. This change removes that redirection. --- tests/scripts/all.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5c18f4dd0659..22137cd4308c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -338,12 +338,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -CC=armcc AR=armar WARNING_CFLAGS= make lib 2> armcc.stderr -if [ -s armcc.stderr ]; then - cat armcc.stderr - exit 1; -fi -rm armcc.stderr +CC=armcc AR=armar WARNING_CFLAGS= make lib fi # armcc if which i686-w64-mingw32-gcc >/dev/null; then From 4df5eaf2b009cf12f213b0045aac950642baa00c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 24 Aug 2016 22:58:31 +0300 Subject: [PATCH 014/272] Fixes build configuration for armcc test build in all.sh In the test script tests/scripts/all.sh the armcc build is a baremetal build and doesn't use MBEDTLS_HAVE_TIME therefore the test configuration MBEDTLS_PLATFORM_TIME_ALT which is dependent on it must be unset. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 22137cd4308c..be32dce12cea 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -338,6 +338,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit +scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC=armcc AR=armar WARNING_CFLAGS= make lib fi # armcc From bd3b359742ec4ca641716f2853ec1ddf1dce1fbc Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 13 Jul 2016 16:37:32 +0100 Subject: [PATCH 015/272] Fix typo in regular Makefile when having coverage files --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 7f334ee27310..39fc342bfc69 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,7 @@ clean: $(MAKE) -C programs clean $(MAKE) -C tests clean ifndef WINDOWS - find . \( -name \*.gcno -o -name \*.gcda -o -name *.info \) -exec rm {} + + find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + endif check: lib From e35afa28f7ede1083453ef707daac3ccbcb6bfd6 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 13 Jul 2016 17:09:14 +0100 Subject: [PATCH 016/272] Update *_multi tests in test_suite_md to do more than 1 step --- tests/suites/test_suite_md.function | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 0fcaa388f9c8..e8fec2826a80 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -187,6 +187,7 @@ void md_text_multi( char *text_md_name, char *text_src_string, unsigned char src_str[1000]; unsigned char hash_str[1000]; unsigned char output[100]; + int halfway, len; const mbedtls_md_info_t *md_info = NULL; mbedtls_md_context_t ctx; @@ -200,13 +201,17 @@ void md_text_multi( char *text_md_name, char *text_src_string, strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); + len = strlen( (char *) src_str ); + halfway = len / 2; + md_info = mbedtls_md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); - TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, strlen( (char *) src_str ) ) ); + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); hexify( hash_str, output, mbedtls_md_get_size(md_info) ); @@ -226,7 +231,7 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, unsigned char src_str[10000]; unsigned char hash_str[10000]; unsigned char output[100]; - int src_len; + int src_len, halfway; const mbedtls_md_info_t *md_info = NULL; mbedtls_md_context_t ctx; @@ -243,10 +248,12 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); src_len = unhexify( src_str, hex_src_string ); + halfway = src_len / 2; TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); - TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, src_len ) ); + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, src_len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); hexify( hash_str, output, mbedtls_md_get_size(md_info) ); @@ -299,7 +306,7 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, unsigned char key_str[10000]; unsigned char hash_str[10000]; unsigned char output[100]; - int key_len, src_len; + int key_len, src_len, halfway; const mbedtls_md_info_t *md_info = NULL; mbedtls_md_context_t ctx; @@ -318,10 +325,12 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); + halfway = src_len / 2; TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str, key_len ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); - TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, src_len ) ); + TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); hexify( hash_str, output, mbedtls_md_get_size(md_info) ); @@ -332,7 +341,8 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, memset(output, 0x00, 100); TEST_ASSERT ( 0 == mbedtls_md_hmac_reset( &ctx ) ); - TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, src_len ) ); + TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); hexify( hash_str, output, mbedtls_md_get_size(md_info) ); From 97c53c28670cc849b29b09656aa8d71ddc0ab480 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 13 Jul 2016 17:20:22 +0100 Subject: [PATCH 017/272] Add coverage testing of mbedtls_md_clone() (and wraps) +13 functions, +57 lines --- tests/suites/test_suite_md.function | 30 +++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index e8fec2826a80..6c34984c2af7 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -190,9 +190,10 @@ void md_text_multi( char *text_md_name, char *text_src_string, int halfway, len; const mbedtls_md_info_t *md_info = NULL; - mbedtls_md_context_t ctx; + mbedtls_md_context_t ctx, ctx_copy; mbedtls_md_init( &ctx ); + mbedtls_md_init( &ctx_copy ); memset(md_name, 0x00, 100); memset(src_str, 0x00, 1000); @@ -207,15 +208,25 @@ void md_text_multi( char *text_md_name, char *text_src_string, md_info = mbedtls_md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); + TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) ); TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_clone( &ctx_copy, &ctx ) ); + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); + /* Test clone */ + memset(hash_str, 0x00, 1000); + memset(output, 0x00, 100); + + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); + hexify( hash_str, output, mbedtls_md_get_size(md_info) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); exit: @@ -233,9 +244,10 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, unsigned char output[100]; int src_len, halfway; const mbedtls_md_info_t *md_info = NULL; - mbedtls_md_context_t ctx; + mbedtls_md_context_t ctx, ctx_copy; mbedtls_md_init( &ctx ); + mbedtls_md_init( &ctx_copy ); memset(md_name, 0x00, 100); memset(src_str, 0x00, 10000); @@ -246,6 +258,7 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, md_info = mbedtls_md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); + TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) ); src_len = unhexify( src_str, hex_src_string ); halfway = src_len / 2; @@ -253,11 +266,20 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_clone( &ctx_copy, &ctx ) ); + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, src_len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); + /* Test clone */ + memset(hash_str, 0x00, 10000); + memset(output, 0x00, 100); + + TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, src_len - halfway ) ); + TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); + hexify( hash_str, output, mbedtls_md_get_size(md_info) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); exit: From 7eb1243fb4066222783b38ae0e3f86096a2facf4 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 10:27:08 +0100 Subject: [PATCH 018/272] Add check for lengths over 65535 in mbedtls_asn1_write_len() --- include/mbedtls/asn1write.h | 2 ++ library/asn1write.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 73ff32b66990..4d2917ee9ada 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -40,6 +40,8 @@ extern "C" { * \param start start of the buffer (for bounds-checking) * \param len the length to write * + * \note lengths over 65535 are not supported at the moment + * * \return the length written or a negative error code */ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); diff --git a/library/asn1write.c b/library/asn1write.c index 027c858e7a9b..ef35ee438163 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -41,6 +41,11 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) { + // We don't support lengths over 65535 for now + // + if( len > 0xFFFF ) + return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if( len < 0x80 ) { if( *p - start < 1 ) @@ -63,8 +68,6 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len if( *p - start < 3 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - // We assume we never have lengths larger than 65535 bytes - // *--(*p) = len % 256; *--(*p) = ( len / 256 ) % 256; *--(*p) = 0x82; From e325db9055fa92c375b286448e5a864a669ae62c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 10:27:36 +0100 Subject: [PATCH 019/272] Add explicit test coverage for mbedtls_asn1_write_len() --- tests/suites/test_suite_asn1write.data | 21 +++++++++++++ tests/suites/test_suite_asn1write.function | 36 ++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data index 61934f556814..0c4074ed3b00 100644 --- a/tests/suites/test_suite_asn1write.data +++ b/tests/suites/test_suite_asn1write.data @@ -48,3 +48,24 @@ mbedtls_asn1_write_ia5_string:"ABC":"":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ASN.1 Write IA5 String #5 (Buffer too small for string) mbedtls_asn1_write_ia5_string:"ABC":"":2:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ASN.1 Write / Read Length #0 (Len = 0, short form) +mbedtls_asn1_write_len:0:"00":1 + +ASN.1 Write / Read Length #1 (Len = 127, short form) +mbedtls_asn1_write_len:127:"7F":1 + +ASN.1 Write / Read Length #2 (Len = 128, long form) +mbedtls_asn1_write_len:128:"8180":2 + +ASN.1 Write / Read Length #3 (Len = 255, long form) +mbedtls_asn1_write_len:255:"81FF":2 + +ASN.1 Write / Read Length #4 (Len = 256, long form) +mbedtls_asn1_write_len:256:"820100":3 + +ASN.1 Write / Read Length #5 (Len = 65535, max supported length) +mbedtls_asn1_write_len:65535:"82FFFF":3 + +ASN.1 Write / Read Length #6 (Len = 65536, not supported) +mbedtls_asn1_write_len:65536:"":MBEDTLS_ERR_ASN1_INVALID_LENGTH diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index a15c8216dced..160190f65685 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -82,3 +82,39 @@ void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1, } } /* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_asn1_write_len( int len, char *check_str, int result ) +{ + int ret; + unsigned char buf[150]; + unsigned char asn1[150]; + unsigned char *p; + size_t asn1_len, i; + + memset( buf, GUARD_VAL, sizeof( buf ) ); + memset( asn1, 0, sizeof( asn1 ) ); + asn1_len = unhexify( asn1, check_str ); + + p = buf + GUARD_LEN + asn1_len; + + ret = mbedtls_asn1_write_len( &p, buf + GUARD_LEN, (size_t) len ); + + TEST_ASSERT( ret == result ); + + /* Check for buffer overwrite on both sides */ + for( i = 0; i < GUARD_LEN; i++ ) + { + TEST_ASSERT( buf[i] == GUARD_VAL ); + TEST_ASSERT( buf[GUARD_LEN + asn1_len + i] == GUARD_VAL ); + } + + if( result >= 0 ) + { + TEST_ASSERT( (size_t) ret == asn1_len ); + TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + asn1_len ); + + TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 ); + } +} +/* END_CASE */ From 58bfb83bb0c639b56164b3cac56dd263c26499a5 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 11:02:31 +0100 Subject: [PATCH 020/272] Add buffer length tests for mbedtls_asn1_write_len() --- tests/suites/test_suite_asn1write.data | 33 ++++++++++++++-------- tests/suites/test_suite_asn1write.function | 9 +++--- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data index 0c4074ed3b00..3518ed945027 100644 --- a/tests/suites/test_suite_asn1write.data +++ b/tests/suites/test_suite_asn1write.data @@ -50,22 +50,31 @@ ASN.1 Write IA5 String #5 (Buffer too small for string) mbedtls_asn1_write_ia5_string:"ABC":"":2:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ASN.1 Write / Read Length #0 (Len = 0, short form) -mbedtls_asn1_write_len:0:"00":1 +mbedtls_asn1_write_len:0:"00":1:1 ASN.1 Write / Read Length #1 (Len = 127, short form) -mbedtls_asn1_write_len:127:"7F":1 +mbedtls_asn1_write_len:127:"7F":1:1 -ASN.1 Write / Read Length #2 (Len = 128, long form) -mbedtls_asn1_write_len:128:"8180":2 +ASN.1 Write / Read Length #2 (Len = 127, buffer too small) +mbedtls_asn1_write_len:127:"7F":0:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -ASN.1 Write / Read Length #3 (Len = 255, long form) -mbedtls_asn1_write_len:255:"81FF":2 +ASN.1 Write / Read Length #3 (Len = 128, long form) +mbedtls_asn1_write_len:128:"8180":2:2 -ASN.1 Write / Read Length #4 (Len = 256, long form) -mbedtls_asn1_write_len:256:"820100":3 +ASN.1 Write / Read Length #4 (Len = 255, long form) +mbedtls_asn1_write_len:255:"81FF":2:2 -ASN.1 Write / Read Length #5 (Len = 65535, max supported length) -mbedtls_asn1_write_len:65535:"82FFFF":3 +ASN.1 Write / Read Length #5 (Len = 255, buffer too small) +mbedtls_asn1_write_len:255:"81FF":1:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -ASN.1 Write / Read Length #6 (Len = 65536, not supported) -mbedtls_asn1_write_len:65536:"":MBEDTLS_ERR_ASN1_INVALID_LENGTH +ASN.1 Write / Read Length #6 (Len = 256, long form) +mbedtls_asn1_write_len:256:"820100":3:3 + +ASN.1 Write / Read Length #7 (Len = 65535, max supported length) +mbedtls_asn1_write_len:65535:"82FFFF":3:3 + +ASN.1 Write / Read Length #8 (Len = 65535, buffer too small) +mbedtls_asn1_write_len:65535:"82FFFF":2:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ASN.1 Write / Read Length #9 (Len = 65536, not supported) +mbedtls_asn1_write_len:65536:"":0:MBEDTLS_ERR_ASN1_INVALID_LENGTH diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index 160190f65685..ba4db88d67fb 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -84,7 +84,8 @@ void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1, /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_asn1_write_len( int len, char *check_str, int result ) +void mbedtls_asn1_write_len( int len, char *check_str, int buf_len, + int result ) { int ret; unsigned char buf[150]; @@ -96,7 +97,7 @@ void mbedtls_asn1_write_len( int len, char *check_str, int result ) memset( asn1, 0, sizeof( asn1 ) ); asn1_len = unhexify( asn1, check_str ); - p = buf + GUARD_LEN + asn1_len; + p = buf + GUARD_LEN + buf_len; ret = mbedtls_asn1_write_len( &p, buf + GUARD_LEN, (size_t) len ); @@ -106,13 +107,13 @@ void mbedtls_asn1_write_len( int len, char *check_str, int result ) for( i = 0; i < GUARD_LEN; i++ ) { TEST_ASSERT( buf[i] == GUARD_VAL ); - TEST_ASSERT( buf[GUARD_LEN + asn1_len + i] == GUARD_VAL ); + TEST_ASSERT( buf[GUARD_LEN + buf_len + i] == GUARD_VAL ); } if( result >= 0 ) { TEST_ASSERT( (size_t) ret == asn1_len ); - TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + asn1_len ); + TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len ); TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 ); } From 5e8b77cd8c546520323488eca16969ab85b09176 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 11:14:54 +0100 Subject: [PATCH 021/272] Test result of mbedtls_asn1_write_len() through mbedtls_asn1_get_len() --- tests/suites/test_suite_asn1write.function | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index ba4db88d67fb..fc5fd8a2ebba 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -91,7 +91,7 @@ void mbedtls_asn1_write_len( int len, char *check_str, int buf_len, unsigned char buf[150]; unsigned char asn1[150]; unsigned char *p; - size_t asn1_len, i; + size_t asn1_len, i, read_len; memset( buf, GUARD_VAL, sizeof( buf ) ); memset( asn1, 0, sizeof( asn1 ) ); @@ -116,6 +116,23 @@ void mbedtls_asn1_write_len( int len, char *check_str, int buf_len, TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len ); TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 ); + + /* Read back with mbedtls_asn1_get_len() to check */ + ret = mbedtls_asn1_get_len( &p, buf + GUARD_LEN + buf_len, &read_len ); + + if( len == 0 ) + { + TEST_ASSERT( ret == 0 ); + } + else + { + /* Return will be MBEDTLS_ERR_ASN1_OUT_OF_DATA because the rest of + * the buffer is missing + */ + TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + } + TEST_ASSERT( read_len == (size_t) len ); + TEST_ASSERT( p == buf + GUARD_LEN + buf_len ); } } /* END_CASE */ From c7d6bd4b5f4a5c7652e32d836dc898d169c1f399 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 11:39:56 +0100 Subject: [PATCH 022/272] Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths As a consequence also adds coverage for reading 3 and 4 byte lengths (which were not covered before) --- include/mbedtls/asn1write.h | 2 -- library/asn1write.c | 46 ++++++++++++++++++++------ tests/suites/test_suite_asn1write.data | 22 +++++++++--- 3 files changed, 52 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 4d2917ee9ada..73ff32b66990 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -40,8 +40,6 @@ extern "C" { * \param start start of the buffer (for bounds-checking) * \param len the length to write * - * \note lengths over 65535 are not supported at the moment - * * \return the length written or a negative error code */ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); diff --git a/library/asn1write.c b/library/asn1write.c index ef35ee438163..69b61b205f13 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -41,11 +41,6 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) { - // We don't support lengths over 65535 for now - // - if( len > 0xFFFF ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); - if( len < 0x80 ) { if( *p - start < 1 ) @@ -65,14 +60,43 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len return( 2 ); } - if( *p - start < 3 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if( len <= 0xFFFF ) + { + if( *p - start < 3 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + + *--(*p) = ( len ) & 0xFF; + *--(*p) = ( len >> 8 ) & 0xFF; + *--(*p) = 0x82; + return( 3 ); + } + + if( len <= 0xFFFFFF ) + { + if( *p - start < 4 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + + *--(*p) = ( len ) & 0xFF; + *--(*p) = ( len >> 8 ) & 0xFF; + *--(*p) = ( len >> 16 ) & 0xFF; + *--(*p) = 0x83; + return( 4 ); + } - *--(*p) = len % 256; - *--(*p) = ( len / 256 ) % 256; - *--(*p) = 0x82; + if( len <= 0xFFFFFFFF ) + { + if( *p - start < 5 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + + *--(*p) = ( len ) & 0xFF; + *--(*p) = ( len >> 8 ) & 0xFF; + *--(*p) = ( len >> 16 ) & 0xFF; + *--(*p) = ( len >> 24 ) & 0xFF; + *--(*p) = 0x84; + return( 5 ); + } - return( 3 ); + return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); } int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data index 3518ed945027..c2a78b1afd42 100644 --- a/tests/suites/test_suite_asn1write.data +++ b/tests/suites/test_suite_asn1write.data @@ -67,14 +67,26 @@ mbedtls_asn1_write_len:255:"81FF":2:2 ASN.1 Write / Read Length #5 (Len = 255, buffer too small) mbedtls_asn1_write_len:255:"81FF":1:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -ASN.1 Write / Read Length #6 (Len = 256, long form) -mbedtls_asn1_write_len:256:"820100":3:3 +ASN.1 Write / Read Length #6 (Len = 258, byte order) +mbedtls_asn1_write_len:258:"820102":3:3 -ASN.1 Write / Read Length #7 (Len = 65535, max supported length) +ASN.1 Write / Read Length #7 (Len = 65535, long form) mbedtls_asn1_write_len:65535:"82FFFF":3:3 ASN.1 Write / Read Length #8 (Len = 65535, buffer too small) mbedtls_asn1_write_len:65535:"82FFFF":2:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -ASN.1 Write / Read Length #9 (Len = 65536, not supported) -mbedtls_asn1_write_len:65536:"":0:MBEDTLS_ERR_ASN1_INVALID_LENGTH +ASN.1 Write / Read Length #9 (Len = 66051, byte order) +mbedtls_asn1_write_len:66051:"83010203":4:4 + +ASN.1 Write / Read Length #10 (Len = 16777215, long form) +mbedtls_asn1_write_len:16777215:"83FFFFFF":4:4 + +ASN.1 Write / Read Length #11 (Len = 16777215, buffer too small) +mbedtls_asn1_write_len:16777215:"83FFFFFF":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ASN.1 Write / Read Length #12 (Len = 16909060, byte order) +mbedtls_asn1_write_len:16909060:"8401020304":5:5 + +ASN.1 Write / Read Length #12 (Len = 16909060, buffer too small) +mbedtls_asn1_write_len:16909060:"8401020304":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL From ec5ceb65d6702b0636d09619521a9de9d1be2a4e Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 12:47:07 +0100 Subject: [PATCH 023/272] Test invalid bit value in mbedtls_mpi_set_bit() --- tests/suites/test_suite_mpi.data | 15 +++++++++------ tests/suites/test_suite_mpi.function | 12 ++++++++---- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 3fd7f2d1b65c..fa65b5f2a1c6 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -706,22 +706,25 @@ Test bit getting (Value bit 23) mbedtls_mpi_get_bit:10:"49979687":23:1 Test bit set (Change existing value with a 1) -mbedtls_mpi_set_bit:10:"49979687":24:1:10:"66756903" +mbedtls_mpi_set_bit:10:"49979687":24:1:10:"66756903":0 Test bit set (Change existing value with a 0) -mbedtls_mpi_set_bit:10:"49979687":25:0:10:"16425255" +mbedtls_mpi_set_bit:10:"49979687":25:0:10:"16425255":0 Test bit set (Add above existing limbs with a 0) -mbedtls_mpi_set_bit:10:"49979687":80:0:10:"49979687" +mbedtls_mpi_set_bit:10:"49979687":80:0:10:"49979687":0 Test bit set (Add above existing limbs with a 1) -mbedtls_mpi_set_bit:10:"49979687":80:1:10:"1208925819614629224685863" +mbedtls_mpi_set_bit:10:"49979687":80:1:10:"1208925819614629224685863":0 Test bit set (Bit index larger than 31 with a 0) -mbedtls_mpi_set_bit:16:"FFFFFFFFFFFFFFFF":32:0:16:"FFFFFFFEFFFFFFFF" +mbedtls_mpi_set_bit:16:"FFFFFFFFFFFFFFFF":32:0:16:"FFFFFFFEFFFFFFFF":0 Test bit set (Bit index larger than 31 with a 1) -mbedtls_mpi_set_bit:16:"00":32:1:16:"0100000000" +mbedtls_mpi_set_bit:16:"00":32:1:16:"0100000000":0 + +Test bit set (Invalid bit value) +mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA MPI Selftest depends_on:MBEDTLS_SELF_TEST diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c41ca69375ae..e5d0850f194d 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -189,16 +189,20 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_set_bit( int radix_X, char *input_X, int pos, int val, int radix_Y, - char *output_Y ) +void mbedtls_mpi_set_bit( int radix_X, char *input_X, int pos, int val, + int radix_Y, char *output_Y, int result ) { mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, output_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); + TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result ); + + if( result == 0 ) + { + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); + } exit: mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); From 185ccf7070f4d4d555eba161d30332dde3b61a28 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 13:21:10 +0100 Subject: [PATCH 024/272] Add coverage for CTR-DRBG corner case function behaviours --- tests/suites/test_suite_ctr_drbg.data | 3 +++ tests/suites/test_suite_ctr_drbg.function | 28 +++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 5c69d20cba7e..666165851e49 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -727,6 +727,9 @@ ctr_drbg_seed_file:"data_files/ctr_drbg_seed":0 CTR_DRBG write/update seed file ctr_drbg_seed_file:"no_such_dir/file":MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR +CTR_DRBG Special Behaviours +ctr_drbg_special_behaviours: + CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index b7d2bece9d59..3c7873b3182a 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -16,6 +16,34 @@ int mbedtls_entropy_func( void *data, unsigned char *buf, size_t len ) * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void ctr_drbg_special_behaviours( ) +{ + mbedtls_ctr_drbg_context ctx; + unsigned char output[512]; + unsigned char additional[512]; + + mbedtls_ctr_drbg_init( &ctx ); + memset( output, 0, sizeof( output ) ); + memset( additional, 0, sizeof( additional ) ); + + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, + output, MBEDTLS_CTR_DRBG_MAX_REQUEST + 1, + additional, 16 ) == + MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG ); + TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, + output, 16, + additional, MBEDTLS_CTR_DRBG_MAX_INPUT + 1 ) == + MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + + TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional, + MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) == + MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); +exit: + mbedtls_ctr_drbg_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string, char *add1_string, char *add2_string, From 6a9c725652ca796689073eab6362d3f4bb5d98b6 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 13:46:10 +0100 Subject: [PATCH 025/272] Add Cipher layer corner case test coverage --- tests/suites/test_suite_cipher.aes.data | 3 ++ tests/suites/test_suite_cipher.function | 38 +++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 9c21cfcc5960..9b39bc9a8aab 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1097,3 +1097,6 @@ test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"00000000000000000000000 AES-256-ECB Decrypt NIST KAT #12 depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 + +Cipher Corner Case behaviours +cipher_special_behaviours: diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 967a6a0a1c66..107352438318 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -91,6 +91,44 @@ void cipher_null_args( ) } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ +void cipher_special_behaviours( ) +{ + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx; + unsigned char input[32]; + unsigned char output[32]; + unsigned char iv[32]; + size_t olen = 0; + + mbedtls_cipher_init( &ctx ); + memset( input, 0, sizeof( input ) ); + memset( output, 0, sizeof( output ) ); + memset( iv, 0, sizeof( iv ) ); + + /* Check and get info structures */ + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + TEST_ASSERT( NULL != cipher_info ); + + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); + + /* IV too big */ + TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 ) + == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + + /* IV too small */ + TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 ) + == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + /* Update ECB with partial block */ + TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen ) + == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + +exit: + mbedtls_cipher_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len, int length_val, int pad_mode ) From 217efbcb4b9485703b0a550ca85f8475dd903887 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 14:30:03 +0100 Subject: [PATCH 026/272] Allow compilation without MBEDTLS_SELF_TEST enabled --- library/entropy.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index 45c894b1df6d..8040638d0c01 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -42,6 +42,10 @@ #include #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#include "mbedtls/platform.h" +#endif + #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" From 70940caeebf71707e70fd8a031c1fcb5f0f9d23c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 14:30:45 +0100 Subject: [PATCH 027/272] Allow compilation without MBEDTLS_SELF_TEST enabled --- programs/test/selftest.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6923453251bd..89c66169e584 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -106,8 +106,8 @@ static int run_test_snprintf( void ) * self-test. If this fails, we attempt the test anyway, so no error is passed * back. */ -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && \ - !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) static void create_entropy_seed_file( void ) { int result; @@ -138,7 +138,7 @@ static void create_entropy_seed_file( void ) int main( int argc, char *argv[] ) { int v, suites_tested = 0, suites_failed = 0; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; #endif void *pointer; @@ -396,10 +396,6 @@ int main( int argc, char *argv[] ) suites_tested++; #endif -#else - mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" ); -#endif - if( v != 0 ) { #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) @@ -416,6 +412,10 @@ int main( int argc, char *argv[] ) suites_tested++; #endif +#else + mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" ); +#endif + if( v != 0 ) { mbedtls_printf( " Executed %d test suites\n\n", suites_tested ); From 5c57e02b1d0d95a6253397b8216f941a877aa743 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 19 Jul 2016 13:31:41 +0100 Subject: [PATCH 028/272] Fix style issues in test_suite_md.function --- tests/suites/test_suite_md.function | 106 ++++++++++++++-------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 6c34984c2af7..5c453e48ec2b 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -134,18 +134,18 @@ void md_text( char *text_md_name, char *text_src_string, char *hex_hash_string ) unsigned char output[100]; const mbedtls_md_info_t *md_info = NULL; - memset(md_name, 0x00, 100); - memset(src_str, 0x00, 1000); - memset(hash_str, 0x00, 1000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( src_str, 0x00, 1000 ); + memset( hash_str, 0x00, 1000 ); + memset( output, 0x00, 100 ); - strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); + strncpy( (char *) src_str, text_src_string, sizeof( src_str ) - 1 ); + strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); } @@ -161,19 +161,19 @@ void md_hex( char *text_md_name, char *hex_src_string, char *hex_hash_string ) int src_len; const mbedtls_md_info_t *md_info = NULL; - memset(md_name, 0x00, 100); - memset(src_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( src_str, 0x00, 10000 ); + memset( hash_str, 0x00, 10000 ); + memset( output, 0x00, 100 ); - strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); - md_info = mbedtls_md_info_from_string(md_name); + strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); + md_info = mbedtls_md_info_from_string( md_name ); TEST_ASSERT( md_info != NULL ); src_len = unhexify( src_str, hex_src_string ); TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, src_len, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); } @@ -195,10 +195,10 @@ void md_text_multi( char *text_md_name, char *text_src_string, mbedtls_md_init( &ctx ); mbedtls_md_init( &ctx_copy ); - memset(md_name, 0x00, 100); - memset(src_str, 0x00, 1000); - memset(hash_str, 0x00, 1000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( src_str, 0x00, 1000 ); + memset( hash_str, 0x00, 1000 ); + memset( output, 0x00, 100 ); strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); @@ -217,16 +217,16 @@ void md_text_multi( char *text_md_name, char *text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); /* Test clone */ - memset(hash_str, 0x00, 1000); - memset(output, 0x00, 100); + memset( hash_str, 0x00, 1000 ); + memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); exit: @@ -249,12 +249,12 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, mbedtls_md_init( &ctx ); mbedtls_md_init( &ctx_copy ); - memset(md_name, 0x00, 100); - memset(src_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( src_str, 0x00, 10000 ); + memset( hash_str, 0x00, 10000 ); + memset( output, 0x00, 100 ); - strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); + strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); @@ -270,16 +270,16 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, src_len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); /* Test clone */ - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 100); + memset( hash_str, 0x00, 10000 ); + memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, src_len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); exit: @@ -299,13 +299,13 @@ void mbedtls_md_hmac( char *text_md_name, int trunc_size, char *hex_key_string, int key_len, src_len; const mbedtls_md_info_t *md_info = NULL; - memset(md_name, 0x00, 100); - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( src_str, 0x00, 10000 ); + memset( key_str, 0x00, 10000 ); + memset( hash_str, 0x00, 10000 ); + memset( output, 0x00, 100 ); - strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); + strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); TEST_ASSERT( md_info != NULL ); @@ -313,7 +313,7 @@ void mbedtls_md_hmac( char *text_md_name, int trunc_size, char *hex_key_string, src_len = unhexify( src_str, hex_src_string ); TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str, key_len, src_str, src_len, output ) == 0 ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } @@ -334,13 +334,13 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, mbedtls_md_init( &ctx ); - memset(md_name, 0x00, 100); - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( src_str, 0x00, 10000 ); + memset( key_str, 0x00, 10000 ); + memset( hash_str, 0x00, 10000 ); + memset( output, 0x00, 100 ); - strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); + strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); TEST_ASSERT( md_info != NULL ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) ); @@ -355,19 +355,19 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); /* Test again, for reset() */ - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 100); + memset( hash_str, 0x00, 10000 ); + memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_hmac_reset( &ctx ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); exit: @@ -383,16 +383,16 @@ void mbedtls_md_file( char *text_md_name, char *filename, char *hex_hash_string unsigned char output[100]; const mbedtls_md_info_t *md_info = NULL; - memset(md_name, 0x00, 100); - memset(hash_str, 0x00, 1000); - memset(output, 0x00, 100); + memset( md_name, 0x00, 100 ); + memset( hash_str, 0x00, 1000 ); + memset( output, 0x00, 100 ); - strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); + strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); TEST_ASSERT( md_info != NULL ); TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - hexify( hash_str, output, mbedtls_md_get_size(md_info) ); + hexify( hash_str, output, mbedtls_md_get_size( md_info ) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); } From 80cd4449783e7a52b88743a93ce7a3817eb9ae45 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 25 Aug 2016 15:40:03 +0100 Subject: [PATCH 029/272] Adds missing dependency to AES special case tests Added MBEDTLS_AES_C to the AES cipher special behaviours test case. --- tests/suites/test_suite_cipher.aes.data | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 9b39bc9a8aab..4a878ecc8c73 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1099,4 +1099,5 @@ depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 Cipher Corner Case behaviours +depends_on:MBEDTLS_AES_C cipher_special_behaviours: From 4400ecc9fb47f1ccf11b8c42614886d3ab79d4ff Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 19 Jul 2016 14:41:43 +0100 Subject: [PATCH 030/272] Fix output of PKCS#5 and RIPEMD-160 self tests --- library/pkcs5.c | 3 ++- library/ripemd160.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/library/pkcs5.c b/library/pkcs5.c index 44af9869b119..e28d5a847359 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -391,7 +391,8 @@ int mbedtls_pkcs5_self_test( int verbose ) mbedtls_printf( "passed\n" ); } - mbedtls_printf( "\n" ); + if( verbose != 0 ) + mbedtls_printf( "\n" ); exit: mbedtls_md_free( &sha1_ctx ); diff --git a/library/ripemd160.c b/library/ripemd160.c index a55cc3eb417c..cdb0a63c0fd4 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -456,6 +456,9 @@ int mbedtls_ripemd160_self_test( int verbose ) mbedtls_printf( "passed\n" ); } + if( verbose != 0 ) + mbedtls_printf( "\n" ); + return( 0 ); } From 81c60910e1303684ab6a982fd421a0786b719eb7 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 19 Jul 2016 14:54:57 +0100 Subject: [PATCH 031/272] Run PKCS#5 selftest in test suites --- tests/suites/test_suite_pkcs5.data | 3 +++ tests/suites/test_suite_pkcs5.function | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 7c989d62c355..e609d62b41ce 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -121,3 +121,6 @@ mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A PBES2 Decrypt (bad iter value) depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" + +PKCS#5 Selftest +pkcs5_selftest: diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index ab53326d4385..b1f796e0992f 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -78,3 +78,10 @@ exit: mbedtls_free( my_out ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +void pkcs5_selftest( ) +{ + TEST_ASSERT( mbedtls_pkcs5_self_test( 0 ) == 0 ); +} +/* END_CASE */ From 50157ff5abc60ba75b9048384606839523b5ca77 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 19 Jul 2016 14:57:00 +0100 Subject: [PATCH 032/272] Add new timing test suite that runs the timing self test --- tests/CMakeLists.txt | 1 + tests/Makefile | 6 +++++- tests/suites/test_suite_timing.data | 2 ++ tests/suites/test_suite_timing.function | 15 +++++++++++++++ 4 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 tests/suites/test_suite_timing.data create mode 100644 tests/suites/test_suite_timing.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a004a3db372d..13659de0fa04 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -95,6 +95,7 @@ add_test_suite(pkparse) add_test_suite(pkwrite) add_test_suite(shax) add_test_suite(ssl) +add_test_suite(timing) add_test_suite(rsa) add_test_suite(version) add_test_suite(xtea) diff --git a/tests/Makefile b/tests/Makefile index 58c404e5d5e2..4fe75a89c7e5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -81,7 +81,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \ test_suite_pk$(EXEXT) \ test_suite_rsa$(EXEXT) test_suite_shax$(EXEXT) \ - test_suite_ssl$(EXEXT) \ + test_suite_ssl$(EXEXT) test_suite_timing$(EXEXT) \ test_suite_x509parse$(EXEXT) test_suite_x509write$(EXEXT) \ test_suite_xtea$(EXEXT) test_suite_version$(EXEXT) @@ -412,6 +412,10 @@ test_suite_ssl$(EXEXT): test_suite_ssl.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_timing$(EXEXT): test_suite_timing.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test_suite_x509parse$(EXEXT): test_suite_x509parse.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data new file mode 100644 index 000000000000..3ba79a476066 --- /dev/null +++ b/tests/suites/test_suite_timing.data @@ -0,0 +1,2 @@ +Timing selftest +timing_selftest: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function new file mode 100644 index 000000000000..74f711c7d845 --- /dev/null +++ b/tests/suites/test_suite_timing.function @@ -0,0 +1,15 @@ +/* BEGIN_HEADER */ +#include "mbedtls/timing.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_TIMING_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +void timing_selftest() +{ + TEST_ASSERT( mbedtls_timing_self_test( 0 ) == 0 ); +} +/* END_CASE */ From 03091e1e6a0cb4547efc9ecbfd5c0341360860a6 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 19 Jul 2016 14:57:16 +0100 Subject: [PATCH 033/272] Remove stale Makefile lines for old test suite --- tests/Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 4fe75a89c7e5..b86702c34511 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -368,10 +368,6 @@ test_suite_mpi$(EXEXT): test_suite_mpi.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test_suite_pbkdf2$(EXEXT): test_suite_pbkdf2.c $(DEP) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - test_suite_pem$(EXEXT): test_suite_pem.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 4b8bc5228a8511109fd3350a9239c7a2db6585e8 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 20 Jul 2016 09:52:01 +0100 Subject: [PATCH 034/272] Removed running selftest program from basic-build-test.sh All self tests are run in the unit test framework as well. --- tests/scripts/basic-build-test.sh | 57 ++++++++----------------------- 1 file changed, 15 insertions(+), 42 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 9b8bd3c823cd..e8b616492824 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -12,8 +12,8 @@ # test report and code coverage report. # # The tests include: -# * Self-tests - executed using program/test/selftest # * Unit tests - executed using tests/scripts/run-test-suite.pl +# * Self-tests - executed using the test suites above # * System tests - executed using tests/ssl-opt.sh # * Interoperability tests - executed using tests/compat.sh # @@ -21,7 +21,7 @@ # # Note the tests self-adapt due to configurations in include/mbedtls/config.h # which can lead to some tests being skipped, and can cause the number of -# available self-tests to fluctuate. +# available tests to fluctuate. # # This script has been written to be generic and should work on any shell. # @@ -56,19 +56,15 @@ make -j TEST_OUTPUT=out_${PPID} cd tests -# Step 2a - Self-tests -../programs/test/selftest |tee self-test-$TEST_OUTPUT -echo - -# Step 2b - Unit Tests +# Step 2a - Unit Tests perl scripts/run-test-suites.pl -v |tee unit-test-$TEST_OUTPUT echo -# Step 2c - System Tests +# Step 2b - System Tests sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT echo -# Step 2d - Compatibility tests +# Step 2c - Compatibility tests sh compat.sh |tee compat-test-$TEST_OUTPUT echo @@ -85,28 +81,7 @@ echo cd tests -# Step 4a - Self-tests -echo "Self tests - ./programs/test/selftest" - -PASSED_TESTS=$(grep 'passed' self-test-$TEST_OUTPUT |wc -l) -FAILED_TESTS=$(grep 'failed' self-test-$TEST_OUTPUT |wc -l) -AVAIL_TESTS=$(($PASSED_TESTS + $FAILED_TESTS)) -EXED_TESTS=$(($PASSED_TESTS + $FAILED_TESTS)) - -echo "Passed : $PASSED_TESTS" -echo "Failed : $FAILED_TESTS" -echo "Skipped : n/a" -echo "Total tests : $AVAIL_TESTS" -echo - -TOTAL_PASS=$PASSED_TESTS -TOTAL_FAIL=$FAILED_TESTS -TOTAL_SKIP=0 -TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS)) -TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS)) - - -# Step 4b - Unit tests +# Step 4a - Unit tests echo "Unit tests - tests/scripts/run-test-suites.pl" PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ') @@ -122,14 +97,13 @@ echo "Total exec'd tests : $(($PASSED_TESTS + $FAILED_TESTS))" echo "Total avail tests : $(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))" echo -TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) -TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) -TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) -TOTAL_AVAIL=$(($TOTAL_AVAIL + $PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) -TOTAL_EXED=$(($TOTAL_EXED + $PASSED_TESTS + $FAILED_TESTS)) - +TOTAL_PASS=$PASSED_TESTS +TOTAL_FAIL=$FAILED_TESTS +TOTAL_SKIP=$SKIPPED_TESTS +TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) +TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS)) -# Step 4c - TLS Options tests +# Step 4b - TLS Options tests echo "TLS Options tests - tests/ssl-opt.sh" PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') @@ -151,7 +125,7 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) -# Step 4d - System Compatibility tests +# Step 4c - System Compatibility tests echo "System/Compatibility tests - tests/compat.sh" PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') @@ -173,7 +147,7 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS)) -# Step 4e - Grand totals +# Step 4d - Grand totals echo "-------------------------------------------------------------------------" echo "Total tests" @@ -185,7 +159,7 @@ echo "Total avail tests : $TOTAL_AVAIL" echo -# Step 4f - Coverage +# Step 4e - Coverage echo "Coverage" LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') @@ -204,7 +178,6 @@ echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%" echo -rm self-test-$TEST_OUTPUT rm unit-test-$TEST_OUTPUT rm sys-test-$TEST_OUTPUT rm compat-test-$TEST_OUTPUT From 7aa5fa1e90c1ca7038ef60591637e5267e282749 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 25 Aug 2016 16:36:16 +0100 Subject: [PATCH 035/272] Fix main Makefile to allow parallel builds Modify the main Makefile so that post_build target is not started in parallel with tests and programs recipe. --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 39fc342bfc69..d2fa6b81fc45 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,8 @@ PREFIX=mbedtls_ .PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean -all: programs tests post_build +all: programs tests + $(MAKE) post_build no_test: programs From 99b257ca19ed796043977b8ea73a9078ef394225 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 26 Aug 2016 17:21:14 +0100 Subject: [PATCH 036/272] Fix memory leak in test_suite_md.function --- tests/suites/test_suite_md.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 5c453e48ec2b..6ac834e1e025 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -231,6 +231,7 @@ void md_text_multi( char *text_md_name, char *text_src_string, exit: mbedtls_md_free( &ctx ); + mbedtls_md_free( &ctx_copy ); } /* END_CASE */ @@ -284,6 +285,7 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, exit: mbedtls_md_free( &ctx ); + mbedtls_md_free( &ctx_copy ); } /* END_CASE */ From 98844ff59f669867666098a026d1a11e33a1492d Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Tue, 30 Aug 2016 01:50:12 -0700 Subject: [PATCH 037/272] Fix minor typo in comments (#531) --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9c8645df6937..35185dfda1ac 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -99,7 +99,7 @@ typedef struct mbedtls_mpi Vf; /*!< cached un-blinding value */ int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - RSA_PKCS_v21 for OAEP/PSS */ + MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ int hash_id; /*!< Hash identifier of mbedtls_md_type_t as specified in the mbedtls_md.h header file for the EME-OAEP and EMSA-PSS From 0e7d38739f4869fdf2e35f52acacb42dcd3faba6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 30 Aug 2016 14:25:24 +0100 Subject: [PATCH 038/272] Fix warning on implicit casting in aescrypt.c (#584) --- programs/aes/aescrypt2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 027062499fad..c77d77f5fb8c 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -73,7 +73,7 @@ int main( int argc, char *argv[] ) { int ret = 1; - int i, n; + unsigned int i, n; int mode, lastn; size_t keylen; FILE *fkey, *fin = NULL, *fout = NULL; From b34e42e69e3adc21531d593fc55550a6b9c1fee1 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 22 Aug 2016 11:08:50 +0100 Subject: [PATCH 039/272] Add a new self test to entropy module The self test is a quick way to check at startup whether the entropy sources are functioning correctly. The self test only polls 8 bytes from the default entropy source and performs the following checks: - The bytes are not all 0x00 or 0xFF. - The hardware does not return an error when polled. - The entropy does not provide data in a patter. Only check pattern at byte, word and long word sizes. --- include/mbedtls/entropy.h | 9 +++ library/entropy.c | 88 ++++++++++++++++++++++++ programs/test/selftest.c | 6 ++ tests/suites/test_suite_entropy.function | 3 + 4 files changed, 106 insertions(+) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index fed0494ed15d..fb7f2f4abdf3 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -258,6 +258,15 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * * \return 0 if successful, or 1 if a test failed */ int mbedtls_entropy_self_test( int verbose ); + +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if a test failed + */ +int mbedtls_entropy_self_test_bias( int verbose ); +#endif /* !MBEDTLS_TEST_NULL_ENTROPY && MBEDTLS_ENTROPY_HARDWARE_ALT */ #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/library/entropy.c b/library/entropy.c index 8040638d0c01..e09c24c790ce 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -470,6 +470,94 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) + +#define MBEDTLS_SELF_TEST_BIAS_PATTERN( buf_len, type ) \ + { \ + size_t i; \ + int has_pat = 1; \ + for( i = 0; i < buf_len; i += sizeof( type ) ) \ + { \ + has_pat &= memcmp( buf, buf + i, sizeof( type ) ) == 0; \ + } \ + if( ( ret = has_pat ) != 0 ) \ + goto cleanup; \ + } while( 0 ) \ + +/* + * A quick test to ensure hat the entropy sources are functioning correctly + * and there is no obvious bias. The test performs the following checks: + * - The entropy source is not providing only 0s (all bits unset) or 1s (all + * bits set). + * - The entropy source is not providing values in a pattern. Because the + * hardware could be providing data in an arbitrary length, this check is + * only perform for bytes, words and long words. + * - The error code returned by the entropy source is not an error. + */ +int mbedtls_entropy_self_test_bias( int verbose ) +{ + int ret = 0; + unsigned char buf[2 * sizeof( unsigned long long int )]; + mbedtls_entropy_context ctx; + size_t entropy_len; + size_t olen; + size_t gather_tries; + + if( verbose != 0 ) + mbedtls_printf( " ENTROPY_BIAS test: " ); + + memset( buf, 0x00, sizeof( buf ) ); + + mbedtls_entropy_init( &ctx ); + + /* The hardware entropy source could return less than the amount of + * bytes we requested, so we poll the source as many times as there are + * bytes */ + gather_tries = sizeof( buf ); + entropy_len = 0; + while( gather_tries > 0 && entropy_len < sizeof( buf ) ) + { + if( ( ret = mbedtls_hardware_poll( &ctx, buf + entropy_len, + sizeof( buf ) - entropy_len, &olen ) ) != 0 ) + goto cleanup; + + entropy_len += olen; + gather_tries--; + } + + if( entropy_len < sizeof( buf ) ) + { + /* We still do not have enough entropy: fail */ + ret = 1; + goto cleanup; + } + + /* Make sure that the entropy source is not returning values in a + * pattern */ + /* Byte */ + MBEDTLS_SELF_TEST_BIAS_PATTERN( 2 * sizeof( unsigned long long int ), unsigned char ); + /* Word */ + MBEDTLS_SELF_TEST_BIAS_PATTERN( 2 * sizeof( unsigned long long int ), unsigned long ); + /* Long word */ + MBEDTLS_SELF_TEST_BIAS_PATTERN( 2 * sizeof( unsigned long long int ), unsigned long long int ); + +cleanup: + mbedtls_entropy_free( &ctx ); + + if( verbose != 0 ) + { + if( ret != 0 ) + mbedtls_printf( "failed\n" ); + else + mbedtls_printf( "passed\n" ); + + mbedtls_printf( "\n" ); + } + + return( ret != 0 ); +} +#endif /* !MBEDTLS_TEST_NULL_ENTROPY && MBEDTLS_ENTROPY_HARDWARE_ALT */ + /* * The actual entropy quality is hard to test, but we can at least * test that the functions don't cause errors and write the correct diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 89c66169e584..62fa5fb952d0 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -375,6 +375,12 @@ int main( int argc, char *argv[] ) { suites_failed++; } +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) + if( mbedtls_entropy_self_test_bias( v ) != 0) + { + suites_failed++; + } +#endif suites_tested++; #endif diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index d1ef94b6ed3b..c81f279cbbb9 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -381,5 +381,8 @@ void entropy_nv_seed( char *read_seed_str ) void entropy_selftest( ) { TEST_ASSERT( mbedtls_entropy_self_test( 0 ) == 0 ); +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) + TEST_ASSERT( mbedtls_entropy_self_test_bias( 0 ) == 0 ); +#endif } /* END_CASE */ From e7723ec284f3c23d6113cc37a77adfe7555455f9 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 25 Aug 2016 10:18:50 +0100 Subject: [PATCH 040/272] Make entropy bias self test poll multiple times Instead of polling the hardware entropy source a single time and comparing the output with itself, the source is polled at least twice and make sure that the separate outputs are different. --- include/mbedtls/entropy.h | 6 +- library/entropy.c | 123 +++++++++++++---------- programs/test/selftest.c | 6 -- tests/suites/test_suite_entropy.function | 3 - 4 files changed, 72 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index fb7f2f4abdf3..19e8e729458e 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -259,14 +259,14 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * */ int mbedtls_entropy_self_test( int verbose ); -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) /** * \brief Checkup routine * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_entropy_self_test_bias( int verbose ); -#endif /* !MBEDTLS_TEST_NULL_ENTROPY && MBEDTLS_ENTROPY_HARDWARE_ALT */ +int mbedtls_entropy_source_self_test( int verbose ); +#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/library/entropy.c b/library/entropy.c index e09c24c790ce..42ace5533480 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -470,80 +470,89 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - -#define MBEDTLS_SELF_TEST_BIAS_PATTERN( buf_len, type ) \ - { \ - size_t i; \ - int has_pat = 1; \ - for( i = 0; i < buf_len; i += sizeof( type ) ) \ - { \ - has_pat &= memcmp( buf, buf + i, sizeof( type ) ) == 0; \ - } \ - if( ( ret = has_pat ) != 0 ) \ - goto cleanup; \ - } while( 0 ) \ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) + +static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len ) +{ + int ret = 0; + size_t entropy_len = 0; + size_t olen = 0; + size_t attempts = buf_len; + + while( attempts > 0 && entropy_len < buf_len ) + { + if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len, + buf_len - entropy_len, &olen ) ) != 0 ) + return( ret ); + + entropy_len += olen; + attempts--; + } + + if( entropy_len < buf_len ) + { + ret = 1; + } + + return( ret ); +} + + +static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf, + size_t buf_len ) +{ + unsigned char set= 0xFF; + unsigned char unset = 0x00; + size_t i; + + for( i = 0; i < buf_len; i++ ) + { + set &= buf[i]; + unset |= buf[i]; + } + + return( set == 0xFF || unset == 0x00 ); +} /* - * A quick test to ensure hat the entropy sources are functioning correctly - * and there is no obvious bias. The test performs the following checks: + * A test to ensure hat the entropy sources are functioning correctly + * and there is no obvious failure. The test performs the following checks: * - The entropy source is not providing only 0s (all bits unset) or 1s (all * bits set). * - The entropy source is not providing values in a pattern. Because the - * hardware could be providing data in an arbitrary length, this check is - * only perform for bytes, words and long words. + * hardware could be providing data in an arbitrary length, this check polls + * the hardware entropy source twice and compares the result to ensure they + * are not equal. * - The error code returned by the entropy source is not an error. */ -int mbedtls_entropy_self_test_bias( int verbose ) +int mbedtls_entropy_source_self_test( int verbose ) { int ret = 0; - unsigned char buf[2 * sizeof( unsigned long long int )]; - mbedtls_entropy_context ctx; - size_t entropy_len; - size_t olen; - size_t gather_tries; + unsigned char buf0[2 * sizeof( unsigned long long int )]; + unsigned char buf1[2 * sizeof( unsigned long long int )]; if( verbose != 0 ) mbedtls_printf( " ENTROPY_BIAS test: " ); - memset( buf, 0x00, sizeof( buf ) ); - - mbedtls_entropy_init( &ctx ); - - /* The hardware entropy source could return less than the amount of - * bytes we requested, so we poll the source as many times as there are - * bytes */ - gather_tries = sizeof( buf ); - entropy_len = 0; - while( gather_tries > 0 && entropy_len < sizeof( buf ) ) - { - if( ( ret = mbedtls_hardware_poll( &ctx, buf + entropy_len, - sizeof( buf ) - entropy_len, &olen ) ) != 0 ) - goto cleanup; + memset( buf0, 0x00, sizeof( buf0 ) ); + memset( buf1, 0x00, sizeof( buf1 ) ); - entropy_len += olen; - gather_tries--; - } + if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 ) + goto cleanup; + if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 ) + goto cleanup; - if( entropy_len < sizeof( buf ) ) - { - /* We still do not have enough entropy: fail */ - ret = 1; + /* Make sure that the returned values are not all 0 or 1 */ + if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 ) + goto cleanup; + if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 ) goto cleanup; - } /* Make sure that the entropy source is not returning values in a * pattern */ - /* Byte */ - MBEDTLS_SELF_TEST_BIAS_PATTERN( 2 * sizeof( unsigned long long int ), unsigned char ); - /* Word */ - MBEDTLS_SELF_TEST_BIAS_PATTERN( 2 * sizeof( unsigned long long int ), unsigned long ); - /* Long word */ - MBEDTLS_SELF_TEST_BIAS_PATTERN( 2 * sizeof( unsigned long long int ), unsigned long long int ); + ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0; cleanup: - mbedtls_entropy_free( &ctx ); - if( verbose != 0 ) { if( ret != 0 ) @@ -556,7 +565,8 @@ int mbedtls_entropy_self_test_bias( int verbose ) return( ret != 0 ); } -#endif /* !MBEDTLS_TEST_NULL_ENTROPY && MBEDTLS_ENTROPY_HARDWARE_ALT */ + +#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ /* * The actual entropy quality is hard to test, but we can at least @@ -614,6 +624,11 @@ int mbedtls_entropy_self_test( int verbose ) } } +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) + if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 ) + goto cleanup; +#endif + cleanup: mbedtls_entropy_free( &ctx ); diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 62fa5fb952d0..89c66169e584 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -375,12 +375,6 @@ int main( int argc, char *argv[] ) { suites_failed++; } -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - if( mbedtls_entropy_self_test_bias( v ) != 0) - { - suites_failed++; - } -#endif suites_tested++; #endif diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index c81f279cbbb9..d1ef94b6ed3b 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -381,8 +381,5 @@ void entropy_nv_seed( char *read_seed_str ) void entropy_selftest( ) { TEST_ASSERT( mbedtls_entropy_self_test( 0 ) == 0 ); -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) && defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - TEST_ASSERT( mbedtls_entropy_self_test_bias( 0 ) == 0 ); -#endif } /* END_CASE */ From cf8c1f4ddbd963b7f5ddadbae74b59cdc5908df3 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 2 Sep 2016 21:29:39 +0300 Subject: [PATCH 041/272] Update ChangeLog to include the most recent fixes --- ChangeLog | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1ef952c89b30..c72ce28e9650 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,28 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.3.x branch released 2016-xx-xx + +Features + * Added hardware entropy selftest to verify that the hardware entropy source + is functioning correctly. + * Added a script to print build environment info for diagnostic use in test + scripts, which is also now called by all.sh. + +Bugfix + * Fix for platform time abstraction to avoid dependency issues where a build + may need time but not the standard C library abstraction, and added + configuration consistency checks to check_config.h + * Fix dependency issue in Makefile to allow parallel builds. + +Changes + * Extended test coverage of special cases, and added new timing test suite. + * Removed self-tests from the basic-built-test.sh script, and added all + missing self-tests to the test suites, to ensure self-tests are only + executed once. + * Added support for 3 and 4 byte lengths to mbedtls_asn1_write_len(). + * Added support for a Yotta specific configuration file - + through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. + = mbed TLS 2.3.0 branch released 2016-06-28 Security From 243f48e1e21ebc79f8f4ddffa503236f41624b0b Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 2 Sep 2016 22:44:09 +0200 Subject: [PATCH 042/272] Fix for #441 - crypt and hash gcm (#546) * Fix crypt_and_hash to support decrypting GCM encrypted files * Fix documentation in crypt_and_hash for the generic case * Remove unused lastn from crypt_and_hash lastn is not used with the cipher layer as it already provides padding and understanding of length of the original data. --- programs/aes/crypt_and_hash.c | 38 ++++++++++++++--------------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a14d20c1040f..adb95e03ca45 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -2,7 +2,7 @@ * \brief Generic file encryption program using generic wrappers for configured * security. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -74,7 +74,7 @@ int main( void ) int main( int argc, char *argv[] ) { int ret = 1, i, n; - int mode, lastn; + int mode; size_t keylen, ilen, olen; FILE *fkey, *fin = NULL, *fout = NULL; @@ -264,7 +264,7 @@ int main( int argc, char *argv[] ) { /* * Generate the initialization vector as: - * IV = SHA-256( filesize || filename )[0..15] + * IV = MD( filesize || filename )[0..15] */ for( i = 0; i < 8; i++ ) buffer[i] = (unsigned char)( filesize >> ( i << 3 ) ); @@ -278,15 +278,6 @@ int main( int argc, char *argv[] ) memcpy( IV, digest, 16 ); - /* - * The last four bits in the IV are actually used - * to store the file size modulo the AES block size. - */ - lastn = (int)( filesize & 0x0F ); - - IV[15] = (unsigned char) - ( ( IV[15] & 0xF0 ) | lastn ); - /* * Append the IV at the beginning of the output. */ @@ -393,10 +384,10 @@ int main( int argc, char *argv[] ) * The encrypted file must be structured as follows: * * 00 .. 15 Initialization Vector - * 16 .. 31 AES Encrypted Block #1 + * 16 .. 31 Encrypted Block #1 * .. - * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N - * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext) + * N*16 .. (N+1)*16 - 1 Encrypted Block #N + * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext) */ if( filesize < 16 + mbedtls_md_get_size( md_info ) ) { @@ -413,7 +404,8 @@ int main( int argc, char *argv[] ) /* * Check the file size. */ - if( ( ( filesize - mbedtls_md_get_size( md_info ) ) % + if( cipher_info->mode != MBEDTLS_MODE_GCM && + ( ( filesize - mbedtls_md_get_size( md_info ) ) % mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) { mbedtls_fprintf( stderr, "File content not a multiple of the block size (%d).\n", @@ -436,7 +428,6 @@ int main( int argc, char *argv[] ) } memcpy( IV, buffer, 16 ); - lastn = IV[15] & 0x0F; /* * Hash the IV and the secret key together 8192 times @@ -481,18 +472,19 @@ int main( int argc, char *argv[] ) */ for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) ) { - if( fread( buffer, 1, mbedtls_cipher_get_block_size( &cipher_ctx ), fin ) != - (size_t) mbedtls_cipher_get_block_size( &cipher_ctx ) ) + ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ? + mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset ); + + if( fread( buffer, 1, ilen, fin ) != ilen ) { mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_cipher_get_block_size( &cipher_ctx ) ); goto exit; } - mbedtls_md_hmac_update( &md_ctx, buffer, mbedtls_cipher_get_block_size( &cipher_ctx ) ); - if( mbedtls_cipher_update( &cipher_ctx, buffer, - mbedtls_cipher_get_block_size( &cipher_ctx ), - output, &olen ) != 0 ) + mbedtls_md_hmac_update( &md_ctx, buffer, ilen ); + if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, + &olen ) != 0 ) { mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" ); goto exit; From 327d66520e1f43877367641a042d5abb5744d5ec Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 2 Sep 2016 21:53:50 +0100 Subject: [PATCH 043/272] Update ChangeLog for fix to crypt_and_hash #441 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index c72ce28e9650..8adcc1e8f261 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Bugfix may need time but not the standard C library abstraction, and added configuration consistency checks to check_config.h * Fix dependency issue in Makefile to allow parallel builds. + * Fix incorrect handling of block lengths in crypt_and_hash sample program, + when GCM is used. #441 Changes * Extended test coverage of special cases, and added new timing test suite. From 74537a69fdca1b304d2b68069193edf6cbc08743 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 2 Sep 2016 13:45:28 +0100 Subject: [PATCH 044/272] ECJPAKE: Fix intermittently failing tests In some tests in ssl-opt.sh the client finishes sooner and the server gets killed before it could reach certain errors. Consequently the the script doesn't find the error it is looking for and the test fails. To resolve this issue, we introduce a per-test option to wait after the client finishes. --- tests/ssl-opt.sh | 51 +++++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 863524200238..d9c45cd7a240 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -166,10 +166,15 @@ only_with_valgrind() { } # multiply the client timeout delay by the given factor for the next test -needs_more_time() { +client_needs_more_time() { CLI_DELAY_FACTOR=$1 } +# wait for the given seconds after the client finished in the next test +server_needs_more_time() { + SRV_DELAY_SECONDS=$1 +} + # print_name print_name() { TESTS=$(( $TESTS + 1 )) @@ -307,6 +312,9 @@ wait_client_done() { wait $DOG_PID echo "EXIT: $CLI_EXIT" >> $CLI_OUT + + sleep $SRV_DELAY_SECONDS + SRV_DELAY_SECONDS=0 } # check if the given command uses dtls and sets global variable DTLS @@ -574,6 +582,7 @@ else DOG_DELAY=10 fi CLI_DELAY_FACTOR=1 +SRV_DELAY_SECONDS=0 # Pick a "unique" server port in the range 10000-19999, and a proxy port PORT_BASE="0000$$" @@ -2674,6 +2683,7 @@ run_test "ECJPAKE: working, TLS" \ -S "None of the common ciphersuites is usable" \ -S "SSL - Verification of the message MAC failed" +server_needs_more_time 1 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE run_test "ECJPAKE: password mismatch, TLS" \ "$P_SRV debug_level=3 ecjpake_pw=bla" \ @@ -2701,6 +2711,7 @@ run_test "ECJPAKE: working, DTLS, no cookie" \ -C "re-using cached ecjpake parameters" \ -S "SSL - Verification of the message MAC failed" +server_needs_more_time 1 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE run_test "ECJPAKE: password mismatch, DTLS" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ @@ -3369,7 +3380,7 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ # Tests for "randomly unreliable connection": try a variety of flows and peers -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3380,7 +3391,7 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \ @@ -3390,7 +3401,7 @@ run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \ @@ -3399,7 +3410,7 @@ run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, client auth" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=required" \ @@ -3408,7 +3419,7 @@ run_test "DTLS proxy: 3d, FS, client auth" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, ticket" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=none" \ @@ -3417,7 +3428,7 @@ run_test "DTLS proxy: 3d, FS, ticket" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=required" \ @@ -3426,7 +3437,7 @@ run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 2 +client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 nbio=2 tickets=1 \ @@ -3436,7 +3447,7 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 4 +client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3450,7 +3461,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 4 +client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3464,7 +3475,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 4 +client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3478,7 +3489,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 4 +client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3492,7 +3503,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 4 +client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3507,7 +3518,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 4 +client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3522,7 +3533,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -needs_more_time 6 +client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ @@ -3531,7 +3542,7 @@ run_test "DTLS proxy: 3d, openssl server" \ 0 \ -c "HTTP/1.0 200 OK" -needs_more_time 8 +client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ @@ -3540,7 +3551,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 0 \ -c "HTTP/1.0 200 OK" -needs_more_time 8 +client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ @@ -3550,7 +3561,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -c "HTTP/1.0 200 OK" requires_gnutls -needs_more_time 6 +client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ @@ -3561,7 +3572,7 @@ run_test "DTLS proxy: 3d, gnutls server" \ -c "Extra-header:" requires_gnutls -needs_more_time 8 +client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ @@ -3572,7 +3583,7 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -c "Extra-header:" requires_gnutls -needs_more_time 8 +client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ From 5730320225da82355b46b1d4fb427fdea609bf1a Mon Sep 17 00:00:00 2001 From: palaviv Date: Sat, 6 Aug 2016 22:36:07 +0300 Subject: [PATCH 045/272] Removing in compile time unused entries from oid_md_alg list --- library/oid.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/oid.c b/library/oid.c index c71cd9bc1b1a..763bc6af858b 100644 --- a/library/oid.c +++ b/library/oid.c @@ -524,22 +524,31 @@ typedef struct { static const oid_md_alg_t oid_md_alg[] = { +#if defined(MBEDTLS_MD2_C) { { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" }, MBEDTLS_MD_MD2, }, +#endif /* MBEDTLS_MD2_C */ +#if defined(MBEDTLS_MD4_C) { { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" }, MBEDTLS_MD_MD4, }, +#endif /* MBEDTLS_MD4_C */ +#if defined(MBEDTLS_MD5_C) { { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" }, MBEDTLS_MD_MD5, }, +#endif /* MBEDTLS_MD5_C */ +#if defined(MBEDTLS_SHA1_C) { { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" }, MBEDTLS_MD_SHA1, }, +#endif /* MBEDTLS_SHA1_C */ +#if defined(MBEDTLS_SHA256_C) { { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" }, MBEDTLS_MD_SHA224, @@ -548,6 +557,8 @@ static const oid_md_alg_t oid_md_alg[] = { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" }, MBEDTLS_MD_SHA256, }, +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA512_C) { { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" }, MBEDTLS_MD_SHA384, @@ -556,6 +567,7 @@ static const oid_md_alg_t oid_md_alg[] = { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" }, MBEDTLS_MD_SHA512, }, +#endif /* MBEDTLS_SHA512_C */ { { NULL, 0, NULL, NULL }, MBEDTLS_MD_NONE, From 4636fc6b0d9e90380e68c094a35db32c05e5f743 Mon Sep 17 00:00:00 2001 From: palaviv Date: Sat, 6 Aug 2016 22:43:17 +0300 Subject: [PATCH 046/272] oid_x520_attr_type list is defined only when MBEDTLS_X509_USE_C or MBEDTLS_X509_CREATE_C --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 763bc6af858b..bdb9649f6b61 100644 --- a/library/oid.c +++ b/library/oid.c @@ -152,6 +152,7 @@ int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \ return( MBEDTLS_ERR_OID_NOT_FOUND ); \ } +#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) /* * For X520 attribute types */ @@ -247,7 +248,6 @@ static const oid_x520_attr_t oid_x520_attr_type[] = FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name) -#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) /* * For X509 extensions */ From 06f1828fa27fc60a78a9166ec784dc3f8c61405a Mon Sep 17 00:00:00 2001 From: palaviv Date: Sat, 6 Aug 2016 23:00:38 +0300 Subject: [PATCH 047/272] Removing in compile time unused entries from oid_sig_alg list --- library/oid.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/library/oid.c b/library/oid.c index bdb9649f6b61..46da97e5be2c 100644 --- a/library/oid.c +++ b/library/oid.c @@ -314,22 +314,32 @@ typedef struct { static const oid_sig_alg_t oid_sig_alg[] = { +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_MD2_C) { { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" }, MBEDTLS_MD_MD2, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_MD2_C */ +#if defined(MBEDTLS_MD4_C) { { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" }, MBEDTLS_MD_MD4, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_MD4_C */ +#if defined(MBEDTLS_MD5_C) { { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" }, MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_MD5_C */ +#if defined(MBEDTLS_SHA1_C) { { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_SHA1_C */ +#if defined(MBEDTLS_SHA256_C) { { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" }, MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, @@ -338,6 +348,8 @@ static const oid_sig_alg_t oid_sig_alg[] = { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" }, MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA512_C) { { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" }, MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, @@ -346,14 +358,22 @@ static const oid_sig_alg_t oid_sig_alg[] = { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" }, MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_SHA512_C */ +#if defined(MBEDTLS_SHA1_C) { { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA1_C) { { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, }, +#endif /* MBEDTLS_SHA1_C */ +#if defined(MBEDTLS_SHA256_C) { { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" }, MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, @@ -362,6 +382,8 @@ static const oid_sig_alg_t oid_sig_alg[] = { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" }, MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, }, +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA512_C) { { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" }, MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, @@ -370,10 +392,14 @@ static const oid_sig_alg_t oid_sig_alg[] = { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" }, MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, }, +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_RSA_C) { { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" }, MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, }, +#endif /* MBEDTLS_RSA_C */ { { NULL, 0, NULL, NULL }, MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, From a9f90f00aa592bd62c8577ca76b3fa8dc57dac28 Mon Sep 17 00:00:00 2001 From: palaviv Date: Sat, 6 Aug 2016 23:10:49 +0300 Subject: [PATCH 048/272] Removing in compile time unused entries from oid_ecp_grp list --- library/oid.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/library/oid.c b/library/oid.c index 46da97e5be2c..f13826ed746f 100644 --- a/library/oid.c +++ b/library/oid.c @@ -455,50 +455,72 @@ typedef struct { static const oid_ecp_grp_t oid_ecp_grp[] = { +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" }, MBEDTLS_ECP_DP_SECP192R1, }, +#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" }, MBEDTLS_ECP_DP_SECP224R1, }, +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" }, MBEDTLS_ECP_DP_SECP256R1, }, +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" }, MBEDTLS_ECP_DP_SECP384R1, }, +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" }, MBEDTLS_ECP_DP_SECP521R1, }, +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" }, MBEDTLS_ECP_DP_SECP192K1, }, +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" }, MBEDTLS_ECP_DP_SECP224K1, }, +#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" }, MBEDTLS_ECP_DP_SECP256K1, }, +#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" }, MBEDTLS_ECP_DP_BP256R1, }, +#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" }, MBEDTLS_ECP_DP_BP384R1, }, +#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) { { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" }, MBEDTLS_ECP_DP_BP512R1, }, +#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ { { NULL, 0, NULL, NULL }, MBEDTLS_ECP_DP_NONE, From a07ecda04e03f76101bef828633b733da52f8d0e Mon Sep 17 00:00:00 2001 From: palaviv Date: Sun, 7 Aug 2016 11:15:29 +0300 Subject: [PATCH 049/272] Added needed HASH dependencies to test_suite_x509parse.data --- tests/suites/test_suite_x509parse.data | 388 ++++++++++++++----------- 1 file changed, 219 insertions(+), 169 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 5c68872c04d1..f2944e54c1d3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1,45 +1,45 @@ X509 Certificate information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 Certificate information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA-PSS, SHA1 Digest @@ -63,99 +63,99 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information, NS Cert Type -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" X509 Certificate information, Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 Certificate information, Key Usage with decipherOnly -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n" X509 Certificate information, Subject Alt Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n" X509 Certificate information, Subject Alt Name + Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 Certificate information, Key Usage + Extended Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" X509 Certificate information RSA signed by EC -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC signed by RSA -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" X509 Certificate information Bitstring in subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n" X509 certificate v1 with extension -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n" X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n" X509 CRL Information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest @@ -179,71 +179,71 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CSR Information RSA with MD4 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA224 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA256 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA384 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA512 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" X509 CSR Information RSA-PSS with SHA1 @@ -288,67 +288,67 @@ X509 Verify Information: two issues, with prefix x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" X509 Get Distinguished Name #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1" X509 Get Distinguished Name #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_x509_dn_gets:"data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Get Distinguished Name #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_x509_dn_gets:"data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost" X509 Get Distinguished Name #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_x509_dn_gets:"data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Time Expired #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_from":1 X509 Time Expired #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_to":0 X509 Time Expired #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C mbedtls_x509_time_is_past:"data_files/server2.crt":"valid_from":1 X509 Time Expired #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C mbedtls_x509_time_is_past:"data_files/server2.crt":"valid_to":0 X509 Time Expired #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_from":1 X509 Time Expired #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0 X509 Time Future #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0 X509 Time Future #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1 X509 Time Future #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1 X509 Time Future #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1 X509 Time Future #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0 X509 Time Future #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1 X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN) @@ -412,7 +412,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #10 (Not trusted Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #12 (Valid Cert MD4 Digest) @@ -448,7 +448,7 @@ depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBE x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none" X509 Certificate verification #19 (Not trusted Cert, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"verify_all" X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive) @@ -540,19 +540,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MB x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL" X509 Certificate verification #42 (Depth 0, not CA, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #43 (Depth 0, not CA, EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #44 (Corrupted signature, EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #45 (Corrupted signature, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC) @@ -560,23 +560,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL" X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL" X509 Certificate verification #50 (Valid, multiple CAs) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #51 (Valid, multiple CAs, reverse order) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #52 (CA keyUsage valid) @@ -588,7 +588,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHE x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"NULL" X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #55 (CA keyUsage missing keyCertSign) @@ -604,19 +604,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"NULL" X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"NULL" X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"NULL" X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"NULL" X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1) @@ -636,7 +636,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults) @@ -644,75 +644,75 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #70 (v1 trusted CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #71 (v1 trusted CA, other) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #72 (v1 chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #73 (selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #74 (signed by selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #75 (encoding mismatch) -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #76 (multiple CRLs, not revoked) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL" X509 Certificate verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL" X509 Certificate verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL" X509 Certificate verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL" X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL" X509 Certificate verification #81 (multiple CRLs, none relevant) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" X509 Certificate verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification callback: trusted EE cert @@ -724,23 +724,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" X509 Certificate verification callback: two trusted roots -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" X509 Certificate verification callback: two trusted roots, reversed order -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" X509 Certificate verification callback: root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" X509 Certificate verification callback: intermediate ca -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" X509 Certificate verification callback: intermediate ca, root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" X509 Certificate verification callback: intermediate ca trusted @@ -748,11 +748,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" X509 Certificate verification callback: two intermediates -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Certificate verification callback: two intermediates, root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Certificate verification callback: two intermediates, top int trusted @@ -760,7 +760,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Certificate verification callback: two intermediates, low int trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Parse Selftest @@ -840,6 +840,7 @@ X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id) x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id) @@ -850,232 +851,251 @@ depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT x509parse_crt:"30193017A003020102020118300D06092A864886F70D01010A3100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, issuer no set data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer no inner set data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, issuer no oid data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer invalid tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, issuer, no string data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer, no full following string) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":MBEDTLS_ERR_X509_INVALID_NAME+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, too much date data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, invalid from date) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE X509 Certificate ASN1 (TBSCertificate, invalid to date) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE X509 Certificate ASN1 (TBSCertificate, valid validity, no subject) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no alg) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mbedtls_mpi) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, check failed) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 Certificate ASN1 (TBSCertificate v3, ext empty) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate v3, first ext invalid) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (ExtKeyUsage, bad second tag) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (SubjectAltName repeated) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Certificate ASN1 (ExtKeyUsage repeated) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Certificate ASN1 (correct pubkey, no sig_alg) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (sig_alg mismatch) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 Certificate ASN1 (sig_alg, no sig) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (signature, invalid sig data) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (signature, data left) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (correct) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (GeneralizedTime instead of UTCTime) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 CN) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 C) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 L) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 ST) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 O) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 OU) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown X520 part) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with composite RDN) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 X509 Certificate ASN1 (Name with PKCS9 email) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown PKCS9 part) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (ECDSA signature, RSA key) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 X509 Certificate ASN1 (ECDSA signature, EC key) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 X509 Certificate ASN1 (RSA signature, EC key) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 X509 CRL ASN1 (Incorrect first tag) @@ -1103,33 +1123,43 @@ X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown) x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, issuer set missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 CRL ASN1 (TBSCertList, sig present, len mismatch) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRL ASN1 (TBSCertList, sig present) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (TBSCertList, no entries) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 X509 CRT parse path #2 (one cert) @@ -1209,64 +1239,75 @@ X509 OID numstring #5 (arithmetic overflow) x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL X509 crt keyUsage #1 (no extension, expected KU) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 X509 crt keyUsage #2 (no extension, surprising KU) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0 X509 crt keyUsage #3 (extension present, no KU) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":0:0 X509 crt keyUsage #4 (extension present, single KU present) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0 X509 crt keyUsage #5 (extension present, single KU absent) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt keyUsage #6 (extension present, combined KU present) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 X509 crt keyUsage #7 (extension present, combined KU both absent) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt keyUsage #8 (extension present, combined KU one absent) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt keyUsage #9 (extension present, decOnly allowed absent) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 X509 crt keyUsage #10 (extension present, decOnly non-allowed present) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt keyUsage #11 (extension present, decOnly allowed present) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 X509 crt extendedKeyUsage #1 (no extension, serverAuth) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0 X509 crt extendedKeyUsage #2 (single value, present) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0 X509 crt extendedKeyUsage #3 (single value, absent) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #4 (two values, first) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0 X509 crt extendedKeyUsage #5 (two values, second) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0 X509 crt extendedKeyUsage #6 (two values, other) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #7 (any, random) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0 X509 RSASSA-PSS parameters ASN1 (good, all defaults) @@ -1279,15 +1320,18 @@ X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence) x509_parse_rsassa_pss_params:"A400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_parse_rsassa_pss_params:"A00D300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_parse_rsassa_pss_params:"A009300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1) x509_parse_rsassa_pss_params:"A00A300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_parse_rsassa_pss_params:"A00A300706052B0E03021A00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) @@ -1297,15 +1341,18 @@ X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) x509_parse_rsassa_pss_params:"A00D300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_parse_rsassa_pss_params:"A116301406092A864886F70D010108300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1) x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) @@ -1330,15 +1377,18 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c) x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94) @@ -1372,7 +1422,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1) x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG X509 CSR ASN.1 (OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 X509 CSR ASN.1 (bad first tag) @@ -1446,27 +1496,27 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG X509 CSR ASN.1 (bad sig: missing) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sig: not a bit string) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sig: overlong) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extra data after signature) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 File parse (no issues) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 X509 File parse (extra space in one certificate) -depends_on:MBEDTLS_ECP_C +depends_on:MBEDTLS_ECP_C:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_pem_space.crt":1 X509 File parse (all certificates fail) @@ -1474,5 +1524,5 @@ depends_on:MBEDTLS_ECP_C x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER X509 File parse (trailing spaces, OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_trailing_space.crt":0 From 1472f116089834d7303ad9efba95a73b09c40f10 Mon Sep 17 00:00:00 2001 From: palaviv Date: Sun, 7 Aug 2016 11:20:17 +0300 Subject: [PATCH 050/272] Added needed HASH dependencies to test_suite_debug.data --- tests/suites/test_suite_debug.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 59a2c6b5623c..2d661bb8e770 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -38,11 +38,11 @@ Debug print buffer #5 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLEDM:BEDTLS_SHA256_C mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mbedtls_mpi #1 From 00cb9c5c08ad5adb8b93a820e4ac9923225dfe60 Mon Sep 17 00:00:00 2001 From: palaviv Date: Sun, 7 Aug 2016 11:21:52 +0300 Subject: [PATCH 051/272] Added needed HASH dependencies to tests/suites/test_suite_pkparse.data --- tests/suites/test_suite_pkparse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 763c0db6b95e..5ab3968e21fa 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -155,7 +155,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 Parse EC Key #4 (PKCS8 DER) From f180df99a9c0bb713ca6c6b0341e19dc92e633b6 Mon Sep 17 00:00:00 2001 From: palaviv Date: Sun, 7 Aug 2016 11:56:02 +0300 Subject: [PATCH 052/272] Added needed ECDSA dependencies to test_suite_x509parse.data --- tests/suites/test_suite_x509parse.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f2944e54c1d3..17711dca11ce 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -107,7 +107,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" X509 Certificate information RSA signed by EC -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC signed by RSA @@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (ECDSA signature, RSA key) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 X509 Certificate ASN1 (ECDSA signature, EC key) From 7dda0dd038a431081fd53816592454c909c55c58 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 4 Sep 2016 13:27:13 +0100 Subject: [PATCH 053/272] Fix typo in dependency in test_suite_debug.data --- tests/suites/test_suite_debug.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 2d661bb8e770..e28d58d6496a 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -42,7 +42,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLEDM:BEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mbedtls_mpi #1 From 5908bccfc0bf7c6453f2a615f076074a51883dd7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 4 Sep 2016 15:12:09 +0100 Subject: [PATCH 054/272] Updated ChangeLog for PR#565 Updated ChangeLog for pull request #565 - Remove unused consts from oid lists --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8adcc1e8f261..99c88e8130f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,8 @@ Changes * Added support for 3 and 4 byte lengths to mbedtls_asn1_write_len(). * Added support for a Yotta specific configuration file - through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. + * Added optimization for code space for X.509/OID based on configured + features. (contributed by Aviv Palivoda) = mbed TLS 2.3.0 branch released 2016-06-28 From 29f221f183021eea75599a0642197f5c6647e5f0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 22 Jul 2016 13:49:02 +0100 Subject: [PATCH 055/272] Fix guards in SSL for ECDH key exchanges --- library/ssl_cli.c | 11 ++++++++++- library/ssl_srv.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 358dc467e278..29a39435848e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2511,7 +2511,9 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { @@ -2657,7 +2659,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) @@ -2959,7 +2963,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { @@ -3139,7 +3145,10 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && - !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ec59cc192d77..4b0f9971430f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2448,7 +2448,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) { @@ -2635,7 +2637,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ @@ -3525,7 +3529,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { @@ -3704,7 +3710,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && - !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) From cad6e93e19176aa389a7ccb9f7517bfdbd8cf679 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 5 Sep 2016 01:46:59 +0300 Subject: [PATCH 056/272] Update to ChangeLog for bug #428 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 99c88e8130f5..59808bc00dd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ Bugfix * Fix dependency issue in Makefile to allow parallel builds. * Fix incorrect handling of block lengths in crypt_and_hash sample program, when GCM is used. #441 + * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't + enabled unless others were also present. Found by David Fernandez. #428 Changes * Extended test coverage of special cases, and added new timing test suite. From ac22d1113c04a4f7ae63bae3189a9ea30294029e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 4 Sep 2016 22:31:09 +0100 Subject: [PATCH 057/272] Remove references to PolarSSL in compat.sh Removed references to PolarSSL for mbed TLS for clarity. --- tests/compat.sh | 133 +++++++++++++++++++++++++++--------------------- 1 file changed, 76 insertions(+), 57 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index a333a1916b69..d8f3a3cacc76 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1,6 +1,14 @@ #!/bin/sh -# Test interop with OpenSSL and GnuTLS (and self-op while at it). +# compat.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Test interoperbility with OpenSSL, GnuTLS as well as itself. # # Check each common ciphersuite, with each version, both ways (client/server), # with and without client authentication. @@ -18,8 +26,8 @@ SKIPPED=0 SRVMEM=0 # default commands, can be overriden by the environment -: ${P_SRV:=../programs/ssl/ssl_server2} -: ${P_CLI:=../programs/ssl/ssl_client2} +: ${M_SRV:=../programs/ssl/ssl_server2} +: ${M_CLI:=../programs/ssl/ssl_client2} : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system : ${GNUTLS_CLI:=gnutls-cli} : ${GNUTLS_SERV:=gnutls-serv} @@ -188,8 +196,13 @@ filter_ciphersuites() { if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; then - P_CIPHERS=$( filter "$P_CIPHERS" ) + # Ciphersuite for mbed TLS + M_CIPHERS=$( filter "$M_CIPHERS" ) + + # Ciphersuite for OpenSSL O_CIPHERS=$( filter "$O_CIPHERS" ) + + # Ciphersuite for GnuTLS G_CIPHERS=$( filter "$G_CIPHERS" ) fi @@ -198,7 +211,7 @@ filter_ciphersuites() O_CIPHERS="" case "$PEER" in [Oo]pen*) - P_CIPHERS="" + M_CIPHERS="" ;; esac fi @@ -212,7 +225,7 @@ filter_ciphersuites() reset_ciphersuites() { - P_CIPHERS="" + M_CIPHERS="" O_CIPHERS="" G_CIPHERS="" } @@ -224,7 +237,7 @@ add_common_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ @@ -248,7 +261,7 @@ add_common_ciphersuites() fi if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -270,7 +283,7 @@ add_common_ciphersuites() ;; "RSA") - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ @@ -320,7 +333,7 @@ add_common_ciphersuites() " if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ @@ -344,7 +357,7 @@ add_common_ciphersuites() fi if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-RSA-WITH-AES-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-256-CBC-SHA256 \ @@ -391,7 +404,7 @@ add_common_ciphersuites() ;; "PSK") - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-PSK-WITH-RC4-128-SHA \ TLS-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -420,7 +433,7 @@ add_openssl_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDH-ECDSA-WITH-NULL-SHA \ TLS-ECDH-ECDSA-WITH-RC4-128-SHA \ TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ @@ -437,7 +450,7 @@ add_openssl_ciphersuites() fi if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -453,7 +466,7 @@ add_openssl_ciphersuites() ;; "RSA") - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-RSA-WITH-DES-CBC-SHA \ TLS-DHE-RSA-WITH-DES-CBC-SHA \ " @@ -475,7 +488,7 @@ add_gnutls_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ @@ -493,7 +506,7 @@ add_gnutls_ciphersuites() "RSA") if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-RSA-WITH-NULL-SHA256 \ " G_CIPHERS="$G_CIPHERS \ @@ -502,7 +515,7 @@ add_gnutls_ciphersuites() fi if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ @@ -534,7 +547,7 @@ add_gnutls_ciphersuites() ;; "PSK") - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ @@ -548,7 +561,7 @@ add_gnutls_ciphersuites() " if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ @@ -571,7 +584,7 @@ add_gnutls_ciphersuites() fi if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ @@ -659,14 +672,14 @@ add_mbedtls_ciphersuites() "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ " fi if [ `minor_ver "$MODE"` -ge 3 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ @@ -680,7 +693,7 @@ add_mbedtls_ciphersuites() "RSA") if [ "$MODE" = "tls1_2" ]; then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-RSA-WITH-AES-128-CCM \ TLS-RSA-WITH-AES-256-CCM \ TLS-DHE-RSA-WITH-AES-128-CCM \ @@ -695,20 +708,20 @@ add_mbedtls_ciphersuites() "PSK") # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-PSK-WITH-NULL-SHA \ TLS-DHE-PSK-WITH-NULL-SHA \ " if [ `minor_ver "$MODE"` -gt 0 ] then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-PSK-WITH-NULL-SHA \ TLS-RSA-PSK-WITH-NULL-SHA \ " fi if [ "$MODE" = "tls1_2" ]; then - P_CIPHERS="$P_CIPHERS \ + M_CIPHERS="$M_CIPHERS \ TLS-PSK-WITH-AES-128-CCM \ TLS-PSK-WITH-AES-256-CCM \ TLS-DHE-PSK-WITH-AES-128-CCM \ @@ -752,7 +765,7 @@ setup_arguments() exit 1; esac - P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" + M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" @@ -764,75 +777,75 @@ setup_arguments() O_SERVER_ARGS="$O_SERVER_ARGS -www" fi - P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" + M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" if [ "X$VERIFY" = "XYES" ]; then - P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" + M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10" G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert" - P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" + M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt" else # don't request a client cert at all - P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none" + M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" - P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=none auth_mode=none" + M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none" O_CLIENT_ARGS="$O_CLIENT_ARGS" G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" fi case $TYPE in "ECDSA") - P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" if [ "X$VERIFY" = "XYES" ]; then - P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key" else - P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi ;; "RSA") - P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" if [ "X$VERIFY" = "XYES" ]; then - P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" else - P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi ;; "PSK") # give RSA-PSK-capable server a RSA cert # (should be a separate type, but harder to close with openssl) - P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" - P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" + M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" ;; esac } -# is_polar -is_polar() { +# is_mbedtls +is_mbedtls() { echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null } @@ -858,7 +871,7 @@ start_server() { SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" ;; mbed*) - SERVER_CMD="$P_SRV $P_SERVER_ARGS" + SERVER_CMD="$M_SRV $M_SERVER_ARGS" if [ "$MEMCHECK" -gt 0 ]; then SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" fi @@ -885,7 +898,7 @@ stop_server() { wait $PROCESS_ID 2>/dev/null if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SERVER_CMD" && has_mem_err $SRV_OUT; then + if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then echo " ! Server had memory errors" SRVMEM=$(( $SRVMEM + 1 )) return @@ -951,6 +964,7 @@ run_client() { if [ $EXIT -eq 0 ]; then RESULT=0 else + # If the cipher isn't supported... if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then RESULT=1 else @@ -988,7 +1002,7 @@ run_client() { ;; mbed*) - CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2" + CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2" if [ "$MEMCHECK" -gt 0 ]; then CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" fi @@ -998,13 +1012,18 @@ run_client() { wait_client_done case $EXIT in + # Success "0") RESULT=0 ;; + + # Ciphersuite not supported "2") RESULT=1 ;; + + # Error *) RESULT=2 ;; esac if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$CLIENT_CMD" && has_mem_err $CLI_OUT; then + if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then RESULT=2 fi fi @@ -1061,12 +1080,12 @@ fi get_options "$@" # sanity checks, avoid an avalanche of errors -if [ ! -x "$P_SRV" ]; then - echo "Command '$P_SRV' is not an executable file" >&2 +if [ ! -x "$M_SRV" ]; then + echo "Command '$M_SRV' is not an executable file" >&2 exit 1 fi -if [ ! -x "$P_CLI" ]; then - echo "Command '$P_CLI' is not an executable file" >&2 +if [ ! -x "$M_CLI" ]; then + echo "Command '$M_CLI' is not an executable file" >&2 exit 1 fi @@ -1135,9 +1154,9 @@ for VERIFY in $VERIFIES; do add_openssl_ciphersuites filter_ciphersuites - if [ "X" != "X$P_CIPHERS" ]; then + if [ "X" != "X$M_CIPHERS" ]; then start_server "OpenSSL" - for i in $P_CIPHERS; do + for i in $M_CIPHERS; do check_openssl_server_bug $i run_client mbedTLS $i done @@ -1161,9 +1180,9 @@ for VERIFY in $VERIFIES; do add_gnutls_ciphersuites filter_ciphersuites - if [ "X" != "X$P_CIPHERS" ]; then + if [ "X" != "X$M_CIPHERS" ]; then start_server "GnuTLS" - for i in $P_CIPHERS; do + for i in $M_CIPHERS; do run_client mbedTLS $i done stop_server @@ -1188,9 +1207,9 @@ for VERIFY in $VERIFIES; do add_mbedtls_ciphersuites filter_ciphersuites - if [ "X" != "X$P_CIPHERS" ]; then + if [ "X" != "X$M_CIPHERS" ]; then start_server "mbedTLS" - for i in $P_CIPHERS; do + for i in $M_CIPHERS; do run_client mbedTLS $i done stop_server From 3ac076784c6ec90df618e6d7751ed83d71a4e0e3 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 4 Sep 2016 14:28:44 +0300 Subject: [PATCH 058/272] Suppress shell errors in output_env.sh When the output_env.sh script is executed, if any application wasn't found on the path by hash, and error was being output, which as an error looked like the script wasn't working. This change redirects the output to stderr from hash to /dev/null to suppress the error. Also fixes a formatting error. --- scripts/output_env.sh | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 0b7c153c26ad..a77e6fe67a16 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -13,8 +13,8 @@ # This includes: # - architecture of the system # - type and version of the operating system -# - version of armcc, gcc-arm and gcc compilers -# - version of libc, clang, asan and valgrind +# - version of armcc, clang, gcc-arm and gcc compilers +# - version of libc, clang, asan and valgrind if installed # - version of gnuTLS and OpenSSL echo @@ -22,7 +22,7 @@ echo "1) Operating system and architecture:" uname -a echo -if `hash armcc` > /dev/null; then +if `hash armcc 2>/dev/null`; then echo "2) armcc:" armcc --vsn | head -n 2 else @@ -30,17 +30,15 @@ else fi echo -if `hash arm-none-eabi-gcc` > /dev/null; then - echo +if `hash arm-none-eabi-gcc 2>/dev/null`; then echo "3) gcc-arm:" arm-none-eabi-gcc --version | head -n 1 else - echo echo "3) gcc-arm not found!" fi echo -if `hash gcc` > /dev/null; then +if `hash gcc 2>/dev/null`; then echo "4) gcc:" gcc --version | head -n 1 else @@ -48,7 +46,7 @@ else fi echo -if `hash clang` > /dev/null; then +if `hash clang 2>/dev/null`; then echo "5) clang:" clang --version | head -n 2 clang -v 2>&1 | grep Selected @@ -57,7 +55,7 @@ else fi echo -if `hash ldd` > /dev/null; then +if `hash ldd 2>/dev/null`; then echo "6) libc:" ldd --version | head -n 1 else @@ -65,7 +63,7 @@ else fi echo -if `hash valgrind` > /dev/null; then +if `hash valgrind 2>/dev/null`; then echo "7) valgrind:" valgrind --version else @@ -73,7 +71,7 @@ else fi echo -if `hash openssl` > /dev/null; then +if `hash openssl 2>/dev/null`; then echo "8) openssl:" openssl version else @@ -81,7 +79,7 @@ else fi echo -if `hash gnutls-cli` > /dev/null; then +if `hash gnutls-cli 2>/dev/null`; then echo "9) gnuTLS client:" gnutls-cli --version | head -n 1 else @@ -89,7 +87,7 @@ else fi echo -if `hash gnutls-serv` > /dev/null; then +if `hash gnutls-serv 2>/dev/null`; then echo "10) gnuTLS server:" gnutls-serv --version | head -n 1 else @@ -97,7 +95,7 @@ else fi echo -if `hash dpkg` > /dev/null; then +if `hash dpkg 2>/dev/null`; then echo "11) asan:" dpkg -s libasan2 2> /dev/null | grep -i version dpkg -s libasan1 2> /dev/null | grep -i version @@ -107,3 +105,4 @@ else fi echo + From 9a5398f71becd84ed5fe6af83b0aa22684628948 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 6 Sep 2016 17:15:54 +0100 Subject: [PATCH 059/272] Fix footprint.sh call to makefile (#600) Ideally, Makefile targets should be called irrespectively of their execution order. In this sense, `clean` and `lib` should not be passed both as target command line arguments in the same make invocation. This is because out-of-order execution could cause a failure. This change ensures that `clean` and `lib` are called in separate executions of make in scripts/footprint.sh --- scripts/footprint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 026e7a84123e..9d3c6294f47f 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -69,8 +69,9 @@ doit() scripts/config.pl --force set MBEDTLS_NO_PLATFORM_ENTROPY || true } >/dev/null 2>&1 + make clean >/dev/null CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ - CFLAGS="$ARMGCC_FLAGS" make clean lib >/dev/null + CFLAGS="$ARMGCC_FLAGS" make lib >/dev/null OUT="size-${NAME}.txt" arm-none-eabi-size -t library/libmbed*.a > "$OUT" From dc192215f415f4aea36589703dc3ab060ef5a062 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 31 Aug 2016 17:33:13 +0100 Subject: [PATCH 060/272] Allow cmake 'out-of-source' builds Allow mbed TLS to be build in a subdirectory. Also add a test in all.sh --- CMakeLists.txt | 2 +- tests/scripts/all.sh | 29 ++++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0a02ef1c1287..a7ebfc1551f3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -31,7 +31,7 @@ find_package(Perl) if(PERL_FOUND) # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${PERL_EXECUTABLE} scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY + execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${NULL_ENTROPY_WARNING}) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index be32dce12cea..5060f10d8fdb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -34,6 +34,8 @@ MEMORY=0 SHORT=0 FORCE=0 +: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} + usage() { echo "Usage: $0" @@ -41,6 +43,7 @@ usage() echo -e " -m|--memory\t\tAdditional optional memory tests." echo -e " -s|--short\t\tSubset of tests." echo -e " -f|--force\t\tForce the tests to overwrite any modified files." + echo -e " --out-of-source-dir\t\tDirectory used for CMake out-of-source build tests." } # remove built files as well as the cmake cache/config @@ -80,6 +83,10 @@ while [ $# -gt 0 ]; do --force|-f) FORCE=1 ;; + --out-of-source-dir) + shift + OUT_OF_SOURCE_DIR="$1" + ;; --help|-h|*) usage() exit 1 @@ -89,7 +96,7 @@ while [ $# -gt 0 ]; do done if [ $FORCE -eq 1 ]; then - rm -rf yotta/module + rm -rf yotta/module "$OUT_OF_SOURCE_DIR" git checkout-index -f -q $CONFIG_H cleanup else @@ -101,6 +108,13 @@ else exit 1 fi + if [ -d "$OUT_OF_SOURCE_DIR" ]; then + echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 + echo "You can either delete this directory manually, or force the test by rerunning" + echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" + exit 1 + fi + if ! git diff-files --quiet include/mbedtls/config.h; then echo $? echo "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " >&2 @@ -400,6 +414,19 @@ fi fi # MemSan +msg "build: cmake 'out-of-source' build" +cleanup +MBEDTLS_ROOT_DIR="$PWD" +mkdir "$OUT_OF_SOURCE_DIR" +cd "$OUT_OF_SOURCE_DIR" +cmake "$MBEDTLS_ROOT_DIR" +make + +msg "test: cmake 'out-of-source' build" +make test +cd "$MBEDTLS_ROOT_DIR" +rm -rf "$OUT_OF_SOURCE_DIR" + msg "Done, cleaning up" cleanup From 741f230e7825eff6e63dfbfe14d9eb80bc062700 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 4 Sep 2016 16:01:32 +0100 Subject: [PATCH 061/272] Update to README.md Update to contribution guidelines, some fixes in the language, minor refinements and corrections. --- README.md | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 08c6289d7c87..3bae47d6f79e 100644 --- a/README.md +++ b/README.md @@ -4,34 +4,34 @@ README for mbed TLS Configuration ------------- -mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions). +mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions). -Compiler options can be set using standard variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). +Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). Compiling --------- -There are currently four active build systems within the mbed TLS releases: +There are currently four active build systems used within mbed TLS releases: - yotta - Make - CMake - Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) -The main systems used for development are CMake and yotta. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and yotta build system, but some features are not ported there by default. +The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. -Please note that the yotta option is slightly different from the other build systems: +Yotta, as a build system, is slightly different from the other build systems: -- a more minimalistic configuration file is used by default -- depending on the yotta target, features of mbed OS will be used in examples and tests +- it provides a minimalistic configuration file by default +- depending on the yotta target, features of mbed OS may be used in examples and tests The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls. ### Yotta -[yotta](http://yottabuild.org) is a package manager and build system developed by mbed; it is the build system of mbed OS. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). +[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). -Once yotta is installed, you can use it to download the latest version of mbed TLS form the yotta registry with: +Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with: yotta install mbedtls @@ -39,24 +39,24 @@ and build it with: yotta build -If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll need first need to generate the yotta module by running: +If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running: yotta/create-module.sh -from the mbed TLS root directory. This will create the yotta module in the `yotta/module` directory. You can then change to that directory and build as usual: +This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual: cd yotta/module yotta build -In any case, you'll probably want to set the yotta target before building unless it's already set globally; for more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/). +In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/). For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md). ### Make -We intentionally only use the absolute minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make on different platforms. As such, the Makefiles sometimes require some handwork or export statements in order to work for your platform. +We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform. -In order to build the source using Make, just enter at the command line: +In order to build from the source code using Make, just enter at the command line: make @@ -78,7 +78,7 @@ Setting the variable `SHARED` in your environment will build shared libraries in Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. -In case you find that you need to do something else as well, please let us know what, so we can add it to the KB. +In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb). ### CMake @@ -161,13 +161,16 @@ Contributing We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: -- Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions. -- For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for. +- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. +- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -### Process +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreeement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. + +### Making a Contribution 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. 2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog :) +4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) From c0d76b8255f000aa8cfd64d6106a0024e8672259 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 7 Sep 2016 17:25:16 +0300 Subject: [PATCH 062/272] Update ChangeLog for fix for #541 - out-of-tree CMake builds --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59808bc00dd4..6d7f1c25fef0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix when GCM is used. #441 * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't enabled unless others were also present. Found by David Fernandez. #428 + * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on + a contribution from Tobias Tangemann. #541 Changes * Extended test coverage of special cases, and added new timing test suite. From a928e6727876377322d2fafe46383126e9c69e05 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 13 Sep 2016 13:30:02 +0100 Subject: [PATCH 063/272] Documentation and entropy self test changes (#610) Ensure that the entropy self test always fails whenever MBEDTLS_TEST_NULL_ENTROPY is defined. This is because the option is meant to be for testing and development purposes rather than production quality software. Also, this patch enhances the documentation for mbedtls_entropy_source_self_test() and mbedtls_entropy_self_test(). --- include/mbedtls/entropy.h | 11 +++++++++++ library/entropy.c | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 19e8e729458e..747aca4dfaaa 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -255,6 +255,9 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * /** * \brief Checkup routine * + * This module self-test also calls the entropy self-test, + * mbedtls_entropy_source_self_test(); + * * \return 0 if successful, or 1 if a test failed */ int mbedtls_entropy_self_test( int verbose ); @@ -263,6 +266,14 @@ int mbedtls_entropy_self_test( int verbose ); /** * \brief Checkup routine * + * Verifies the integrity of the hardware entropy source + * provided by the function 'mbedtls_hardware_poll()'. + * + * Note this is the only hardware entropy source that is known + * at link time, and other entropy sources configured + * dynamically at runtime by the function + * mbedtls_entropy_add_source() will not be tested. + * * \return 0 if successful, or 1 if a test failed */ int mbedtls_entropy_source_self_test( int verbose ); diff --git a/library/entropy.c b/library/entropy.c index 42ace5533480..8da52565e6f5 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -575,7 +575,7 @@ int mbedtls_entropy_source_self_test( int verbose ) */ int mbedtls_entropy_self_test( int verbose ) { - int ret = 0; + int ret = 1; mbedtls_entropy_context ctx; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; @@ -584,6 +584,7 @@ int mbedtls_entropy_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " ENTROPY test: " ); +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_init( &ctx ); /* First do a gather to make sure we have default sources */ @@ -631,6 +632,7 @@ int mbedtls_entropy_self_test( int verbose ) cleanup: mbedtls_entropy_free( &ctx ); +#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ if( verbose != 0 ) { From 8e3afc733218092b9b64eaea8984c61fae91eaba Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 15 Sep 2016 17:13:08 +0100 Subject: [PATCH 064/272] Removes duplicated selftests from all.sh All selftests are now called from the test suites so don't need to be executed explicitly in tests/scripts/all.sh --- tests/scripts/all.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5060f10d8fdb..a4c94e4dad62 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -166,9 +166,8 @@ cleanup CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make -msg "test: main suites and selftest (ASan build)" # ~ 50s +msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test -programs/test/selftest msg "test: ssl-opt.sh (ASan build)" # ~ 1 min tests/ssl-opt.sh @@ -196,9 +195,8 @@ scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make -msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s +msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s make test -programs/test/selftest msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min tests/compat.sh -m 'ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2' @@ -298,9 +296,8 @@ scripts/config.pl unset MBEDTLS_HAVEGE_C CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . make -msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)" +msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" make test -programs/test/selftest if uname -a | grep -F Linux >/dev/null; then msg "build/test: make shared" # ~ 40s From b7f45c54a748830938fa409d52945c68fff065be Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 15 Sep 2016 18:42:26 +0100 Subject: [PATCH 065/272] Fixes for entropy test suite for some configurations Changes to allow the entropy tests to work for configurations without an entropy seed file (MBEDTLS_ENTROPY_NV_SEED), and with no entropy sources configured (MBEDTLS_TEST_NULL_ENTROPY). --- tests/suites/test_suite_entropy.data | 7 ++++++- tests/suites/test_suite_entropy.function | 8 ++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 5ca99f85cce2..e0dfae32aa40 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -53,4 +53,9 @@ Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" Entropy self test -entropy_selftest: +depends_on:!MBEDTLS_TEST_NULL_ENTROPY +entropy_selftest:0 + +Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) +depends_on:MBEDTLS_TEST_NULL_ENTROPY +entropy_selftest:1 diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index d1ef94b6ed3b..5b97cad3dee0 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -123,7 +123,7 @@ static int read_nv_seed( unsigned char *buf, size_t buf_len ) * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ void entropy_seed_file( char *path, int ret ) { mbedtls_entropy_context ctx; @@ -210,7 +210,7 @@ void entropy_source_fail( char *path ) == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); TEST_ASSERT( mbedtls_entropy_gather( &ctx ) == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_NV_SEED) TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, path ) == MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, path ) @@ -378,8 +378,8 @@ void entropy_nv_seed( char *read_seed_str ) /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ -void entropy_selftest( ) +void entropy_selftest( int result ) { - TEST_ASSERT( mbedtls_entropy_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_entropy_self_test( 0 ) == result ); } /* END_CASE */ From 669c635ec092792708980cb928d0b21035ad74f4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 15 Sep 2016 18:57:34 +0100 Subject: [PATCH 066/272] Fix unused variable warnings for null entropy config --- library/entropy.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index 8da52565e6f5..d4d1b27b7f4d 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -456,6 +456,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) /* * Dummy source function */ @@ -469,6 +470,7 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } +#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) @@ -576,10 +578,12 @@ int mbedtls_entropy_source_self_test( int verbose ) int mbedtls_entropy_self_test( int verbose ) { int ret = 1; +#if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_context ctx; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; size_t i, j; +#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ if( verbose != 0 ) mbedtls_printf( " ENTROPY test: " ); From d9eba4ba3d9836aa0bc22fcc776da455b58ff4c3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 26 Aug 2016 14:42:14 +0100 Subject: [PATCH 067/272] Allow alternate openssl and gnutls in all.sh Allow the user to specify alternative openssl, gnutls-cli and gnutls-serv binaries to execute legacy tests in all.sh. --- tests/scripts/all.sh | 118 +++++++++++++++++++++++++++++++------------ 1 file changed, 85 insertions(+), 33 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a4c94e4dad62..9ef4fb9543a8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -23,7 +23,7 @@ set -eu if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 + err_msg "Must be run from mbed TLS root" exit 1 fi @@ -31,19 +31,30 @@ CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 -SHORT=0 FORCE=0 +# Default commands, can be overriden by the environment +: ${OPENSSL:="openssl"} +: ${OPENSSL_LEGACY:="$OPENSSL"} +: ${GNUTLS_CLI:="gnutls-cli"} +: ${GNUTLS_SERV:="gnutls-serv"} +: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} +: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} usage() { - echo "Usage: $0" - echo -e " -h|--help\t\tPrint this help." - echo -e " -m|--memory\t\tAdditional optional memory tests." - echo -e " -s|--short\t\tSubset of tests." - echo -e " -f|--force\t\tForce the tests to overwrite any modified files." - echo -e " --out-of-source-dir\t\tDirectory used for CMake out-of-source build tests." + printf "Usage: $0\n" + printf " -h|--help\t\tPrint this help.\n" + printf " -m|--memory\t\tAdditional optional memory tests.\n" + printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" + printf " --out-of-source-dir\t\tDirectory used for CMake out-of-source build tests." + printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" + printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" + printf " --gnutls-cli=\t\tPath to GnuTLS client executable to use for most tests.\n" + printf " --gnutls-serv=\t\tPath to GnuTLS server executable to use for most tests.\n" + printf " --gnutls-legacy-cli=\t\tPath to GnuTLS client executable to use for legacy tests.\n" + printf " --gnutls-legacy-serv=\t\tPath to GnuTLS server executable to use for legacy tests.\n" } # remove built files as well as the cmake cache/config @@ -72,14 +83,26 @@ msg() echo "******************************************************************" } +err_msg() +{ + echo "$1" >&2 +} + +check_tools() +{ + for TOOL in "$@"; do + if ! `hash "$TOOL" >/dev/null 2>&1`; then + err_msg "$TOOL not found!" + exit 1 + fi + done +} + while [ $# -gt 0 ]; do case "$1" in --memory|-m*) MEMORY=${1#-m} ;; - --short|-s) - SHORT=1 - ;; --force|-f) FORCE=1 ;; @@ -87,8 +110,32 @@ while [ $# -gt 0 ]; do shift OUT_OF_SOURCE_DIR="$1" ;; + --openssl) + shift + OPENSSL="$1" + ;; + --openssl-legacy) + shift + OPENSSL_LEGACY="$1" + ;; + --gnutls-cli) + shift + GNUTLS_CLI="$1" + ;; + --gnutls-serv) + shift + GNUTLS_SERV="$1" + ;; + --gnutls-legacy-cli) + shift + GNUTLS_LEGACY_CLI="$1" + ;; + --gnutls-legacy-serv) + shift + GNUTLS_LEGACY_SERV="$1" + ;; --help|-h|*) - usage() + usage exit 1 ;; esac @@ -102,7 +149,7 @@ if [ $FORCE -eq 1 ]; then else if [ -d yotta/module ]; then - echo "Warning - there is an existing yotta module in the directory 'yotta/module'" >&2 + err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'" echo "You can either delete your work and retry, or force the test to overwrite the" echo "test by rerunning the script as: $0 --force" exit 1 @@ -117,13 +164,28 @@ else if ! git diff-files --quiet include/mbedtls/config.h; then echo $? - echo "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " >&2 + err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " echo "You can either delete or preserve your work, or force the test by rerunning the" echo "script as: $0 --force" exit 1 fi fi +msg "info: $0 configuration" +echo "MEMORY: $MEMORY" +echo "FORCE: $FORCE" +echo "OPENSSL: $OPENSSL" +echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" +echo "GNUTLS_CLI: $GNUTLS_CLI" +echo "GNUTLS_SERV: $GNUTLS_SERV" +echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" +echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" + +# Make sure the tools we need are available. +check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ + "arm-none-eabi-gcc" "armcc" + # # Test Suites to be executed # @@ -136,7 +198,9 @@ fi # Indicative running times are given for reference. msg "info: output_env.sh" -scripts/output_env.sh +OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ + GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" scripts/output_env.sh msg "test: recursion.pl" # < 1s tests/scripts/recursion.pl library/*.c @@ -151,11 +215,9 @@ msg "test/build: declared and exported names" # < 3s cleanup tests/scripts/check-names.sh -if which doxygen >/dev/null; then - msg "test: doxygen warnings" # ~ 3s - cleanup - tests/scripts/doxygen.sh -fi +msg "test: doxygen warnings" # ~ 3s +cleanup +tests/scripts/doxygen.sh msg "build: create and build yotta module" # ~ 30s cleanup @@ -175,13 +237,6 @@ tests/ssl-opt.sh msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s tests/scripts/test-ref-configs.pl -# Most frequent issues are likely to be caught at this point -if [ $SHORT -eq 1 ]; then - msg "Done, cleaning up" - cleanup - exit 0 -fi - msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make @@ -199,7 +254,8 @@ msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min -tests/compat.sh -m 'ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2' +tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' +OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh @@ -219,7 +275,7 @@ msg "test: ssl-opt.sh default (full config)" # ~ 1s tests/ssl-opt.sh -f Default msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min -tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' +OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup @@ -311,7 +367,6 @@ cleanup CC=gcc CFLAGS='-Werror -m32' make fi # x86_64 -if which arm-none-eabi-gcc >/dev/null; then msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -328,9 +383,7 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib -fi # arm-gcc -if which armcc >/dev/null && armcc --help >/dev/null 2>&1; then msg "build: armcc, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -351,7 +404,6 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC=armcc AR=armar WARNING_CFLAGS= make lib -fi # armcc if which i686-w64-mingw32-gcc >/dev/null; then msg "build: cross-mingw64, make" # ~ 30s From f07314e787ee984d8ec652a1caed481bf9941044 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 31 Aug 2016 17:33:13 +0100 Subject: [PATCH 068/272] Allow cmake 'out-of-source' builds Allow mbed TLS to be build in a subdirectory. Also add a test in all.sh --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9ef4fb9543a8..27a71f6eac70 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -42,7 +42,7 @@ FORCE=0 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} -usage() +sage() { printf "Usage: $0\n" printf " -h|--help\t\tPrint this help.\n" From f181e25e5b4a75946f22b059d00379484f462fef Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 5 Sep 2016 12:23:34 +0100 Subject: [PATCH 069/272] Remove specific GnuTLS and OpenSSL version requirements --- tests/compat.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index d8f3a3cacc76..aa81242b6733 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -12,10 +12,6 @@ # # Check each common ciphersuite, with each version, both ways (client/server), # with and without client authentication. -# -# Peer version requirements: -# - OpenSSL 1.0.1e 11 Feb 2013 (probably NOT since 1.0.1, tested with 1.0.1e) -# - GnuTLS 3.2.15 (probably works since 3.2.12 but tested only with 3.2.15) set -u From 7a63eaf2deb8c3c4ec1f79aefe891cf9e017eaaa Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 5 Sep 2016 12:24:47 +0100 Subject: [PATCH 070/272] Add version printing for all.sh env vars --- scripts/output_env.sh | 140 ++++++++++++++++++++++++++++++++---------- 1 file changed, 109 insertions(+), 31 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index a77e6fe67a16..ed1791476d45 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -17,91 +17,169 @@ # - version of libc, clang, asan and valgrind if installed # - version of gnuTLS and OpenSSL +COUNT=1 + echo -echo "1) Operating system and architecture:" +echo "$COUNT) Operating system and architecture:" uname -a +COUNT=$((COUNT+1)) echo -if `hash armcc 2>/dev/null`; then - echo "2) armcc:" +if `hash armcc > /dev/null 2>&1`; then + echo "$COUNT) armcc:" armcc --vsn | head -n 2 else - echo "2) armcc not found!" + echo "$COUNT) armcc not found!" fi +COUNT=$((COUNT+1)) echo -if `hash arm-none-eabi-gcc 2>/dev/null`; then - echo "3) gcc-arm:" +if `hash arm-none-eabi-gcc > /dev/null 2>&1`; then + echo "$COUNT) gcc-arm:" arm-none-eabi-gcc --version | head -n 1 else - echo "3) gcc-arm not found!" + echo "$COUNT) gcc-arm not found!" fi +COUNT=$((COUNT+1)) echo -if `hash gcc 2>/dev/null`; then - echo "4) gcc:" +if `hash gcc > /dev/null 2>&1`; then + echo "$COUNT) gcc:" gcc --version | head -n 1 else - echo "4) gcc not found!" + echo "$COUNT) gcc not found!" fi +COUNT=$((COUNT+1)) echo -if `hash clang 2>/dev/null`; then - echo "5) clang:" +if `hash clang > /dev/null 2>&1`; then + echo "$COUNT) clang:" clang --version | head -n 2 clang -v 2>&1 | grep Selected else - echo "5) clang not found!" + echo "$COUNT) clang not found!" fi +COUNT=$((COUNT+1)) echo -if `hash ldd 2>/dev/null`; then - echo "6) libc:" +if `hash ldd > /dev/null 2>&1`; then + echo "$COUNT) libc:" ldd --version | head -n 1 else - echo "6) No ldd present: can't determine libc version!" + echo "$COUNT) No ldd present: can't determine libc version!" fi +COUNT=$((COUNT+1)) echo -if `hash valgrind 2>/dev/null`; then - echo "7) valgrind:" +if `hash valgrind > /dev/null 2>&1`; then + echo "$COUNT) valgrind:" valgrind --version else - echo "7) valgrind not found!" + echo "$COUNT) valgrind not found!" fi +COUNT=$((COUNT+1)) echo -if `hash openssl 2>/dev/null`; then - echo "8) openssl:" +if `hash openssl > /dev/null 2>&1`; then + echo "$COUNT) openssl:" openssl version else - echo "8) openssl not found!" + echo "$COUNT) openssl not found!" +fi +COUNT=$((COUNT+1)) + +if [ -n "${OPENSSL+set}" ]; then + echo + if `hash "$OPENSSL" > /dev/null 2>&1`; then + echo "$COUNT) $OPENSSL at environment variable 'OPENSSL':" + $OPENSSL version + else + echo "$COUNT) $OPENSSL at environment variable 'OPENSSL' not found!" + fi + COUNT=$((COUNT+1)) +fi + +if [ -n "${OPENSSL_LEGACY+set}" ]; then + echo + if `hash "$OPENSSL_LEGACY" > /dev/null 2>&1`; then + echo "$COUNT) $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':" + $OPENSSL_LEGACY version + else + echo "$COUNT) $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!" + fi + COUNT=$((COUNT+1)) fi echo -if `hash gnutls-cli 2>/dev/null`; then - echo "9) gnuTLS client:" +if `hash gnutls-cli > /dev/null 2>&1`; then + echo "$COUNT) gnuTLS client:" gnutls-cli --version | head -n 1 else - echo "9) gnuTLS client not found!" + echo "$COUNT) gnuTLS client not found!" fi +COUNT=$((COUNT+1)) echo -if `hash gnutls-serv 2>/dev/null`; then - echo "10) gnuTLS server:" +if `hash gnutls-serv > /dev/null 2>&1`; then + echo "$COUNT) gnuTLS server:" gnutls-serv --version | head -n 1 else - echo "10) gnuTLS server not found!" + echo "$COUNT) gnuTLS server not found!" +fi +COUNT=$((COUNT+1)) + +if [ -n "${GNUTLS_CLI+set}" ]; then + echo + if `hash "$GNUTLS_CLI" > /dev/null 2>&1`; then + echo "$COUNT) $GNUTLS_CLI at environment variable 'GNUTLS_CLI':" + $GNUTLS_CLI --version | head -n 1 + else + echo "$COUNT) $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!" + fi + COUNT=$((COUNT+1)) +fi + +if [ -n "${GNUTLS_SERV+set}" ]; then + echo + if `hash "$GNUTLS_SERV" > /dev/null 2>&1`; then + echo "$COUNT) $GNUTLS_SERV at environment variable 'GNUTLS_SERV':" + $GNUTLS_SERV --version | head -n 1 + else + echo "$COUNT) $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!" + fi + COUNT=$((COUNT+1)) +fi + +if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then + echo + if `hash "$GNUTLS_LEGACY_CLI" > /dev/null 2>&1`; then + echo "$COUNT) $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':" + $GNUTLS_LEGACY_CLI --version | head -n 1 + else + echo "$COUNT) $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!" + fi + COUNT=$((COUNT+1)) +fi + +if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then + echo + if `hash "$GNUTLS_LEGACY_SERV" > /dev/null 2>&1`; then + echo "$COUNT) $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':" + $GNUTLS_LEGACY_SERV --version | head -n 1 + else + echo "$COUNT) $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!" + fi + COUNT=$((COUNT+1)) fi echo -if `hash dpkg 2>/dev/null`; then - echo "11) asan:" +if `hash dpkg > /dev/null 2>&1`; then + echo "$COUNT) asan:" dpkg -s libasan2 2> /dev/null | grep -i version dpkg -s libasan1 2> /dev/null | grep -i version dpkg -s libasan0 2> /dev/null | grep -i version else - echo "11) No dpkg present: can't determine asan version!" + echo "$COUNT) No dpkg present: can't determine asan version!" fi echo From 41eeccf76bf482a2dfb6ebc4beb384a17b625ccc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 7 Sep 2016 00:07:09 +0100 Subject: [PATCH 071/272] Fix merge of OpenSSL/GNUTLS version options in all.sh --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 27a71f6eac70..f40d52f4d60b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -42,13 +42,13 @@ FORCE=0 : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} -sage() +usage() { printf "Usage: $0\n" printf " -h|--help\t\tPrint this help.\n" printf " -m|--memory\t\tAdditional optional memory tests.\n" printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" - printf " --out-of-source-dir\t\tDirectory used for CMake out-of-source build tests." + printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" printf " --gnutls-cli=\t\tPath to GnuTLS client executable to use for most tests.\n" From 40122e015a4906748a11898fb10444cb51dd2c59 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 9 Sep 2016 15:30:29 +0100 Subject: [PATCH 072/272] Remove list numbering in output_env.sh --- scripts/output_env.sh | 84 +++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 51 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index ed1791476d45..441fe18fbeb8 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -17,169 +17,151 @@ # - version of libc, clang, asan and valgrind if installed # - version of gnuTLS and OpenSSL -COUNT=1 - echo -echo "$COUNT) Operating system and architecture:" +echo "* Operating system and architecture:" uname -a -COUNT=$((COUNT+1)) echo if `hash armcc > /dev/null 2>&1`; then - echo "$COUNT) armcc:" + echo "* armcc:" armcc --vsn | head -n 2 else - echo "$COUNT) armcc not found!" + echo "* armcc not found!" fi -COUNT=$((COUNT+1)) echo if `hash arm-none-eabi-gcc > /dev/null 2>&1`; then - echo "$COUNT) gcc-arm:" + echo "* gcc-arm:" arm-none-eabi-gcc --version | head -n 1 else - echo "$COUNT) gcc-arm not found!" + echo "* gcc-arm not found!" fi -COUNT=$((COUNT+1)) echo if `hash gcc > /dev/null 2>&1`; then - echo "$COUNT) gcc:" + echo "* gcc:" gcc --version | head -n 1 else - echo "$COUNT) gcc not found!" + echo "* gcc not found!" fi -COUNT=$((COUNT+1)) echo if `hash clang > /dev/null 2>&1`; then - echo "$COUNT) clang:" + echo "* clang:" clang --version | head -n 2 clang -v 2>&1 | grep Selected else - echo "$COUNT) clang not found!" + echo "* clang not found!" fi -COUNT=$((COUNT+1)) echo if `hash ldd > /dev/null 2>&1`; then - echo "$COUNT) libc:" + echo "* libc:" ldd --version | head -n 1 else - echo "$COUNT) No ldd present: can't determine libc version!" + echo "* No ldd present: can't determine libc version!" fi -COUNT=$((COUNT+1)) echo if `hash valgrind > /dev/null 2>&1`; then - echo "$COUNT) valgrind:" + echo "* valgrind:" valgrind --version else - echo "$COUNT) valgrind not found!" + echo "* valgrind not found!" fi -COUNT=$((COUNT+1)) echo if `hash openssl > /dev/null 2>&1`; then - echo "$COUNT) openssl:" + echo "* openssl:" openssl version else - echo "$COUNT) openssl not found!" + echo "* openssl not found!" fi -COUNT=$((COUNT+1)) if [ -n "${OPENSSL+set}" ]; then echo if `hash "$OPENSSL" > /dev/null 2>&1`; then - echo "$COUNT) $OPENSSL at environment variable 'OPENSSL':" + echo "* $OPENSSL at environment variable 'OPENSSL':" $OPENSSL version else - echo "$COUNT) $OPENSSL at environment variable 'OPENSSL' not found!" + echo "* $OPENSSL at environment variable 'OPENSSL' not found!" fi - COUNT=$((COUNT+1)) fi if [ -n "${OPENSSL_LEGACY+set}" ]; then echo if `hash "$OPENSSL_LEGACY" > /dev/null 2>&1`; then - echo "$COUNT) $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':" + echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY':" $OPENSSL_LEGACY version else - echo "$COUNT) $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!" + echo "* $OPENSSL_LEGACY at environment variable 'OPENSSL_LEGACY' not found!" fi - COUNT=$((COUNT+1)) fi echo if `hash gnutls-cli > /dev/null 2>&1`; then - echo "$COUNT) gnuTLS client:" + echo "* gnuTLS client:" gnutls-cli --version | head -n 1 else - echo "$COUNT) gnuTLS client not found!" + echo "* gnuTLS client not found!" fi -COUNT=$((COUNT+1)) echo if `hash gnutls-serv > /dev/null 2>&1`; then - echo "$COUNT) gnuTLS server:" + echo "* gnuTLS server:" gnutls-serv --version | head -n 1 else - echo "$COUNT) gnuTLS server not found!" + echo "* gnuTLS server not found!" fi -COUNT=$((COUNT+1)) if [ -n "${GNUTLS_CLI+set}" ]; then echo if `hash "$GNUTLS_CLI" > /dev/null 2>&1`; then - echo "$COUNT) $GNUTLS_CLI at environment variable 'GNUTLS_CLI':" + echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI':" $GNUTLS_CLI --version | head -n 1 else - echo "$COUNT) $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!" + echo "* $GNUTLS_CLI at environment variable 'GNUTLS_CLI' not found!" fi - COUNT=$((COUNT+1)) fi if [ -n "${GNUTLS_SERV+set}" ]; then echo if `hash "$GNUTLS_SERV" > /dev/null 2>&1`; then - echo "$COUNT) $GNUTLS_SERV at environment variable 'GNUTLS_SERV':" + echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV':" $GNUTLS_SERV --version | head -n 1 else - echo "$COUNT) $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!" + echo "* $GNUTLS_SERV at environment variable 'GNUTLS_SERV' not found!" fi - COUNT=$((COUNT+1)) fi if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then echo if `hash "$GNUTLS_LEGACY_CLI" > /dev/null 2>&1`; then - echo "$COUNT) $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':" + echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI':" $GNUTLS_LEGACY_CLI --version | head -n 1 else - echo "$COUNT) $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!" + echo "* $GNUTLS_LEGACY_CLI at environment variable 'GNUTLS_LEGACY_CLI' not found!" fi - COUNT=$((COUNT+1)) fi if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then echo if `hash "$GNUTLS_LEGACY_SERV" > /dev/null 2>&1`; then - echo "$COUNT) $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':" + echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV':" $GNUTLS_LEGACY_SERV --version | head -n 1 else - echo "$COUNT) $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!" + echo "* $GNUTLS_LEGACY_SERV at environment variable 'GNUTLS_LEGACY_SERV' not found!" fi - COUNT=$((COUNT+1)) fi echo if `hash dpkg > /dev/null 2>&1`; then - echo "$COUNT) asan:" + echo "* asan:" dpkg -s libasan2 2> /dev/null | grep -i version dpkg -s libasan1 2> /dev/null | grep -i version dpkg -s libasan0 2> /dev/null | grep -i version else - echo "$COUNT) No dpkg present: can't determine asan version!" + echo "* No dpkg present: can't determine asan version!" fi echo From f9113194aff4a08b6b7a73541993e05b520cd7f6 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 2 Sep 2016 14:06:04 +0100 Subject: [PATCH 073/272] Allow the entry_name size to be set in config.h Allow the size of the entry_name character array in x509_crt.c to be configurable through a macro in config.h. entry_name holds a path/filename string. The macro introduced in MBEDTLS_X509_MAX_FILE_PATH_LEN. --- ChangeLog | 3 +++ include/mbedtls/config.h | 1 + include/mbedtls/x509_crt.h | 4 ++++ library/x509_crt.c | 17 ++++++++++++----- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6d7f1c25fef0..a4f98ceb581e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ Features is functioning correctly. * Added a script to print build environment info for diagnostic use in test scripts, which is also now called by all.sh. + * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to + configure the maximum length of a file path that can be buffered when + calling mbedtls_x509_crt_parse_path(). Bugfix * Fix for platform time abstraction to avoid dependency issues where a build diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 456ec667d926..8d7d63110bdc 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2569,6 +2569,7 @@ /* X509 options */ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ /* \} name SECTION: Customisation configuration options */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 41b6bfe57e31..383e484f71cb 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -120,6 +120,10 @@ mbedtls_x509_crt_profile; #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 +#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN ) +#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 +#endif + /** * Container for writing a certificate (CRT) */ diff --git a/library/x509_crt.c b/library/x509_crt.c index af6c2a4a537c..60e14f90e7bd 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1160,9 +1160,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) FindClose( hFind ); #else /* _WIN32 */ int t_ret; + int snp_ret; struct stat sb; struct dirent *entry; - char entry_name[255]; + char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; DIR *dir = opendir( path ); if( dir == NULL ) @@ -1178,11 +1179,16 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) while( ( entry = readdir( dir ) ) != NULL ) { - mbedtls_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name ); + snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, + "%s/%s", path, entry->d_name ); - if( stat( entry_name, &sb ) == -1 ) + if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) + { + ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + goto cleanup; + } + else if( stat( entry_name, &sb ) == -1 ) { - closedir( dir ); ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; goto cleanup; } @@ -1198,9 +1204,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) else ret += t_ret; } - closedir( dir ); cleanup: + closedir( dir ); + #if defined(MBEDTLS_THREADING_PTHREAD) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; From c49b808ae490f03d665df5faae457f613aa31aaf Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 31 Aug 2016 16:10:45 +0100 Subject: [PATCH 074/272] Add missing dependency to check in Makefile The main makefile check target does not depend on tests. When running make with the -j option it could happen that the tests are build twice and concurrently, which causes errors. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d2fa6b81fc45..d475868a710e 100644 --- a/Makefile +++ b/Makefile @@ -77,7 +77,7 @@ ifndef WINDOWS find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + endif -check: lib +check: lib tests $(MAKE) -C tests check test: check From 4bdbe09f900376ef024a48b2de7f068b171b1155 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 19 Sep 2016 16:58:45 +0100 Subject: [PATCH 075/272] Fix sig->tag update in mbedtls_x509_get_sig() --- ChangeLog | 3 +++ library/x509.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a4f98ceb581e..e74640dc7fca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ Bugfix enabled unless others were also present. Found by David Fernandez. #428 * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on a contribution from Tobias Tangemann. #541 + * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf + data structure until after error checks are successful. Found by + subramanyam-c. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/x509.c b/library/x509.c index bc3bfe018f51..6df5dc89f0e9 100644 --- a/library/x509.c +++ b/library/x509.c @@ -559,16 +559,18 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x { int ret; size_t len; + int tag_type; if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - sig->tag = **p; + tag_type = **p; if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret ); + sig->tag = tag_type; sig->len = len; sig->p = *p; From f2b92bb25ba3e3fbf27f930dc2d4a8de3cb5d6c3 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 11 Aug 2016 10:45:14 +0100 Subject: [PATCH 076/272] Actually apply debug_level settings in cert_app --- programs/x509/cert_app.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 3f50a7a1481b..c6434fe1f30e 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -57,6 +57,7 @@ int main( void ) #include "mbedtls/net.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" +#include "mbedtls/debug.h" #include #include @@ -380,6 +381,10 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold( opt.debug_level ); +#endif + /* * 2. Start the connection */ From 5e8c62f53d0632febbd208f9eb17adc287123ebb Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 11 Aug 2016 10:45:33 +0100 Subject: [PATCH 077/272] Do not add empty cert / key in cert_app --- programs/x509/cert_app.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c6434fe1f30e..73e853e978a0 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -153,9 +153,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; mbedtls_x509_crl cacrl; - mbedtls_pk_context pkey; int i, j; uint32_t flags; int verify = 0; @@ -170,7 +168,6 @@ int main( int argc, char *argv[] ) mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); - mbedtls_x509_crt_init( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init( &cacrl ); #else @@ -178,7 +175,6 @@ int main( int argc, char *argv[] ) it to the verify function */ memset( &cacrl, 0, sizeof(mbedtls_x509_crl) ); #endif - mbedtls_pk_init( &pkey ); if( argc == 0 ) { @@ -423,12 +419,6 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); - if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); - goto ssl_exit; - } - if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); @@ -484,11 +474,9 @@ int main( int argc, char *argv[] ) mbedtls_net_free( &server_fd ); mbedtls_x509_crt_free( &cacert ); - mbedtls_x509_crt_free( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_free( &cacrl ); #endif - mbedtls_pk_free( &pkey ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); From d43fb9598a7ffd662b17bfa06d67fb796cf25249 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 26 Sep 2016 20:48:56 +0100 Subject: [PATCH 078/272] Update for ChangeLog for fixes for cert_app --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index a4f98ceb581e..4b66c758c15e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Bugfix enabled unless others were also present. Found by David Fernandez. #428 * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on a contribution from Tobias Tangemann. #541 + * Fixed cert_app sample program for debug output and for use when no root + certificates are provided. Changes * Extended test coverage of special cases, and added new timing test suite. From 788aa4a81214fa1d13b723e63a1e5b728b614771 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 14 Sep 2016 14:32:09 +0100 Subject: [PATCH 079/272] Rename net.{c,h} to net_sockets.{c,h} The library/net.c and its corresponding include/mbedtls/net.h file are renamed to library/net_sockets.c and include/mbedtls/net_sockets.h respectively. This is to avoid naming collisions in projects which also have files with the common name 'net'. --- ChangeLog | 4 + include/mbedtls/config.h | 2 +- include/mbedtls/net.h | 212 ++-------------------------- include/mbedtls/net_sockets.h | 225 ++++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 7 +- library/CMakeLists.txt | 2 +- library/Makefile | 7 +- library/error.c | 2 +- library/{net.c => net_sockets.c} | 2 +- programs/pkey/dh_client.c | 2 +- programs/pkey/dh_server.c | 2 +- programs/ssl/dtls_client.c | 2 +- programs/ssl/dtls_server.c | 2 +- programs/ssl/mini_client.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_fork_server.c | 2 +- programs/ssl/ssl_mail_client.c | 2 +- programs/ssl/ssl_pthread_server.c | 2 +- programs/ssl/ssl_server.c | 2 +- programs/ssl/ssl_server2.c | 2 +- programs/test/udp_proxy.c | 2 +- programs/x509/cert_app.c | 2 +- scripts/footprint.sh | 2 +- scripts/generate_errors.pl | 3 + tests/scripts/all.sh | 2 +- visualc/VS2010/mbedTLS.vcxproj | 4 +- yotta/data/README.md | 2 +- 28 files changed, 272 insertions(+), 232 deletions(-) create mode 100644 include/mbedtls/net_sockets.h rename library/{net.c => net_sockets.c} (99%) diff --git a/ChangeLog b/ChangeLog index 4b66c758c15e..ca3dd1a79d9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,10 @@ Changes through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. * Added optimization for code space for X.509/OID based on configured features. (contributed by Aviv Palivoda) + * Renamed source file library/net.c to library/net_sockets.c to avoid + naming collision in projects which also have files with the common name + net.c. For consistency, the corresponding header file, net.h, is marked as + deprecated, and its contents moved to net_sockets.h. = mbed TLS 2.3.0 branch released 2016-06-28 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8d7d63110bdc..8a892d74c467 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1960,7 +1960,7 @@ * environment: * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * - * Module: library/net.c + * Module: library/net_sockets.c * * This module provides networking routines. */ diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h index 8c6534cfb8d3..774559b3cf6e 100644 --- a/include/mbedtls/net.h +++ b/include/mbedtls/net.h @@ -1,9 +1,9 @@ /** * \file net.h * - * \brief Network communication functions + * \brief Deprecated header file that includes mbedtls/net_sockets.h * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,207 +19,13 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_NET_H -#define MBEDTLS_NET_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include "ssl.h" - -#include -#include - -#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ -#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ -#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ -#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ -#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ -#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ -#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ -#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ -#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ - -#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ - -#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ -#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Wrapper type for sockets. - * - * Currently backed by just a file descriptor, but might be more in the future - * (eg two file descriptors for combined IPv4 + IPv6 support, or additional - * structures for hand-made UDP demultiplexing). - */ -typedef struct -{ - int fd; /**< The underlying file descriptor */ -} -mbedtls_net_context; - -/** - * \brief Initialize a context - * Just makes the context ready to be used or freed safely. - * - * \param ctx Context to initialize - */ -void mbedtls_net_init( mbedtls_net_context *ctx ); - -/** - * \brief Initiate a connection with host:port in the given protocol - * - * \param ctx Socket to use - * \param host Host to connect to - * \param port Port to connect to - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_CONNECT_FAILED - * - * \note Sets the socket in connected mode even with UDP. - */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); - -/** - * \brief Create a receiving socket on bind_ip:port in the chosen - * protocol. If bind_ip == NULL, all interfaces are bound. - * - * \param ctx Socket to use - * \param bind_ip IP to bind to, can be NULL - * \param port Port number to use - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_LISTEN_FAILED * - * \note Regardless of the protocol, opens the sockets and binds it. - * In addition, make the socket listening if protocol is TCP. + * \deprecated Superseded by mbedtls/net_sockets.h */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); - -/** - * \brief Accept a connection from a remote client - * - * \param bind_ctx Relevant socket - * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address - * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written - * - * \return 0 if successful, or - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to - * non-blocking and accept() would block. - */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ); - -/** - * \brief Set the socket blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ); - -/** - * \brief Set the socket non-blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); - -/** - * \brief Portable usleep helper - * - * \param usec Amount of microseconds to sleep - * - * \note Real amount of time slept will not be less than - * select()'s timeout granularity (typically, 10ms). - */ -void mbedtls_net_usleep( unsigned long usec ); - -/** - * \brief Read at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * - * \return the number of bytes received, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. - */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); - -/** - * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to read from - * \param len The length of the buffer - * - * \return the number of bytes sent, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. - */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); - -/** - * \brief Read at most 'len' characters, blocking for at most - * 'timeout' seconds. If no error occurs, the actual amount - * read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (wait forever) - * - * \return the number of bytes received, - * or a non-zero error code: - * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note This function will block (until data becomes available or - * timeout is reached) even if the socket is set to - * non-blocking. Handling timeouts with non-blocking reads - * requires a different strategy. - */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ); - -/** - * \brief Gracefully shutdown the connection and free associated data - * - * \param ctx The context to free - */ -void mbedtls_net_free( mbedtls_net_context *ctx ); - -#ifdef __cplusplus -} -#endif -#endif /* net.h */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#include "mbedtls/net_sockets.h" +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h" +#endif /* MBEDTLS_DEPRECATED_WARNING */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h new file mode 100644 index 000000000000..de335526fe9b --- /dev/null +++ b/include/mbedtls/net_sockets.h @@ -0,0 +1,225 @@ +/** + * \file net_sockets.h + * + * \brief Network communication functions + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_NET_SOCKETS_H +#define MBEDTLS_NET_SOCKETS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "ssl.h" + +#include +#include + +#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ +#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ +#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ +#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ +#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ +#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ +#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ +#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ +#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ +#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ + +#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ + +#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ +#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Wrapper type for sockets. + * + * Currently backed by just a file descriptor, but might be more in the future + * (eg two file descriptors for combined IPv4 + IPv6 support, or additional + * structures for hand-made UDP demultiplexing). + */ +typedef struct +{ + int fd; /**< The underlying file descriptor */ +} +mbedtls_net_context; + +/** + * \brief Initialize a context + * Just makes the context ready to be used or freed safely. + * + * \param ctx Context to initialize + */ +void mbedtls_net_init( mbedtls_net_context *ctx ); + +/** + * \brief Initiate a connection with host:port in the given protocol + * + * \param ctx Socket to use + * \param host Host to connect to + * \param port Port to connect to + * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP + * + * \return 0 if successful, or one of: + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_UNKNOWN_HOST, + * MBEDTLS_ERR_NET_CONNECT_FAILED + * + * \note Sets the socket in connected mode even with UDP. + */ +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); + +/** + * \brief Create a receiving socket on bind_ip:port in the chosen + * protocol. If bind_ip == NULL, all interfaces are bound. + * + * \param ctx Socket to use + * \param bind_ip IP to bind to, can be NULL + * \param port Port number to use + * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP + * + * \return 0 if successful, or one of: + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_BIND_FAILED, + * MBEDTLS_ERR_NET_LISTEN_FAILED + * + * \note Regardless of the protocol, opens the sockets and binds it. + * In addition, make the socket listening if protocol is TCP. + */ +int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); + +/** + * \brief Accept a connection from a remote client + * + * \param bind_ctx Relevant socket + * \param client_ctx Will contain the connected client socket + * \param client_ip Will contain the client IP address + * \param buf_size Size of the client_ip buffer + * \param ip_len Will receive the size of the client IP written + * + * \return 0 if successful, or + * MBEDTLS_ERR_NET_ACCEPT_FAILED, or + * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, + * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to + * non-blocking and accept() would block. + */ +int mbedtls_net_accept( mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len ); + +/** + * \brief Set the socket blocking + * + * \param ctx Socket to set + * + * \return 0 if successful, or a non-zero error code + */ +int mbedtls_net_set_block( mbedtls_net_context *ctx ); + +/** + * \brief Set the socket non-blocking + * + * \param ctx Socket to set + * + * \return 0 if successful, or a non-zero error code + */ +int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); + +/** + * \brief Portable usleep helper + * + * \param usec Amount of microseconds to sleep + * + * \note Real amount of time slept will not be less than + * select()'s timeout granularity (typically, 10ms). + */ +void mbedtls_net_usleep( unsigned long usec ); + +/** + * \brief Read at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer + * + * \return the number of bytes received, + * or a non-zero error code; with a non-blocking socket, + * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. + */ +int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); + +/** + * \brief Write at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to read from + * \param len The length of the buffer + * + * \return the number of bytes sent, + * or a non-zero error code; with a non-blocking socket, + * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. + */ +int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); + +/** + * \brief Read at most 'len' characters, blocking for at most + * 'timeout' seconds. If no error occurs, the actual amount + * read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer + * \param timeout Maximum number of milliseconds to wait for data + * 0 means no timeout (wait forever) + * + * \return the number of bytes received, + * or a non-zero error code: + * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note This function will block (until data becomes available or + * timeout is reached) even if the socket is set to + * non-blocking. Handling timeouts with non-blocking reads + * requires a different strategy. + */ +int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, + uint32_t timeout ); + +/** + * \brief Gracefully shutdown the connection and free associated data + * + * \param ctx The context to free + */ +void mbedtls_net_free( mbedtls_net_context *ctx ); + +#ifdef __cplusplus +} +#endif + +#endif /* net_sockets.h */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c0bfd3e0773d..1c0513da7f6e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1105,9 +1105,10 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for * the conventions those callbacks must follow. * - * \note On some platforms, net.c provides \c mbedtls_net_send(), - * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout() - * that are suitable to be used here. + * \note On some platforms, net_sockets.c provides + * \c mbedtls_net_send(), \c mbedtls_net_recv() and + * \c mbedtls_net_recv_timeout() that are suitable to be used + * here. */ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6aeb38525fba..98fe8c9c54d4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -71,7 +71,7 @@ set(src_x509 set(src_tls debug.c - net.c + net_sockets.c ssl_cache.c ssl_ciphersuites.c ssl_cli.c diff --git a/library/Makefile b/library/Makefile index 00528b3c860e..4b296282b7c9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -68,9 +68,10 @@ OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ x509_csr.o x509write_crt.o x509write_csr.o -OBJS_TLS= debug.o net.o ssl_cache.o \ - ssl_ciphersuites.o ssl_cli.o \ - ssl_cookie.o ssl_srv.o ssl_ticket.o \ +OBJS_TLS= debug.o net_sockets.o \ + ssl_cache.o ssl_ciphersuites.o \ + ssl_cli.o ssl_cookie.o \ + ssl_srv.o ssl_ticket.o \ ssl_tls.o .SILENT: diff --git a/library/error.c b/library/error.c index 4bd15bfee483..71d4faa7080f 100644 --- a/library/error.c +++ b/library/error.c @@ -102,7 +102,7 @@ #endif #if defined(MBEDTLS_NET_C) -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #endif #if defined(MBEDTLS_OID_C) diff --git a/library/net.c b/library/net_sockets.c similarity index 99% rename from library/net.c rename to library/net_sockets.c index 8b96321bc648..cc06cbfad391 100644 --- a/library/net.c +++ b/library/net_sockets.c @@ -38,7 +38,7 @@ #include #endif -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 8ebf34a77b03..48b97cee9f7e 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -37,7 +37,7 @@ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 7eef845dfb99..173a29d35532 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -37,7 +37,7 @@ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index b37eb838cdc0..442a3fb7c13d 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -51,7 +51,7 @@ int main( void ) #include -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 1d6eb3bea06e..9d0dda4d1a4e 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -67,7 +67,7 @@ int main( void ) #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/timing.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 1d787313e1eb..290455e9ae3f 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -68,7 +68,7 @@ int main( void ) #include -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 3516e15c9f32..591f737ae1b9 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -52,7 +52,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 78f9e00f50f3..a1d71e1b3d24 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -49,7 +49,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 363f38f73d13..7624896a34f1 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -66,7 +66,7 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/timing.h" #include diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index c807eb569b9b..4a22771d759f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -54,7 +54,7 @@ int main( void ) #include "mbedtls/base64.h" #include "mbedtls/error.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index c4b02ac54ca6..9a05ad8fd312 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -66,7 +66,7 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index c7f5267958dc..fd54f1726a70 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -65,7 +65,7 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6d4e9165bd21..18bda599faec 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -50,7 +50,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index b698c78f0cc9..20624d227fac 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -50,7 +50,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/ssl.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 73e853e978a0..c893ca8de16c 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -54,7 +54,7 @@ int main( void ) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" #include "mbedtls/debug.h" diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 9d3c6294f47f..d38e50af2728 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -85,7 +85,7 @@ doit() echo "(generated by $0)" > "$OUTFILE" echo "" >> "$OUTFILE" -log "Footprint of standard configurations (minus net.c, timing.c, fs_io)" +log "Footprint of standard configurations (minus net_sockets.c, timing.c, fs_io)" log "for bare-metal ARM Cortex-M3/M4 microcontrollers." VERSION_H="include/mbedtls/version.h" diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 9605d68026f2..cfcf07c8f3cf 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -90,6 +90,9 @@ $include_name =~ tr/A-Z/a-z/; $include_name = "" if ($include_name eq "asn1"); + # Fix faulty ones + $include_name = "net_sockets" if ($module_name eq "NET"); + my $found_ll = grep $_ eq $module_name, @low_level_modules; my $found_hl = grep $_ eq $module_name, @high_level_modules; if (!$found_ll && !$found_hl) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f40d52f4d60b..afbcaffc5921 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -332,7 +332,7 @@ scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C CC=gcc CFLAGS='-Werror -O0' make -msg "build: full config except net.c, make, gcc -std=c99 -pedantic" # ~ 30s +msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 04b7377bbb9d..a92e581e0516 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -179,7 +179,7 @@ - + @@ -244,7 +244,7 @@ - + diff --git a/yotta/data/README.md b/yotta/data/README.md index 7ec7cef4c704..b748aac32bbb 100644 --- a/yotta/data/README.md +++ b/yotta/data/README.md @@ -72,7 +72,7 @@ While the two editions share the same code base, there are still a number of dif * The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS. -* The following components of mbed TLS are disabled in the mbed OS edition: `net.c` and `timing.c`. This is because mbed OS includes their equivalents. +* The following components of mbed TLS are disabled in the mbed OS edition: `net_sockets.c` and `timing.c`. This is because mbed OS include their equivalents. * The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above. From f84f8926a70cb3f7fd78e68c5f6b7e9569a49ab3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 19 Sep 2016 15:33:30 +0100 Subject: [PATCH 080/272] Add new config.h that does not need entropy source --- ChangeLog | 2 + configs/config-no-entropy.h | 84 +++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 configs/config-no-entropy.h diff --git a/ChangeLog b/ChangeLog index ca3dd1a79d9b..2725f383e02e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ Features * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to configure the maximum length of a file path that can be buffered when calling mbedtls_x509_crt_parse_path(). + * Added a configuration file config-no-entropy.h that enables a subset of + library features that do not require an entropy source. Bugfix * Fix for platform time abstraction to avoid dependency issues where a build diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h new file mode 100644 index 000000000000..91e4a026465f --- /dev/null +++ b/configs/config-no-entropy.h @@ -0,0 +1,84 @@ +/** + * Minimal configuration of features that do not require an entropy source + * + * Copyright (C) 2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +/* + * Minimal configuration of features that do not require an entropy source + * Distinguishing reatures: + * - no entropy module + * - no TLS protocol implementation available due missing entropy source + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_PK_RSA_ALT_SUPPORT +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_SELF_TEST +#define MBEDTLS_VERSION_FEATURES +#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BASE64_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ERROR_C +#define MBEDTLS_GCM_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#define MBEDTLS_OID_C +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA512_C +#define MBEDTLS_VERSION_C +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_CRL_PARSE_C + +#include "check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ From 7abc974ec40b43001f6d8bc69859d41ec834c05a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 23 Sep 2016 17:58:49 +0100 Subject: [PATCH 081/272] Add config macro for min bytes hw entropy --- ChangeLog | 3 +++ configs/config-no-entropy.h | 3 ++- include/mbedtls/config.h | 1 + include/mbedtls/entropy_poll.h | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2725f383e02e..60383a97b522 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ Features calling mbedtls_x509_crt_parse_path(). * Added a configuration file config-no-entropy.h that enables a subset of library features that do not require an entropy source. + * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users + to configure the minimum number of bytes for entropy sources using the + mbedtls_hardware_poll() function. Bugfix * Fix for platform time abstraction to avoid dependency issues where a build diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 91e4a026465f..95f17d456bf2 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -22,7 +22,8 @@ * Minimal configuration of features that do not require an entropy source * Distinguishing reatures: * - no entropy module - * - no TLS protocol implementation available due missing entropy source + * - no TLS protocol implementation available due to absence of an entropy + * source * * See README.txt for usage instructions. */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8a892d74c467..a58519bd5609 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2509,6 +2509,7 @@ /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ /* Memory buffer allocator options */ //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index 430e8651c77f..81258d5f396b 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -41,7 +41,9 @@ extern "C" { #define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ #define MBEDTLS_ENTROPY_MIN_HAVEGE 32 /**< Minimum for HAVEGE */ #define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */ +#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE) #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ +#endif /** * \brief Entropy poll callback that provides 0 entropy. From b2fdd04f6aa79b3111d2e1bda871791e0c4c0003 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 22 Sep 2016 14:17:46 +0100 Subject: [PATCH 082/272] Fix scripts to support multiple openssl and gnutls --- tests/scripts/all.sh | 6 ++++ tests/scripts/basic-build-test.sh | 37 ++++++++++++++++++--- tests/scripts/yotta-build.sh | 55 +++++++++++++++++++++---------- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index afbcaffc5921..ee0df0cc45f4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -181,6 +181,12 @@ echo "GNUTLS_SERV: $GNUTLS_SERV" echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" +# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh +# we just export the variables they require +export OPENSSL_CMD="$OPENSSL" +export GNUTLS_CLI="$GNUTLS_CLI" +export GNUTLS_SERV="$GNUTLS_SERV" + # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index e8b616492824..b4058718a22d 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,11 +36,30 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi +: ${OPENSSL:="openssl"} +: ${OPENSSL_LEGACY:="$OPENSSL"} +: ${GNUTLS_CLI:="gnutls-cli"} +: ${GNUTLS_SERV:="gnutls-serv"} +: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} +: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} + +# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh +# we just export the variables they require +export OPENSSL_CMD="$OPENSSL" +export GNUTLS_CLI="$GNUTLS_CLI" +export GNUTLS_SERV="$GNUTLS_SERV" + CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" # Step 0 - print build environment info -scripts/output_env.sh +OPENSSL="$OPENSSL" \ + OPENSSL_LEGACY="$OPENSSL_LEGACY" \ + GNUTLS_CLI="$GNUTLS_CLI" \ + GNUTLS_SERV="$GNUTLS_SERV" \ + GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \ + scripts/output_env.sh echo # Step 1 - Make and instrumented build for code coverage @@ -65,7 +84,15 @@ sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT echo # Step 2c - Compatibility tests -sh compat.sh |tee compat-test-$TEST_OUTPUT +sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ + tee compat-test-$TEST_OUTPUT +OPENSSL_CMD="$OPENSSL_LEGACY" \ + sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT +OPENSSL_CMD="$OPENSSL_LEGACY" \ + GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ + sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + tee -a compat-test-$TEST_OUTPUT echo # Step 3 - Process the coverage report @@ -128,9 +155,9 @@ TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) # Step 4c - System Compatibility tests echo "System/Compatibility tests - tests/compat.sh" -PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') -SKIPPED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') -EXED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p') +PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') +SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') +EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS)) echo "Passed : $PASSED_TESTS" diff --git a/tests/scripts/yotta-build.sh b/tests/scripts/yotta-build.sh index 19cc576648c2..4bae34aa3409 100755 --- a/tests/scripts/yotta-build.sh +++ b/tests/scripts/yotta-build.sh @@ -1,12 +1,26 @@ #!/bin/sh -# Do test builds of the yotta module for all supported targets +# yotta-build.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# To run test builds of the yotta module for all supported targets. set -eu -yotta/create-module.sh -cd yotta/module -yt update || true # needs network +check_tools() +{ + for TOOL in "$@"; do + if ! `hash "$TOOL" >/dev/null 2>&1`; then + echo "$TOOL not found!" >&2 + exit 1 + fi + done +} yotta_build() { @@ -19,22 +33,29 @@ yotta_build() yt -t $TARGET build -d } +# Make sure the tools we need are available. +check_tools "arm-none-eabi-gcc" "armcc" "yotta" + +yotta/create-module.sh +cd yotta/module +yt update || true # needs network + if uname -a | grep 'Linux.*x86' >/dev/null; then yotta_build x86-linux-native fi if uname -a | grep 'Darwin.*x86' >/dev/null; then yotta_build x86-osx-native fi -if which armcc >/dev/null && armcc --help >/dev/null 2>&1; then - yotta_build frdm-k64f-armcc - #yotta_build nordic-nrf51822-16k-armcc -fi -if which arm-none-eabi-gcc >/dev/null; then - yotta_build frdm-k64f-gcc - #yotta_build st-nucleo-f401re-gcc # dirent - #yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 - #yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform - #yotta_build bbc-microbit-classic-gcc # fails in minar-platform - #yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4 - #yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 -fi + +# armcc build tests. +yotta_build frdm-k64f-armcc +#yotta_build nordic-nrf51822-16k-armcc + +# arm-none-eabi-gcc build tests. +yotta_build frdm-k64f-gcc +#yotta_build st-nucleo-f401re-gcc # dirent +#yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 +#yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform +#yotta_build bbc-microbit-classic-gcc # fails in minar-platform +#yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4 +#yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 From 93012e8bce9788244238ab8f93b2544d1d030b89 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 9 Sep 2016 09:10:28 +0100 Subject: [PATCH 083/272] Set selftest verbose flag to boost coverage --- tests/suites/test_suite_aes.function | 2 +- tests/suites/test_suite_arc4.function | 2 +- tests/suites/test_suite_base64.function | 2 +- tests/suites/test_suite_camellia.function | 2 +- tests/suites/test_suite_ccm.function | 2 +- tests/suites/test_suite_ctr_drbg.function | 2 +- tests/suites/test_suite_des.function | 2 +- tests/suites/test_suite_dhm.function | 2 +- tests/suites/test_suite_ecjpake.function | 2 +- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_entropy.function | 2 +- tests/suites/test_suite_gcm.function | 2 +- tests/suites/test_suite_hmac_drbg.function | 2 +- tests/suites/test_suite_mdx.function | 8 ++++---- tests/suites/test_suite_memory_buffer_alloc.function | 2 +- tests/suites/test_suite_mpi.function | 2 +- tests/suites/test_suite_pkcs5.function | 2 +- tests/suites/test_suite_rsa.function | 2 +- tests/suites/test_suite_shax.function | 6 +++--- tests/suites/test_suite_timing.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_xtea.function | 2 +- 22 files changed, 27 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 97bf51b88a03..c5f0eaac9776 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -292,6 +292,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void aes_selftest() { - TEST_ASSERT( mbedtls_aes_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 3da7d8830bb1..a4b401b62b48 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -41,6 +41,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void arc4_selftest() { - TEST_ASSERT( mbedtls_arc4_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index ab6d88ca7433..77fa7fdedf3a 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -119,6 +119,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void base64_selftest() { - TEST_ASSERT( mbedtls_base64_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_base64_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 8c69a96ee5f5..9df6482a8db3 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -224,6 +224,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void camellia_selftest() { - TEST_ASSERT( mbedtls_camellia_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_camellia_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 13371eb9ee34..2f5c77c2c77b 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -10,7 +10,7 @@ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void mbedtls_ccm_self_test( ) { - TEST_ASSERT( mbedtls_ccm_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 3c7873b3182a..3acfb8baed24 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -216,6 +216,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ctr_drbg_selftest( ) { - TEST_ASSERT( mbedtls_ctr_drbg_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index aecd419e5439..2e73a77681c6 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -362,6 +362,6 @@ void des_key_parity_run() /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void des_selftest() { - TEST_ASSERT( mbedtls_des_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_des_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 002c20bf4f4f..b9b8e1956be0 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -123,6 +123,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void dhm_selftest() { - TEST_ASSERT( mbedtls_dhm_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 8d867b73646f..11cf8dc94312 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -101,7 +101,7 @@ cleanup: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ecjpake_selftest() { - TEST_ASSERT( mbedtls_ecjpake_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ecjpake_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index eee648693c87..afe61ec61763 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -507,6 +507,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ecp_selftest() { - TEST_ASSERT( mbedtls_ecp_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 5b97cad3dee0..97a21bc18b7d 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -380,6 +380,6 @@ void entropy_nv_seed( char *read_seed_str ) /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void entropy_selftest( int result ) { - TEST_ASSERT( mbedtls_entropy_self_test( 0 ) == result ); + TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result ); } /* END_CASE */ diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 9d841dc12aee..56c7e1899a52 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -119,6 +119,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void gcm_selftest() { - TEST_ASSERT( mbedtls_gcm_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index 3cc96421ea0c..52094700b502 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -314,6 +314,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void hmac_drbg_selftest( ) { - TEST_ASSERT( mbedtls_hmac_drbg_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_hmac_drbg_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 3d233638bf5f..9d0ee471f855 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -88,27 +88,27 @@ void ripemd160_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */ void md2_selftest() { - TEST_ASSERT( mbedtls_md2_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */ void md4_selftest() { - TEST_ASSERT( mbedtls_md4_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */ void md5_selftest() { - TEST_ASSERT( mbedtls_md5_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_md5_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_SELF_TEST */ void ripemd160_selftest() { - TEST_ASSERT( mbedtls_ripemd160_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ripemd160_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index 04dd68bec4e7..a0c70d8a2032 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -25,7 +25,7 @@ static int check_pointer( void *p ) /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mbedtls_memory_buffer_alloc_self_test( ) { - TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index e5d0850f194d..b94c8898010e 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -877,6 +877,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mpi_selftest() { - TEST_ASSERT( mbedtls_mpi_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index b1f796e0992f..8fabec085c46 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -82,6 +82,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void pkcs5_selftest( ) { - TEST_ASSERT( mbedtls_pkcs5_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_pkcs5_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 59cbb5c97f7b..8837e3a837cb 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -690,6 +690,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { - TEST_ASSERT( mbedtls_rsa_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index ec326fcc974d..6b3ee9c54c5d 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -112,20 +112,20 @@ void mbedtls_sha512(char *hex_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_SELF_TEST */ void sha1_selftest() { - TEST_ASSERT( mbedtls_sha1_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha1_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */ void sha256_selftest() { - TEST_ASSERT( mbedtls_sha256_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */ void sha512_selftest() { - TEST_ASSERT( mbedtls_sha512_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 74f711c7d845..5882f85d7482 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -10,6 +10,6 @@ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void timing_selftest() { - TEST_ASSERT( mbedtls_timing_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_timing_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c476ec50788c..2affab79b5d6 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -623,6 +623,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */ void x509_selftest() { - TEST_ASSERT( mbedtls_x509_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index e294a9bd2610..cbc714a12fe6 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -124,6 +124,6 @@ void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string, /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void xtea_selftest() { - TEST_ASSERT( mbedtls_xtea_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 ); } /* END_CASE */ From 5a87c9375da05c8fefa1e503acdf4dafead1ccaa Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 14:53:05 +0100 Subject: [PATCH 084/272] Fix overread when verifying SERVER_HELLO in DTLS --- ChangeLog | 2 ++ library/ssl_cli.c | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index 60383a97b522..ca6f928afa0d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fix potential byte overread when verifying malformed SERVER_HELLO in + ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 29a39435848e..39fcd6cb1e57 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1355,6 +1355,15 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) cookie_len = *p++; MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); + if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "cookie length does not match incoming message size" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + mbedtls_free( ssl->handshake->verify_cookie ); ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); From 4b76aecaf3be81bd5f1c8929f7fa3ec45734cda7 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 23 Sep 2016 13:16:02 +0100 Subject: [PATCH 085/272] Add check for validity of date in x509_get_time() --- ChangeLog | 2 ++ library/x509.c | 32 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 36 ++++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 34 ++++++++++++++++++++ 4 files changed, 104 insertions(+) diff --git a/ChangeLog b/ChangeLog index 60383a97b522..a63957c40a71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fix check for validity of date when parsing in mbedtls_x509_get_time(). + Found by subramanyam-c. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/x509.c b/library/x509.c index bc3bfe018f51..a79562bac4ee 100644 --- a/library/x509.c +++ b/library/x509.c @@ -80,6 +80,7 @@ #endif #define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); } +#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); } /* * CertificateSerialNumber ::= INTEGER @@ -489,6 +490,33 @@ static int x509_parse_int(unsigned char **p, unsigned n, int *res){ return 0; } +static int x509_date_is_valid(const mbedtls_x509_time *time) +{ + int ret = MBEDTLS_ERR_X509_INVALID_DATE; + + CHECK_RANGE( 0, 9999, time->year ); + CHECK_RANGE( 0, 23, time->hour ); + CHECK_RANGE( 0, 59, time->min ); + CHECK_RANGE( 0, 59, time->sec ); + + switch( time->mon ) + { + case 1: case 3: case 5: case 7: case 8: case 10: case 12: + CHECK_RANGE( 1, 31, time->day ); + break; + case 4: case 6: case 9: case 11: + CHECK_RANGE( 1, 30, time->day ); + break; + case 2: + CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day ); + break; + default: + return( ret ); + } + + return( 0 ); +} + /* * Time ::= CHOICE { * utcTime UTCTime, @@ -528,6 +556,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, time->year += 100 * ( time->year < 50 ); time->year += 1900; + CHECK( x509_date_is_valid( time ) ); + return( 0 ); } else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) @@ -548,6 +578,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, if( len > 14 && *(*p)++ != 'Z' ) return( MBEDTLS_ERR_X509_INVALID_DATE ); + CHECK( x509_date_is_valid( time ) ); + return( 0 ); } else diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 17711dca11ce..c8298231abf3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1526,3 +1526,39 @@ x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DA X509 File parse (trailing spaces, OK) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_trailing_space.crt":0 + +X509 Get time (UTC no issues) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 + +X509 Get time (Generalized Time no issues) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59 + +X509 Get time (UTC year without leap day) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"490229121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC year with leap day) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12 + +X509 Get time (UTC invalid day of month #1) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000132121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid day of month #2) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001131121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid hour) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130241212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid min) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid sec) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 2affab79b5d6..be85869e7b66 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1,4 +1,5 @@ /* BEGIN_HEADER */ +#include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "mbedtls/x509_csr.h" @@ -590,6 +591,39 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ +void x509_get_time( int tag, char *time_str, int ret, + int year, int mon, int day, + int hour, int min, int sec ) +{ + mbedtls_x509_time time; + unsigned char buf[17]; + unsigned char* start = buf; + unsigned char* end = buf; + + memset( &time, 0x00, sizeof( time ) ); + *end = (unsigned char)tag; end++; + if( tag == MBEDTLS_ASN1_UTC_TIME ) + *end = 13; + else + *end = 15; + end++; + memcpy( end, time_str, (size_t)*(end - 1) ); + end += *(end - 1); + + TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret ); + if( ret == 0 ) + { + TEST_ASSERT( year == time.year ); + TEST_ASSERT( mon == time.mon ); + TEST_ASSERT( day == time.day ); + TEST_ASSERT( hour == time.hour ); + TEST_ASSERT( min == time.min ); + TEST_ASSERT( sec == time.sec ); + } +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ void x509_parse_rsassa_pss_params( char *hex_params, int params_tag, int ref_msg_md, int ref_mgf_md, From 5437a75b155f57a30920c4ba75f4d90d460a9902 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 26 Sep 2016 09:15:44 +0100 Subject: [PATCH 086/272] Add safety check to sample mutex implementation Due to inconsistent freeing strategy in pkparse.c the sample mutex implementation in threading.c could lead to undefined behaviour by destroying the same mutex several times. This fix prevents mutexes from being destroyed several times in the sample threading implementation. --- ChangeLog | 2 ++ library/threading.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 60383a97b522..8090a70ac421 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fixed default threading implementation to avoid accidental double + initialisations and double frees. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/threading.c b/library/threading.c index 1b6d9cd44517..83ec01a45fde 100644 --- a/library/threading.c +++ b/library/threading.c @@ -32,7 +32,7 @@ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) { - if( mutex == NULL ) + if( mutex == NULL || mutex->is_valid ) return; mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0; @@ -40,10 +40,11 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex ) { - if( mutex == NULL ) + if( mutex == NULL || !mutex->is_valid ) return; (void) pthread_mutex_destroy( &mutex->mutex ); + mutex->is_valid = 0; } static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex ) From dc5c7b98ac3bffb3b94fa5feece658365758a733 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Fri, 11 Dec 2015 15:49:45 +0000 Subject: [PATCH 087/272] Add support for AES-128-CMAC and AES-CMAC-PRF-128 --- include/mbedtls/cmac.h | 139 +++++++++++ include/mbedtls/config.h | 12 + library/CMakeLists.txt | 1 + library/cmac.c | 527 +++++++++++++++++++++++++++++++++++++++ programs/test/selftest.c | 6 + 5 files changed, 685 insertions(+) create mode 100644 include/mbedtls/cmac.h create mode 100644 library/cmac.c diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h new file mode 100644 index 000000000000..08483f685654 --- /dev/null +++ b/include/mbedtls/cmac.h @@ -0,0 +1,139 @@ +/** + * \file cmac.h + * + * \brief The CMAC Mode for Authentication + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_CMAC_H +#define MBEDTLS_CMAC_H + +#include "cipher.h" + +#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x000D /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x000F /**< Verification failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief CCM context structure + */ +typedef struct { + mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ + unsigned char K1[16]; + unsigned char K2[16]; +} +mbedtls_cmac_context; + +/** + * \brief Initialize CMAC context (just makes references valid) + * Makes the context ready for mbedtls_cmac_setkey() or + * mbedtls_cmac_free(). + * + * \param ctx CMAC context to initialize + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC initialization + * + * \param ctx CMAC context to be initialized + * \param cipher cipher to use (a 128-bit block cipher) + * \param key encryption key + * \param keybits key size in bits (must be acceptable by the cipher) + * + * \return 0 if successful, or a cipher specific error code + */ +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ); + +/** + * \brief Free a CMAC context and underlying cipher sub-context + * + * \param ctx CMAC context to free + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC generate + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer for holding the generated tag + * \param tag_len length of the tag to generate in bytes + * must be between 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful + */ +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ); + +/** + * \brief CMAC verify + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify + * \param tag_len length of the tag to verify in bytes + * must be 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful and authenticated, + * MBEDTLS_ERR_CMAC_AUTH_FAILED if tag does not match + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ); + +/** + * \brief AES-CMAC-128-PRF + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param key PRF key + * \param key_len PRF key length + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify (16 bytes) + * + * \return 0 if successful + */ +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_len, + const unsigned char *input, + unsigned char *tag ); + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_cmac_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_H */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a58519bd5609..6e031362939c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1671,6 +1671,18 @@ */ #define MBEDTLS_CIPHER_C +/** + * \def MBEDTLS_CMAC_C + * + * Enable the CMAC mode for 128-bit block cipher. + * + * Module: library/cmac.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * + */ +#define MBEDTLS_CMAC_C + /** * \def MBEDTLS_CTR_DRBG_C * diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 98fe8c9c54d4..eeb8e84ca5b8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -15,6 +15,7 @@ set(src_crypto ccm.c cipher.c cipher_wrap.c + cmac.c ctr_drbg.c des.c dhm.c diff --git a/library/cmac.c b/library/cmac.c new file mode 100644 index 000000000000..73ee6d049b8b --- /dev/null +++ b/library/cmac.c @@ -0,0 +1,527 @@ +/* + * NIST SP800-38B compliant CMAC implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +/* + * Definition of CMAC: + * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf + * RFC 4493 "The AES-CMAC Algorithm" + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_CMAC_C) + +#include "mbedtls/cmac.h" + +#include + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_PLATFORM_C */ +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +/* + * Macros for common operations. + * Results in smaller compiled code than static inline functions. + */ + +/* + * XOR 128-bit + */ +#define XOR_128(i1, i2, o) \ + for( i = 0; i < 16; i++ ) \ + ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; + +/* + * Update the CMAC state in Mn using an input block x + * TODO: Compiler optimisation + */ +#define UPDATE_CMAC( x ) \ + XOR_128( Mn, ( x ), Mn ); \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ + return( ret ); + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +/* + * Initialize context + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); +} + +/* + * Leftshift a 16-byte block by 1 bit + * \note output can be same as input + */ +static void leftshift_onebit(unsigned char *input, unsigned char *output) +{ + int i; + unsigned char temp; + unsigned char overflow = 0; + + for( i = 15; i >= 0; i-- ) + { + temp = input[i]; + output[i] = temp << 1; + output[i] |= overflow; + overflow = temp >> 7; + } + return; +} + +/* + * Generate subkeys + */ +static int generate_subkeys(mbedtls_cmac_context *ctx) +{ + static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ + int ret; + unsigned char L[16]; + size_t olen; + + /* Calculate Ek(0) */ + memset( L, 0, 16 ); + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) + { + return( ret ); + } + + /* + * Generate K1 + * If MSB(L) = 0, then K1 = (L << 1) + * If MSB(L) = 1, then K1 = (L << 1) ^ Rb + */ + leftshift_onebit( L, ctx->K1 ); + ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ + + /* + * Generate K2 + * If MSB(K1) == 0, then K2 = (K1 << 1) + * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb + */ + leftshift_onebit( ctx->K1, ctx->K2 ); + ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ + + return( 0 ); +} + +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ) +{ + int ret; + const mbedtls_cipher_info_t *cipher_info; + + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); + if( cipher_info == NULL ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + if( cipher_info->block_size != 16 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + mbedtls_cipher_free( &ctx->cipher_ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + return( ret ); + } + + return( generate_subkeys(ctx) ); +} + +/* + * Free context + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) +{ + mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); +} + +/* TODO: Use cipher padding function? */ +static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) +{ + size_t j; + + /* original last block */ + for( j = 0; j < 16; j++ ) + { + if( j < length ) + { + pad[j] = lastb[j]; + } + else if( j == length ) + { + pad[j] = 0x80; + } + else + { + pad[j] = 0x00; + } + } +} + +/* + * Generate tag on complete message + */ +static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + unsigned char Mn[16]; + unsigned char M_last[16]; + unsigned char padded[16]; + int n, i, j, ret, flag; + size_t olen; + + /* + * Check length requirements: SP800-38B A + * 4 is a worst case bottom limit + */ + if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + /* TODO: Use cipher padding function? */ + // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); + + n = ( length + 15 ) / 16; /* n is number of rounds */ + + if( n == 0 ) + { + n = 1; + flag = 0; + } + else + { + flag = ( ( length % 16 ) == 0); + } + + /* Calculate last block */ + if( flag ) + { + /* Last block is complete block */ + XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); + } + else + { + /* TODO: Use cipher padding function? */ + padding( &input[16 * (n - 1)], padded, length % 16 ); + XOR_128( padded, ctx->K2, M_last ); + } + + memset( Mn, 0, 16 ); + + for( j = 0; j < n - 1; j++ ) + { + UPDATE_CMAC(&input[16 * j]); + } + + UPDATE_CMAC(M_last); + + memcpy( tag, Mn, 16 ); + + return( 0 ); +} + +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + return( cmac_generate( ctx, length, input, tag, tag_len ) ); +} + +/* + * Authenticated decryption + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ) +{ + int ret; + unsigned char check_tag[16]; + unsigned char i; + int diff; + + if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + { + return ret; + } + + /* Check tag in "constant-time" */ + for( diff = 0, i = 0; i < tag_len; i++ ) + { + diff |= tag[i] ^ check_tag[i]; + } + + if( diff != 0 ) + { + return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); + } + + return( 0 ); +} + +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_length, + const unsigned char *input, + unsigned char *tag ) +{ + int ret; + unsigned char zero_key[16]; + unsigned char int_key[16]; + + if( key_length == 16 ) + { + /* Use key as is */ + memcpy(int_key, key, 16); + } + else + { + mbedtls_cmac_context zero_ctx; + + /* Key is AES_CMAC(0, key) */ + mbedtls_cmac_init( &zero_ctx ); + memset(zero_key, 0, 16); + ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); + if( ret != 0 ) + { + return( ret ); + } + ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + if( ret != 0 ) + { + return( ret ); + } + } + + ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); + if( ret != 0 ) + { + return( ret ); + } + return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); +} + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/* + * Examples 1 to 4 from SP800-3B corrected Appendix D.1 + * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + */ + +#define NB_CMAC_TESTS 4 +#define NB_PRF_TESTS 3 + +/* Key */ +static const unsigned char key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +/* Assume we don't need to test Ek0 as this is a function of the cipher */ + +/* Subkey K1 */ +static const unsigned char K1[] = { + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde +}; + +/* Subkey K2 */ +static const unsigned char K2[] = { + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b +}; + +/* All Messages */ +static const unsigned char M[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 +}; + +static const unsigned char T[NB_CMAC_TESTS][16] = { + { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + }, + { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + }, + { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + }, + { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + } +}; + +/* Sizes in bytes */ +static const size_t Mlen[NB_CMAC_TESTS] = { + 0, + 16, + 40, + 64 +}; + +/* PRF K */ +static const unsigned char PRFK[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0xed, 0xcb +}; + +/* Sizes in bytes */ +static const size_t PRFKlen[NB_PRF_TESTS] = { + 18, + 16, + 10 +}; + +/* PRF M */ +static const unsigned char PRFM[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 +}; + +static const unsigned char PRFT[NB_PRF_TESTS][16] = { + { + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + }, + { + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + }, + { + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + } +}; + + +int mbedtls_cmac_self_test( int verbose ) +{ + mbedtls_cmac_context ctx; + unsigned char tag[16]; + int i; + int ret; + + mbedtls_cmac_init( &ctx ); + + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed" ); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || + ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS; i++ ) + { + mbedtls_printf( " AES-128-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + if( ret != 0 || + memcmp( tag, T[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + + mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + mbedtls_cmac_free( &ctx ); + + if( verbose != 0 ) + mbedtls_printf( "\n" ); + + return( 0 ); +} + +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#endif /* MBEDTLS_CMAC_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 89c66169e584..17fdb2128a22 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -32,6 +32,7 @@ #include "mbedtls/dhm.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" +#include "mbedtls/cmac.h" #include "mbedtls/md2.h" #include "mbedtls/md4.h" #include "mbedtls/md5.h" @@ -277,6 +278,11 @@ int main( int argc, char *argv[] ) suites_tested++; #endif +#if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) + if( ( ret = mbedtls_cmac_self_test( v ) ) != 0 ) + return( ret ); +#endif + #if defined(MBEDTLS_BASE64_C) if( mbedtls_base64_self_test( v ) != 0 ) { From 8324818e0a273872e3bbaec72e772412e7ba80e6 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 15:18:33 +0000 Subject: [PATCH 088/272] Added MBEDTLS_CMAC_C --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 5d20ba019957..23b5620eff6f 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -462,6 +462,9 @@ static const char *features[] = { #if defined(MBEDTLS_CERTS_C) "MBEDTLS_CERTS_C", #endif /* MBEDTLS_CERTS_C */ +#if defined(MBEDTLS_CMAC_C) + "MBEDTLS_CMAC_C", +#endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CIPHER_C) "MBEDTLS_CIPHER_C", #endif /* MBEDTLS_CIPHER_C */ From 84a4c677412054dff4b8dd4ffc6e20641f86a287 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 17:13:29 +0000 Subject: [PATCH 089/272] Added CMAC as proper low-level module and changed error returns --- include/mbedtls/cmac.h | 4 ++-- include/mbedtls/error.h | 1 + library/error.c | 11 +++++++++++ scripts/generate_errors.pl | 2 +- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 08483f685654..65017ef5c527 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -25,8 +25,8 @@ #include "cipher.h" -#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x000D /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x000F /**< Verification failed. */ +#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5e549f6b6a78..703233ae9856 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -66,6 +66,7 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F + * CMAC 2 0x0011-0x0013 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/library/error.c b/library/error.c index 71d4faa7080f..8c38cf2940e7 100644 --- a/library/error.c +++ b/library/error.c @@ -69,6 +69,10 @@ #include "mbedtls/cipher.h" #endif +#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif + #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif @@ -578,6 +582,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CMAC_C) + if( use_ret == -(MBEDTLS_ERR_CMAC_BAD_INPUT) ) + mbedtls_snprintf( buf, buflen, "CMAC - Bad input parameters to function" ); + if( use_ret == -(MBEDTLS_ERR_CMAC_VERIFY_FAILED) ) + mbedtls_snprintf( buf, buflen, "CMAC - Verification failed" ); +#endif /* MBEDTLS_CMAC_C */ + #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cfcf07c8f3cf..dd91151d6059 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -33,7 +33,7 @@ "BASE64", "XTEA", "PBKDF2", "OID", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); + "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM", "CMAC" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", "PK", "PKCS12", "PKCS5" ); From 48f2ff9dbe11c39351bfd0fc595b5c967194af25 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 17:34:33 +0000 Subject: [PATCH 090/272] Use autogenerated version_features.c --- library/version_features.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/version_features.c b/library/version_features.c index 23b5620eff6f..0a2f06575189 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -462,12 +462,12 @@ static const char *features[] = { #if defined(MBEDTLS_CERTS_C) "MBEDTLS_CERTS_C", #endif /* MBEDTLS_CERTS_C */ -#if defined(MBEDTLS_CMAC_C) - "MBEDTLS_CMAC_C", -#endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CIPHER_C) "MBEDTLS_CIPHER_C", #endif /* MBEDTLS_CIPHER_C */ +#if defined(MBEDTLS_CMAC_C) + "MBEDTLS_CMAC_C", +#endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) "MBEDTLS_CTR_DRBG_C", #endif /* MBEDTLS_CTR_DRBG_C */ From f261ef07ee87d0268e22814920a58a851906ebbb Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 17:52:55 +0000 Subject: [PATCH 091/272] Bad code in function documentation --- include/mbedtls/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 65017ef5c527..c01fdc963239 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -100,7 +100,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, * must be 4, 6, 8, 10, 14 or 16 * * \return 0 if successful and authenticated, - * MBEDTLS_ERR_CMAC_AUTH_FAILED if tag does not match + * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, const unsigned char *input, From 3d23b1d5ede08b01154305624200d9b6a918b8c2 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Tue, 15 Dec 2015 07:38:11 +0000 Subject: [PATCH 092/272] Line endings wrong --- include/mbedtls/cmac.h | 278 +++++------ library/cmac.c | 1054 ++++++++++++++++++++-------------------- 2 files changed, 666 insertions(+), 666 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index c01fdc963239..282d549a4361 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,139 +1,139 @@ -/** - * \file cmac.h - * - * \brief The CMAC Mode for Authentication - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_CMAC_H -#define MBEDTLS_CMAC_H - -#include "cipher.h" - -#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief CCM context structure - */ -typedef struct { - mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char K1[16]; - unsigned char K2[16]; -} -mbedtls_cmac_context; - -/** - * \brief Initialize CMAC context (just makes references valid) - * Makes the context ready for mbedtls_cmac_setkey() or - * mbedtls_cmac_free(). - * - * \param ctx CMAC context to initialize - */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); - -/** - * \brief CMAC initialization - * - * \param ctx CMAC context to be initialized - * \param cipher cipher to use (a 128-bit block cipher) - * \param key encryption key - * \param keybits key size in bits (must be acceptable by the cipher) - * - * \return 0 if successful, or a cipher specific error code - */ -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief Free a CMAC context and underlying cipher sub-context - * - * \param ctx CMAC context to free - */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); - -/** - * \brief CMAC generate - * - * \param ctx CMAC context - * \param length length of the input data in bytes - * \param input buffer holding the input data - * \param tag buffer for holding the generated tag - * \param tag_len length of the tag to generate in bytes - * must be between 4, 6, 8, 10, 14 or 16 - * - * \return 0 if successful - */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - unsigned char *tag, size_t tag_len ); - -/** - * \brief CMAC verify - * - * \param ctx CMAC context - * \param length length of the input data in bytes - * \param input buffer holding the input data - * \param tag buffer holding the tag to verify - * \param tag_len length of the tag to verify in bytes - * must be 4, 6, 8, 10, 14 or 16 - * - * \return 0 if successful and authenticated, - * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match - */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - const unsigned char *tag, size_t tag_len ); - -/** - * \brief AES-CMAC-128-PRF - * - * \param ctx CMAC context - * \param length length of the input data in bytes - * \param key PRF key - * \param key_len PRF key length - * \param input buffer holding the input data - * \param tag buffer holding the tag to verify (16 bytes) - * - * \return 0 if successful - */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *key, size_t key_len, - const unsigned char *input, - unsigned char *tag ); - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_cmac_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CMAC_H */ +/** + * \file cmac.h + * + * \brief The CMAC Mode for Authentication + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_CMAC_H +#define MBEDTLS_CMAC_H + +#include "cipher.h" + +#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief CCM context structure + */ +typedef struct { + mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ + unsigned char K1[16]; + unsigned char K2[16]; +} +mbedtls_cmac_context; + +/** + * \brief Initialize CMAC context (just makes references valid) + * Makes the context ready for mbedtls_cmac_setkey() or + * mbedtls_cmac_free(). + * + * \param ctx CMAC context to initialize + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC initialization + * + * \param ctx CMAC context to be initialized + * \param cipher cipher to use (a 128-bit block cipher) + * \param key encryption key + * \param keybits key size in bits (must be acceptable by the cipher) + * + * \return 0 if successful, or a cipher specific error code + */ +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ); + +/** + * \brief Free a CMAC context and underlying cipher sub-context + * + * \param ctx CMAC context to free + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC generate + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer for holding the generated tag + * \param tag_len length of the tag to generate in bytes + * must be between 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful + */ +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ); + +/** + * \brief CMAC verify + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify + * \param tag_len length of the tag to verify in bytes + * must be 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful and authenticated, + * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ); + +/** + * \brief AES-CMAC-128-PRF + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param key PRF key + * \param key_len PRF key length + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify (16 bytes) + * + * \return 0 if successful + */ +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_len, + const unsigned char *input, + unsigned char *tag ); + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_cmac_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_H */ diff --git a/library/cmac.c b/library/cmac.c index 73ee6d049b8b..2ba58b6faa75 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,527 +1,527 @@ -/* - * NIST SP800-38B compliant CMAC implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -/* - * Definition of CMAC: - * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf - * RFC 4493 "The AES-CMAC Algorithm" - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_CMAC_C) - -#include "mbedtls/cmac.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -/* - * Macros for common operations. - * Results in smaller compiled code than static inline functions. - */ - -/* - * XOR 128-bit - */ -#define XOR_128(i1, i2, o) \ - for( i = 0; i < 16; i++ ) \ - ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; - -/* - * Update the CMAC state in Mn using an input block x - * TODO: Compiler optimisation - */ -#define UPDATE_CMAC( x ) \ - XOR_128( Mn, ( x ), Mn ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ - return( ret ); - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * Initialize context - */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); -} - -/* - * Leftshift a 16-byte block by 1 bit - * \note output can be same as input - */ -static void leftshift_onebit(unsigned char *input, unsigned char *output) -{ - int i; - unsigned char temp; - unsigned char overflow = 0; - - for( i = 15; i >= 0; i-- ) - { - temp = input[i]; - output[i] = temp << 1; - output[i] |= overflow; - overflow = temp >> 7; - } - return; -} - -/* - * Generate subkeys - */ -static int generate_subkeys(mbedtls_cmac_context *ctx) -{ - static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ - int ret; - unsigned char L[16]; - size_t olen; - - /* Calculate Ek(0) */ - memset( L, 0, 16 ); - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) - { - return( ret ); - } - - /* - * Generate K1 - * If MSB(L) = 0, then K1 = (L << 1) - * If MSB(L) = 1, then K1 = (L << 1) ^ Rb - */ - leftshift_onebit( L, ctx->K1 ); - ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ - - /* - * Generate K2 - * If MSB(K1) == 0, then K2 = (K1 << 1) - * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb - */ - leftshift_onebit( ctx->K1, ctx->K2 ); - ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ - - return( 0 ); -} - -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ - int ret; - const mbedtls_cipher_info_t *cipher_info; - - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - mbedtls_cipher_free( &ctx->cipher_ctx ); - - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); - - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); - } - - return( generate_subkeys(ctx) ); -} - -/* - * Free context - */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) -{ - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); -} - -/* TODO: Use cipher padding function? */ -static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) -{ - size_t j; - - /* original last block */ - for( j = 0; j < 16; j++ ) - { - if( j < length ) - { - pad[j] = lastb[j]; - } - else if( j == length ) - { - pad[j] = 0x80; - } - else - { - pad[j] = 0x00; - } - } -} - -/* - * Generate tag on complete message - */ -static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - unsigned char *tag, size_t tag_len ) -{ - unsigned char Mn[16]; - unsigned char M_last[16]; - unsigned char padded[16]; - int n, i, j, ret, flag; - size_t olen; - - /* - * Check length requirements: SP800-38B A - * 4 is a worst case bottom limit - */ - if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - /* TODO: Use cipher padding function? */ - // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - - n = ( length + 15 ) / 16; /* n is number of rounds */ - - if( n == 0 ) - { - n = 1; - flag = 0; - } - else - { - flag = ( ( length % 16 ) == 0); - } - - /* Calculate last block */ - if( flag ) - { - /* Last block is complete block */ - XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); - } - else - { - /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, length % 16 ); - XOR_128( padded, ctx->K2, M_last ); - } - - memset( Mn, 0, 16 ); - - for( j = 0; j < n - 1; j++ ) - { - UPDATE_CMAC(&input[16 * j]); - } - - UPDATE_CMAC(M_last); - - memcpy( tag, Mn, 16 ); - - return( 0 ); -} - -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - unsigned char *tag, size_t tag_len ) -{ - return( cmac_generate( ctx, length, input, tag, tag_len ) ); -} - -/* - * Authenticated decryption - */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - const unsigned char *tag, size_t tag_len ) -{ - int ret; - unsigned char check_tag[16]; - unsigned char i; - int diff; - - if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) - { - return ret; - } - - /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) - { - diff |= tag[i] ^ check_tag[i]; - } - - if( diff != 0 ) - { - return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); - } - - return( 0 ); -} - -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *key, size_t key_length, - const unsigned char *input, - unsigned char *tag ) -{ - int ret; - unsigned char zero_key[16]; - unsigned char int_key[16]; - - if( key_length == 16 ) - { - /* Use key as is */ - memcpy(int_key, key, 16); - } - else - { - mbedtls_cmac_context zero_ctx; - - /* Key is AES_CMAC(0, key) */ - mbedtls_cmac_init( &zero_ctx ); - memset(zero_key, 0, 16); - ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); - if( ret != 0 ) - { - return( ret ); - } - ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); - if( ret != 0 ) - { - return( ret ); - } - } - - ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); - if( ret != 0 ) - { - return( ret ); - } - return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); -} - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -/* - * Examples 1 to 4 from SP800-3B corrected Appendix D.1 - * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf - */ - -#define NB_CMAC_TESTS 4 -#define NB_PRF_TESTS 3 - -/* Key */ -static const unsigned char key[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c -}; - -/* Assume we don't need to test Ek0 as this is a function of the cipher */ - -/* Subkey K1 */ -static const unsigned char K1[] = { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde -}; - -/* Subkey K2 */ -static const unsigned char K2[] = { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b -}; - -/* All Messages */ -static const unsigned char M[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 -}; - -static const unsigned char T[NB_CMAC_TESTS][16] = { - { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 - }, - { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c - }, - { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 - }, - { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe - } -}; - -/* Sizes in bytes */ -static const size_t Mlen[NB_CMAC_TESTS] = { - 0, - 16, - 40, - 64 -}; - -/* PRF K */ -static const unsigned char PRFK[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0xed, 0xcb -}; - -/* Sizes in bytes */ -static const size_t PRFKlen[NB_PRF_TESTS] = { - 18, - 16, - 10 -}; - -/* PRF M */ -static const unsigned char PRFM[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 -}; - -static const unsigned char PRFT[NB_PRF_TESTS][16] = { - { - 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, - 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a - }, - { - 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, - 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d - }, - { - 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, - 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d - } -}; - - -int mbedtls_cmac_self_test( int verbose ) -{ - mbedtls_cmac_context ctx; - unsigned char tag[16]; - int i; - int ret; - - mbedtls_cmac_init( &ctx ); - - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed" ); - - return( 1 ); - } - - if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || - ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS; i++ ) - { - mbedtls_printf( " AES-128-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); - if( ret != 0 || - memcmp( tag, T[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - for( i = 0; i < NB_PRF_TESTS; i++ ) - { - mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - - mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); - - if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - mbedtls_cmac_free( &ctx ); - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); -} - -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -#endif /* MBEDTLS_CMAC_C */ +/* + * NIST SP800-38B compliant CMAC implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +/* + * Definition of CMAC: + * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf + * RFC 4493 "The AES-CMAC Algorithm" + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_CMAC_C) + +#include "mbedtls/cmac.h" + +#include + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_PLATFORM_C */ +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +/* + * Macros for common operations. + * Results in smaller compiled code than static inline functions. + */ + +/* + * XOR 128-bit + */ +#define XOR_128(i1, i2, o) \ + for( i = 0; i < 16; i++ ) \ + ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; + +/* + * Update the CMAC state in Mn using an input block x + * TODO: Compiler optimisation + */ +#define UPDATE_CMAC( x ) \ + XOR_128( Mn, ( x ), Mn ); \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ + return( ret ); + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +/* + * Initialize context + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); +} + +/* + * Leftshift a 16-byte block by 1 bit + * \note output can be same as input + */ +static void leftshift_onebit(unsigned char *input, unsigned char *output) +{ + int i; + unsigned char temp; + unsigned char overflow = 0; + + for( i = 15; i >= 0; i-- ) + { + temp = input[i]; + output[i] = temp << 1; + output[i] |= overflow; + overflow = temp >> 7; + } + return; +} + +/* + * Generate subkeys + */ +static int generate_subkeys(mbedtls_cmac_context *ctx) +{ + static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ + int ret; + unsigned char L[16]; + size_t olen; + + /* Calculate Ek(0) */ + memset( L, 0, 16 ); + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) + { + return( ret ); + } + + /* + * Generate K1 + * If MSB(L) = 0, then K1 = (L << 1) + * If MSB(L) = 1, then K1 = (L << 1) ^ Rb + */ + leftshift_onebit( L, ctx->K1 ); + ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ + + /* + * Generate K2 + * If MSB(K1) == 0, then K2 = (K1 << 1) + * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb + */ + leftshift_onebit( ctx->K1, ctx->K2 ); + ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ + + return( 0 ); +} + +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ) +{ + int ret; + const mbedtls_cipher_info_t *cipher_info; + + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); + if( cipher_info == NULL ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + if( cipher_info->block_size != 16 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + mbedtls_cipher_free( &ctx->cipher_ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + return( ret ); + } + + return( generate_subkeys(ctx) ); +} + +/* + * Free context + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) +{ + mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); +} + +/* TODO: Use cipher padding function? */ +static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) +{ + size_t j; + + /* original last block */ + for( j = 0; j < 16; j++ ) + { + if( j < length ) + { + pad[j] = lastb[j]; + } + else if( j == length ) + { + pad[j] = 0x80; + } + else + { + pad[j] = 0x00; + } + } +} + +/* + * Generate tag on complete message + */ +static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + unsigned char Mn[16]; + unsigned char M_last[16]; + unsigned char padded[16]; + int n, i, j, ret, flag; + size_t olen; + + /* + * Check length requirements: SP800-38B A + * 4 is a worst case bottom limit + */ + if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + /* TODO: Use cipher padding function? */ + // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); + + n = ( length + 15 ) / 16; /* n is number of rounds */ + + if( n == 0 ) + { + n = 1; + flag = 0; + } + else + { + flag = ( ( length % 16 ) == 0); + } + + /* Calculate last block */ + if( flag ) + { + /* Last block is complete block */ + XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); + } + else + { + /* TODO: Use cipher padding function? */ + padding( &input[16 * (n - 1)], padded, length % 16 ); + XOR_128( padded, ctx->K2, M_last ); + } + + memset( Mn, 0, 16 ); + + for( j = 0; j < n - 1; j++ ) + { + UPDATE_CMAC(&input[16 * j]); + } + + UPDATE_CMAC(M_last); + + memcpy( tag, Mn, 16 ); + + return( 0 ); +} + +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + return( cmac_generate( ctx, length, input, tag, tag_len ) ); +} + +/* + * Authenticated decryption + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ) +{ + int ret; + unsigned char check_tag[16]; + unsigned char i; + int diff; + + if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + { + return ret; + } + + /* Check tag in "constant-time" */ + for( diff = 0, i = 0; i < tag_len; i++ ) + { + diff |= tag[i] ^ check_tag[i]; + } + + if( diff != 0 ) + { + return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); + } + + return( 0 ); +} + +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_length, + const unsigned char *input, + unsigned char *tag ) +{ + int ret; + unsigned char zero_key[16]; + unsigned char int_key[16]; + + if( key_length == 16 ) + { + /* Use key as is */ + memcpy(int_key, key, 16); + } + else + { + mbedtls_cmac_context zero_ctx; + + /* Key is AES_CMAC(0, key) */ + mbedtls_cmac_init( &zero_ctx ); + memset(zero_key, 0, 16); + ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); + if( ret != 0 ) + { + return( ret ); + } + ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + if( ret != 0 ) + { + return( ret ); + } + } + + ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); + if( ret != 0 ) + { + return( ret ); + } + return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); +} + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/* + * Examples 1 to 4 from SP800-3B corrected Appendix D.1 + * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + */ + +#define NB_CMAC_TESTS 4 +#define NB_PRF_TESTS 3 + +/* Key */ +static const unsigned char key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +/* Assume we don't need to test Ek0 as this is a function of the cipher */ + +/* Subkey K1 */ +static const unsigned char K1[] = { + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde +}; + +/* Subkey K2 */ +static const unsigned char K2[] = { + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b +}; + +/* All Messages */ +static const unsigned char M[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 +}; + +static const unsigned char T[NB_CMAC_TESTS][16] = { + { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + }, + { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + }, + { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + }, + { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + } +}; + +/* Sizes in bytes */ +static const size_t Mlen[NB_CMAC_TESTS] = { + 0, + 16, + 40, + 64 +}; + +/* PRF K */ +static const unsigned char PRFK[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0xed, 0xcb +}; + +/* Sizes in bytes */ +static const size_t PRFKlen[NB_PRF_TESTS] = { + 18, + 16, + 10 +}; + +/* PRF M */ +static const unsigned char PRFM[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 +}; + +static const unsigned char PRFT[NB_PRF_TESTS][16] = { + { + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + }, + { + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + }, + { + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + } +}; + + +int mbedtls_cmac_self_test( int verbose ) +{ + mbedtls_cmac_context ctx; + unsigned char tag[16]; + int i; + int ret; + + mbedtls_cmac_init( &ctx ); + + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed" ); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || + ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS; i++ ) + { + mbedtls_printf( " AES-128-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + if( ret != 0 || + memcmp( tag, T[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + + mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + mbedtls_cmac_free( &ctx ); + + if( verbose != 0 ) + mbedtls_printf( "\n" ); + + return( 0 ); +} + +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#endif /* MBEDTLS_CMAC_C */ From 690083c21d7254d4d1026779d8fa32e5a844bc1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 10:48:02 +0000 Subject: [PATCH 093/272] cmac: improve argument order and naming - always use the pattern "buffer, length" - avoid using unqualified "length" as a name when there are more than one --- include/mbedtls/cmac.h | 18 +++++++++--------- library/cmac.c | 38 +++++++++++++++++++------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 282d549a4361..3b5c13e9980d 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -77,24 +77,24 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \brief CMAC generate * * \param ctx CMAC context - * \param length length of the input data in bytes * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes * must be between 4, 6, 8, 10, 14 or 16 * * \return 0 if successful */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ); /** * \brief CMAC verify * * \param ctx CMAC context - * \param length length of the input data in bytes * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes * must be 4, 6, 8, 10, 14 or 16 @@ -102,25 +102,25 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, * \return 0 if successful and authenticated, * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ); /** * \brief AES-CMAC-128-PRF * * \param ctx CMAC context - * \param length length of the input data in bytes * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) * * \return 0 if successful */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_len, - const unsigned char *input, + const unsigned char *input, size_t in_len, unsigned char *tag ); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) diff --git a/library/cmac.c b/library/cmac.c index 2ba58b6faa75..0d93c9736587 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -200,8 +200,8 @@ static void padding(const unsigned char *lastb, unsigned char *pad, const size_t /* * Generate tag on complete message */ -static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +static int cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { unsigned char Mn[16]; @@ -211,7 +211,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, size_t olen; /* - * Check length requirements: SP800-38B A + * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) @@ -220,7 +220,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, /* TODO: Use cipher padding function? */ // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - n = ( length + 15 ) / 16; /* n is number of rounds */ + n = ( in_len + 15 ) / 16; /* n is number of rounds */ if( n == 0 ) { @@ -229,7 +229,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, } else { - flag = ( ( length % 16 ) == 0); + flag = ( ( in_len % 16 ) == 0); } /* Calculate last block */ @@ -241,7 +241,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, else { /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, length % 16 ); + padding( &input[16 * (n - 1)], padded, in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } @@ -259,18 +259,18 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, return( 0 ); } -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { - return( cmac_generate( ctx, length, input, tag, tag_len ) ); + return( cmac_generate( ctx, input, in_len, tag, tag_len ) ); } /* * Authenticated decryption */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ) { int ret; @@ -278,7 +278,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, unsigned char i; int diff; - if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len) ) != 0 ) { return ret; } @@ -297,9 +297,9 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, return( 0 ); } -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_length, - const unsigned char *input, + const unsigned char *input, size_t in_len, unsigned char *tag ) { int ret; @@ -323,7 +323,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, { return( ret ); } - ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) { return( ret ); @@ -335,7 +335,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, { return( ret ); } - return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); + return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); } #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -473,7 +473,7 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); - ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || memcmp( tag, T[i], 16 ) != 0 ) { @@ -482,7 +482,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); if( ret != 0 ) { if( verbose != 0 ) @@ -499,7 +499,7 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag); if( ret != 0 || memcmp( tag, PRFT[i], 16 ) != 0 ) From 3da5402a89d7cadea3d316faca11116adf66d19a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 11:00:47 +0000 Subject: [PATCH 094/272] cmac: fix whitespace/codingstyle issues --- library/cmac.c | 61 +++++++++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 26 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 0d93c9736587..fa32212eba3c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -54,7 +54,7 @@ /* * XOR 128-bit */ -#define XOR_128(i1, i2, o) \ +#define XOR_128( i1, i2, o ) \ for( i = 0; i < 16; i++ ) \ ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; @@ -64,7 +64,8 @@ */ #define UPDATE_CMAC( x ) \ XOR_128( Mn, ( x ), Mn ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ + Mn, 16, Mn, &olen ) ) != 0 ) \ return( ret ); /* Implementation that should never be optimized out by the compiler */ @@ -84,7 +85,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) * Leftshift a 16-byte block by 1 bit * \note output can be same as input */ -static void leftshift_onebit(unsigned char *input, unsigned char *output) +static void leftshift_onebit( unsigned char *input, unsigned char *output ) { int i; unsigned char temp; @@ -97,27 +98,29 @@ static void leftshift_onebit(unsigned char *input, unsigned char *output) output[i] |= overflow; overflow = temp >> 7; } + return; } /* * Generate subkeys */ -static int generate_subkeys(mbedtls_cmac_context *ctx) +static int generate_subkeys( mbedtls_cmac_context *ctx ) { - static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ + static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ int ret; unsigned char L[16]; size_t olen; /* Calculate Ek(0) */ memset( L, 0, 16 ); - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, + L, 16, L, &olen ) ) != 0 ) { return( ret ); } - /* + /* * Generate K1 * If MSB(L) = 0, then K1 = (L << 1) * If MSB(L) = 1, then K1 = (L << 1) ^ Rb @@ -132,7 +135,7 @@ static int generate_subkeys(mbedtls_cmac_context *ctx) */ leftshift_onebit( ctx->K1, ctx->K2 ); ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ - + return( 0 ); } @@ -144,7 +147,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, int ret; const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, + MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); @@ -157,12 +161,12 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, return( ret ); if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) + MBEDTLS_ENCRYPT ) ) != 0 ) { return( ret ); } - return( generate_subkeys(ctx) ); + return( generate_subkeys( ctx ) ); } /* @@ -175,7 +179,9 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) } /* TODO: Use cipher padding function? */ -static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) +static void padding( const unsigned char *lastb, + unsigned char *pad, + const size_t length ) { size_t j; @@ -236,12 +242,12 @@ static int cmac_generate( mbedtls_cmac_context *ctx, if( flag ) { /* Last block is complete block */ - XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); + XOR_128( &input[16 * ( n - 1 )], ctx->K1, M_last ); } else { /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, in_len % 16 ); + padding( &input[16 * ( n - 1 )], padded, in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } @@ -249,10 +255,10 @@ static int cmac_generate( mbedtls_cmac_context *ctx, for( j = 0; j < n - 1; j++ ) { - UPDATE_CMAC(&input[16 * j]); + UPDATE_CMAC( &input[16 * j] ); } - UPDATE_CMAC(M_last); + UPDATE_CMAC( M_last ); memcpy( tag, Mn, 16 ); @@ -277,8 +283,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, unsigned char check_tag[16]; unsigned char i; int diff; - - if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len) ) != 0 ) + + if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) { return ret; } @@ -309,7 +315,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, if( key_length == 16 ) { /* Use key as is */ - memcpy(int_key, key, 16); + memcpy( int_key, key, 16 ); } else { @@ -317,8 +323,9 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, /* Key is AES_CMAC(0, key) */ mbedtls_cmac_init( &zero_ctx ); - memset(zero_key, 0, 16); - ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); + memset( zero_key, 0, 16 ); + ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, + zero_key, 8 * sizeof zero_key ); if( ret != 0 ) { return( ret ); @@ -330,7 +337,8 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, } } - ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); + ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, + int_key, 8 * sizeof int_key ); if( ret != 0 ) { return( ret ); @@ -424,7 +432,7 @@ static const size_t PRFKlen[NB_PRF_TESTS] = { static const unsigned char PRFM[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 + 0x10, 0x11, 0x12, 0x13 }; static const unsigned char PRFT[NB_PRF_TESTS][16] = { @@ -472,7 +480,7 @@ int mbedtls_cmac_self_test( int verbose ) for( i = 0; i < NB_CMAC_TESTS; i++ ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); - + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || memcmp( tag, T[i], 16 ) != 0 ) @@ -482,6 +490,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); if( ret != 0 ) { @@ -499,8 +508,8 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag); - + mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag ); + if( ret != 0 || memcmp( tag, PRFT[i], 16 ) != 0 ) { From a610b4c04beb60734a8bec3f0eb228be31d20afc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 11:28:16 +0000 Subject: [PATCH 095/272] cmac: factor multiply by u to its own function We're doing exactly the same operation for K1 and K2. --- library/cmac.c | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index fa32212eba3c..8f6574a203a6 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -82,24 +82,28 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) } /* - * Leftshift a 16-byte block by 1 bit - * \note output can be same as input + * Multiply by u in GF(2^128) + * + * As explained in the paper, this can be achieved as + * If MSB(p) = 0, then p = (p << 1) + * If MSB(p) = 1, then p = (p << 1) ^ Rb + * with Rb = 0x87 + * + * Input and output MUST not point to the same buffer */ -static void leftshift_onebit( unsigned char *input, unsigned char *output ) +static void multiply_by_u( unsigned char *output, const unsigned char *input ) { - int i; - unsigned char temp; + static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ unsigned char overflow = 0; + int i; for( i = 15; i >= 0; i-- ) { - temp = input[i]; - output[i] = temp << 1; - output[i] |= overflow; - overflow = temp >> 7; + output[i] = input[i] << 1 | overflow; + overflow = input[i] >> 7; } - return; + output[15] ^= Rb[input[0] >> 7]; /* "Constant-time" operation */ } /* @@ -107,7 +111,6 @@ static void leftshift_onebit( unsigned char *input, unsigned char *output ) */ static int generate_subkeys( mbedtls_cmac_context *ctx ) { - static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ int ret; unsigned char L[16]; size_t olen; @@ -121,20 +124,10 @@ static int generate_subkeys( mbedtls_cmac_context *ctx ) } /* - * Generate K1 - * If MSB(L) = 0, then K1 = (L << 1) - * If MSB(L) = 1, then K1 = (L << 1) ^ Rb - */ - leftshift_onebit( L, ctx->K1 ); - ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ - - /* - * Generate K2 - * If MSB(K1) == 0, then K2 = (K1 << 1) - * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb + * Generate K1 and K2 */ - leftshift_onebit( ctx->K1, ctx->K2 ); - ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ + multiply_by_u( ctx->K1, L ); + multiply_by_u( ctx->K2, ctx->K1 ); return( 0 ); } From d6cf75474bc7432e1d203c2a47db60ae6bf2bd5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 11:30:00 +0000 Subject: [PATCH 096/272] cmac: zeroize sensitive intermediate values --- library/cmac.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/cmac.c b/library/cmac.c index 8f6574a203a6..87846a617df3 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -129,6 +129,8 @@ static int generate_subkeys( mbedtls_cmac_context *ctx ) multiply_by_u( ctx->K1, L ); multiply_by_u( ctx->K2, ctx->K1 ); + mbedtls_zeroize( L, sizeof( L ) ); + return( 0 ); } @@ -336,6 +338,9 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, { return( ret ); } + + mbedtls_zeroize( int_key, sizeof( int_key ) ); + return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); } From 475f06f60980a99fd9618827dfb91ad895158fef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 13:05:03 +0000 Subject: [PATCH 097/272] cmac: make subkey gen more constant-time The previous version had secret-dependent memory accesses. While it was probably not an issue in practice cause the two bytes of the array are probably on the same cache line anyway, as a matter of principle this should be avoided. --- library/cmac.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 87846a617df3..af0439a430eb 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -93,7 +93,8 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static void multiply_by_u( unsigned char *output, const unsigned char *input ) { - static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ + const unsigned char Rb = 0x87; /* block size 16 only */ + unsigned char mask; unsigned char overflow = 0; int i; @@ -103,7 +104,20 @@ static void multiply_by_u( unsigned char *output, const unsigned char *input ) overflow = input[i] >> 7; } - output[15] ^= Rb[input[0] >> 7]; /* "Constant-time" operation */ + /* mask = ( input[0] >> 7 ) ? 0xff : 0x00 + * using bit operations to avoid branches */ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + mask = - ( input[0] >> 7 ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + output[15] ^= Rb & mask; } /* From d2c3d3eddb7d55e7547f04ae8fbc780b5e5b473f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 13:14:04 +0000 Subject: [PATCH 098/272] cmac: clean up padding function and comments --- library/cmac.c | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index af0439a430eb..1287c820a71e 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -187,28 +187,26 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); } -/* TODO: Use cipher padding function? */ -static void padding( const unsigned char *lastb, - unsigned char *pad, - const size_t length ) +/* + * Create padded last block from (partial) last block. + * + * We can't use the padding option from the cipher layer, as it only works for + * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. + */ +static void padding( unsigned char padded_block[16], + const unsigned char *last_block, + size_t length ) { size_t j; - /* original last block */ for( j = 0; j < 16; j++ ) { if( j < length ) - { - pad[j] = lastb[j]; - } + padded_block[j] = last_block[j]; else if( j == length ) - { - pad[j] = 0x80; - } + padded_block[j] = 0x80; else - { - pad[j] = 0x00; - } + padded_block[j] = 0x00; } } @@ -232,9 +230,6 @@ static int cmac_generate( mbedtls_cmac_context *ctx, if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - /* TODO: Use cipher padding function? */ - // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - n = ( in_len + 15 ) / 16; /* n is number of rounds */ if( n == 0 ) @@ -255,8 +250,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, } else { - /* TODO: Use cipher padding function? */ - padding( &input[16 * ( n - 1 )], padded, in_len % 16 ); + padding( padded, &input[16 * ( n - 1 )], in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } From 2c0630636409b88f05c3e0010370a7b48699f1f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 14:27:55 +0000 Subject: [PATCH 099/272] cmac: some more padding-related tune-ups - use one less temporary buffer - pedantic: in_len + 15 was a potential overflow - use a more explicit name instead of 'flag' - Mn was a bit misleading --- library/cmac.c | 51 ++++++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 29 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 1287c820a71e..d9e94a6fc0bd 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -54,19 +54,20 @@ /* * XOR 128-bit */ -#define XOR_128( i1, i2, o ) \ +#define XOR_128( o, i1, i2 ) \ for( i = 0; i < 16; i++ ) \ ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; /* - * Update the CMAC state in Mn using an input block x - * TODO: Compiler optimisation + * Update the CMAC state using an input block x */ #define UPDATE_CMAC( x ) \ - XOR_128( Mn, ( x ), Mn ); \ +do { \ + XOR_128( state, ( x ), state ); \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - Mn, 16, Mn, &olen ) ) != 0 ) \ - return( ret ); + state, 16, state, &olen ) ) != 0 ) \ + return( ret ); \ +} while( 0 ) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -217,10 +218,9 @@ static int cmac_generate( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { - unsigned char Mn[16]; + unsigned char state[16]; unsigned char M_last[16]; - unsigned char padded[16]; - int n, i, j, ret, flag; + int n, i, j, ret, needs_padding; size_t olen; /* @@ -230,40 +230,33 @@ static int cmac_generate( mbedtls_cmac_context *ctx, if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - n = ( in_len + 15 ) / 16; /* n is number of rounds */ - - if( n == 0 ) - { - n = 1; - flag = 0; - } + if( in_len == 0 ) + needs_padding = 1; else - { - flag = ( ( in_len % 16 ) == 0); - } + needs_padding = in_len % 16 != 0; + + n = in_len / 16 + needs_padding; /* Calculate last block */ - if( flag ) + if( needs_padding ) { - /* Last block is complete block */ - XOR_128( &input[16 * ( n - 1 )], ctx->K1, M_last ); + padding( M_last, input + 16 * ( n - 1 ), in_len % 16 ); + XOR_128( M_last, M_last, ctx->K2 ); } else { - padding( padded, &input[16 * ( n - 1 )], in_len % 16 ); - XOR_128( padded, ctx->K2, M_last ); + /* Last block is complete block */ + XOR_128( M_last, input + 16 * ( n - 1 ), ctx->K1 ); } - memset( Mn, 0, 16 ); + memset( state, 0, 16 ); for( j = 0; j < n - 1; j++ ) - { - UPDATE_CMAC( &input[16 * j] ); - } + UPDATE_CMAC( input + 16 * j ); UPDATE_CMAC( M_last ); - memcpy( tag, Mn, 16 ); + memcpy( tag, state, 16 ); return( 0 ); } From d18c70708e716da885cd2021c58ab5fd3e7d6d09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 15:03:05 +0000 Subject: [PATCH 100/272] cmac: reduce visibility of macros The #undef is usefull for people who want to to amalgamated releases --- library/cmac.c | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index d9e94a6fc0bd..35c32f3a5c87 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -46,29 +46,6 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ -/* - * Macros for common operations. - * Results in smaller compiled code than static inline functions. - */ - -/* - * XOR 128-bit - */ -#define XOR_128( o, i1, i2 ) \ - for( i = 0; i < 16; i++ ) \ - ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; - -/* - * Update the CMAC state using an input block x - */ -#define UPDATE_CMAC( x ) \ -do { \ - XOR_128( state, ( x ), state ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - state, 16, state, &olen ) ) != 0 ) \ - return( ret ); \ -} while( 0 ) - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -211,6 +188,25 @@ static void padding( unsigned char padded_block[16], } } +/* + * XOR 128-bit + * Here, macro results in smaller compiled code than static inline function + */ +#define XOR_128( o, i1, i2 ) \ + for( i = 0; i < 16; i++ ) \ + ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; + +/* + * Update the CMAC state using an input block x + */ +#define UPDATE_CMAC( x ) \ +do { \ + XOR_128( state, ( x ), state ); \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ + state, 16, state, &olen ) ) != 0 ) \ + return( ret ); \ +} while( 0 ) + /* * Generate tag on complete message */ @@ -261,6 +257,9 @@ static int cmac_generate( mbedtls_cmac_context *ctx, return( 0 ); } +#undef XOR_128 +#undef UPDATE_CMAC + int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) From ab9c5fd9b3eb2f5afbc941b09dfd9d69388ab69c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 15:05:57 +0000 Subject: [PATCH 101/272] cmac: avoid useless wrapping of function probably a leftover from an earlier stage --- library/cmac.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 35c32f3a5c87..ff7cb2109e8c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -210,9 +210,10 @@ do { \ /* * Generate tag on complete message */ -static int cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ) +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, + unsigned char *tag, size_t tag_len ) + { unsigned char state[16]; unsigned char M_last[16]; @@ -260,13 +261,6 @@ static int cmac_generate( mbedtls_cmac_context *ctx, #undef XOR_128 #undef UPDATE_CMAC -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ) -{ - return( cmac_generate( ctx, input, in_len, tag, tag_len ) ); -} - /* * Authenticated decryption */ @@ -279,7 +273,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, unsigned char i; int diff; - if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) + if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, + check_tag, tag_len ) ) != 0 ) { return ret; } From 7b555f292873e7e87ea90a9bc34054797bf035f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 15:09:09 +0000 Subject: [PATCH 102/272] cmac: more cosmetic changes --- include/mbedtls/cmac.h | 2 ++ library/cmac.c | 46 +++++++++++++++++++++--------------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 3b5c13e9980d..c2ae83be16a9 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -108,6 +108,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, /** * \brief AES-CMAC-128-PRF + * TODO: add reference to the standard * * \param ctx CMAC context * \param key PRF key @@ -115,6 +116,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) + * TODO: update description of tag * * \return 0 if successful */ diff --git a/library/cmac.c b/library/cmac.c index ff7cb2109e8c..23b8044ffe34 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -69,7 +69,8 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) * * Input and output MUST not point to the same buffer */ -static void multiply_by_u( unsigned char *output, const unsigned char *input ) +static void cmac_multiply_by_u( unsigned char *output, + const unsigned char *input ) { const unsigned char Rb = 0x87; /* block size 16 only */ unsigned char mask; @@ -101,7 +102,7 @@ static void multiply_by_u( unsigned char *output, const unsigned char *input ) /* * Generate subkeys */ -static int generate_subkeys( mbedtls_cmac_context *ctx ) +static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) { int ret; unsigned char L[16]; @@ -118,14 +119,17 @@ static int generate_subkeys( mbedtls_cmac_context *ctx ) /* * Generate K1 and K2 */ - multiply_by_u( ctx->K1, L ); - multiply_by_u( ctx->K2, ctx->K1 ); + cmac_multiply_by_u( ctx->K1, L ); + cmac_multiply_by_u( ctx->K2, ctx->K1 ); mbedtls_zeroize( L, sizeof( L ) ); return( 0 ); } +/* + * Set key and prepare context for use + */ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, @@ -153,7 +157,7 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, return( ret ); } - return( generate_subkeys( ctx ) ); + return( cmac_generate_subkeys( ctx ) ); } /* @@ -171,9 +175,9 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void padding( unsigned char padded_block[16], - const unsigned char *last_block, - size_t length ) +static void cmac_pad( unsigned char padded_block[16], + const unsigned char *last_block, + size_t length ) { size_t j; @@ -237,7 +241,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, /* Calculate last block */ if( needs_padding ) { - padding( M_last, input + 16 * ( n - 1 ), in_len % 16 ); + cmac_pad( M_last, input + 16 * ( n - 1 ), in_len % 16 ); XOR_128( M_last, M_last, ctx->K2 ); } else @@ -262,7 +266,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, #undef UPDATE_CMAC /* - * Authenticated decryption + * Verify tag on complete message */ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, @@ -281,18 +285,19 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, /* Check tag in "constant-time" */ for( diff = 0, i = 0; i < tag_len; i++ ) - { diff |= tag[i] ^ check_tag[i]; - } if( diff != 0 ) - { return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); - } return( 0 ); } +/* + * PRF based on CMAC with AES-128 + * TODO: add reference to the standard + * TODO: do we need to take a cmac_context as an argument here? + */ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, @@ -317,22 +322,17 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); if( ret != 0 ) - { return( ret ); - } + ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) - { return( ret ); - } } ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); if( ret != 0 ) - { return( ret ); - } mbedtls_zeroize( int_key, sizeof( int_key ) ); @@ -341,7 +341,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* - * Examples 1 to 4 from SP800-3B corrected Appendix D.1 + * Examples 1 to 4 from SP800-38B corrected Appendix D.1 * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf */ @@ -456,7 +456,7 @@ int mbedtls_cmac_self_test( int verbose ) if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) { if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed" ); + mbedtls_printf( " CMAC: setup failed\n" ); return( 1 ); } @@ -465,7 +465,7 @@ int mbedtls_cmac_self_test( int verbose ) ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) { if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed" ); + mbedtls_printf( " CMAC: subkey generation failed\n" ); return( 1 ); } From 8262ac3b545f17c0cc8937dad21c25bc26f77f31 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 17 May 2016 10:17:31 -0700 Subject: [PATCH 103/272] Added cmac.o to libary/Makefile --- library/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/Makefile b/library/Makefile index 4b296282b7c9..28f92315a0f9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -48,9 +48,9 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ asn1parse.o asn1write.o base64.o \ bignum.o blowfish.o camellia.o \ ccm.o cipher.o cipher_wrap.o \ - ctr_drbg.o des.o dhm.o \ - ecdh.o ecdsa.o ecjpake.o \ - ecp.o \ + cmac.o ctr_drbg.o des.o \ + dhm.o ecdh.o ecdsa.o \ + ecjpake.o ecp.o \ ecp_curves.o entropy.o entropy_poll.o \ error.o gcm.o havege.o \ hmac_drbg.o md.o md2.o \ From b0c3c43dec60dd9442ee757d4b2fdbc44057de3a Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 14:29:51 -0700 Subject: [PATCH 104/272] CMAC support for cipher with 64bit blocks (DES/3DES) --- include/mbedtls/cmac.h | 10 +- library/cmac.c | 521 ++++++++++++++++++++++++++++++++++------- 2 files changed, 443 insertions(+), 88 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index c2ae83be16a9..3e02f912e409 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -37,8 +37,8 @@ extern "C" { */ typedef struct { mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char K1[16]; - unsigned char K2[16]; + unsigned char* K1; + unsigned char* K2; } mbedtls_cmac_context; @@ -108,9 +108,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, /** * \brief AES-CMAC-128-PRF - * TODO: add reference to the standard + * See RFC * - * \param ctx CMAC context * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data @@ -120,8 +119,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * * \return 0 if successful */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, - const unsigned char *key, size_t key_len, +int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, unsigned char *tag ); diff --git a/library/cmac.c b/library/cmac.c index 23b8044ffe34..ab4a82ddfa6f 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -60,24 +60,39 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) } /* - * Multiply by u in GF(2^128) + * Multiplication by u in the Galois field of GF(2^n) * - * As explained in the paper, this can be achieved as + * As explained in the paper, this can computed: * If MSB(p) = 0, then p = (p << 1) - * If MSB(p) = 1, then p = (p << 1) ^ Rb - * with Rb = 0x87 + * If MSB(p) = 1, then p = (p << 1) ^ R_n + * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST not point to the same buffer + * Block size must be 8 byes or 16 bytes. */ -static void cmac_multiply_by_u( unsigned char *output, - const unsigned char *input ) +static int cmac_multiply_by_u( unsigned char *output, + const unsigned char *input, + size_t blocksize) { - const unsigned char Rb = 0x87; /* block size 16 only */ - unsigned char mask; - unsigned char overflow = 0; - int i; - for( i = 15; i >= 0; i-- ) + const unsigned char R_128 = 0x87; + const unsigned char R_64 = 0x1B; + unsigned char R_n, mask; + unsigned char overflow = 0x00; + int i, starting_index; + + starting_index = blocksize -1; + + if(blocksize == 16){ + R_n = R_128; + } else if(blocksize == 8) { + R_n = R_64; + } else { + return MBEDTLS_ERR_CMAC_BAD_INPUT; + } + + + for( i = starting_index; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -96,7 +111,8 @@ static void cmac_multiply_by_u( unsigned char *output, #pragma warning( pop ) #endif - output[15] ^= Rb & mask; + output[starting_index] ^= R_n & mask; + return 0; } /* @@ -104,27 +120,35 @@ static void cmac_multiply_by_u( unsigned char *output, */ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) { - int ret; - unsigned char L[16]; - size_t olen; + int ret, keybytes; + unsigned char *L; + size_t olen, block_size; + + ret = 0; + block_size = ctx->cipher_ctx.cipher_info->block_size; + + L = mbedtls_calloc(block_size, sizeof(unsigned char)); /* Calculate Ek(0) */ - memset( L, 0, 16 ); + memset( L, 0, block_size ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, - L, 16, L, &olen ) ) != 0 ) + L, block_size, L, &olen ) ) != 0 ) { - return( ret ); + goto exit; } /* * Generate K1 and K2 */ - cmac_multiply_by_u( ctx->K1, L ); - cmac_multiply_by_u( ctx->K2, ctx->K1 ); - - mbedtls_zeroize( L, sizeof( L ) ); - - return( 0 ); + if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size) ) != 0 ) + goto exit; + if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size) ) != 0 ) + goto exit; + + exit: + mbedtls_zeroize( L, sizeof( L ) ); + free(L); + return ret; } /* @@ -135,7 +159,7 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret; + int ret, blocksize; const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, @@ -143,8 +167,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, if( cipher_info == NULL ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); mbedtls_cipher_free( &ctx->cipher_ctx ); @@ -165,8 +189,15 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) { + int block_size; + block_size = ctx->cipher_ctx.cipher_info->block_size; + mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); + + mbedtls_zeroize(ctx->K1, block_size * sizeof( unsigned char ) ); + mbedtls_zeroize(ctx->K2, block_size * sizeof( unsigned char ) ); + mbedtls_free( ctx->K1 ); + mbedtls_free( ctx->K2 ); } /* @@ -176,16 +207,17 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ static void cmac_pad( unsigned char padded_block[16], + size_t padded_block_len, const unsigned char *last_block, - size_t length ) + size_t last_block_len ) { size_t j; - for( j = 0; j < 16; j++ ) + for( j = 0; j < padded_block_len; j++ ) { - if( j < length ) + if( j < last_block_len ) padded_block[j] = last_block[j]; - else if( j == length ) + else if( j == last_block_len ) padded_block[j] = 0x80; else padded_block[j] = 0x00; @@ -193,11 +225,11 @@ static void cmac_pad( unsigned char padded_block[16], } /* - * XOR 128-bit + * XOR Block * Here, macro results in smaller compiled code than static inline function */ -#define XOR_128( o, i1, i2 ) \ - for( i = 0; i < 16; i++ ) \ +#define XOR_BLOCK( o, i1, i2 ) \ + for( i = 0; i < block_size; i++ ) \ ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; /* @@ -205,9 +237,10 @@ static void cmac_pad( unsigned char padded_block[16], */ #define UPDATE_CMAC( x ) \ do { \ - XOR_128( state, ( x ), state ); \ + XOR_BLOCK( state, ( x ), state ); \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - state, 16, state, &olen ) ) != 0 ) \ + state, block_size, \ + state, &olen ) ) != 0 ) \ return( ret ); \ } while( 0 ) @@ -219,50 +252,61 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *tag, size_t tag_len ) { - unsigned char state[16]; - unsigned char M_last[16]; + + unsigned char *state; + unsigned char *M_last; int n, i, j, ret, needs_padding; - size_t olen; + size_t olen, block_size; + + + ret = 0; + block_size = ctx->cipher_ctx.cipher_info->block_size; + + state = mbedtls_calloc(block_size, sizeof(unsigned char) ); + M_last = mbedtls_calloc(block_size, sizeof(unsigned char) ); /* * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ - if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); if( in_len == 0 ) needs_padding = 1; else - needs_padding = in_len % 16 != 0; + needs_padding = in_len % block_size != 0; - n = in_len / 16 + needs_padding; + n = in_len / block_size + needs_padding; /* Calculate last block */ if( needs_padding ) { - cmac_pad( M_last, input + 16 * ( n - 1 ), in_len % 16 ); - XOR_128( M_last, M_last, ctx->K2 ); + cmac_pad( M_last, block_size, input + block_size * ( n - 1 ), in_len % block_size ); + XOR_BLOCK( M_last, M_last, ctx->K2 ); } else { /* Last block is complete block */ - XOR_128( M_last, input + 16 * ( n - 1 ), ctx->K1 ); + XOR_BLOCK( M_last, input + block_size * ( n - 1 ), ctx->K1 ); } - memset( state, 0, 16 ); + memset( state, 0, block_size ); for( j = 0; j < n - 1; j++ ) - UPDATE_CMAC( input + 16 * j ); + UPDATE_CMAC( input + block_size * j ); UPDATE_CMAC( M_last ); - memcpy( tag, state, 16 ); + memcpy( tag, state, block_size ); - return( 0 ); + exit: + free(state); + free(M_last); + return( ret ); } -#undef XOR_128 +#undef XOR_BLOCK #undef UPDATE_CMAC /* @@ -273,14 +317,17 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, const unsigned char *tag, size_t tag_len ) { int ret; - unsigned char check_tag[16]; + unsigned char *check_tag; unsigned char i; int diff; + check_tag = mbedtls_calloc(ctx->cipher_ctx.cipher_info->block_size, + sizeof(unsigned char) ); + if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) { - return ret; + goto exit; } /* Check tag in "constant-time" */ @@ -288,25 +335,29 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, diff |= tag[i] ^ check_tag[i]; if( diff != 0 ) - return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); + ret = MBEDTLS_ERR_CMAC_VERIFY_FAILED; + goto exit; - return( 0 ); + exit: + free(check_tag); + return ret; } /* * PRF based on CMAC with AES-128 - * TODO: add reference to the standard - * TODO: do we need to take a cmac_context as an argument here? + * See RFC 4615 */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, - const unsigned char *key, size_t key_length, +int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, unsigned char *tag ) { int ret; + mbedtls_cmac_context ctx; unsigned char zero_key[16]; unsigned char int_key[16]; + mbedtls_cmac_init(&ctx); + if( key_length == 16 ) { /* Use key as is */ @@ -322,21 +373,27 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); if( ret != 0 ) - return( ret ); + goto exit; ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) - return( ret ); + goto exit; } - ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, + ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); if( ret != 0 ) - return( ret ); + goto exit; mbedtls_zeroize( int_key, sizeof( int_key ) ); - return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); + ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); + + exit: + mbedtls_cmac_free(&ctx); + return( ret ); + + } #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -345,30 +402,116 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf */ -#define NB_CMAC_TESTS 4 +#define NB_CMAC_TESTS_AES_128 4 +#define NB_CMAC_TESTS_AES_192 4 +#define NB_CMAC_TESTS_AES_256 4 +#define NB_CMAC_TESTS_3DES 4 + #define NB_PRF_TESTS 3 -/* Key */ -static const unsigned char key[] = { +/* AES 128 Key */ +static const unsigned char aes_128_key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; +/* AES 192 Key */ +static const unsigned char aes_192_key[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; + +/* AES 256 Key */ +static const unsigned char aes_256_key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +}; + +/* 3DES 112 bit key */ +static const unsigned char des3_2key_key[] = { + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, + 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 +}; + +/* 3DES 168 bit key */ +static const unsigned char des3_3key_key[] = { + 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, + 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, + 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 +}; + + + /* Assume we don't need to test Ek0 as this is a function of the cipher */ /* Subkey K1 */ -static const unsigned char K1[] = { +static const unsigned char aes_128_k1[] = { 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde }; /* Subkey K2 */ -static const unsigned char K2[] = { +static const unsigned char aes_128_k2[] = { 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b }; -/* All Messages */ + + +/* Subkey K1 */ +static const unsigned char aes_192_k1[] = { + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 +}; + +/* Subkey K2 */ +static const unsigned char aes_192_k2[] = { + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c +}; + +/* Subkey K1 */ +static const unsigned char aes_256_k1[] = { + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f +}; + +/* Subkey K2 */ +static const unsigned char aes_256_k2[] = { + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 +}; + + +/* Subkey K1 */ +static const unsigned char des3_2key_k1[] = { + 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef +}; + +/* Subkey K2 */ +static const unsigned char des3_2key_k2[] = { + 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 +}; + +/* Subkey K1 */ +static const unsigned char des3_3key_k1[] = { + 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f +}; + +/* Subkey K2 */ +static const unsigned char des3_3key_k2[] = { + 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 +}; + +/* Assume we don't need to test Ek0 as this is a function of the cipher */ + + + +/* All Messages are the same. The difference is the length */ static const unsigned char M[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, @@ -380,7 +523,7 @@ static const unsigned char M[] = { 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -static const unsigned char T[NB_CMAC_TESTS][16] = { +static const unsigned char T_128[NB_CMAC_TESTS_3DES][16] = { { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 @@ -400,13 +543,91 @@ static const unsigned char T[NB_CMAC_TESTS][16] = { }; /* Sizes in bytes */ -static const size_t Mlen[NB_CMAC_TESTS] = { +static const size_t Mlen[NB_CMAC_TESTS_AES_192] = { 0, 16, 40, 64 }; +static const size_t Mlen_3des[NB_CMAC_TESTS_AES_192] = { + 0, + 8, + 20, + 32 +}; + + + +static const unsigned char T_256[NB_CMAC_TESTS_AES_192][16] = { + { + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + }, + { + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + }, + { + 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, + 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + }, + { + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + } +}; + +static const unsigned char T_192[NB_CMAC_TESTS_AES_192][16] = { + { + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + }, + { + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + }, + { + 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, + 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + }, + { + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + } +}; + +static const unsigned char T_3des_2key[NB_CMAC_TESTS_AES_192][16] = { + { + 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 + }, + { + 0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 + }, + { + 0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e + }, + { + 0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 + } +}; + +static const unsigned char T_3des_3key[NB_CMAC_TESTS_AES_192][16] = { + { + 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 + }, + { + 0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 + }, + { + 0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed + }, + { + 0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 + } +}; + + /* PRF K */ static const unsigned char PRFK[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -453,7 +674,8 @@ int mbedtls_cmac_self_test( int verbose ) mbedtls_cmac_init( &ctx ); - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + // AES 128 bit key + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_128_key, 8 * sizeof(aes_128_key) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( " CMAC: setup failed\n" ); @@ -461,8 +683,8 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || - ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) + if( ( memcmp( ctx.K1, aes_128_k1, 16 ) != 0 ) || + ( memcmp( ctx.K2, aes_128_k2, 16 ) != 0 ) ) { if( verbose != 0 ) mbedtls_printf( " CMAC: subkey generation failed\n" ); @@ -470,13 +692,13 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - for( i = 0; i < NB_CMAC_TESTS; i++ ) + for( i = 0; i < NB_CMAC_TESTS_AES_128; i++ ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || - memcmp( tag, T[i], 16 ) != 0 ) + memcmp( tag, T_128[i], 16 ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -484,7 +706,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_128[i], 16 ); if( ret != 0 ) { if( verbose != 0 ) @@ -497,14 +719,130 @@ int mbedtls_cmac_self_test( int verbose ) mbedtls_printf( "passed\n" ); } - for( i = 0; i < NB_PRF_TESTS; i++ ) + // AES 192 bit key + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_192_key, 8 * sizeof(aes_192_key) ) != 0 ) { - mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed\n" ); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, aes_192_k1, 16 ) != 0 ) || + ( memcmp( ctx.K2, aes_192_k2, 16 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed\n" ); + + return( 1 ); + } - mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag ); + for( i = 0; i < NB_CMAC_TESTS_AES_192; i++ ) + { + mbedtls_printf( " AES-192-CMAC #%u: ", i ); + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) + memcmp( tag, T_192[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_192[i], 16 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + // 3DES 2 key bit key + if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_2key_key, 8 * sizeof(des3_2key_key) )) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed %i\n", ret); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, des3_2key_k1, 8 ) != 0 ) || + ( memcmp( ctx.K2, des3_2key_k2, 8 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed\n" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) + { + mbedtls_printf( " DES-112-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); + if( ret != 0 || + memcmp( tag, T_3des_2key[i], 8 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_2key[i], 8 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + // 3DES 3 key + if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_3key_key, 8 * sizeof(des3_3key_key) )) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed %i\n", ret); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, des3_3key_k1, 8 ) != 0 ) || + ( memcmp( ctx.K2, des3_3key_k2, 8 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed\n" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) + { + mbedtls_printf( " DES-168-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); + if( ret != 0 || + memcmp( tag, T_3des_3key[i], 8 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_3key[i], 8 ); + if( ret != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -518,6 +856,25 @@ int mbedtls_cmac_self_test( int verbose ) mbedtls_cmac_free( &ctx ); + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + + mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); + + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } else if( verbose != 0 ) + { + mbedtls_printf( "passed\n" ); + } + } + if( verbose != 0 ) mbedtls_printf( "\n" ); From f13d3db373cdc652e8dc37b8158a34be8807024b Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 16:05:18 -0700 Subject: [PATCH 105/272] Updated comments for CMAC in config.h --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6e031362939c..f6f431bfb0f9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1674,11 +1674,11 @@ /** * \def MBEDTLS_CMAC_C * - * Enable the CMAC mode for 128-bit block cipher. + * Enable the CMAC mode for block ciphers. * * Module: library/cmac.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C * */ #define MBEDTLS_CMAC_C From 00dc5f0fc8e3629db0e8c55f28cb544c429ae609 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 14:23:50 -0700 Subject: [PATCH 106/272] Fixed CMAC tag length --- library/cmac.c | 363 +++++++++++++++++++------------------------------ 1 file changed, 143 insertions(+), 220 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index ab4a82ddfa6f..8348939f11f4 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -59,6 +59,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); } + /* * Multiplication by u in the Galois field of GF(2^n) * @@ -298,7 +299,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, UPDATE_CMAC( M_last ); - memcpy( tag, state, block_size ); + memcpy( tag, state, tag_len ); exit: free(state); @@ -444,74 +445,59 @@ static const unsigned char des3_3key_key[] = { 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 }; - - -/* Assume we don't need to test Ek0 as this is a function of the cipher */ - -/* Subkey K1 */ -static const unsigned char aes_128_k1[] = { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde -}; - -/* Subkey K2 */ -static const unsigned char aes_128_k2[] = { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b -}; - - - -/* Subkey K1 */ -static const unsigned char aes_192_k1[] = { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 -}; - -/* Subkey K2 */ -static const unsigned char aes_192_k2[] = { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c -}; - -/* Subkey K1 */ -static const unsigned char aes_256_k1[] = { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f -}; - -/* Subkey K2 */ -static const unsigned char aes_256_k2[] = { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 +static const unsigned char aes_128_subkeys[2][16] = { + { + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde + }, + { + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b + } }; - -/* Subkey K1 */ -static const unsigned char des3_2key_k1[] = { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef +static const unsigned char aes_192_subkeys[2][16] = { + { + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + }, + { + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c + } }; -/* Subkey K2 */ -static const unsigned char des3_2key_k2[] = { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 +static const unsigned char aes_256_subkeys[2][16] = { + { + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + }, + { + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + } }; -/* Subkey K1 */ -static const unsigned char des3_3key_k1[] = { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f +static const unsigned char des3_2key_subkeys[2][8] = { + { + 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + }, + { + 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + } }; -/* Subkey K2 */ -static const unsigned char des3_3key_k2[] = { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 +static const unsigned char des3_3key_subkeys[2][8] = { + { + 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + }, + { + 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + } }; -/* Assume we don't need to test Ek0 as this is a function of the cipher */ - - -/* All Messages are the same. The difference is the length */ +/* All Messages are truncated from the same 64 byte buffer. */ static const unsigned char M[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, @@ -597,7 +583,7 @@ static const unsigned char T_192[NB_CMAC_TESTS_AES_192][16] = { } }; -static const unsigned char T_3des_2key[NB_CMAC_TESTS_AES_192][16] = { +static const unsigned char T_3des_2key[4][8] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -612,7 +598,7 @@ static const unsigned char T_3des_2key[NB_CMAC_TESTS_AES_192][16] = { } }; -static const unsigned char T_3des_3key[NB_CMAC_TESTS_AES_192][16] = { +static const unsigned char T_3des_3key[4][8] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -664,197 +650,134 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { } }; - -int mbedtls_cmac_self_test( int verbose ) +int test_cmac_with_cipher(int verbose, + const unsigned char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + size_t message_lengths[4], + const unsigned char* subkeys, + const unsigned char* expected_result, + mbedtls_cipher_id_t cipher_id, + int block_size) { - mbedtls_cmac_context ctx; - unsigned char tag[16]; - int i; - int ret; + const int num_tests = 4; + mbedtls_cmac_context ctx; + int i, ret; + unsigned char* tag; + tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); mbedtls_cmac_init( &ctx ); - // AES 128 bit key - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_128_key, 8 * sizeof(aes_128_key) ) != 0 ) + if( ( ret = mbedtls_cmac_setkey( &ctx, cipher_id, key, keybits ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( " CMAC: setup failed\n" ); - - return( 1 ); + goto exit; } - if( ( memcmp( ctx.K1, aes_128_k1, 16 ) != 0 ) || - ( memcmp( ctx.K2, aes_128_k2, 16 ) != 0 ) ) + if( ( ret = memcmp( ctx.K1, subkeys, block_size ) != 0 ) || + ( ret = memcmp( ctx.K2, &subkeys[block_size], block_size ) != 0 ) ) { if( verbose != 0 ) mbedtls_printf( " CMAC: subkey generation failed\n" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_AES_128; i++ ) - { - mbedtls_printf( " AES-128-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); - if( ret != 0 || - memcmp( tag, T_128[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_128[i], 16 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - // AES 192 bit key - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_192_key, 8 * sizeof(aes_192_key) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed\n" ); - - return( 1 ); + goto exit; } - if( ( memcmp( ctx.K1, aes_192_k1, 16 ) != 0 ) || - ( memcmp( ctx.K2, aes_192_k2, 16 ) != 0 ) ) + for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); + mbedtls_printf( " %s CMAC #%u: ", testname, i +1 ); - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_AES_192; i++ ) - { - mbedtls_printf( " AES-192-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); - if( ret != 0 || - memcmp( tag, T_192[i], 16 ) != 0 ) + if( ( ret = mbedtls_cmac_generate( &ctx, messages, message_lengths[i], tag, block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - - return( 1 ); + goto exit; } - - ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_192[i], 16 ); - if( ret != 0 ) + if( ( ret = memcmp( tag, &expected_result[i * block_size], block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - // 3DES 2 key bit key - if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_2key_key, 8 * sizeof(des3_2key_key) )) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed %i\n", ret); - - return( 1 ); - } - - if( ( memcmp( ctx.K1, des3_2key_k1, 8 ) != 0 ) || - ( memcmp( ctx.K2, des3_2key_k2, 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) - { - mbedtls_printf( " DES-112-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); - if( ret != 0 || - memcmp( tag, T_3des_2key[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + goto exit; } - ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_2key[i], 8 ); - if( ret != 0 ) + if( ( ret = mbedtls_cmac_verify( &ctx, messages, message_lengths[i], &expected_result[i * block_size], block_size ) != 0 ) ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + mbedtls_printf( "passed\n" ); } + exit: + free( tag ); + mbedtls_cmac_free( &ctx ); + return( ret ); +} - // 3DES 3 key - if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_3key_key, 8 * sizeof(des3_3key_key) )) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed %i\n", ret); - - return( 1 ); - } - - if( ( memcmp( ctx.K1, des3_3key_k1, 8 ) != 0 ) || - ( memcmp( ctx.K2, des3_3key_k2, 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) - { - mbedtls_printf( " DES-168-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); - if( ret != 0 || - memcmp( tag, T_3des_3key[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_3key[i], 8 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } +int mbedtls_cmac_self_test( int verbose ) +{ + mbedtls_cmac_context ctx; + unsigned char tag[16]; + int i; + int ret; - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } + test_cmac_with_cipher(verbose, + "AES 128", + aes_128_key, + 128, + M, + Mlen, + aes_128_subkeys, + T_128, + MBEDTLS_CIPHER_ID_AES, + 16 ); + + test_cmac_with_cipher(verbose, + "AES 192", + aes_192_key, + 192, + M, + Mlen, + aes_192_subkeys, + T_192, + MBEDTLS_CIPHER_ID_AES, + 16 ); + + test_cmac_with_cipher(verbose, + "AES 256", + aes_256_key, + 256, + M, + Mlen, + aes_256_subkeys, + T_256, + MBEDTLS_CIPHER_ID_AES, + 16 ); + + test_cmac_with_cipher(verbose, + "3DES 2 key", + des3_2key_key, + 192, + M, + Mlen_3des, + des3_2key_subkeys, + T_3des_2key, + MBEDTLS_CIPHER_ID_3DES, + 8 ); + + test_cmac_with_cipher(verbose, + "3DES 3 key", + des3_3key_key, + 192, + M, + Mlen_3des, + des3_3key_subkeys, + T_3des_3key, + MBEDTLS_CIPHER_ID_3DES, + 8 ); - mbedtls_cmac_free( &ctx ); for( i = 0; i < NB_PRF_TESTS; i++ ) { @@ -877,7 +800,7 @@ int mbedtls_cmac_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); - +*/ return( 0 ); } From 0f6af73599154c142077a369e668fb5e8a964f89 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 15:59:23 -0700 Subject: [PATCH 107/272] More cleanup of CMAC selftests --- library/cmac.c | 331 +++++++++++++++++++++++++------------------------ 1 file changed, 169 insertions(+), 162 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 8348939f11f4..0de85bcc5703 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -397,55 +397,49 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#ifdef MBEDTLS_SELF_TEST /* - * Examples 1 to 4 from SP800-38B corrected Appendix D.1 + * CMAC test data from SP800-38B Appendix D.1 (corrected) * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + * + * AES-CMAC-PRF-128 test data from RFC 4615 + * https://tools.ietf.org/html/rfc4615#page-4 */ -#define NB_CMAC_TESTS_AES_128 4 -#define NB_CMAC_TESTS_AES_192 4 -#define NB_CMAC_TESTS_AES_256 4 -#define NB_CMAC_TESTS_3DES 4 - +#define NB_CMAC_TESTS_PER_KEY 4 #define NB_PRF_TESTS 3 +#define AES_BLOCK_SIZE 16 +#define DES3_BLOCK_SIZE 8 -/* AES 128 Key */ -static const unsigned char aes_128_key[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c -}; - -/* AES 192 Key */ -static const unsigned char aes_192_key[] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b -}; - -/* AES 256 Key */ -static const unsigned char aes_256_key[] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) +/* All CMAC test inputs are truncated from the same 64 byte buffer. */ +static const unsigned char test_message[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; +#endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ -/* 3DES 112 bit key */ -static const unsigned char des3_2key_key[] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 +#ifdef MBEDTLS_AES_C +/* Truncation point of message for AES CMAC tests */ +static const size_t aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + 0, + 16, + 40, + 64 }; -/* 3DES 168 bit key */ -static const unsigned char des3_3key_key[] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 +/* AES 128 CMAC Test Data */ +static const unsigned char aes_128_key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; - -static const unsigned char aes_128_subkeys[2][16] = { +static const unsigned char aes_128_subkeys[2][AES_BLOCK_SIZE] = { { 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde @@ -455,97 +449,78 @@ static const unsigned char aes_128_subkeys[2][16] = { 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; - -static const unsigned char aes_192_subkeys[2][16] = { +static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }, { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c - } -}; - -static const unsigned char aes_256_subkeys[2][16] = { - { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }, { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 - } -}; - -static const unsigned char des3_2key_subkeys[2][8] = { - { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }, { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } }; -static const unsigned char des3_3key_subkeys[2][8] = { +/* AES 192 CMAC Test Data */ +static const unsigned char aes_192_key[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; +static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 }, { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; - - -/* All Messages are truncated from the same 64 byte buffer. */ -static const unsigned char M[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 -}; - -static const unsigned char T_128[NB_CMAC_TESTS_3DES][16] = { +static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 }, { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 }, { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, + 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e }, { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 } }; -/* Sizes in bytes */ -static const size_t Mlen[NB_CMAC_TESTS_AES_192] = { - 0, - 16, - 40, - 64 +/* AES 256 CMAC Test Data */ +static const unsigned char aes_256_key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; - -static const size_t Mlen_3des[NB_CMAC_TESTS_AES_192] = { - 0, - 8, - 20, - 32 +static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { + { + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + }, + { + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + } }; - - - -static const unsigned char T_256[NB_CMAC_TESTS_AES_192][16] = { +static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { { 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 @@ -563,27 +538,32 @@ static const unsigned char T_256[NB_CMAC_TESTS_AES_192][16] = { 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 } }; +#endif /* MBEDTLS_AES_C */ -static const unsigned char T_192[NB_CMAC_TESTS_AES_192][16] = { - { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 - }, - { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 - }, +#ifdef MBEDTLS_DES_C +/* Truncation point of message for 3DES CMAC tests */ +static const size_t des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + 0, + 8, + 20, + 32 +}; + +/* 3DES 2 Key CMAC Test Data */ +static const unsigned char des3_2key_key[] = { + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, + 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 +}; +static const unsigned char des3_2key_subkeys[2][8] = { { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef }, { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 } }; - -static const unsigned char T_3des_2key[4][8] = { +static const unsigned char T_3des_2key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -598,7 +578,21 @@ static const unsigned char T_3des_2key[4][8] = { } }; -static const unsigned char T_3des_3key[4][8] = { +/* 3DES 3 Key CMAC Test Data */ +static const unsigned char des3_3key_key[] = { + 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, + 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, + 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 +}; +static const unsigned char des3_3key_subkeys[2][8] = { + { + 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + }, + { + 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + } +}; +static const unsigned char T_3des_3key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -613,8 +607,10 @@ static const unsigned char T_3des_3key[4][8] = { } }; +#endif /* MBEDTLS_DES_C */ -/* PRF K */ +#ifdef MBEDTLS_AES_C +/* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, @@ -649,6 +645,7 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d } }; +#endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher(int verbose, const unsigned char* testname, @@ -716,94 +713,104 @@ int test_cmac_with_cipher(int verbose, return( ret ); } -int mbedtls_cmac_self_test( int verbose ) -{ - mbedtls_cmac_context ctx; - unsigned char tag[16]; +#ifdef MBEDTLS_AES_C +int test_aes128_cmac_prf( verbose ) { int i; int ret; + unsigned char tag[16]; + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); + ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( ret ); + } else if( verbose != 0 ) + { + mbedtls_printf( "passed\n" ); + } + } + return( ret ); +} +#endif /* MBEDTLS_AES_C */ +int mbedtls_cmac_self_test( int verbose ) +{ + int ret; + +#ifdef MBEDTLS_AES_C test_cmac_with_cipher(verbose, "AES 128", aes_128_key, 128, - M, - Mlen, + test_message, + aes_message_lengths, aes_128_subkeys, - T_128, + aes_128_expected_result, MBEDTLS_CIPHER_ID_AES, - 16 ); + AES_BLOCK_SIZE ); test_cmac_with_cipher(verbose, "AES 192", aes_192_key, 192, - M, - Mlen, + test_message, + aes_message_lengths, aes_192_subkeys, - T_192, + aes_192_expected_result, MBEDTLS_CIPHER_ID_AES, - 16 ); + AES_BLOCK_SIZE ); test_cmac_with_cipher(verbose, "AES 256", aes_256_key, 256, - M, - Mlen, + test_message, + aes_message_lengths, aes_256_subkeys, - T_256, + aes_256_expected_result, MBEDTLS_CIPHER_ID_AES, - 16 ); + AES_BLOCK_SIZE ); +#endif /* MBEDTLS_AES_C */ +#ifdef MBEDTLS_DES_C test_cmac_with_cipher(verbose, "3DES 2 key", des3_2key_key, 192, - M, - Mlen_3des, + test_message, + des3_message_lengths, des3_2key_subkeys, T_3des_2key, MBEDTLS_CIPHER_ID_3DES, - 8 ); + DES3_BLOCK_SIZE ); test_cmac_with_cipher(verbose, "3DES 3 key", des3_3key_key, 192, - M, - Mlen_3des, + test_message, + des3_message_lengths, des3_3key_subkeys, T_3des_3key, MBEDTLS_CIPHER_ID_3DES, - 8 ); + DES3_BLOCK_SIZE ); +#endif /* MBEDTLS_DES_C */ - - for( i = 0; i < NB_PRF_TESTS; i++ ) - { - mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - - mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); - - if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } else if( verbose != 0 ) - { - mbedtls_printf( "passed\n" ); - } - } +#ifdef MBEDTLS_AES_C + test_aes128_cmac_prf( verbose ); +#endif /* MBEDTLS_AES_C */ if( verbose != 0 ) mbedtls_printf( "\n" ); -*/ + return( 0 ); } -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_CMAC_C */ From b439d4556df1a522deeb5acc864525b35a1da19a Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 16:02:42 -0700 Subject: [PATCH 108/272] Only compile AES CMAC PRF support if MBEDTLS_AES_C is defined and other cleanups --- include/mbedtls/cmac.h | 37 ++++++++++++----------- library/cmac.c | 66 +++++++++++++++++++++--------------------- 2 files changed, 53 insertions(+), 50 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 3e02f912e409..fed337d5c119 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -33,12 +33,12 @@ extern "C" { #endif /** - * \brief CCM context structure + * \brief CMAC context structure */ typedef struct { mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char* K1; - unsigned char* K2; + unsigned char* K1; /*!< CMAC Subkey 1 */ + unsigned char* K2; /*!< CMAC Subkey 2 */ } mbedtls_cmac_context; @@ -52,12 +52,12 @@ mbedtls_cmac_context; void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); /** - * \brief CMAC initialization + * \brief Initialize the CMAC context * * \param ctx CMAC context to be initialized - * \param cipher cipher to use (a 128-bit block cipher) + * \param cipher cipher to use * \param key encryption key - * \param keybits key size in bits (must be acceptable by the cipher) + * \param keybits encryption key size in bits (must be acceptable by the cipher) * * \return 0 if successful, or a cipher specific error code */ @@ -68,20 +68,22 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, /** * \brief Free a CMAC context and underlying cipher sub-context + * Securely wipes sub keys and other sensitive data. * * \param ctx CMAC context to free */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); /** - * \brief CMAC generate + * \brief Generate a CMAC tag. * * \param ctx CMAC context * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes - * must be between 4, 6, 8, 10, 14 or 16 + * Must be 4, 6, 8 if cipher block size is 64 + * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 * * \return 0 if successful */ @@ -90,47 +92,48 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *tag, size_t tag_len ); /** - * \brief CMAC verify + * \brief Verify a CMAC tag. * * \param ctx CMAC context * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes - * must be 4, 6, 8, 10, 14 or 16 - * - * \return 0 if successful and authenticated, + * Must be 4, 6, 8 if cipher block size is 64 + * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 + * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ); +#ifdef MBEDTLS_AES_C /** * \brief AES-CMAC-128-PRF - * See RFC + * See RFC 4615 for details * * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) - * TODO: update description of tag * * \return 0 if successful */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, - unsigned char *tag ); + unsigned char tag[16] ); +#endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed */ int mbedtls_cmac_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ #ifdef __cplusplus } diff --git a/library/cmac.c b/library/cmac.c index 0de85bcc5703..3d223194be4f 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -73,7 +73,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, - size_t blocksize) + size_t blocksize ) { const unsigned char R_128 = 0x87; @@ -84,12 +84,12 @@ static int cmac_multiply_by_u( unsigned char *output, starting_index = blocksize -1; - if(blocksize == 16){ + if( blocksize == 16 ){ R_n = R_128; - } else if(blocksize == 8) { + } else if( blocksize == 8 ) { R_n = R_64; } else { - return MBEDTLS_ERR_CMAC_BAD_INPUT; + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); } @@ -113,7 +113,7 @@ static int cmac_multiply_by_u( unsigned char *output, #endif output[starting_index] ^= R_n & mask; - return 0; + return( 0 ); } /* @@ -128,7 +128,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; - L = mbedtls_calloc(block_size, sizeof(unsigned char)); + L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); /* Calculate Ek(0) */ memset( L, 0, block_size ); @@ -141,15 +141,15 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) /* * Generate K1 and K2 */ - if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size) ) != 0 ) + if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 ) goto exit; - if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size) ) != 0 ) + if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) goto exit; exit: mbedtls_zeroize( L, sizeof( L ) ); - free(L); - return ret; + free( L ); + return( ret ); } /* @@ -195,8 +195,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize(ctx->K1, block_size * sizeof( unsigned char ) ); - mbedtls_zeroize(ctx->K2, block_size * sizeof( unsigned char ) ); + mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); + mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); mbedtls_free( ctx->K1 ); mbedtls_free( ctx->K2 ); } @@ -263,8 +263,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; - state = mbedtls_calloc(block_size, sizeof(unsigned char) ); - M_last = mbedtls_calloc(block_size, sizeof(unsigned char) ); + state = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + M_last = mbedtls_calloc( block_size, sizeof( unsigned char ) ); /* * Check in_len requirements: SP800-38B A @@ -302,8 +302,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, memcpy( tag, state, tag_len ); exit: - free(state); - free(M_last); + free( state ); + free( M_last ); return( ret ); } @@ -322,8 +322,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, unsigned char i; int diff; - check_tag = mbedtls_calloc(ctx->cipher_ctx.cipher_info->block_size, - sizeof(unsigned char) ); + check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, + sizeof( unsigned char ) ); if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) @@ -340,24 +340,25 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, goto exit; exit: - free(check_tag); - return ret; + free( check_tag ); + return( ret ); } +#ifdef MBEDTLS_AES_C /* * PRF based on CMAC with AES-128 * See RFC 4615 */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, - unsigned char *tag ) + unsigned char tag[16] ) { int ret; mbedtls_cmac_context ctx; unsigned char zero_key[16]; unsigned char int_key[16]; - mbedtls_cmac_init(&ctx); + mbedtls_cmac_init(&ctx ); if( key_length == 16 ) { @@ -368,7 +369,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, { mbedtls_cmac_context zero_ctx; - /* Key is AES_CMAC(0, key) */ + /* Key is AES_CMAC( 0, key ) */ mbedtls_cmac_init( &zero_ctx ); memset( zero_key, 0, 16 ); ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, @@ -391,11 +392,10 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); exit: - mbedtls_cmac_free(&ctx); + mbedtls_cmac_free( &ctx ); return( ret ); - - } +#endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_SELF_TEST /* @@ -647,7 +647,7 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ -int test_cmac_with_cipher(int verbose, +int test_cmac_with_cipher( int verbose, const unsigned char* testname, const unsigned char* key, int keybits, @@ -656,7 +656,7 @@ int test_cmac_with_cipher(int verbose, const unsigned char* subkeys, const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, - int block_size) + int block_size ) { const int num_tests = 4; mbedtls_cmac_context ctx; @@ -743,7 +743,7 @@ int mbedtls_cmac_self_test( int verbose ) int ret; #ifdef MBEDTLS_AES_C - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "AES 128", aes_128_key, 128, @@ -754,7 +754,7 @@ int mbedtls_cmac_self_test( int verbose ) MBEDTLS_CIPHER_ID_AES, AES_BLOCK_SIZE ); - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "AES 192", aes_192_key, 192, @@ -765,7 +765,7 @@ int mbedtls_cmac_self_test( int verbose ) MBEDTLS_CIPHER_ID_AES, AES_BLOCK_SIZE ); - test_cmac_with_cipher(verbose, + test_cmac_with_cipher ( verbose, "AES 256", aes_256_key, 256, @@ -778,7 +778,7 @@ int mbedtls_cmac_self_test( int verbose ) #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "3DES 2 key", des3_2key_key, 192, @@ -789,7 +789,7 @@ int mbedtls_cmac_self_test( int verbose ) MBEDTLS_CIPHER_ID_3DES, DES3_BLOCK_SIZE ); - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "3DES 3 key", des3_3key_key, 192, From 9044b0295ca3fb76b7e35d3b56835a86162f4551 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 16:36:56 -0700 Subject: [PATCH 109/272] More cleanup of CMAC self tests --- library/cmac.c | 125 ++++++++++++++++++++++++++++--------------------- 1 file changed, 71 insertions(+), 54 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 3d223194be4f..477e35f98780 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -743,66 +743,83 @@ int mbedtls_cmac_self_test( int verbose ) int ret; #ifdef MBEDTLS_AES_C - test_cmac_with_cipher( verbose, - "AES 128", - aes_128_key, - 128, - test_message, - aes_message_lengths, - aes_128_subkeys, - aes_128_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ); - - test_cmac_with_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - aes_192_subkeys, - aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ); - - test_cmac_with_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - aes_256_subkeys, - aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ); + if( ( ret = test_cmac_with_cipher( verbose, + "AES 128", + aes_128_key, + 128, + test_message, + aes_message_lengths, + aes_128_subkeys, + aes_128_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } + + if( ( ret = test_cmac_with_cipher( verbose, + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + aes_192_subkeys, + aes_192_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } + + if( ( ret = test_cmac_with_cipher ( verbose, + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + aes_256_subkeys, + aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C - test_cmac_with_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - des3_2key_subkeys, - T_3des_2key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ); - - test_cmac_with_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - des3_3key_subkeys, - T_3des_3key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ); + if( ( ret = test_cmac_with_cipher( verbose, + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + des3_2key_subkeys, + T_3des_2key, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } + + if( ( ret = test_cmac_with_cipher( verbose, + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + des3_3key_subkeys, + T_3des_3key, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } #endif /* MBEDTLS_DES_C */ #ifdef MBEDTLS_AES_C - test_aes128_cmac_prf( verbose ); + if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) + return( ret ); + #endif /* MBEDTLS_AES_C */ if( verbose != 0 ) From 57863ad7edafcbb137ee37a8d09243e7b734462d Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 16:38:36 -0700 Subject: [PATCH 110/272] selftest supports cmac if only MBEDTLS_DES_C is defined Other minor typo fixes --- include/mbedtls/cmac.h | 6 +- include/mbedtls/error.h | 2 +- library/cmac.c | 145 +++++++++++++++++++++++---------------- library/error.c | 2 + programs/test/selftest.c | 2 +- 5 files changed, 95 insertions(+), 62 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index fed337d5c119..b94b6edccaa7 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -27,6 +27,8 @@ #define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ +#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Memory Allocation failed. */ + #ifdef __cplusplus extern "C" { @@ -83,7 +85,7 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 + * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 * * \return 0 if successful */ @@ -100,7 +102,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 + * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 703233ae9856..6e3905d864ca 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -66,7 +66,7 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F - * CMAC 2 0x0011-0x0013 + * CMAC 3 0x0011-0x0015 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/library/cmac.c b/library/cmac.c index 477e35f98780..39ebb8709855 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -121,7 +121,7 @@ static int cmac_multiply_by_u( unsigned char *output, */ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) { - int ret, keybytes; + int ret; unsigned char *L; size_t olen, block_size; @@ -129,7 +129,11 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) block_size = ctx->cipher_ctx.cipher_info->block_size; L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - + if( L == NULL) + { + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } /* Calculate Ek(0) */ memset( L, 0, block_size ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, @@ -147,7 +151,8 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) goto exit; exit: - mbedtls_zeroize( L, sizeof( L ) ); + if( L != NULL ) + mbedtls_zeroize( L, sizeof( L ) ); free( L ); return( ret ); } @@ -160,7 +165,7 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret, blocksize; + int ret; const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, @@ -171,6 +176,9 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + if(ctx->K1 == NULL || ctx->K2 == NULL ) + return MBEDTLS_ERR_CMAC_ALLOC_FAILED; + mbedtls_cipher_free( &ctx->cipher_ctx ); if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) @@ -242,7 +250,9 @@ do { \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ state, block_size, \ state, &olen ) ) != 0 ) \ - return( ret ); \ + { \ + goto exit; \ + } \ } while( 0 ) /* @@ -256,8 +266,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *state; unsigned char *M_last; - int n, i, j, ret, needs_padding; - size_t olen, block_size; + int n, j, ret, needs_padding; + size_t olen, block_size, i; ret = 0; @@ -266,12 +276,21 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, state = mbedtls_calloc( block_size, sizeof( unsigned char ) ); M_last = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + if( state == NULL || M_last == NULL ) + { + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } + /* * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + { + ret = MBEDTLS_ERR_CMAC_BAD_INPUT; + goto exit; + } if( in_len == 0 ) needs_padding = 1; @@ -324,6 +343,11 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, sizeof( unsigned char ) ); + if(check_tag == NULL) + { + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) @@ -427,7 +451,7 @@ static const unsigned char test_message[] = { #ifdef MBEDTLS_AES_C /* Truncation point of message for AES CMAC tests */ -static const size_t aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { +static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, 16, 40, @@ -435,7 +459,7 @@ static const size_t aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { }; /* AES 128 CMAC Test Data */ -static const unsigned char aes_128_key[] = { +static const unsigned char aes_128_key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; @@ -469,7 +493,7 @@ static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL }; /* AES 192 CMAC Test Data */ -static const unsigned char aes_192_key[] = { +static const unsigned char aes_192_key[24] = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b @@ -504,7 +528,7 @@ static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL }; /* AES 256 CMAC Test Data */ -static const unsigned char aes_256_key[] = { +static const unsigned char aes_256_key[32] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, @@ -542,7 +566,7 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL #ifdef MBEDTLS_DES_C /* Truncation point of message for 3DES CMAC tests */ -static const size_t des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { +static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, 8, 20, @@ -550,7 +574,7 @@ static const size_t des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { }; /* 3DES 2 Key CMAC Test Data */ -static const unsigned char des3_2key_key[] = { +static const unsigned char des3_2key_key[24] = { 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 @@ -563,7 +587,7 @@ static const unsigned char des3_2key_subkeys[2][8] = { 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 } }; -static const unsigned char T_3des_2key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -579,7 +603,7 @@ static const unsigned char T_3des_2key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = }; /* 3DES 3 Key CMAC Test Data */ -static const unsigned char des3_3key_key[] = { +static const unsigned char des3_3key_key[24] = { 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 @@ -592,7 +616,7 @@ static const unsigned char des3_3key_subkeys[2][8] = { 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 } }; -static const unsigned char T_3des_3key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -648,11 +672,11 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { #endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher( int verbose, - const unsigned char* testname, + char* testname, const unsigned char* key, int keybits, const unsigned char* messages, - size_t message_lengths[4], + const unsigned int message_lengths[4], const unsigned char* subkeys, const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, @@ -664,6 +688,11 @@ int test_cmac_with_cipher( int verbose, unsigned char* tag; tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + if( tag == NULL ){ + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } + mbedtls_cmac_init( &ctx ); if( ( ret = mbedtls_cmac_setkey( &ctx, cipher_id, key, keybits ) ) != 0 ) @@ -714,7 +743,7 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C -int test_aes128_cmac_prf( verbose ) { +int test_aes128_cmac_prf( int verbose ) { int i; int ret; unsigned char tag[16]; @@ -749,8 +778,8 @@ int mbedtls_cmac_self_test( int verbose ) 128, test_message, aes_message_lengths, - aes_128_subkeys, - aes_128_expected_result, + (const unsigned char*) aes_128_subkeys, + (const unsigned char*) aes_128_expected_result, MBEDTLS_CIPHER_ID_AES, AES_BLOCK_SIZE ) !=0 ) ) { @@ -758,29 +787,29 @@ int mbedtls_cmac_self_test( int verbose ) } if( ( ret = test_cmac_with_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - aes_192_subkeys, - aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + (const unsigned char*) aes_192_subkeys, + (const unsigned char*) aes_192_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } if( ( ret = test_cmac_with_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - aes_256_subkeys, - aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char*) aes_256_subkeys, + (const unsigned char*) aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } @@ -788,29 +817,29 @@ int mbedtls_cmac_self_test( int verbose ) #ifdef MBEDTLS_DES_C if( ( ret = test_cmac_with_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - des3_2key_subkeys, - T_3des_2key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_2key_subkeys, + (const unsigned char*) des3_2key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } if( ( ret = test_cmac_with_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - des3_3key_subkeys, - T_3des_3key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_3key_subkeys, + (const unsigned char*) des3_3key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } diff --git a/library/error.c b/library/error.c index 8c38cf2940e7..7ec8420e97b4 100644 --- a/library/error.c +++ b/library/error.c @@ -587,6 +587,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CMAC - Bad input parameters to function" ); if( use_ret == -(MBEDTLS_ERR_CMAC_VERIFY_FAILED) ) mbedtls_snprintf( buf, buflen, "CMAC - Verification failed" ); + if( use_ret == -(MBEDTLS_ERR_CMAC_ALLOC_FAILED) ) + mbedtls_snprintf( buf, buflen, "CMAC - Failed to allocate memory" ); #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 17fdb2128a22..74eed598e6f6 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -278,7 +278,7 @@ int main( int argc, char *argv[] ) suites_tested++; #endif -#if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CMAC_C) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) if( ( ret = mbedtls_cmac_self_test( v ) ) != 0 ) return( ret ); #endif From 2cfa5072ed4a00ed1e64fed5f3a00b63ca62ebc3 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Mon, 23 May 2016 20:17:04 -0700 Subject: [PATCH 111/272] better handling of failed calloc --- library/cmac.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 39ebb8709855..4c25a67d03e8 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -173,12 +173,6 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, if( cipher_info == NULL ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); - ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); - - if(ctx->K1 == NULL || ctx->K2 == NULL ) - return MBEDTLS_ERR_CMAC_ALLOC_FAILED; - mbedtls_cipher_free( &ctx->cipher_ctx ); if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) @@ -190,6 +184,16 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, return( ret ); } + ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + + if( ctx->K1 == NULL || ctx->K2 == NULL ) + { + mbedtls_free(ctx->K1); + mbedtls_free(ctx->K2); + return( MBEDTLS_ERR_CMAC_ALLOC_FAILED ); + } + return( cmac_generate_subkeys( ctx ) ); } From 617634e6565c81808d6fb2fed38f59f582caa965 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 19:02:53 -0700 Subject: [PATCH 112/272] cmac.c whitespace cleanup --- library/cmac.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 4c25a67d03e8..09a705d650ff 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -59,7 +59,6 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); } - /* * Multiplication by u in the Galois field of GF(2^n) * @@ -267,13 +266,11 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *tag, size_t tag_len ) { - unsigned char *state; unsigned char *M_last; int n, j, ret, needs_padding; size_t olen, block_size, i; - ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; From 87e4040bb9b3d752f62b11944bf8c63087ded6e7 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 19:05:57 -0700 Subject: [PATCH 113/272] No CMAC minimum tag length is specified by NIST SP800-38B A Minor Typo Changes --- include/mbedtls/cmac.h | 8 +++--- library/cmac.c | 58 ++++++++++++++++++++---------------------- 2 files changed, 31 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index b94b6edccaa7..5a59f90d61df 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -84,8 +84,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes - * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 64 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 * * \return 0 if successful */ @@ -101,8 +101,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes - * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 64 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ diff --git a/library/cmac.c b/library/cmac.c index 09a705d650ff..063a9d1c3584 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -62,7 +62,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) /* * Multiplication by u in the Galois field of GF(2^n) * - * As explained in the paper, this can computed: + * As explained in the paper, this can be computed: * If MSB(p) = 0, then p = (p << 1) * If MSB(p) = 1, then p = (p << 1) ^ R_n * with R_64 = 0x1B and R_128 = 0x87 @@ -245,7 +245,7 @@ static void cmac_pad( unsigned char padded_block[16], ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; /* - * Update the CMAC state using an input block x + * Update the CMAC state using an input block */ #define UPDATE_CMAC( x ) \ do { \ @@ -283,11 +283,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, goto exit; } - /* - * Check in_len requirements: SP800-38B A - * 4 is a worst case bottom limit - */ - if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 ) + if( tag_len < 2 || tag_len > block_size || tag_len % 2 != 0 ) { ret = MBEDTLS_ERR_CMAC_BAD_INPUT; goto exit; @@ -495,9 +491,9 @@ static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL /* AES 192 CMAC Test Data */ static const unsigned char aes_192_key[24] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { { @@ -530,10 +526,10 @@ static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL /* AES 256 CMAC Test Data */ static const unsigned char aes_256_key[32] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { { @@ -576,9 +572,9 @@ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { /* 3DES 2 Key CMAC Test Data */ static const unsigned char des3_2key_key[24] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, + 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 }; static const unsigned char des3_2key_subkeys[2][8] = { { @@ -605,9 +601,9 @@ static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3 /* 3DES 3 Key CMAC Test Data */ static const unsigned char des3_3key_key[24] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 + 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, + 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, + 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 }; static const unsigned char des3_3key_subkeys[2][8] = { { @@ -673,18 +669,18 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { #endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher( int verbose, - char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* subkeys, - const unsigned char* expected_result, - mbedtls_cipher_id_t cipher_id, - int block_size ) + char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + const unsigned int message_lengths[4], + const unsigned char* subkeys, + const unsigned char* expected_result, + mbedtls_cipher_id_t cipher_id, + int block_size ) { - const int num_tests = 4; - mbedtls_cmac_context ctx; + const int num_tests = 4; + mbedtls_cmac_context ctx; int i, ret; unsigned char* tag; From 4b64ab6664595332845fac7a54c6eaf417471d95 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Fri, 20 May 2016 06:33:01 -0700 Subject: [PATCH 114/272] Removed unneed memsets and fixed spacing --- library/cmac.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 063a9d1c3584..d32d1c7e710d 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -74,7 +74,6 @@ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, size_t blocksize ) { - const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; unsigned char R_n, mask; @@ -91,7 +90,6 @@ static int cmac_multiply_by_u( unsigned char *output, return( MBEDTLS_ERR_CMAC_BAD_INPUT ); } - for( i = starting_index; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; @@ -128,13 +126,12 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) block_size = ctx->cipher_ctx.cipher_info->block_size; L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( L == NULL) + if( L == NULL ) { ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; goto exit; } /* Calculate Ek(0) */ - memset( L, 0, block_size ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, block_size, L, &olen ) ) != 0 ) { @@ -152,7 +149,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) exit: if( L != NULL ) mbedtls_zeroize( L, sizeof( L ) ); - free( L ); + mbedtls_free( L ); return( ret ); } @@ -308,8 +305,6 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, XOR_BLOCK( M_last, input + block_size * ( n - 1 ), ctx->K1 ); } - memset( state, 0, block_size ); - for( j = 0; j < n - 1; j++ ) UPDATE_CMAC( input + block_size * j ); @@ -318,8 +313,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, memcpy( tag, state, tag_len ); exit: - free( state ); - free( M_last ); + mbedtls_free( state ); + mbedtls_free( M_last ); return( ret ); } @@ -340,7 +335,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, sizeof( unsigned char ) ); - if(check_tag == NULL) + if( check_tag == NULL ) { ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; goto exit; @@ -361,7 +356,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, goto exit; exit: - free( check_tag ); + mbedtls_free( check_tag ); return( ret ); } @@ -727,14 +722,14 @@ int test_cmac_with_cipher( int verbose, if( ( ret = mbedtls_cmac_verify( &ctx, messages, message_lengths[i], &expected_result[i * block_size], block_size ) != 0 ) ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - goto exit; + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; } mbedtls_printf( "passed\n" ); } exit: - free( tag ); + mbedtls_free( tag ); mbedtls_cmac_free( &ctx ); return( ret ); } From 6a3c0d2d678ee2ee43ed1b834129495c4bd4efbb Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Fri, 20 May 2016 18:25:43 -0700 Subject: [PATCH 115/272] Do not zeroize null pointer --- library/cmac.c | 85 ++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 41 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index d32d1c7e710d..1a6f31376e43 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -82,11 +82,14 @@ static int cmac_multiply_by_u( unsigned char *output, starting_index = blocksize -1; - if( blocksize == 16 ){ + if( blocksize == 16 ) + { R_n = R_128; - } else if( blocksize == 8 ) { + } else if( blocksize == 8 ) + { R_n = R_64; - } else { + } else + { return( MBEDTLS_ERR_CMAC_BAD_INPUT ); } @@ -122,7 +125,6 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) unsigned char *L; size_t olen, block_size; - ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); @@ -143,7 +145,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) */ if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 ) goto exit; - if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) + if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) goto exit; exit: @@ -203,8 +205,10 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); - mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); + if( ctx->K1 != NULL ) + mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); + if( ctx->K2 != NULL ) + mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); mbedtls_free( ctx->K1 ); mbedtls_free( ctx->K2 ); } @@ -261,7 +265,6 @@ do { \ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) - { unsigned char *state; unsigned char *M_last; @@ -389,7 +392,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, mbedtls_cmac_init( &zero_ctx ); memset( zero_key, 0, 16 ); ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, - zero_key, 8 * sizeof zero_key ); + zero_key, 8 * sizeof( zero_key ) ); if( ret != 0 ) goto exit; @@ -399,17 +402,16 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - int_key, 8 * sizeof int_key ); + int_key, 8 * sizeof( int_key ) ); if( ret != 0 ) goto exit; - mbedtls_zeroize( int_key, sizeof( int_key ) ); - ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); exit: - mbedtls_cmac_free( &ctx ); - return( ret ); + mbedtls_zeroize( int_key, sizeof( int_key ) ); + mbedtls_cmac_free( &ctx ); + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -680,7 +682,8 @@ int test_cmac_with_cipher( int verbose, unsigned char* tag; tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( tag == NULL ){ + if( tag == NULL ) + { ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; goto exit; } @@ -735,7 +738,8 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C -int test_aes128_cmac_prf( int verbose ) { +int test_aes128_cmac_prf( int verbose ) +{ int i; int ret; unsigned char tag[16]; @@ -794,14 +798,14 @@ int mbedtls_cmac_self_test( int verbose ) if( ( ret = test_cmac_with_cipher ( verbose, "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - (const unsigned char*) aes_256_subkeys, - (const unsigned char*) aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char*) aes_256_subkeys, + (const unsigned char*) aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } @@ -810,28 +814,28 @@ int mbedtls_cmac_self_test( int verbose ) #ifdef MBEDTLS_DES_C if( ( ret = test_cmac_with_cipher( verbose, "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_2key_subkeys, - (const unsigned char*) des3_2key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_2key_subkeys, + (const unsigned char*) des3_2key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } if( ( ret = test_cmac_with_cipher( verbose, "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_3key_subkeys, - (const unsigned char*) des3_3key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_3key_subkeys, + (const unsigned char*) des3_3key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } @@ -840,7 +844,6 @@ int mbedtls_cmac_self_test( int verbose ) #ifdef MBEDTLS_AES_C if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) return( ret ); - #endif /* MBEDTLS_AES_C */ if( verbose != 0 ) From 0cf14c10d40ad14a7371ec9ef92a5375f5cad43e Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Mon, 23 May 2016 12:49:50 -0700 Subject: [PATCH 116/272] Fixed some build warnings --- library/cmac.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/library/cmac.c b/library/cmac.c index 1a6f31376e43..3c584049c0d1 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -441,6 +441,14 @@ static const unsigned char test_message[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; +/* Function Prototype */ +int test_cmac_with_cipher( int verbose, const char* testname, const unsigned char* key, + int keybits, const unsigned char* messages, + const unsigned int message_lengths[4], const unsigned char* subkeys, + const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, + int block_size ); + + #endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ #ifdef MBEDTLS_AES_C @@ -666,7 +674,7 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { #endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher( int verbose, - char* testname, + const char* testname, const unsigned char* key, int keybits, const unsigned char* messages, @@ -738,6 +746,9 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C +/* Function Prototype */ +int test_aes128_cmac_prf( int verbose ); + int test_aes128_cmac_prf( int verbose ) { int i; From ae1cb12d824f9deaa2d797e46a16c1e9c1a0d1d6 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Mon, 23 May 2016 15:01:59 -0700 Subject: [PATCH 117/272] Changed test function to inline to pass tests/scripts/check-names.sh --- library/cmac.c | 131 +++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 70 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 3c584049c0d1..d5198341861b 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -441,12 +441,6 @@ static const unsigned char test_message[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -/* Function Prototype */ -int test_cmac_with_cipher( int verbose, const char* testname, const unsigned char* key, - int keybits, const unsigned char* messages, - const unsigned int message_lengths[4], const unsigned char* subkeys, - const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, - int block_size ); #endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ @@ -673,16 +667,16 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ -int test_cmac_with_cipher( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* subkeys, - const unsigned char* expected_result, - mbedtls_cipher_id_t cipher_id, - int block_size ) +static inline int cmac_test_wth_cipher( int verbose, + const char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + const unsigned int message_lengths[4], + const unsigned char* subkeys, + const unsigned char* expected_result, + mbedtls_cipher_id_t cipher_id, + int block_size ) { const int num_tests = 4; mbedtls_cmac_context ctx; @@ -746,10 +740,7 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C -/* Function Prototype */ -int test_aes128_cmac_prf( int verbose ); - -int test_aes128_cmac_prf( int verbose ) +static inline int test_aes128_cmac_prf( int verbose ) { int i; int ret; @@ -779,74 +770,74 @@ int mbedtls_cmac_self_test( int verbose ) int ret; #ifdef MBEDTLS_AES_C - if( ( ret = test_cmac_with_cipher( verbose, - "AES 128", - aes_128_key, - 128, - test_message, - aes_message_lengths, - (const unsigned char*) aes_128_subkeys, - (const unsigned char*) aes_128_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "AES 128", + aes_128_key, + 128, + test_message, + aes_message_lengths, + (const unsigned char*) aes_128_subkeys, + (const unsigned char*) aes_128_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } - if( ( ret = test_cmac_with_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - (const unsigned char*) aes_192_subkeys, - (const unsigned char*) aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + (const unsigned char*) aes_192_subkeys, + (const unsigned char*) aes_192_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } - if( ( ret = test_cmac_with_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - (const unsigned char*) aes_256_subkeys, - (const unsigned char*) aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher ( verbose, + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char*) aes_256_subkeys, + (const unsigned char*) aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C - if( ( ret = test_cmac_with_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_2key_subkeys, - (const unsigned char*) des3_2key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_2key_subkeys, + (const unsigned char*) des3_2key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } - if( ( ret = test_cmac_with_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_3key_subkeys, - (const unsigned char*) des3_3key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_3key_subkeys, + (const unsigned char*) des3_3key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } From 06acc18f4492908c1ce7a10f84147950a82055ca Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 24 May 2016 15:53:52 -0700 Subject: [PATCH 118/272] Minor change to pass build tests --- include/mbedtls/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 5a59f90d61df..5a09761c2113 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -27,7 +27,7 @@ #define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ -#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Memory Allocation failed. */ +#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Failed to allocate memory */ #ifdef __cplusplus From 9ce2e091de5df992b6cc51566dc324e027b8716c Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 24 May 2016 22:46:43 -0700 Subject: [PATCH 119/272] cleaned up indentation and braket issues in mbedtls_cmac_verify --- library/cmac.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/library/cmac.c b/library/cmac.c index d5198341861b..d8c809b416b9 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -355,8 +355,15 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, diff |= tag[i] ^ check_tag[i]; if( diff != 0 ) + { ret = MBEDTLS_ERR_CMAC_VERIFY_FAILED; goto exit; + } + else + { + ret = 0; + goto exit; + } exit: mbedtls_free( check_tag ); @@ -718,6 +725,7 @@ static inline int cmac_test_wth_cipher( int verbose, mbedtls_printf( "failed\n" ); goto exit; } + if( ( ret = memcmp( tag, &expected_result[i * block_size], block_size ) ) != 0 ) { if( verbose != 0 ) @@ -731,7 +739,9 @@ static inline int cmac_test_wth_cipher( int verbose, mbedtls_printf( "failed\n" ); goto exit; } - mbedtls_printf( "passed\n" ); + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); } exit: mbedtls_free( tag ); From 53e23b684f63676cb80b7f925243de05771e30c9 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 14:00:15 -0700 Subject: [PATCH 120/272] Minor CMAC fixes for merge --- configs/config-thread.h | 1 + include/mbedtls/check_config.h | 5 +++++ include/mbedtls/cmac.h | 2 +- include/mbedtls/config.h | 2 +- library/cmac.c | 25 +++++++++++++------------ 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index 3193a0404827..fdfa64aa46a7 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -39,6 +39,7 @@ /* mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_CMAC_C #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 75cdcbc2f034..8ebe438c034f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -77,6 +77,11 @@ #error "MBEDTLS_DHM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_CMAC_C) && \ + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_DES_C) +#error "MBEDTLS_CMAC_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 5a09761c2113..10c8633c9560 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -3,7 +3,7 @@ * * \brief The CMAC Mode for Authentication * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f6f431bfb0f9..2a49642810e2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1681,7 +1681,7 @@ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C * */ -#define MBEDTLS_CMAC_C +//#define MBEDTLS_CMAC_C /** * \def MBEDTLS_CTR_DRBG_C diff --git a/library/cmac.c b/library/cmac.c index d8c809b416b9..e57e024bb0c0 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,7 +1,8 @@ /* - * NIST SP800-38B compliant CMAC implementation + * \file cmac.c + * \brief NIST SP800-38B compliant CMAC implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,9 +21,10 @@ */ /* - * Definition of CMAC: - * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf - * RFC 4493 "The AES-CMAC Algorithm" + * References: + * - CMAC: NIST SP 800-38B + * - CMAC PRF: RFC 4493 + * - Additional test vectors: ISO/IEC 9797-1 */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -72,7 +74,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, - size_t blocksize ) + size_t blocksize ) { const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; @@ -151,7 +153,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) exit: if( L != NULL ) mbedtls_zeroize( L, sizeof( L ) ); - mbedtls_free( L ); + mbedtls_free( L ); return( ret ); } @@ -200,9 +202,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) { - int block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; - + int block_size; + block_size = ctx->cipher_ctx.cipher_info->block_size; mbedtls_cipher_free( &ctx->cipher_ctx ); if( ctx->K1 != NULL ) @@ -220,7 +221,7 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ static void cmac_pad( unsigned char padded_block[16], - size_t padded_block_len, + size_t padded_block_len, const unsigned char *last_block, size_t last_block_len ) { @@ -418,7 +419,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, exit: mbedtls_zeroize( int_key, sizeof( int_key ) ); mbedtls_cmac_free( &ctx ); - return( ret ); + return( ret ); } #endif /* MBEDTLS_AES_C */ From 72b69e380857075c3463ab9ec767e39c201b66ac Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 14:21:01 -0700 Subject: [PATCH 121/272] Minor fixes to comments --- include/mbedtls/cmac.h | 13 +++++++------ library/cmac.c | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 10c8633c9560..325d22d5134f 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -57,7 +57,8 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); * \brief Initialize the CMAC context * * \param ctx CMAC context to be initialized - * \param cipher cipher to use + * \param cipher cipher to use. + Cipher block size must be 8 bytes or 16 bytes. * \param key encryption key * \param keybits encryption key size in bits (must be acceptable by the cipher) * @@ -84,8 +85,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes - * Must be 2, 4, 6, 8 if cipher block size is 64 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 8 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 * * \return 0 if successful */ @@ -101,8 +102,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes - * Must be 2, 4, 6, 8 if cipher block size is 64 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 8 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ @@ -119,7 +120,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * \param key_len PRF key length * \param input buffer holding the input data * \param in_len length of the input data in bytes - * \param tag buffer holding the tag to verify (16 bytes) + * \param tag buffer holding the generated pseudorandom output * * \return 0 if successful */ diff --git a/library/cmac.c b/library/cmac.c index e57e024bb0c0..920c23d6a47a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -64,7 +64,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) /* * Multiplication by u in the Galois field of GF(2^n) * - * As explained in the paper, this can be computed: + * As explained in NIST SP 800-38B, this can be computed: * If MSB(p) = 0, then p = (p << 1) * If MSB(p) = 1, then p = (p << 1) ^ R_n * with R_64 = 0x1B and R_128 = 0x87 From 8b4111c51688bab133eb505a966733cde09b01ec Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 15:58:46 -0700 Subject: [PATCH 122/272] Fix build failure for thread config --- configs/config-thread.h | 2 +- library/cmac.c | 11 ++++++++--- programs/test/selftest.c | 7 +++++-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index fdfa64aa46a7..990fe08c6c92 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -39,7 +39,6 @@ /* mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_CMAC_C #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -58,6 +57,7 @@ #define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_CMAC_C #define MBEDTLS_ECJPAKE_C #define MBEDTLS_ECP_C #define MBEDTLS_ENTROPY_C diff --git a/library/cmac.c b/library/cmac.c index 920c23d6a47a..f86e4c5aaa20 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -39,14 +39,19 @@ #include -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) #include -#define mbedtls_printf printf +#define mbedtls_printf printf +#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )*/ #endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 74eed598e6f6..33f96ea13960 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -279,8 +279,11 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_CMAC_C) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) - if( ( ret = mbedtls_cmac_self_test( v ) ) != 0 ) - return( ret ); + if( ( mbedtls_cmac_self_test( v ) ) != 0 ) + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_BASE64_C) From 2898f79795bf94964babc3e4a01bf67e7e89c176 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 16:17:36 -0700 Subject: [PATCH 123/272] Specify AES-CMAC-PRF buffer output size in comment --- include/mbedtls/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 325d22d5134f..ddacb2177d0b 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -120,7 +120,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * \param key_len PRF key length * \param input buffer holding the input data * \param in_len length of the input data in bytes - * \param tag buffer holding the generated pseudorandom output + * \param tag buffer holding the generated pseudorandom output (16 bytes) * * \return 0 if successful */ From 327398ad3afd5f629d8bae408c9bc2a9b7c5bb27 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:09:11 +0100 Subject: [PATCH 124/272] Refactor and change CMAC interface Change the CMAC interface to match the mbedtls_md_hmac_xxxx() interface. This changes the overall design of the CMAC interface to make it more consistent with the existing HMAC interface, and will allow incremental updates of input data rather than requiring all data to be presented at once, which is what the current interface requires. --- include/mbedtls/cipher.h | 10 + include/mbedtls/cmac.h | 150 ++++---- include/mbedtls/config.h | 3 +- library/cipher.c | 19 + library/cmac.c | 725 ++++++++++++++++++++++++--------------- library/error.c | 9 - 6 files changed, 573 insertions(+), 343 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index c9675544a9bc..b12e38843a0f 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -176,6 +176,11 @@ enum { */ typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t; +/** + * CMAC context (opaque struct). + */ +typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; + /** * Cipher information. Allows cipher functions to be called in a generic way. */ @@ -241,6 +246,11 @@ typedef struct { /** Cipher-specific context */ void *cipher_ctx; + +#if defined(MBEDTLS_CMAC_C) + /** CMAC Specific context */ + mbedtls_cmac_context_t *cmac_ctx; +#endif } mbedtls_cipher_context_t; /** diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index ddacb2177d0b..ceeb20addadf 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,9 +1,10 @@ /** * \file cmac.h * - * \brief The CMAC Mode for Authentication + * \brief Cipher-based Message Authentication Code (CMAC) Mode for + * Authentication * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright (C) 2015-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -23,110 +24,131 @@ #ifndef MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H -#include "cipher.h" - -#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ -#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Failed to allocate memory */ - +#include "mbedtls/cipher.h" #ifdef __cplusplus extern "C" { #endif +#if defined(MBEDTLS_AES_C) +#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 16 /* longest known is AES */ +#else +#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 8 /* longest known is 3DES */ +#endif + /** * \brief CMAC context structure */ -typedef struct { - mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char* K1; /*!< CMAC Subkey 1 */ - unsigned char* K2; /*!< CMAC Subkey 2 */ +typedef struct mbedtls_cmac_context_t { + + /** Internal state of the CMAC algorithm */ + unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + + /** Unprocessed data - either data that was not block aligned and is still + * pending to be processed, or the final block */ + unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + + /** Length of data pending to be processed */ + size_t unprocessed_len; + + /** Flag to indicate if the last block needs padding */ + int padding_flag; } -mbedtls_cmac_context; +mbedtls_cmac_context_t; /** - * \brief Initialize CMAC context (just makes references valid) - * Makes the context ready for mbedtls_cmac_setkey() or - * mbedtls_cmac_free(). + * \brief Set the CMAC key and prepare to authenticate the input + * data. + * Should be called with an initialised cipher context. + * + * \param ctx Cipher context + * \param key CMAC key + * \param keybits length of the CMAC key in bits + * (must be acceptable by the cipher) * - * \param ctx CMAC context to initialize + * \return 0 if successful, or a cipher specific error code */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); +int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keylen ); /** - * \brief Initialize the CMAC context - * - * \param ctx CMAC context to be initialized - * \param cipher cipher to use. - Cipher block size must be 8 bytes or 16 bytes. - * \param key encryption key - * \param keybits encryption key size in bits (must be acceptable by the cipher) - * - * \return 0 if successful, or a cipher specific error code + * \brief Generic CMAC process buffer. + * Called between mbedtls_cipher_cmac_starts() or + * mbedtls_cipher_cmac_reset() and + * mbedtls_cipher_cmac_finish(). + * May be called repeatedly. + * + * \param ctx CMAC context + * \param input buffer holding the data + * \param ilen length of the input data + * + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen ); /** - * \brief Free a CMAC context and underlying cipher sub-context - * Securely wipes sub keys and other sensitive data. + * \brief Output CMAC. + * Called after mbedtls_cipher_cmac_update(). + * Usually followed by mbedtls_cipher_cmac_reset(), then + * mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free(). + * + * \param ctx CMAC context + * \param output Generic CMAC checksum result * - * \param ctx CMAC context to free + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); +int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, + unsigned char *output ); /** - * \brief Generate a CMAC tag. + * \brief Prepare to authenticate a new message with the same key. + * Called after mbedtls_cipher_cmac_finish() and before + * mbedtls_cipher_cmac_update(). * - * \param ctx CMAC context - * \param input buffer holding the input data - * \param in_len length of the input data in bytes - * \param tag buffer for holding the generated tag - * \param tag_len length of the tag to generate in bytes - * Must be 2, 4, 6, 8 if cipher block size is 8 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 + * \param ctx CMAC context to be reset * - * \return 0 if successful + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); /** - * \brief Verify a CMAC tag. + * \brief Output = Generic_CMAC( hmac key, input buffer ) * - * \param ctx CMAC context - * \param input buffer holding the input data - * \param in_len length of the input data in bytes - * \param tag buffer holding the tag to verify - * \param tag_len length of the tag to verify in bytes - * Must be 2, 4, 6, 8 if cipher block size is 8 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 - * \return 0 if successful and authenticated - * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match + * \param cipher_info message digest info + * \param key CMAC key + * \param keylen length of the CMAC key in bits + * \param input buffer holding the data + * \param ilen length of the input data + * \param output Generic CMAC-result + * + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - const unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ); #ifdef MBEDTLS_AES_C /** * \brief AES-CMAC-128-PRF - * See RFC 4615 for details + * Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615 * * \param key PRF key - * \param key_len PRF key length + * \param key_len PRF key length in bytes * \param input buffer holding the input data * \param in_len length of the input data in bytes - * \param tag buffer holding the generated pseudorandom output (16 bytes) + * \param output buffer holding the generated pseudorandom output (16 bytes) * * \return 0 if successful */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, - unsigned char tag[16] ); + unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a49642810e2..4546d596a2fa 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1674,7 +1674,8 @@ /** * \def MBEDTLS_CMAC_C * - * Enable the CMAC mode for block ciphers. + * Enable the CMAC (Cipher-based Message Authentication Code) mode for block + * ciphers. * * Module: library/cmac.c * diff --git a/library/cipher.c b/library/cipher.c index bbe40eb395dc..a88343869c33 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -45,6 +45,17 @@ #include "mbedtls/ccm.h" #endif +#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) #define MBEDTLS_CIPHER_MODE_STREAM #endif @@ -127,6 +138,14 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) if( ctx == NULL ) return; +#if defined(MBEDTLS_CMAC_C) + if( ctx->cmac_ctx ) + { + mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) ); + mbedtls_free( ctx->cmac_ctx ); + } +#endif + if( ctx->cipher_ctx ) ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); diff --git a/library/cmac.c b/library/cmac.c index f86e4c5aaa20..1eb1c1074db9 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,5 +1,6 @@ /* * \file cmac.c + * * \brief NIST SP800-38B compliant CMAC implementation * * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved @@ -22,9 +23,21 @@ /* * References: - * - CMAC: NIST SP 800-38B - * - CMAC PRF: RFC 4493 - * - Additional test vectors: ISO/IEC 9797-1 + * + * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The + * CMAC Mode for Authentication + * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf + * + * - RFC 4493 - The AES-CMAC Algorithm + * https://tools.ietf.org/html/rfc4493 + * + * - RFC 4615 - The Advanced Encryption Standard-Cipher-based Message + * Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) + * Algorithm for the Internet Key Exchange Protocol (IKE) + * https://tools.ietf.org/html/rfc4615 + * + * Additional test vectors: ISO/IEC 9797-1 + * */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -46,35 +59,29 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_DES_C) ) #include #define mbedtls_printf printf -#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )*/ +#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || + * defined(MBEDTLS_DES_C) )*/ #endif /* MBEDTLS_PLATFORM_C */ - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * Initialize context - */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* * Multiplication by u in the Galois field of GF(2^n) * * As explained in NIST SP 800-38B, this can be computed: - * If MSB(p) = 0, then p = (p << 1) - * If MSB(p) = 1, then p = (p << 1) ^ R_n - * with R_64 = 0x1B and R_128 = 0x87 * - * Input and output MUST not point to the same buffer + * If MSB(p) = 0, then p = (p << 1) + * If MSB(p) = 1, then p = (p << 1) ^ R_n + * with R_64 = 0x1B and R_128 = 0x87 + * + * Input and output MUST NOT point to the same buffer * Block size must be 8 byes or 16 bytes. */ static int cmac_multiply_by_u( unsigned char *output, @@ -85,22 +92,22 @@ static int cmac_multiply_by_u( unsigned char *output, const unsigned char R_64 = 0x1B; unsigned char R_n, mask; unsigned char overflow = 0x00; - int i, starting_index; - - starting_index = blocksize -1; + int i; if( blocksize == 16 ) { R_n = R_128; - } else if( blocksize == 8 ) + } + else if( blocksize == 8 ) { R_n = R_64; - } else + } + else { - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - for( i = starting_index; i >= 0; i-- ) + for( i = blocksize - 1; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -108,6 +115,7 @@ static int cmac_multiply_by_u( unsigned char *output, /* mask = ( input[0] >> 7 ) ? 0xff : 0x00 * using bit operations to avoid branches */ + /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ #if defined(_MSC_VER) @@ -119,104 +127,53 @@ static int cmac_multiply_by_u( unsigned char *output, #pragma warning( pop ) #endif - output[starting_index] ^= R_n & mask; + output[ blocksize - 1 ] ^= R_n & mask; + return( 0 ); } /* * Generate subkeys + * + * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm */ -static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) +static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, + unsigned char* K1, unsigned char* K2 ) { int ret; - unsigned char *L; + unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; size_t olen, block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; + mbedtls_zeroize( L, sizeof( L ) ); + + block_size = ctx->cipher_info->block_size; - L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( L == NULL ) - { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; - goto exit; - } /* Calculate Ek(0) */ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, - L, block_size, L, &olen ) ) != 0 ) - { + if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 ) goto exit; - } /* * Generate K1 and K2 */ - if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 ) + if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 ) goto exit; - if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) - goto exit; - - exit: - if( L != NULL ) - mbedtls_zeroize( L, sizeof( L ) ); - mbedtls_free( L ); - return( ret ); -} - -/* - * Set key and prepare context for use - */ -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ - int ret; - const mbedtls_cipher_info_t *cipher_info; - - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - mbedtls_cipher_free( &ctx->cipher_ctx ); - - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); - } - - ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); - ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 ) + goto exit; - if( ctx->K1 == NULL || ctx->K2 == NULL ) - { - mbedtls_free(ctx->K1); - mbedtls_free(ctx->K2); - return( MBEDTLS_ERR_CMAC_ALLOC_FAILED ); - } +exit: + mbedtls_zeroize( L, sizeof( L ) ); - return( cmac_generate_subkeys( ctx ) ); + return( ret ); } -/* - * Free context - */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) +static void cmac_xor_block(unsigned char *output, const unsigned char *input1, + const unsigned char *input2, const size_t block_size ) { - int block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; - mbedtls_cipher_free( &ctx->cipher_ctx ); - - if( ctx->K1 != NULL ) - mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); - if( ctx->K2 != NULL ) - mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); - mbedtls_free( ctx->K1 ); - mbedtls_free( ctx->K2 ); + size_t index; + + for( index = 0; index < block_size; index++ ) + output[ index ] = input1[ index ] ^ input2[ index ]; } /* @@ -243,154 +200,266 @@ static void cmac_pad( unsigned char padded_block[16], } } -/* - * XOR Block - * Here, macro results in smaller compiled code than static inline function - */ -#define XOR_BLOCK( o, i1, i2 ) \ - for( i = 0; i < block_size; i++ ) \ - ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; +int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keylen ) +{ + mbedtls_cipher_type_t type; + mbedtls_cmac_context_t *cmac_ctx; + unsigned int block_size; + int retval; -/* - * Update the CMAC state using an input block - */ -#define UPDATE_CMAC( x ) \ -do { \ - XOR_BLOCK( state, ( x ), state ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - state, block_size, \ - state, &olen ) ) != 0 ) \ - { \ - goto exit; \ - } \ -} while( 0 ) + if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); -/* - * Generate tag on complete message - */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ) + if( ( retval = mbedtls_cipher_setkey( ctx, key, keylen, + MBEDTLS_ENCRYPT ) ) != 0 ) + return( retval ); + + block_size = ctx->cipher_info->block_size; + type = ctx->cipher_info->type; + + switch( type ) + { + case MBEDTLS_CIPHER_AES_128_ECB: + case MBEDTLS_CIPHER_AES_192_ECB: + case MBEDTLS_CIPHER_AES_256_ECB: + case MBEDTLS_CIPHER_DES_EDE3_ECB: + break; + default: + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } + + /* Allocated and initialise in the cipher context memory for the CMAC + * context */ + cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) ); + if( cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + + ctx->cmac_ctx = cmac_ctx; + + mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + cmac_ctx->padding_flag = 1; + + return 0; +} + +int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen ) { + mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - unsigned char *M_last; - int n, j, ret, needs_padding; - size_t olen, block_size, i; + int n, j, ret = 0; + size_t olen, block_size; - ret = 0; - block_size = ctx->cipher_ctx.cipher_info->block_size; + if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || + ctx->cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - state = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - M_last = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + cmac_ctx = ctx->cmac_ctx; + block_size = ctx->cipher_info->block_size; + state = ctx->cmac_ctx->state; - if( state == NULL || M_last == NULL ) + /* Is their data still to process from the last call, that's equal to + * or greater than a block? */ + if( cmac_ctx->unprocessed_len > 0 && + ilen + cmac_ctx->unprocessed_len > block_size ) { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; - goto exit; + memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + block_size - cmac_ctx->unprocessed_len ); + + cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size ); + + if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, + &olen ) ) != 0 ) + { + goto exit; + } + + ilen -= block_size; + input += cmac_ctx->unprocessed_len; + + cmac_ctx->unprocessed_len = 0; } - if( tag_len < 2 || tag_len > block_size || tag_len % 2 != 0 ) + /* n is the number of blocks including any final partial block */ + n = ( ilen + block_size - 1 ) / block_size; + + /* Iterate across the input data in block sized chunks */ + for( j = 0; j < n - 1; j++ ) { - ret = MBEDTLS_ERR_CMAC_BAD_INPUT; - goto exit; + //char *ptr = input + block_size * j ; + cmac_xor_block( state, input, state, block_size ); + + if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, + &olen ) ) != 0 ) + goto exit; + + ilen -= block_size; + input += block_size; + + cmac_ctx->padding_flag = 0; } - if( in_len == 0 ) - needs_padding = 1; - else - needs_padding = in_len % block_size != 0; + /* If there is data left over that wasn't aligned to a block */ + if( ilen > 0 ) + { + memcpy( &cmac_ctx->unprocessed_block, input, ilen ); + cmac_ctx->unprocessed_len = ilen; + + if( ilen % block_size > 0 ) + cmac_ctx->padding_flag = 1; + else + cmac_ctx->padding_flag = 0; + } + +exit: + return( ret ); +} + +int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, + unsigned char *output ) +{ + mbedtls_cmac_context_t* cmac_ctx; + unsigned char *state; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + int ret; + size_t olen, block_size; + + if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || + output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - n = in_len / block_size + needs_padding; + cmac_ctx = ctx->cmac_ctx; + block_size = ctx->cipher_info->block_size; + state = cmac_ctx->state; + + mbedtls_zeroize( K1, sizeof(K1) ); + mbedtls_zeroize( K2, sizeof(K2) ); + cmac_generate_subkeys( ctx, K1, K2 ); + +// mbedtls_zeroize( M_last, sizeof(M_last) ); +// if( cmac_ctx->unprocessed_len > 0 ) +// needs_padding = 1; + + unsigned char *last_block = cmac_ctx->unprocessed_block; + //unsigned char *M_last = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( needs_padding ) + if( cmac_ctx->padding_flag ) { - cmac_pad( M_last, block_size, input + block_size * ( n - 1 ), in_len % block_size ); - XOR_BLOCK( M_last, M_last, ctx->K2 ); + cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); + cmac_xor_block( M_last, M_last, K2, block_size ); } else { /* Last block is complete block */ - XOR_BLOCK( M_last, input + block_size * ( n - 1 ), ctx->K1 ); + cmac_xor_block( M_last, last_block, K1, block_size ); } - for( j = 0; j < n - 1; j++ ) - UPDATE_CMAC( input + block_size * j ); - UPDATE_CMAC( M_last ); + cmac_xor_block( state, M_last, state, block_size ); + if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, + &olen ) ) != 0 ) + { + goto exit; + } - memcpy( tag, state, tag_len ); - exit: - mbedtls_free( state ); - mbedtls_free( M_last ); - return( ret ); + + memcpy( output, state, block_size ); + +exit: + /* Wipe the generated keys on the stack, and any other transients to avoid + * side channel leakage */ + mbedtls_zeroize( K1, sizeof(K1) ); + mbedtls_zeroize( K2, sizeof(K2) ); + + cmac_ctx->unprocessed_len = 0; + mbedtls_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_len ) ); + + mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE ); + return( ret ); } -#undef XOR_BLOCK -#undef UPDATE_CMAC +int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) +{ + mbedtls_cmac_context_t* cmac_ctx; -/* - * Verify tag on complete message - */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - const unsigned char *tag, size_t tag_len ) + if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cmac_ctx = ctx->cmac_ctx; + + /* Reset the internal state */ + cmac_ctx->unprocessed_len = 0; + mbedtls_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_len ) ); + + cmac_ctx->padding_flag = 1; + + return( 0 ); +} + +int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) { + mbedtls_cipher_context_t ctx; int ret; - unsigned char *check_tag; - unsigned char i; - int diff; - check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, - sizeof( unsigned char ) ); - if( check_tag == NULL ) - { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; - goto exit; - } + if( cipher_info == NULL || key == NULL || input == NULL || output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, - check_tag, tag_len ) ) != 0 ) - { + mbedtls_cipher_init( &ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) goto exit; - } - /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) - diff |= tag[i] ^ check_tag[i]; + ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( diff != 0 ) - { - ret = MBEDTLS_ERR_CMAC_VERIFY_FAILED; + if( ret != 0 ) goto exit; - } - else - { - ret = 0; + // Are we leaking here? Should we reset or free? + + ret = mbedtls_cipher_cmac_update( &ctx, input, ilen ); + if( ret != 0 ) goto exit; - } - exit: - mbedtls_free( check_tag ); - return( ret ); -} + mbedtls_cipher_cmac_finish( &ctx, output ); + if( ret != 0 ) + goto exit; +exit: + return( ret ); +} #ifdef MBEDTLS_AES_C + /* +// TODO - clean up comments * PRF based on CMAC with AES-128 * See RFC 4615 */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, - unsigned char tag[16] ) + unsigned char *output ) { int ret; - mbedtls_cmac_context ctx; + const mbedtls_cipher_info_t *cipher_info; unsigned char zero_key[16]; unsigned char int_key[16]; - mbedtls_cmac_init(&ctx ); + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + if( cipher_info == NULL ) + { + /* Failing at this point must be due to a build issue */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + goto exit; + } if( key_length == 16 ) { @@ -399,32 +468,21 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } else { - mbedtls_cmac_context zero_ctx; - - /* Key is AES_CMAC( 0, key ) */ - mbedtls_cmac_init( &zero_ctx ); memset( zero_key, 0, 16 ); - ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, - zero_key, 8 * sizeof( zero_key ) ); - if( ret != 0 ) - goto exit; - ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); + ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key, + key_length, int_key ); if( ret != 0 ) goto exit; } - ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - int_key, 8 * sizeof( int_key ) ); - if( ret != 0 ) - goto exit; + ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len, + output ); - ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); +exit: + mbedtls_zeroize( int_key, sizeof( int_key ) ); - exit: - mbedtls_zeroize( int_key, sizeof( int_key ) ); - mbedtls_cmac_free( &ctx ); - return( ret ); + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -439,6 +497,8 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, #define NB_CMAC_TESTS_PER_KEY 4 #define NB_PRF_TESTS 3 + +// TODO - should use a value somewhere else #define AES_BLOCK_SIZE 16 #define DES3_BLOCK_SIZE 8 @@ -680,43 +740,104 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ +static int cmac_test_subkeys( int verbose, + const char* testname, + const unsigned char* key, + int keybits, + const unsigned char* subkeys, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests ) +{ + int i, ret; + mbedtls_cipher_context_t ctx; + const mbedtls_cipher_info_t *cipher_info; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + if( cipher_info == NULL ) + { + /* Failing at this point must be due to a build issue */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + goto exit; + } + + for( i = 0; i < num_tests; i++ ) + { + if( verbose != 0 ) + mbedtls_printf( " %s CMAC subkey #%u: ", testname, i +1 ); + + mbedtls_cipher_init( &ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "test execution failed\n" ); + + goto exit; + } + + if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "test execution failed\n" ); + + goto exit; + } + + ret = cmac_generate_subkeys( &ctx, K1, K2 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; + } + + if( ( ret = memcmp( K1, subkeys, block_size ) != 0 ) || + ( ret = memcmp( K2, &subkeys[block_size], block_size ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + +exit: + return( ret ); +} + static inline int cmac_test_wth_cipher( int verbose, const char* testname, const unsigned char* key, int keybits, const unsigned char* messages, const unsigned int message_lengths[4], - const unsigned char* subkeys, const unsigned char* expected_result, - mbedtls_cipher_id_t cipher_id, - int block_size ) + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests ) { - const int num_tests = 4; - mbedtls_cmac_context ctx; + const mbedtls_cipher_info_t *cipher_info; int i, ret; - unsigned char* tag; + unsigned char* output; - tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( tag == NULL ) + output = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + if( output == NULL ) { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + ret = MBEDTLS_ERR_CIPHER_ALLOC_FAILED; goto exit; } - mbedtls_cmac_init( &ctx ); - - if( ( ret = mbedtls_cmac_setkey( &ctx, cipher_id, key, keybits ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed\n" ); - goto exit; - } - - if( ( ret = memcmp( ctx.K1, subkeys, block_size ) != 0 ) || - ( ret = memcmp( ctx.K2, &subkeys[block_size], block_size ) != 0 ) ) + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + if( cipher_info == NULL ) { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); + /* Failing at this point must be due to a build issue */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto exit; } @@ -725,34 +846,28 @@ static inline int cmac_test_wth_cipher( int verbose, if( verbose != 0 ) mbedtls_printf( " %s CMAC #%u: ", testname, i +1 ); - if( ( ret = mbedtls_cmac_generate( &ctx, messages, message_lengths[i], tag, block_size ) ) != 0 ) + if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, + message_lengths[i], output ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); goto exit; } - if( ( ret = memcmp( tag, &expected_result[i * block_size], block_size ) ) != 0 ) + if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); goto exit; } - if( ( ret = mbedtls_cmac_verify( &ctx, messages, message_lengths[i], &expected_result[i * block_size], block_size ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - goto exit; - } - if( verbose != 0 ) mbedtls_printf( "passed\n" ); } - exit: - mbedtls_free( tag ); - mbedtls_cmac_free( &ctx ); - return( ret ); +exit: + mbedtls_free( output ); + + return( ret ); } #ifdef MBEDTLS_AES_C @@ -760,14 +875,16 @@ static inline int test_aes128_cmac_prf( int verbose ) { int i; int ret; - unsigned char tag[16]; + unsigned char output[16]; + for( i = 0; i < NB_PRF_TESTS; i++ ) { mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); - ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); + ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) + memcmp( output, PRFT[i], 16 ) != 0 ) { + if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -784,18 +901,45 @@ static inline int test_aes128_cmac_prf( int verbose ) int mbedtls_cmac_self_test( int verbose ) { int ret; - + #ifdef MBEDTLS_AES_C + + /* AES-128 */ + if( ( ret = cmac_test_subkeys( verbose, + "AES 128", + aes_128_key, + 128, + (const unsigned char*) aes_128_subkeys, + MBEDTLS_CIPHER_AES_128_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + if( ( ret = cmac_test_wth_cipher( verbose, "AES 128", aes_128_key, 128, test_message, aes_message_lengths, - (const unsigned char*) aes_128_subkeys, (const unsigned char*) aes_128_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_AES_128_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + + /* AES-192 */ + if( ( ret = cmac_test_subkeys( verbose, + "AES 192", + aes_192_key, + 192, + (const unsigned char*) aes_192_subkeys, + MBEDTLS_CIPHER_AES_192_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } @@ -806,54 +950,97 @@ int mbedtls_cmac_self_test( int verbose ) 192, test_message, aes_message_lengths, - (const unsigned char*) aes_192_subkeys, (const unsigned char*) aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_AES_192_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { +mbedtls_printf("ret = %x\n", ret); + return( ret ); + } + + /* AES-256 */ + if( ( ret = cmac_test_subkeys( verbose, + "AES 256", + aes_256_key, + 256, + (const unsigned char*) aes_256_subkeys, + MBEDTLS_CIPHER_AES_256_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } - if( ( ret = cmac_test_wth_cipher ( verbose, + if( ( ret = cmac_test_wth_cipher ( verbose, "AES 256", aes_256_key, 256, test_message, aes_message_lengths, - (const unsigned char*) aes_256_subkeys, (const unsigned char*) aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_AES_256_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C + /* 3DES 2 key */ + if( ( ret = cmac_test_subkeys( verbose, + "3DES 2 key", + des3_2key_key, + 192, + (const unsigned char*) des3_2key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + + + if( ( ret = cmac_test_wth_cipher( verbose, "3DES 2 key", des3_2key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_2key_subkeys, (const unsigned char*) des3_2key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + + /* 3DES 3 key */ + if( ( ret = cmac_test_subkeys( verbose, + "3DES 3 key", + des3_3key_key, + 192, + (const unsigned char*) des3_3key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } + if( ( ret = cmac_test_wth_cipher( verbose, "3DES 3 key", des3_3key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_3key_subkeys, (const unsigned char*) des3_3key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } diff --git a/library/error.c b/library/error.c index 7ec8420e97b4..e7b521bc758d 100644 --- a/library/error.c +++ b/library/error.c @@ -582,15 +582,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CMAC_C) - if( use_ret == -(MBEDTLS_ERR_CMAC_BAD_INPUT) ) - mbedtls_snprintf( buf, buflen, "CMAC - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_CMAC_VERIFY_FAILED) ) - mbedtls_snprintf( buf, buflen, "CMAC - Verification failed" ); - if( use_ret == -(MBEDTLS_ERR_CMAC_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "CMAC - Failed to allocate memory" ); -#endif /* MBEDTLS_CMAC_C */ - #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); From d812fa69d9a0997659f44e8698202855cdb08d0b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:13:31 +0100 Subject: [PATCH 125/272] Introduce a CMAC specific test suite --- tests/Makefile | 5 ++++ tests/suites/test_suite_cmac.data | 27 +++++++++++++++++++ tests/suites/test_suite_cmac.function | 37 +++++++++++++++++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 tests/suites/test_suite_cmac.data create mode 100644 tests/suites/test_suite_cmac.function diff --git a/tests/Makefile b/tests/Makefile index b86702c34511..23c68ec8679a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -50,6 +50,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \ + test_suite_cmac$(EXEXT) \ test_suite_cipher.aes$(EXEXT) \ test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \ test_suite_cipher.gcm$(EXEXT) \ @@ -236,6 +237,10 @@ test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data new file mode 100644 index 000000000000..a913ffdd8ec9 --- /dev/null +++ b/tests/suites/test_suite_cmac.data @@ -0,0 +1,27 @@ +CMAC self test +mbedtls_cmac_self_test: + +CMAC init #1 AES-128: OK +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:128:0 + +CMAC init #2 AES-192: OK +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_192_ECB:192:0 + +CMAC init #3 AES-256: OK +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_256_ECB:256:0 + +CMAC init #4 3DES : OK +depends_on:MBEDTLS_DES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_DES_EDE3_ECB:192:0 + +CMAC init #5 AES-224: bad key size +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #6 Camellia: wrong cipher +depends_on:MBEDTLS_CAMELLIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function new file mode 100644 index 000000000000..81a5a0aaa27c --- /dev/null +++ b/tests/suites/test_suite_cmac.function @@ -0,0 +1,37 @@ +/* BEGIN_HEADER */ +#include "mbedtls/cipher.h" +#include "mbedtls/cmac.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_CMAC_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +void mbedtls_cmac_self_test( ) +{ + TEST_ASSERT( mbedtls_cmac_self_test( 1 ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_cmac_setkey( int cipher_type, int key_size, + int result ) +{ + const mbedtls_cipher_info_t *cipher_info; + unsigned char key[32]; + unsigned char buf[16]; + unsigned char tmp[16]; + + memset( key, 0x2A, sizeof( key ) ); + TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) ); + + TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) + != NULL ); + + TEST_ASSERT( result == mbedtls_cipher_cmac( cipher_info, key, key_size, + buf, 16, tmp ) != 0 ); +} +/* END_CASE */ + From 549dc3d75e1cf034ccf59e482e6c77cef03b5eac Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:14:19 +0100 Subject: [PATCH 126/272] Add CMAC functions to the benchmark sample application --- programs/test/benchmark.c | 69 +++++++++++++++++++++++++++++++++++---- 1 file changed, 63 insertions(+), 6 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 8ab32f677905..86b84250ac95 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1,7 +1,7 @@ /* * Benchmark demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -61,6 +61,7 @@ int main( void ) #include "mbedtls/camellia.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" +#include "mbedtls/cmac.h" #include "mbedtls/havege.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/hmac_drbg.h" @@ -92,7 +93,8 @@ int main( void ) #define OPTIONS \ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \ - "arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\n" \ + "arc4, des3, des, camellia, blowfish,\n" \ + "aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n" \ "havege, ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" @@ -234,7 +236,9 @@ unsigned char buf[BUFSIZE]; typedef struct { char md4, md5, ripemd160, sha1, sha256, sha512, - arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish, + arc4, des3, des, + aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac, + camellia, blowfish, havege, ctr_drbg, hmac_drbg, rsa, dhm, ecdsa, ecdh; } todo_list; @@ -283,6 +287,10 @@ int main( int argc, char *argv[] ) todo.aes_gcm = 1; else if( strcmp( argv[i], "aes_ccm" ) == 0 ) todo.aes_ccm = 1; + else if( strcmp( argv[i], "aes_cmac" ) == 0 ) + todo.aes_cmac = 1; + else if( strcmp( argv[i], "des3_cmac" ) == 0 ) + todo.des3_cmac = 1; else if( strcmp( argv[i], "camellia" ) == 0 ) todo.camellia = 1; else if( strcmp( argv[i], "blowfish" ) == 0 ) @@ -358,7 +366,8 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_DES_C) && defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_DES_C) +#if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.des3 ) { mbedtls_des3_context des3; @@ -378,7 +387,25 @@ int main( int argc, char *argv[] ) mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des_free( &des ); } -#endif + +#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if defined(MBEDTLS_CMAC_C) + if( todo.des3_cmac ) + { + unsigned char output[8]; + const mbedtls_cipher_info_t *cipher_info; + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB ); + + TIME_AND_TSC( "3DES-CMAC", + mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, + BUFSIZE, output ) ); + } +#endif /* MBEDTLS_CMAC_C */ +#endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -447,7 +474,37 @@ int main( int argc, char *argv[] ) } } #endif -#endif +#if defined(MBEDTLS_CMAC_C) + if( todo.aes_cmac ) + { + unsigned char output[16]; + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_type_t cipher_type; + int keysize; + + for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; + keysize <= 256; + keysize += 64, cipher_type++ ) + { + mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize ); + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + + TIME_AND_TSC( title, + mbedtls_cipher_cmac( cipher_info, tmp, keysize, + buf, BUFSIZE, output ) ); + } + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + TIME_AND_TSC( "AES-CMAC-PRF-128", + mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, output ) ); + } +#endif /* MBEDTLS_CMAC_C */ +#endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.camellia ) From 37a064af7693a32084631db5069f8e5b2c110e1b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:15:58 +0100 Subject: [PATCH 127/272] Remove CMAC as a separate and independent error group --- include/mbedtls/error.h | 1 - scripts/generate_errors.pl | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 6e3905d864ca..5e549f6b6a78 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -66,7 +66,6 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F - * CMAC 3 0x0011-0x0015 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index dd91151d6059..cfcf07c8f3cf 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -33,7 +33,7 @@ "BASE64", "XTEA", "PBKDF2", "OID", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM", "CMAC" ); + "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", "PK", "PKCS12", "PKCS5" ); From 01ba45b1392ab6c21b65786920ae594a9e3dc844 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:17:01 +0100 Subject: [PATCH 128/272] Clean up comment formatting in md.h --- include/mbedtls/md.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index b90235533d54..9b996a951bb4 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -304,8 +304,8 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu /** * \brief Output HMAC. * Called after mbedtls_md_hmac_update(). - * Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(), - * or mbedtls_md_free(). + * Usually followed by mbedtls_md_hmac_reset(), + * mbedtls_md_hmac_starts(), or mbedtls_md_free(). * * \param ctx HMAC context * \param output Generic HMAC checksum result @@ -317,7 +317,8 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); /** * \brief Prepare to authenticate a new message with the same key. - * Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update(). + * Called after mbedtls_md_hmac_finish() and before + * mbedtls_md_hmac_update(). * * \param ctx HMAC context to be reset * From 21c54816f5744dcbbb992459cda8a2e1a83f901d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:17:37 +0100 Subject: [PATCH 129/272] Add CMAC to ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 60383a97b522..489c4bf4849c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.3.x branch released 2016-xx-xx Features + * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by + NIST SP 800-38B, RFC-4493 and RFC-4615. * Added hardware entropy selftest to verify that the hardware entropy source is functioning correctly. * Added a script to print build environment info for diagnostic use in test From 7ca3109614bfc1c8c1b3ffdfbf009b88bac5afbf Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:39:15 +0100 Subject: [PATCH 130/272] Regenerate error.c file to remove CMAC --- library/error.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/error.c b/library/error.c index e7b521bc758d..71d4faa7080f 100644 --- a/library/error.c +++ b/library/error.c @@ -69,10 +69,6 @@ #include "mbedtls/cipher.h" #endif -#if defined(MBEDTLS_CMAC_C) -#include "mbedtls/cmac.h" -#endif - #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif From 8308a445d88864fb76996a7999baa23e35ca6886 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 15:12:59 +0100 Subject: [PATCH 131/272] Fix naming in cmac.h to comply with check-names.sh --- include/mbedtls/cmac.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index ceeb20addadf..6d531dddb56d 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -37,9 +37,10 @@ extern "C" { #endif /** - * \brief CMAC context structure + * CMAC context structure - Contains internal state information only */ -typedef struct mbedtls_cmac_context_t { +struct mbedtls_cmac_context_t +{ /** Internal state of the CMAC algorithm */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; @@ -53,8 +54,7 @@ typedef struct mbedtls_cmac_context_t { /** Flag to indicate if the last block needs padding */ int padding_flag; -} -mbedtls_cmac_context_t; +}; /** * \brief Set the CMAC key and prepare to authenticate the input From 94ffde7b0ae4c297947ec15ae766c3f76e2ebbc0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 15:33:53 +0100 Subject: [PATCH 132/272] Fix CMAC interface for doxygen Parameters didn't match the function definition. --- include/mbedtls/cmac.h | 2 +- library/cmac.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 6d531dddb56d..71f7ab43ac25 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -69,7 +69,7 @@ struct mbedtls_cmac_context_t * \return 0 if successful, or a cipher specific error code */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keylen ); + const unsigned char *key, size_t keybits ); /** * \brief Generic CMAC process buffer. diff --git a/library/cmac.c b/library/cmac.c index 1eb1c1074db9..5a6206ea9d08 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -201,7 +201,7 @@ static void cmac_pad( unsigned char padded_block[16], } int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keylen ) + const unsigned char *key, size_t keybits ) { mbedtls_cipher_type_t type; mbedtls_cmac_context_t *cmac_ctx; @@ -211,7 +211,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( retval = mbedtls_cipher_setkey( ctx, key, keylen, + if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); From 69283e51d54e5eb7fbea4ad4d182e9778647608d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 12:49:58 +0100 Subject: [PATCH 133/272] Clean up and minor fixes following review Minor fixes following review including: * formatting changes including indentation and code style * corrections * removal of debug code * clarification of code through variable renaming * memory leak * compiler warnings --- include/mbedtls/check_config.h | 2 +- include/mbedtls/cmac.h | 13 +- include/mbedtls/config.h | 2 +- library/cmac.c | 285 ++++++++++++-------------- tests/suites/test_suite_cmac.function | 2 +- 5 files changed, 140 insertions(+), 164 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8ebe438c034f..fe86c1e8d117 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -78,7 +78,7 @@ #endif #if defined(MBEDTLS_CMAC_C) && \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_DES_C) + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) #error "MBEDTLS_CMAC_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 71f7ab43ac25..d94c015e0274 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -30,10 +30,13 @@ extern "C" { #endif +#define MBEDTLS_AES_BLOCK_SIZE 16 +#define MBEDTLS_DES3_BLOCK_SIZE 8 + #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 16 /* longest known is AES */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 8 /* longest known is 3DES */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */ #endif /** @@ -43,11 +46,11 @@ struct mbedtls_cmac_context_t { /** Internal state of the CMAC algorithm */ - unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** Unprocessed data - either data that was not block aligned and is still * pending to be processed, or the final block */ - unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** Length of data pending to be processed */ size_t unprocessed_len; @@ -133,7 +136,7 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, const unsigned char *input, size_t ilen, unsigned char *output ); -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /** * \brief AES-CMAC-128-PRF * Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4546d596a2fa..498e5b59857f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1679,7 +1679,7 @@ * * Module: library/cmac.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C + * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C * */ //#define MBEDTLS_CMAC_C diff --git a/library/cmac.c b/library/cmac.c index 5a6206ea9d08..7fc513a45296 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,7 +1,7 @@ /* * \file cmac.c * - * \brief NIST SP800-38B compliant CMAC implementation + * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -63,8 +63,7 @@ defined(MBEDTLS_DES_C) ) #include #define mbedtls_printf printf -#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || - * defined(MBEDTLS_DES_C) )*/ +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ #endif /* MBEDTLS_PLATFORM_C */ /* Implementation that should never be optimized out by the compiler */ @@ -82,7 +81,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST NOT point to the same buffer - * Block size must be 8 byes or 16 bytes. + * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES. */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, @@ -94,11 +93,11 @@ static int cmac_multiply_by_u( unsigned char *output, unsigned char overflow = 0x00; int i; - if( blocksize == 16 ) + if( blocksize == MBEDTLS_AES_BLOCK_SIZE ) { R_n = R_128; } - else if( blocksize == 8 ) + else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE ) { R_n = R_64; } @@ -141,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, unsigned char* K1, unsigned char* K2 ) { int ret; - unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; mbedtls_zeroize( L, sizeof( L ) ); @@ -167,8 +166,9 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, return( ret ); } -static void cmac_xor_block(unsigned char *output, const unsigned char *input1, - const unsigned char *input2, const size_t block_size ) +static void cmac_xor_block( unsigned char *output, const unsigned char *input1, + const unsigned char *input2, + const size_t block_size ) { size_t index; @@ -182,7 +182,7 @@ static void cmac_xor_block(unsigned char *output, const unsigned char *input1, * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void cmac_pad( unsigned char padded_block[16], +static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], size_t padded_block_len, const unsigned char *last_block, size_t last_block_len ) @@ -205,7 +205,6 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, { mbedtls_cipher_type_t type; mbedtls_cmac_context_t *cmac_ctx; - unsigned int block_size; int retval; if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) @@ -215,7 +214,6 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); - block_size = ctx->cipher_info->block_size; type = ctx->cipher_info->type; switch( type ) @@ -288,7 +286,6 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* Iterate across the input data in block sized chunks */ for( j = 0; j < n - 1; j++ ) { - //char *ptr = input + block_size * j ; cmac_xor_block( state, input, state, block_size ); if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, @@ -321,10 +318,10 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, unsigned char *output ) { mbedtls_cmac_context_t* cmac_ctx; - unsigned char *state; - unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; - unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; - unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char *state, *last_block; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX]; int ret; size_t olen, block_size; @@ -336,16 +333,11 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_zeroize( K1, sizeof(K1) ); - mbedtls_zeroize( K2, sizeof(K2) ); + mbedtls_zeroize( K1, sizeof( K1 ) ); + mbedtls_zeroize( K2, sizeof( K2 ) ); cmac_generate_subkeys( ctx, K1, K2 ); -// mbedtls_zeroize( M_last, sizeof(M_last) ); -// if( cmac_ctx->unprocessed_len > 0 ) -// needs_padding = 1; - - unsigned char *last_block = cmac_ctx->unprocessed_block; - //unsigned char *M_last = cmac_ctx->unprocessed_block; + last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ if( cmac_ctx->padding_flag ) @@ -367,21 +359,20 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, goto exit; } - - memcpy( output, state, block_size ); exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_zeroize( K1, sizeof(K1) ); - mbedtls_zeroize( K2, sizeof(K2) ); + mbedtls_zeroize( K1, sizeof( K1 ) ); + mbedtls_zeroize( K2, sizeof( K2 ) ); + cmac_ctx->padding_flag = 1; cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_len ) ); + sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE ); + mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); return( ret ); } @@ -398,7 +389,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, sizeof( cmac_ctx->unprocessed_len ) ); - + mbedtls_zeroize( cmac_ctx->state, MBEDTLS_CIPHER_BLKSIZE_MAX ); cmac_ctx->padding_flag = 1; return( 0 ); @@ -421,28 +412,24 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, goto exit; ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( ret != 0 ) goto exit; - // Are we leaking here? Should we reset or free? ret = mbedtls_cipher_cmac_update( &ctx, input, ilen ); if( ret != 0 ) goto exit; - mbedtls_cipher_cmac_finish( &ctx, output ); - if( ret != 0 ) - goto exit; + ret = mbedtls_cipher_cmac_finish( &ctx, output ); exit: + mbedtls_cipher_free( &ctx ); + return( ret ); } -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /* -// TODO - clean up comments - * PRF based on CMAC with AES-128 - * See RFC 4615 + * Implementation of AES-CMAC-PRF-128 defined in RFC 4615 */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, @@ -450,8 +437,11 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, { int ret; const mbedtls_cipher_info_t *cipher_info; - unsigned char zero_key[16]; - unsigned char int_key[16]; + unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; + unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; + + if( key == NULL || input == NULL || output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); if( cipher_info == NULL ) @@ -461,14 +451,14 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, goto exit; } - if( key_length == 16 ) + if( key_length == MBEDTLS_AES_BLOCK_SIZE ) { /* Use key as is */ - memcpy( int_key, key, 16 ); + memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE ); } else { - memset( zero_key, 0, 16 ); + memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE ); ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key, key_length, int_key ); @@ -486,7 +476,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } #endif /* MBEDTLS_AES_C */ -#ifdef MBEDTLS_SELF_TEST +#if defined(MBEDTLS_SELF_TEST) /* * CMAC test data from SP800-38B Appendix D.1 (corrected) * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf @@ -498,10 +488,6 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, #define NB_CMAC_TESTS_PER_KEY 4 #define NB_PRF_TESTS 3 -// TODO - should use a value somewhere else -#define AES_BLOCK_SIZE 16 -#define DES3_BLOCK_SIZE 8 - #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) /* All CMAC test inputs are truncated from the same 64 byte buffer. */ static const unsigned char test_message[] = { @@ -514,11 +500,9 @@ static const unsigned char test_message[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; +#endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */ - -#endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ - -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /* Truncation point of message for AES CMAC tests */ static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, @@ -532,7 +516,7 @@ static const unsigned char aes_128_key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; -static const unsigned char aes_128_subkeys[2][AES_BLOCK_SIZE] = { +static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde @@ -542,7 +526,7 @@ static const unsigned char aes_128_subkeys[2][AES_BLOCK_SIZE] = { 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; -static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { +static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 @@ -567,7 +551,7 @@ static const unsigned char aes_192_key[24] = { 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; -static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { +static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 @@ -577,7 +561,7 @@ static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; -static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { +static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 @@ -603,7 +587,7 @@ static const unsigned char aes_256_key[32] = { 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; -static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { +static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f @@ -613,7 +597,7 @@ static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 } }; -static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { +static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 @@ -633,7 +617,7 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL }; #endif /* MBEDTLS_AES_C */ -#ifdef MBEDTLS_DES_C +#if defined(MBEDTLS_DES_C) /* Truncation point of message for 3DES CMAC tests */ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, @@ -656,7 +640,7 @@ static const unsigned char des3_2key_subkeys[2][8] = { 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 } }; -static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -685,7 +669,7 @@ static const unsigned char des3_3key_subkeys[2][8] = { 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 } }; -static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -702,7 +686,7 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3 #endif /* MBEDTLS_DES_C */ -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -752,23 +736,22 @@ static int cmac_test_subkeys( int verbose, int i, ret; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; - unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; - unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; cipher_info = mbedtls_cipher_info_from_type( cipher_type ); if( cipher_info == NULL ) { /* Failing at this point must be due to a build issue */ - ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - goto exit; + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } + mbedtls_cipher_init( &ctx ); + for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " %s CMAC subkey #%u: ", testname, i +1 ); - - mbedtls_cipher_init( &ctx ); + mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) { @@ -808,30 +791,25 @@ static int cmac_test_subkeys( int verbose, } exit: + mbedtls_cipher_free( &ctx ); + return( ret ); } -static inline int cmac_test_wth_cipher( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* expected_result, - mbedtls_cipher_type_t cipher_type, - int block_size, - int num_tests ) +static int cmac_test_wth_cipher( int verbose, + const char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + const unsigned int message_lengths[4], + const unsigned char* expected_result, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests ) { const mbedtls_cipher_info_t *cipher_info; int i, ret; - unsigned char* output; - - output = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( output == NULL ) - { - ret = MBEDTLS_ERR_CIPHER_ALLOC_FAILED; - goto exit; - } + unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; cipher_info = mbedtls_cipher_info_from_type( cipher_type ); if( cipher_info == NULL ) @@ -864,32 +842,32 @@ static inline int cmac_test_wth_cipher( int verbose, if( verbose != 0 ) mbedtls_printf( "passed\n" ); } -exit: - mbedtls_free( output ); +exit: return( ret ); } -#ifdef MBEDTLS_AES_C -static inline int test_aes128_cmac_prf( int verbose ) +#if defined(MBEDTLS_AES_C) +static int test_aes128_cmac_prf( int verbose ) { int i; int ret; - unsigned char output[16]; + unsigned char output[MBEDTLS_AES_BLOCK_SIZE]; for( i = 0; i < NB_PRF_TESTS; i++ ) { mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); if( ret != 0 || - memcmp( output, PRFT[i], 16 ) != 0 ) + memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); return( ret ); - } else if( verbose != 0 ) + } + else if( verbose != 0 ) { mbedtls_printf( "passed\n" ); } @@ -902,17 +880,16 @@ int mbedtls_cmac_self_test( int verbose ) { int ret; -#ifdef MBEDTLS_AES_C - +#if defined(MBEDTLS_AES_C) /* AES-128 */ if( ( ret = cmac_test_subkeys( verbose, - "AES 128", - aes_128_key, - 128, - (const unsigned char*) aes_128_subkeys, - MBEDTLS_CIPHER_AES_128_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "AES 128", + aes_128_key, + 128, + (const unsigned char*)aes_128_subkeys, + MBEDTLS_CIPHER_AES_128_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } @@ -923,23 +900,23 @@ int mbedtls_cmac_self_test( int verbose ) 128, test_message, aes_message_lengths, - (const unsigned char*) aes_128_expected_result, + (const unsigned char*)aes_128_expected_result, MBEDTLS_CIPHER_AES_128_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } /* AES-192 */ if( ( ret = cmac_test_subkeys( verbose, - "AES 192", - aes_192_key, - 192, - (const unsigned char*) aes_192_subkeys, - MBEDTLS_CIPHER_AES_192_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "AES 192", + aes_192_key, + 192, + (const unsigned char*)aes_192_subkeys, + MBEDTLS_CIPHER_AES_192_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } @@ -950,103 +927,99 @@ int mbedtls_cmac_self_test( int verbose ) 192, test_message, aes_message_lengths, - (const unsigned char*) aes_192_expected_result, + (const unsigned char*)aes_192_expected_result, MBEDTLS_CIPHER_AES_192_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { -mbedtls_printf("ret = %x\n", ret); return( ret ); } /* AES-256 */ if( ( ret = cmac_test_subkeys( verbose, - "AES 256", - aes_256_key, - 256, - (const unsigned char*) aes_256_subkeys, - MBEDTLS_CIPHER_AES_256_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "AES 256", + aes_256_key, + 256, + (const unsigned char*)aes_256_subkeys, + MBEDTLS_CIPHER_AES_256_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } - if( ( ret = cmac_test_wth_cipher ( verbose, + if( ( ret = cmac_test_wth_cipher ( verbose, "AES 256", aes_256_key, 256, test_message, aes_message_lengths, - (const unsigned char*) aes_256_expected_result, + (const unsigned char*)aes_256_expected_result, MBEDTLS_CIPHER_AES_256_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } #endif /* MBEDTLS_AES_C */ -#ifdef MBEDTLS_DES_C +#if defined(MBEDTLS_DES_C) /* 3DES 2 key */ if( ( ret = cmac_test_subkeys( verbose, - "3DES 2 key", - des3_2key_key, - 192, - (const unsigned char*) des3_2key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "3DES 2 key", + des3_2key_key, + 192, + (const unsigned char*)des3_2key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } - - if( ( ret = cmac_test_wth_cipher( verbose, "3DES 2 key", des3_2key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_2key_expected_result, + (const unsigned char*)des3_2key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } /* 3DES 3 key */ if( ( ret = cmac_test_subkeys( verbose, - "3DES 3 key", - des3_3key_key, - 192, - (const unsigned char*) des3_3key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "3DES 3 key", + des3_3key_key, + 192, + (const unsigned char*)des3_3key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } - if( ( ret = cmac_test_wth_cipher( verbose, "3DES 3 key", des3_3key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_3key_expected_result, + (const unsigned char*)des3_3key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } #endif /* MBEDTLS_DES_C */ -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) return( ret ); #endif /* MBEDTLS_AES_C */ diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 81a5a0aaa27c..3b23b521e42f 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -31,7 +31,7 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, != NULL ); TEST_ASSERT( result == mbedtls_cipher_cmac( cipher_info, key, key_size, - buf, 16, tmp ) != 0 ); + buf, 16, tmp ) ); } /* END_CASE */ From b981b16379f3896422b5d8c9e9ad1ecae583c370 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 10:27:22 +0100 Subject: [PATCH 134/272] Minor fixes to formatting and compilation conditions --- programs/test/benchmark.c | 11 ++++++----- programs/test/selftest.c | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 86b84250ac95..22a878db510d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -93,14 +93,14 @@ int main( void ) #define OPTIONS \ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \ - "arc4, des3, des, camellia, blowfish,\n" \ + "arc4, des3, des, camellia, blowfish,\n" \ "aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n" \ "havege, ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" #if defined(MBEDTLS_ERROR_C) #define PRINT_ERROR \ - mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ + mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ mbedtls_printf( "FAILED: %s\n", tmp ); #else #define PRINT_ERROR \ @@ -401,8 +401,8 @@ int main( int argc, char *argv[] ) cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB ); TIME_AND_TSC( "3DES-CMAC", - mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, - BUFSIZE, output ) ); + mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, + BUFSIZE, output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_DES_C */ @@ -501,7 +501,8 @@ int main( int argc, char *argv[] ) memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); TIME_AND_TSC( "AES-CMAC-PRF-128", - mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, output ) ); + mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, + output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_AES_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 33f96ea13960..1941ad051203 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -278,7 +278,7 @@ int main( int argc, char *argv[] ) suites_tested++; #endif -#if defined(MBEDTLS_CMAC_C) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_CMAC_C) if( ( mbedtls_cmac_self_test( v ) ) != 0 ) { suites_failed++; From d241f1cf17a10b56aa6c70c83e468014d1869db6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 10:39:49 +0100 Subject: [PATCH 135/272] Fixes following review Fixes issue of not zeroing entire block on reset and conditional compilation. --- library/cmac.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 7fc513a45296..9e4dc892ab29 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -59,8 +59,7 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || \ - defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_SELF_TEST) #include #define mbedtls_printf printf #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ @@ -388,8 +387,9 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_len ) ); - mbedtls_zeroize( cmac_ctx->state, MBEDTLS_CIPHER_BLKSIZE_MAX ); + sizeof( cmac_ctx->unprocessed_block )); + mbedtls_zeroize( cmac_ctx->state, + sizeof( cmac_ctx->state ) ); cmac_ctx->padding_flag = 1; return( 0 ); From a592dcc1c6277bb191269e709cdd3d5593e593ed Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 6 Oct 2016 15:23:39 +0100 Subject: [PATCH 136/272] Clean up of formatting, and potential integer overflow fix --- include/mbedtls/cmac.h | 2 +- library/cmac.c | 8 ++++---- programs/test/benchmark.c | 4 ++-- tests/Makefile | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index d94c015e0274..f64ae69b471d 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -48,7 +48,7 @@ struct mbedtls_cmac_context_t /** Internal state of the CMAC algorithm */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; - /** Unprocessed data - either data that was not block aligned and is still + /** Unprocessed data - either data that was not block aligned and is still * pending to be processed, or the final block */ unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; diff --git a/library/cmac.c b/library/cmac.c index 9e4dc892ab29..03d939278a2a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -245,7 +245,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, { mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - int n, j, ret = 0; + int n, j, ret = 0; size_t olen, block_size; if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || @@ -259,7 +259,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* Is their data still to process from the last call, that's equal to * or greater than a block? */ if( cmac_ctx->unprocessed_len > 0 && - ilen + cmac_ctx->unprocessed_len > block_size ) + ilen > block_size - cmac_ctx->unprocessed_len ) { memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], input, @@ -387,7 +387,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block )); + sizeof( cmac_ctx->unprocessed_block ) ); mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); cmac_ctx->padding_flag = 1; @@ -822,7 +822,7 @@ static int cmac_test_wth_cipher( int verbose, for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " %s CMAC #%u: ", testname, i +1 ); + mbedtls_printf( " %s CMAC #%u: ", testname, i + 1 ); if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, message_lengths[i], output ) ) != 0 ) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 22a878db510d..eb578e73067f 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -494,8 +494,8 @@ int main( int argc, char *argv[] ) cipher_info = mbedtls_cipher_info_from_type( cipher_type ); TIME_AND_TSC( title, - mbedtls_cipher_cmac( cipher_info, tmp, keysize, - buf, BUFSIZE, output ) ); + mbedtls_cipher_cmac( cipher_info, tmp, keysize, + buf, BUFSIZE, output ) ); } memset( buf, 0, sizeof( buf ) ); diff --git a/tests/Makefile b/tests/Makefile index 23c68ec8679a..4787f25085ec 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -50,7 +50,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \ - test_suite_cmac$(EXEXT) \ + test_suite_cmac$(EXEXT) \ test_suite_cipher.aes$(EXEXT) \ test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \ test_suite_cipher.gcm$(EXEXT) \ From 604d399a5ca3a725f367e44a65cf55ce8fba7003 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 19:02:49 +0100 Subject: [PATCH 137/272] Add extra compilation conditions to gen_key.c #559 The sample application programs/pkey/gen_key.c uses the library function mbedtls_pk_write_key_pem() which is dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks. This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c sample application. --- programs/pkey/gen_key.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 63a3aeb98aa0..48126948d85a 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -120,12 +120,14 @@ int dev_random_entropy_poll( void *data, unsigned char *output, USAGE_DEV_RANDOM \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_PEM_WRITE_C" "not defined.\n" ); return( 0 ); } @@ -418,4 +420,6 @@ int main( int argc, char *argv[] ) return( ret ); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && + * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + From f73fd701c07a8637b2570eb4f34416e946ef78bf Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 11:17:44 +0100 Subject: [PATCH 138/272] Update Changelog for fix #559 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 489c4bf4849c..8e255260f0ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,9 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fixed sample application 'programs/pkey/gen_key.c' for builds where the + configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. + #559. Changes * Extended test coverage of special cases, and added new timing test suite. From 420be4ea0461795cf8d35981a2c7e7c01ba9d810 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 12:55:43 +0100 Subject: [PATCH 139/272] Fix bracketing in cmac.c The bracketing in some expressions where an assignment was being made in an if statement in cmac.c had been accidentally broken and was causing compiler warnings with armcc. --- library/cmac.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 03d939278a2a..f755d409f09d 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -778,8 +778,8 @@ static int cmac_test_subkeys( int verbose, goto exit; } - if( ( ret = memcmp( K1, subkeys, block_size ) != 0 ) || - ( ret = memcmp( K2, &subkeys[block_size], block_size ) != 0 ) ) + if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || + ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -889,7 +889,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_128_subkeys, MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -903,7 +903,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_128_expected_result, MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -916,7 +916,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_192_subkeys, MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -930,7 +930,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_192_expected_result, MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -943,7 +943,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_256_subkeys, MBEDTLS_CIPHER_AES_256_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -957,7 +957,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_256_expected_result, MBEDTLS_CIPHER_AES_256_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -972,7 +972,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_2key_subkeys, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -986,7 +986,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_2key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -999,7 +999,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_3key_subkeys, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -1013,14 +1013,14 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_3key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) + if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 ) return( ret ); #endif /* MBEDTLS_AES_C */ From 9fe6f9256152a24d9f6e3705b2269662391c6b3d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Oct 2016 14:17:56 +0100 Subject: [PATCH 140/272] Add SHA1 guards in dh_client.c and dh_server.c The build breaked for configurations not having MBEDTLS_SHA1_C. --- programs/pkey/dh_client.c | 6 ++++-- programs/pkey/dh_server.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 48b97cee9f7e..875d0b083106 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -36,7 +36,8 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_SHA1_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" @@ -55,7 +56,8 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_SHA1_C) int main( void ) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 173a29d35532..8bf2b1b29ff7 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -36,7 +36,8 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_SHA1_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" @@ -55,7 +56,8 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_SHA1_C) int main( void ) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " From 23bdca0d63522d983d7e1169d5fe407ceb611455 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 7 Oct 2016 14:47:14 +0100 Subject: [PATCH 141/272] Fix an x509 compatibility issue Certificates with unsupported algorithms in the certificate chain prevented verification even if a certificate before the unsupported ones was already trusted. We change the behaviour to ignoring every certificate with unknown (unsupported) signature algorithm oid when parsing the certificate chain received from the peer. --- library/ssl_tls.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 505bb6cb3a5c..df7b73495794 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -49,8 +49,7 @@ #include -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) +#if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/oid.h" #endif @@ -4347,7 +4346,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, ssl->in_msg + i, n ); - if( ret != 0 ) + if( 0 != ret && ( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND ) != ret ) { MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); return( ret ); From 203a6934e718af4849eadb4021b7688d3d191a26 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 15:00:17 +0100 Subject: [PATCH 142/272] Add extra compilation conditions to X.509 samples The sample applications programs/pkey/cert_req.c and programs/pkey/cert_write.c use the library functions mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks. This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these sample application. --- programs/x509/cert_req.c | 5 +++-- programs/x509/cert_write.c | 11 ++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 5cafb80cd6ec..30df2162ae19 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -34,7 +34,8 @@ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_PEM_WRITE_C) int main( void ) { mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " @@ -341,4 +342,4 @@ int main( int argc, char *argv[] ) return( ret ); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 7907d8221f48..66e5f1dabbf2 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -32,10 +32,11 @@ #define mbedtls_printf printf #endif -#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_PEM_WRITE_C) int main( void ) { mbedtls_printf( "MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " @@ -664,4 +665,4 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - MBEDTLS_ERROR_C */ + MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */ From f77309cb3591af98d5a87672ac4ec87d6bcc5df5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 15:56:07 +0100 Subject: [PATCH 143/272] Update Changelog for fixes to X.509 sample apps --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e255260f0ea..911f28017532 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,9 +31,9 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. - * Fixed sample application 'programs/pkey/gen_key.c' for builds where the - configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. - #559. + * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for + builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found + by inestlerode. #559. Changes * Extended test coverage of special cases, and added new timing test suite. From b98eaff408749196c13d6bd46b4941e0c98783de Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 10:13:52 +0100 Subject: [PATCH 144/272] Revise Changelog to clarify and add credit --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9f9421062771..defebd031e4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,8 +34,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. - * Fixed default threading implementation to avoid accidental double - initialisations and double frees. + * Fixed pthread implementation to avoid unintended double initialisations + and double frees. (found by Niklas Amnebratt) Changes * Extended test coverage of special cases, and added new timing test suite. From 6b0774ab1a716e303a2ebd0ece70cffca56bcbb1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 10 Oct 2016 21:37:42 +0100 Subject: [PATCH 145/272] Fix issues in CMAC in repeated updates Successive calls to mbedtls_cipher_cmac_update() which weren't block aligned were failing, which is fixed by this commit. --- library/cmac.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index f755d409f09d..8ea0685b7a6a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -256,8 +256,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = ctx->cmac_ctx->state; - /* Is their data still to process from the last call, that's equal to - * or greater than a block? */ + /* Is there data still to process from the last call, that's greater in + * size than a block? */ if( cmac_ctx->unprocessed_len > 0 && ilen > block_size - cmac_ctx->unprocessed_len ) { @@ -273,9 +273,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, goto exit; } - ilen -= block_size; - input += cmac_ctx->unprocessed_len; - + input += block_size - cmac_ctx->unprocessed_len; + ilen -= block_size - cmac_ctx->unprocessed_len; cmac_ctx->unprocessed_len = 0; } @@ -300,8 +299,10 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* If there is data left over that wasn't aligned to a block */ if( ilen > 0 ) { - memcpy( &cmac_ctx->unprocessed_block, input, ilen ); - cmac_ctx->unprocessed_len = ilen; + memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + ilen ); + cmac_ctx->unprocessed_len += ilen; if( ilen % block_size > 0 ) cmac_ctx->padding_flag = 1; @@ -339,7 +340,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( cmac_ctx->padding_flag ) + if( cmac_ctx->padding_flag && cmac_ctx->unprocessed_len < block_size ) { cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); cmac_xor_block( M_last, M_last, K2, block_size ); From 33183fd408f538c7b84ef1982c6e2a89e9c1c922 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 10 Oct 2016 21:41:03 +0100 Subject: [PATCH 146/272] Extend test coverage of CMAC Expands tests to include NULL tests and successive calls to mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset(). --- tests/suites/test_suite_cmac.data | 39 +++- tests/suites/test_suite_cmac.function | 273 +++++++++++++++++++++++++- 2 files changed, 309 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data index a913ffdd8ec9..70b7609e4898 100644 --- a/tests/suites/test_suite_cmac.data +++ b/tests/suites/test_suite_cmac.data @@ -1,6 +1,9 @@ CMAC self test mbedtls_cmac_self_test: +CMAC null arguments +mbedtls_cmac_null_args: + CMAC init #1 AES-128: OK depends_on:MBEDTLS_AES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:128:0 @@ -21,7 +24,41 @@ CMAC init #5 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -CMAC init #6 Camellia: wrong cipher +CMAC init #6 AES-0: bad key size +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #7 Camellia: wrong cipher depends_on:MBEDTLS_CAMELLIA_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +CMAC Single Blocks #1 - Empty block, no updates +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746" + +CMAC Single Blocks #2 - Single 16 byte block +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"":-1:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" + +CMAC Single Blocks #3 - Single 64 byte block +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"":-1:"51f0bebf7e3b9d92fc49741779363cfe" + +CMAC Multiple Blocks #1 - Multiple 8 byte blocks +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172a":8:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" + +CMAC Multiple Blocks #2 - Multiple 16 byte blocks +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"ae2d8a571e03ac9c9eb76fac45af8e51":16:"30c81c46a35ce411e5fbc1191a0a52ef":16:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" + +CMAC Multiple Blocks #3 - Multiple variable sized blocks +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172aae2d8a571e03ac9c":16:"9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52ef":24:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" + +CMAC Multiple Blocks #4 - Multiple 8 byte blocks with gaps +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":0:"6bc1bee22e409f96":8:"":0:"e93d7e117393172a":8:"070a16b46b4d4144f79bdd9dd04a287c" + +CMAC Multiple Operations, same key #1 - Empty, empty +mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367" + +CMAC Multiple Operations, same key #2 - Empty, 64 byte block +mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"a1d5df0eed790f794d77589659f39a11" + +CMAC Multiple Operations, same key #3 - variable byte blocks +mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11" + diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 3b23b521e42f..f452afef40d4 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -15,6 +15,87 @@ void mbedtls_cmac_self_test( ) } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_cmac_null_args( ) +{ + mbedtls_cipher_context_t ctx; + const mbedtls_cipher_info_t *cipher_info; + unsigned char test_key[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char test_data[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char test_output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + + mbedtls_cipher_init( &ctx ); + + /* Test NULL cipher info */ + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( NULL, test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_reset( NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( NULL, + test_key, 128, + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + NULL, 128, + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + test_key, 128, + NULL, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + test_key, 128, + test_data, 16, + NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16, + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, + NULL, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, + test_data, 16, + NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_cmac_setkey( int cipher_type, int key_size, int result ) @@ -30,8 +111,196 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - TEST_ASSERT( result == mbedtls_cipher_cmac( cipher_info, key, key_size, - buf, 16, tmp ) ); + TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size, + buf, 16, tmp ) ) != 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_cmac_multiple_blocks( int cipher_type, + char *key_string, int keybits, + int block_size, + char *block1_string, int block1_len, + char *block2_string, int block2_len, + char *block3_string, int block3_len, + char *block4_string, int block4_len, + char *expected_result_string ) +{ + unsigned char key[100]; + unsigned char block1[100]; + unsigned char block2[100]; + unsigned char block3[100]; + unsigned char block4[100]; + unsigned char expected_result[100]; + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx; + unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + + /* Convert the test parameters to binary data */ + unhexify( key, key_string ); + unhexify( block1, block1_string ); + unhexify( block2, block2_string ); + unhexify( block3, block3_string ); + unhexify( block4, block4_string ); + unhexify( expected_result, expected_result_string ); + + /* Validate the test inputs */ + TEST_ASSERT( block1_len <= 100 ); + TEST_ASSERT( block2_len <= 100 ); + TEST_ASSERT( block3_len <= 100 ); + TEST_ASSERT( block4_len <= 100 ); + + /* Set up */ + TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) + != NULL ); + + mbedtls_cipher_init( &ctx ); + + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, + (const unsigned char*)key, + keybits ) == 0 ); + + /* Multiple partial and complete blocks. A negative length means skip the + * update operation */ + if( block1_len >= 0) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block1, + block1_len ) == 0); + + if( block2_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block2, + block2_len ) == 0); + + if( block3_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block3, + block3_len ) == 0); + + if( block4_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block4, + block4_len ) == 0); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 ); + + TEST_ASSERT( memcmp( output, expected_result, block_size ) == 0 ); + + mbedtls_cipher_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_cmac_multiple_operations_same_key( int cipher_type, + char *key_string, int keybits, + int block_size, + char *block_a1_string, int block_a1_len, + char *block_a2_string, int block_a2_len, + char *block_a3_string, int block_a3_len, + char *expected_result_a_string, + char *block_b1_string, int block_b1_len, + char *block_b2_string, int block_b2_len, + char *block_b3_string, int block_b3_len, + char *expected_result_b_string ) +{ + unsigned char key[100]; + unsigned char block_a1[100]; + unsigned char block_a2[100]; + unsigned char block_a3[100]; + unsigned char block_b1[100]; + unsigned char block_b2[100]; + unsigned char block_b3[100]; + unsigned char expected_result_a[100], expected_result_b[100]; + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx; + unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + + /* Convert the test parameters to binary data */ + unhexify( key, key_string ); + unhexify( block_a1, block_a1_string ); + unhexify( block_a2, block_a2_string ); + unhexify( block_a3, block_a3_string ); + + unhexify( block_b1, block_b1_string ); + unhexify( block_b2, block_b2_string ); + unhexify( block_b3, block_b3_string ); + + unhexify( expected_result_a, expected_result_a_string ); + unhexify( expected_result_b, expected_result_b_string ); + + /* Validate the test inputs */ + TEST_ASSERT( block_a1_len <= 100 ); + TEST_ASSERT( block_a2_len <= 100 ); + TEST_ASSERT( block_a3_len <= 100 ); + + TEST_ASSERT( block_b1_len <= 100 ); + TEST_ASSERT( block_b2_len <= 100 ); + TEST_ASSERT( block_b3_len <= 100 ); + + /* Set up */ + TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) + != NULL ); + + mbedtls_cipher_init( &ctx ); + + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, + (const unsigned char*)key, + keybits ) == 0 ); + + /* Sequence A */ + + /* Multiple partial and complete blocks. A negative length means skip the + * update operation */ + if( block_a1_len >= 0) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_a1, + block_a1_len ) == 0); + + if( block_a2_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_a2, + block_a2_len ) == 0); + + if( block_a3_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_a3, + block_a3_len ) == 0); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 ); + + TEST_ASSERT( memcmp( output, expected_result_a, block_size ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_reset( &ctx ) == 0 ); + + /* Sequence B */ + + /* Multiple partial and complete blocks. A negative length means skip the + * update operation */ + if( block_b1_len >= 0) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_b1, + block_b1_len ) == 0); + + if( block_b2_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_b2, + block_b2_len ) == 0); + + if( block_b3_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_b3, + block_b3_len ) == 0); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 ); + + TEST_ASSERT( memcmp( output, expected_result_b, block_size ) == 0 ); + + + mbedtls_cipher_free( &ctx ); } /* END_CASE */ From 53da6ae842610aa3fc2d3e413d6667646aa4d2ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 10 Oct 2016 22:03:39 +0100 Subject: [PATCH 147/272] Add CMAC test suite to CMakeLists.txt --- tests/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 13659de0fa04..21583c40adc9 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -61,6 +61,7 @@ add_test_suite(cipher cipher.des) add_test_suite(cipher cipher.gcm) add_test_suite(cipher cipher.null) add_test_suite(cipher cipher.padding) +add_test_suite(cmac) add_test_suite(ctr_drbg) add_test_suite(debug) add_test_suite(des) From bd8d22192012bc51c62b566540ff4c576516cbae Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 12:05:51 +0100 Subject: [PATCH 148/272] Fix exit and formatting in CMAC test suite Minor fixes following review. --- tests/suites/test_suite_cmac.function | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index f452afef40d4..1f88ddcfe449 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -79,9 +79,9 @@ void mbedtls_cmac_null_args( ) MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16, - test_data, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, NULL, 16, @@ -188,6 +188,7 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, TEST_ASSERT( memcmp( output, expected_result, block_size ) == 0 ); +exit: mbedtls_cipher_free( &ctx ); } /* END_CASE */ @@ -255,7 +256,7 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, /* Multiple partial and complete blocks. A negative length means skip the * update operation */ - if( block_a1_len >= 0) + if( block_a1_len >= 0 ) TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, (unsigned char*)block_a1, block_a1_len ) == 0); @@ -299,7 +300,7 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, TEST_ASSERT( memcmp( output, expected_result_b, block_size ) == 0 ); - +exit: mbedtls_cipher_free( &ctx ); } /* END_CASE */ From 2573136fa8147abeddcdc8c49b7a3d3a284f7170 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 30 Sep 2016 13:11:29 +0100 Subject: [PATCH 149/272] Fix to test output in test suites Fixes the test suites to consistently use mbedtls_fprintf to output to stdout or stderr. Also redirects output from the tests to /dev/null to avoid confusing output if the test suite code or library outputs anything to stdout. --- tests/suites/helpers.function | 12 +++---- tests/suites/main_test.function | 61 ++++++++++++++++++++++++++++++--- 2 files changed, 62 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index d12be75cec5f..2475a3cc6acb 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -8,16 +8,13 @@ #include "mbedtls/platform.h" #else #include -#define mbedtls_printf printf #define mbedtls_fprintf fprintf -#define mbedtls_calloc calloc +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc #define mbedtls_free free #define mbedtls_exit exit #define mbedtls_time time #define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif @@ -355,7 +352,8 @@ static void test_fail( const char *test, int line_no, const char* filename ) { test_errors++; if( test_errors == 1 ) - mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n at line %d, %s\n", test, line_no, filename ); + mbedtls_fprintf( stdout, "FAILED\n" ); + mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, + filename ); } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ac5322e45367..ed5d4146c26b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -7,7 +7,8 @@ int verify_string( char **str ) if( (*str)[0] != '"' || (*str)[strlen( *str ) - 1] != '"' ) { - mbedtls_printf( "Expected string (with \"\") for parameter and got: %s\n", *str ); + mbedtls_fprintf( stderr, + "Expected string (with \"\") for parameter and got: %s\n", *str ); return( -1 ); } @@ -60,7 +61,8 @@ int verify_int( char *str, int *value ) MAPPING_CODE - mbedtls_printf( "Expected integer for parameter and got: %s\n", str ); + mbedtls_fprintf( stderr, + "Expected integer for parameter and got: %s\n", str ); return( KEY_VALUE_MAPPING_NOT_FOUND ); } @@ -77,6 +79,12 @@ SUITE_POST_DEP /*----------------------------------------------------------------------------*/ /* Test dispatch code */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#include +#endif +#include + + int dep_check( char *str ) { if( str == NULL ) @@ -249,6 +257,7 @@ int main(int argc, const char *argv[]) const char **test_files = NULL; int testfile_count = 0; int option_verbose = 0; + int tests_stdout; /* Other Local variables */ int arg_index = 1; @@ -343,7 +352,8 @@ int main(int argc, const char *argv[]) { if( unmet_dep_count > 0 ) { - mbedtls_printf("FATAL: Dep count larger than zero at start of loop\n"); + mbedtls_fprintf( stderr, + "FATAL: Dep count larger than zero at start of loop\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -379,7 +389,7 @@ int main(int argc, const char *argv[]) unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { - mbedtls_printf("FATAL: Out of memory\n"); + mbedtls_fprintf( stderr, "FATAL: Out of memory\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -395,7 +405,50 @@ int main(int argc, const char *argv[]) if( unmet_dep_count == 0 ) { test_errors = 0; + +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + /* Suppress all output from the library unless we're verbose + * mode + */ + if( !option_verbose ) + { + /* Redirect all stdout output to /dev/null */ + tests_stdout = dup( fileno(stdout) ); + if( tests_stdout == -1 ) + { + /* Redirection has failed with no stdout so exit */ + exit(1); + } + + fflush( stdout ); + fclose( stdout ); + stdout = fopen("/dev/null", "w" ); + if( stdout == NULL ) + { + /* Redirection has failed with no stdout so exit */ + exit(1); + } + } +#endif /* __unix__ || __APPLE__ __MACH__ */ + ret = dispatch_test( cnt, params ); + +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + if( !option_verbose ) + { + /* Restore stdout */ + fflush( stdout ); + fclose( stdout ); + + stdout = fdopen ( tests_stdout, "w"); + if( stdout == NULL ) + { + /* Redirection has failed with no stdout so exit */ + exit(1); + } + } +#endif /* __unix__ || __APPLE__ __MACH__ */ + } if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) From 8ca53b51c52982686262015fa84d7ec30ebb61ea Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 5 Oct 2016 10:57:49 +0100 Subject: [PATCH 150/272] Fix minor style issues in test framework --- tests/suites/helpers.function | 40 +++++++++++++++++++++++++++++++++ tests/suites/main_test.function | 40 +++++++-------------------------- 2 files changed, 48 insertions(+), 32 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2475a3cc6acb..5938447af1c2 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -34,6 +34,9 @@ typedef UINT32 uint32_t; #include +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#include +#endif /*----------------------------------------------------------------------------*/ /* Constants */ @@ -102,6 +105,43 @@ static int test_errors = 0; /*----------------------------------------------------------------------------*/ /* Helper Functions */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +static int redirect_output( FILE** out_stream, const char* path ) +{ + int stdout_fd = dup( fileno( *out_stream ) ); + + if( stdout_fd == -1 ) + { + return -1; + } + + fflush( *out_stream ); + fclose( *out_stream ); + *out_stream = fopen( path, "w" ); + + if( *out_stream == NULL ) + { + return -1; + } + + return stdout_fd; +} + +static int restore_output( FILE** out_stream, int old_fd ) +{ + fflush( *out_stream ); + fclose( *out_stream ); + + *out_stream = fdopen( old_fd, "w" ); + if( *out_stream == NULL ) + { + return -1; + } + + return 0; +} +#endif /* __unix__ || __APPLE__ __MACH__ */ + static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ed5d4146c26b..14209a576e44 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -79,12 +79,6 @@ SUITE_POST_DEP /*----------------------------------------------------------------------------*/ /* Test dispatch code */ -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) -#include -#endif -#include - - int dep_check( char *str ) { if( str == NULL ) @@ -257,7 +251,6 @@ int main(int argc, const char *argv[]) const char **test_files = NULL; int testfile_count = 0; int option_verbose = 0; - int tests_stdout; /* Other Local variables */ int arg_index = 1; @@ -268,6 +261,7 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; + int stdout_fd = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -353,7 +347,7 @@ int main(int argc, const char *argv[]) if( unmet_dep_count > 0 ) { mbedtls_fprintf( stderr, - "FATAL: Dep count larger than zero at start of loop\n"); + "FATAL: Dep count larger than zero at start of loop\n" ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -389,7 +383,7 @@ int main(int argc, const char *argv[]) unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { - mbedtls_fprintf( stderr, "FATAL: Out of memory\n"); + mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -412,21 +406,11 @@ int main(int argc, const char *argv[]) */ if( !option_verbose ) { - /* Redirect all stdout output to /dev/null */ - tests_stdout = dup( fileno(stdout) ); - if( tests_stdout == -1 ) - { - /* Redirection has failed with no stdout so exit */ - exit(1); - } - - fflush( stdout ); - fclose( stdout ); - stdout = fopen("/dev/null", "w" ); - if( stdout == NULL ) + stdout_fd = redirect_output( &stdout, "/dev/null" ); + if( stdout_fd == -1 ) { /* Redirection has failed with no stdout so exit */ - exit(1); + exit( 1 ); } } #endif /* __unix__ || __APPLE__ __MACH__ */ @@ -434,18 +418,10 @@ int main(int argc, const char *argv[]) ret = dispatch_test( cnt, params ); #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - if( !option_verbose ) + if( !option_verbose && restore_output( &stdout, stdout_fd ) ) { - /* Restore stdout */ - fflush( stdout ); - fclose( stdout ); - - stdout = fdopen ( tests_stdout, "w"); - if( stdout == NULL ) - { /* Redirection has failed with no stdout so exit */ - exit(1); - } + exit( 1 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ From 851ae29a5d5b409cac0357da6e0a2b8c22e32887 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 10:13:52 +0100 Subject: [PATCH 151/272] Revise Changelog to clarify and add credit --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index defebd031e4a..f8890dc70f7b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,11 +31,11 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fixed pthread implementation to avoid unintended double initialisations + and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. - * Fixed pthread implementation to avoid unintended double initialisations - and double frees. (found by Niklas Amnebratt) Changes * Extended test coverage of special cases, and added new timing test suite. From e3d882ad4ab271bbfe9183371637f76591c1fea6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 Oct 2016 10:49:26 +0100 Subject: [PATCH 152/272] Remove unnecessary flag from CMAC context --- include/mbedtls/cmac.h | 4 ---- library/cmac.c | 12 +----------- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index f64ae69b471d..75e0b97c4ad7 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -44,7 +44,6 @@ extern "C" { */ struct mbedtls_cmac_context_t { - /** Internal state of the CMAC algorithm */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -54,9 +53,6 @@ struct mbedtls_cmac_context_t /** Length of data pending to be processed */ size_t unprocessed_len; - - /** Flag to indicate if the last block needs padding */ - int padding_flag; }; /** diff --git a/library/cmac.c b/library/cmac.c index 8ea0685b7a6a..62f2a6abb455 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -235,7 +235,6 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, ctx->cmac_ctx = cmac_ctx; mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); - cmac_ctx->padding_flag = 1; return 0; } @@ -292,8 +291,6 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, ilen -= block_size; input += block_size; - - cmac_ctx->padding_flag = 0; } /* If there is data left over that wasn't aligned to a block */ @@ -303,11 +300,6 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, input, ilen ); cmac_ctx->unprocessed_len += ilen; - - if( ilen % block_size > 0 ) - cmac_ctx->padding_flag = 1; - else - cmac_ctx->padding_flag = 0; } exit: @@ -340,7 +332,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( cmac_ctx->padding_flag && cmac_ctx->unprocessed_len < block_size ) + if( cmac_ctx->unprocessed_len < block_size ) { cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); cmac_xor_block( M_last, M_last, K2, block_size ); @@ -367,7 +359,6 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, mbedtls_zeroize( K1, sizeof( K1 ) ); mbedtls_zeroize( K2, sizeof( K2 ) ); - cmac_ctx->padding_flag = 1; cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, sizeof( cmac_ctx->unprocessed_block ) ); @@ -391,7 +382,6 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) sizeof( cmac_ctx->unprocessed_block ) ); mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); - cmac_ctx->padding_flag = 1; return( 0 ); } From 60dbc9383109f2609776acbdacc7b19dba036dcc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 2 Sep 2016 15:23:48 +0100 Subject: [PATCH 153/272] Add missing bounds check in X509 DER write funcs This patch adds checks in both mbedtls_x509write_crt_der and mbedtls_x509write_csr_der before the signature is written to buf using memcpy(). --- ChangeLog | 6 ++++++ library/x509write_crt.c | 3 +++ library/x509write_csr.c | 3 +++ 3 files changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index f8890dc70f7b..afef2ddbde8d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.3.x branch released 2016-xx-xx +Security + * Fix potential stack corruption in mbedtls_x509write_crt_der() and + mbedtls_x509write_csr_der() when the signature is copied to the buffer + without checking whether there is enough space in the destination. It is + not triggerable remotely in SSL/TLS. + Features * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by NIST SP 800-38B, RFC-4493 and RFC-4615. diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 9041d440ff18..d1d9a22a7ee2 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -413,6 +413,9 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); + if( len > (size_t)( c2 - buf ) ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + c2 -= len; memcpy( c2, c, len ); diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0b9a2851e0af..8fd856b2a280 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -213,6 +213,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); + if( len > (size_t)( c2 - buf ) ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + c2 -= len; memcpy( c2, c, len ); From e0af995f1275da47a42b520df0d7d872f20cd26d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Sep 2016 11:09:44 +0100 Subject: [PATCH 154/272] Add test for bounds in X509 DER write funcs --- ChangeLog | 4 ++-- tests/suites/test_suite_x509write.function | 28 ++++++++++++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index afef2ddbde8d..d4c82e029a57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,8 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix potential stack corruption in mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when the signature is copied to the buffer - without checking whether there is enough space in the destination. It is - not triggerable remotely in SSL/TLS. + without checking whether there is enough space in the destination. The + issue cannot be triggered remotely. Features * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c3773ba54976..89be31f9aba5 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -16,10 +16,11 @@ void x509_csr_check( char *key_file, char *cert_req_check_file, { mbedtls_pk_context key; mbedtls_x509write_csr req; - unsigned char buf[4000]; + unsigned char buf[4096]; unsigned char check_buf[4000]; int ret; size_t olen = 0, pem_len = 0; + int der_len = -1; FILE *f; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; rnd_pseudo_info rnd_info; @@ -52,6 +53,17 @@ void x509_csr_check( char *key_file, char *cert_req_check_file, TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); + der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), + rnd_pseudo_rand, &rnd_info ); + TEST_ASSERT( der_len >= 0 ); + + if( der_len == 0 ) + goto exit; + + ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), + rnd_pseudo_rand, &rnd_info ); + TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); @@ -68,11 +80,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, { mbedtls_pk_context subject_key, issuer_key; mbedtls_x509write_cert crt; - unsigned char buf[4000]; + unsigned char buf[4096]; unsigned char check_buf[5000]; mbedtls_mpi serial; int ret; size_t olen = 0, pem_len = 0; + int der_len = -1; FILE *f; rnd_pseudo_info rnd_info; @@ -125,6 +138,17 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); + der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), + rnd_pseudo_rand, &rnd_info ); + TEST_ASSERT( der_len >= 0 ); + + if( der_len == 0 ) + goto exit; + + ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), + rnd_pseudo_rand, &rnd_info ); + TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + exit: mbedtls_x509write_crt_free( &crt ); mbedtls_pk_free( &issuer_key ); From 5a74d260065908a29dbf57a1a0791f24f530da4a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 14:06:37 +0100 Subject: [PATCH 155/272] Added credit to Changelog for X.509 DER bounds fix --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4c82e029a57..0412613b0a5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,7 @@ Security * Fix potential stack corruption in mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when the signature is copied to the buffer without checking whether there is enough space in the destination. The - issue cannot be triggered remotely. + issue cannot be triggered remotely. (found by Jethro Beekman) Features * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by From 7770ea82d5772612f6ae9afc2a1b931079bd4eb0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 10 Oct 2016 15:46:20 +0100 Subject: [PATCH 156/272] Add seed cmdline arg to test scripts --- tests/scripts/all.sh | 19 +++++++++++++++++++ tests/ssl-opt.sh | 6 +++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ee0df0cc45f4..6b3396059dbc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -32,6 +32,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 +RELEASE=0 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -48,6 +49,8 @@ usage() printf " -h|--help\t\tPrint this help.\n" printf " -m|--memory\t\tAdditional optional memory tests.\n" printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" + printf " -s|--seed\t\tInteger seed value to use for this test run.\n" + printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" @@ -106,6 +109,13 @@ while [ $# -gt 0 ]; do --force|-f) FORCE=1 ;; + --seed|-s) + shift + SEED="$1" + ;; + --release-test|-r) + RELEASE=1 + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -171,9 +181,15 @@ else fi fi +if [ $RELEASE -eq 1 ]; then + # Fix the seed value to 1 to ensure that the tests are deterministic. + SEED=1 +fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" +echo "SEED: ${SEED-"UNSET"}" echo "OPENSSL: $OPENSSL" echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" echo "GNUTLS_CLI: $GNUTLS_CLI" @@ -187,6 +203,9 @@ export OPENSSL_CMD="$OPENSSL" export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_SERV="$GNUTLS_SERV" +# Avoid passing --seed flag in every call to ssl-opt.sh +[ ! -z ${SEED+set} ] && export SEED + # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d9c45cd7a240..429d9cd19afa 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -58,6 +58,7 @@ print_usage() { printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" + printf " --seed\tInteger seed value to use for this test run\n" } get_options() { @@ -81,6 +82,9 @@ get_options() { -p|--preserve-logs) PRESERVE_LOGS=1 ;; + --seed) + shift; SEED="$1" + ;; -h|--help) print_usage exit 0 @@ -595,7 +599,7 @@ unset PORT_BASE # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" -P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT" +P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" From 1aae658d76d7cc98e698777b2bbe4a075dfe38ec Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 26 Sep 2016 09:15:44 +0100 Subject: [PATCH 157/272] Add safety check to sample mutex implementation Due to inconsistent freeing strategy in pkparse.c the sample mutex implementation in threading.c could lead to undefined behaviour by destroying the same mutex several times. This fix prevents mutexes from being destroyed several times in the sample threading implementation. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index f8890dc70f7b..e6a4dbc765a5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fixed default threading implementation to avoid accidental double + initialisations and double frees. Changes * Extended test coverage of special cases, and added new timing test suite. From c47857dbf49792944a513dc7391208a32d1fc0b2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 10 Oct 2016 15:46:20 +0100 Subject: [PATCH 158/272] Add seed cmdline arg to test scripts --- tests/scripts/all.sh | 19 +++++++++++++++++++ tests/ssl-opt.sh | 6 +++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ee0df0cc45f4..6b3396059dbc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -32,6 +32,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 +RELEASE=0 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -48,6 +49,8 @@ usage() printf " -h|--help\t\tPrint this help.\n" printf " -m|--memory\t\tAdditional optional memory tests.\n" printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" + printf " -s|--seed\t\tInteger seed value to use for this test run.\n" + printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" @@ -106,6 +109,13 @@ while [ $# -gt 0 ]; do --force|-f) FORCE=1 ;; + --seed|-s) + shift + SEED="$1" + ;; + --release-test|-r) + RELEASE=1 + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -171,9 +181,15 @@ else fi fi +if [ $RELEASE -eq 1 ]; then + # Fix the seed value to 1 to ensure that the tests are deterministic. + SEED=1 +fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" +echo "SEED: ${SEED-"UNSET"}" echo "OPENSSL: $OPENSSL" echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" echo "GNUTLS_CLI: $GNUTLS_CLI" @@ -187,6 +203,9 @@ export OPENSSL_CMD="$OPENSSL" export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_SERV="$GNUTLS_SERV" +# Avoid passing --seed flag in every call to ssl-opt.sh +[ ! -z ${SEED+set} ] && export SEED + # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d9c45cd7a240..429d9cd19afa 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -58,6 +58,7 @@ print_usage() { printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" + printf " --seed\tInteger seed value to use for this test run\n" } get_options() { @@ -81,6 +82,9 @@ get_options() { -p|--preserve-logs) PRESERVE_LOGS=1 ;; + --seed) + shift; SEED="$1" + ;; -h|--help) print_usage exit 0 @@ -595,7 +599,7 @@ unset PORT_BASE # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" -P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT" +P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" From b48c8ac45d84bb9871677a1dd28f5160bfb5737f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 26 Sep 2016 09:15:44 +0100 Subject: [PATCH 159/272] Add safety check to sample mutex implementation Due to inconsistent freeing strategy in pkparse.c the sample mutex implementation in threading.c could lead to undefined behaviour by destroying the same mutex several times. This fix prevents mutexes from being destroyed several times in the sample threading implementation. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0412613b0a5f..47dfae6b6b37 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fixed default threading implementation to avoid accidental double + initialisations and double frees. Changes * Extended test coverage of special cases, and added new timing test suite. From 8abc6b86f98cdfa6bf6788e512a73b1806a442c0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 11 Oct 2016 15:41:40 +0100 Subject: [PATCH 160/272] Fix memory leak in test_suite_cmac.function --- tests/suites/test_suite_cmac.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 1f88ddcfe449..0cb437b67064 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,6 +93,9 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +exit: + mbedtls_cipher_free( &ctx ); } /* END_CASE */ @@ -144,6 +147,8 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, unhexify( block4, block4_string ); unhexify( expected_result, expected_result_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block1_len <= 100 ); TEST_ASSERT( block2_len <= 100 ); @@ -154,8 +159,6 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, @@ -231,6 +234,8 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, unhexify( expected_result_a, expected_result_a_string ); unhexify( expected_result_b, expected_result_b_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block_a1_len <= 100 ); TEST_ASSERT( block_a2_len <= 100 ); @@ -244,8 +249,6 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, From d4443582479d3ffcf16b3e376db73de9f3f7e25f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 12 Oct 2016 10:00:42 +0100 Subject: [PATCH 161/272] Fix memory leaks in CMAC tests --- library/cmac.c | 21 ++++++++++++++------- tests/suites/test_suite_cmac.function | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 62f2a6abb455..ee2fe056ce6c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -737,19 +737,19 @@ static int cmac_test_subkeys( int verbose, return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } - mbedtls_cipher_init( &ctx ); - for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); + mbedtls_cipher_init( &ctx ); + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, @@ -758,7 +758,7 @@ static int cmac_test_subkeys( int verbose, if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } ret = cmac_generate_subkeys( &ctx, K1, K2 ); @@ -766,7 +766,8 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || @@ -774,16 +775,22 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_cipher_free( &ctx ); } -exit: + goto exit; + +cleanup: mbedtls_cipher_free( &ctx ); +exit: return( ret ); } diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 0cb437b67064..4b31ab2ffd88 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,7 +93,6 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - exit: mbedtls_cipher_free( &ctx ); } @@ -114,6 +113,7 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); + memset( buf, 0x2A, sizeof( buf ) ); TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size, buf, 16, tmp ) ) != 0 ); } From cd153278eb616e2c877d320a3a6bdd0658399676 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 12:06:50 +0100 Subject: [PATCH 162/272] Fix typo in docs for mbedtls_x509write_csr_der() --- include/mbedtls/x509_csr.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 7a9c2e0550ef..fe9843cb545e 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -282,7 +282,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * * \note f_rng may be NULL if RSA is used for signature and the * signature is made offline (otherwise f_rng is desirable - * for couermeasures against timing attacks). + * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, From c4424c0a6933e7eb05dcfabac7fa14ea1e4962c6 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 11 Oct 2016 15:41:40 +0100 Subject: [PATCH 163/272] Fix memory leak in test_suite_cmac.function --- tests/suites/test_suite_cmac.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 1f88ddcfe449..0cb437b67064 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,6 +93,9 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +exit: + mbedtls_cipher_free( &ctx ); } /* END_CASE */ @@ -144,6 +147,8 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, unhexify( block4, block4_string ); unhexify( expected_result, expected_result_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block1_len <= 100 ); TEST_ASSERT( block2_len <= 100 ); @@ -154,8 +159,6 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, @@ -231,6 +234,8 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, unhexify( expected_result_a, expected_result_a_string ); unhexify( expected_result_b, expected_result_b_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block_a1_len <= 100 ); TEST_ASSERT( block_a2_len <= 100 ); @@ -244,8 +249,6 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, From 99d09d27472e629053641aba5aeefd7657f7f962 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 12 Oct 2016 10:00:42 +0100 Subject: [PATCH 164/272] Fix memory leaks in CMAC tests --- library/cmac.c | 21 ++++++++++++++------- tests/suites/test_suite_cmac.function | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 62f2a6abb455..ee2fe056ce6c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -737,19 +737,19 @@ static int cmac_test_subkeys( int verbose, return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } - mbedtls_cipher_init( &ctx ); - for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); + mbedtls_cipher_init( &ctx ); + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, @@ -758,7 +758,7 @@ static int cmac_test_subkeys( int verbose, if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } ret = cmac_generate_subkeys( &ctx, K1, K2 ); @@ -766,7 +766,8 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || @@ -774,16 +775,22 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_cipher_free( &ctx ); } -exit: + goto exit; + +cleanup: mbedtls_cipher_free( &ctx ); +exit: return( ret ); } diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 0cb437b67064..4b31ab2ffd88 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,7 +93,6 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - exit: mbedtls_cipher_free( &ctx ); } @@ -114,6 +113,7 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); + memset( buf, 0x2A, sizeof( buf ) ); TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size, buf, 16, tmp ) ) != 0 ); } From d5766f62e48da954b3fc878a3de66ee3b77e9dee Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 12:06:50 +0100 Subject: [PATCH 165/272] Fix typo in docs for mbedtls_x509write_csr_der() --- include/mbedtls/x509_csr.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 7a9c2e0550ef..fe9843cb545e 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -282,7 +282,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * * \note f_rng may be NULL if RSA is used for signature and the * signature is made offline (otherwise f_rng is desirable - * for couermeasures against timing attacks). + * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, From 776a6fcd1a55818f70a843e249649a390545f48f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 09:52:41 +0100 Subject: [PATCH 166/272] Fix 1 byte overread in mbedtls_asn1_get_int() --- ChangeLog | 4 ++-- library/asn1parse.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e6a4dbc765a5..8d76eb93cb84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,13 +31,13 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fix conditional statement that would cause a 1 byte overread in + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. * Fixed pthread implementation to avoid unintended double initialisations and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. - * Fixed default threading implementation to avoid accidental double - initialisations and double frees. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/asn1parse.c b/library/asn1parse.c index ffa2f5299a44..4dd65c03c029 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( ret ); - if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) + if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); *val = 0; From 3a5e0709828a6550bfe16261b9ff946bbfacc3d0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 16:37:59 +0100 Subject: [PATCH 167/272] Updated Changelog for fix #599 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8d76eb93cb84..c77c58fe6641 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,7 +32,7 @@ Bugfix * Fixed cert_app sample program for debug output and for use when no root certificates are provided. * Fix conditional statement that would cause a 1 byte overread in - mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 * Fixed pthread implementation to avoid unintended double initialisations and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for From 821da84ff9894060e615e51c50306c361c3411b8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 10:09:30 +0100 Subject: [PATCH 168/272] Fix documentation for mbedtls_gcm_finish() Fix implementation and documentation missmatch for the function arguments to mbedtls_gcm_finish(). Also, removed redundant if condition that always evaluates to true. --- ChangeLog | 2 ++ include/mbedtls/gcm.h | 4 ++-- library/gcm.c | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c77c58fe6641..fc08e896c1cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fix documentation and implementation missmatch for function arguments of + mbedtls_gcm_finish(). Found by cmiatpaar. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 6743ac9a5f9e..1b77aaedd48f 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * 16 bytes. * * \param ctx GCM context - * \param tag buffer for holding the tag (may be NULL if tag_len is 0) - * \param tag_len length of the tag to generate + * \param tag buffer for holding the tag + * \param tag_len length of the tag to generate (must be at least 4) * * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT */ diff --git a/library/gcm.c b/library/gcm.c index aaacf97d6127..f1210c52c39a 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, if( tag_len > 16 || tag_len < 4 ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); - if( tag_len != 0 ) - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy( tag, ctx->base_ectr, tag_len ); if( orig_len || orig_add_len ) { From f6e3b9e8b21110e61c06837ed582ab4211289199 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 19:47:29 +0100 Subject: [PATCH 169/272] Clarified Changelog for fix #602 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fc08e896c1cf..2e89c6afe97a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,7 +39,7 @@ Bugfix builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of - mbedtls_gcm_finish(). Found by cmiatpaar. + mbedtls_gcm_finish(). Found by cmiatpaar. #602 Changes * Extended test coverage of special cases, and added new timing test suite. From ef441784749d14ea9f8afad3f258489d2445c438 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Sep 2016 13:18:12 +0100 Subject: [PATCH 170/272] Restore P>Q in RSA key generation (#558) The PKCS#1 standard says nothing about the relation between P and Q but many libraries guarantee P>Q and mbed TLS did so too in earlier versions. This commit restores this behaviour. --- ChangeLog | 1 + library/rsa.c | 18 ++++++++---------- tests/suites/test_suite_rsa.data | 2 +- tests/suites/test_suite_rsa.function | 1 + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2e89c6afe97a..ab626b96a3b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,7 @@ Bugfix by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 + * Guarantee that P>Q at RSA key generation. #558 Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/rsa.c b/library/rsa.c index 7a33689b2e38..40ef2a9480fa 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); + if( nbits % 2 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); /* @@ -116,16 +119,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - if( nbits % 2 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); - } if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -134,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) continue; + if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index d522332a26f7..af168805fd34 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key -mbedtls_rsa_gen_key:1025:3:0 +mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8837e3a837cb..d48bc8595e28 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); } exit: From 4d69ecd9cb57cd77aee9519454618c98e4373b30 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 00:14:37 +0100 Subject: [PATCH 171/272] Added credit to Changelog for fix #558 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ab626b96a3b9..b011ee42a424 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,7 +40,7 @@ Bugfix by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 - * Guarantee that P>Q at RSA key generation. #558 + * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 Changes * Extended test coverage of special cases, and added new timing test suite. From edf2a3fba79d24e33a00e33c4d959c66e824e2d0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 23:07:30 +0100 Subject: [PATCH 172/272] Fix stdio redirection memory leak in test suites --- tests/suites/helpers.function | 5 +++++ tests/suites/main_test.function | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5938447af1c2..ff3ab99e489d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -140,6 +140,11 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } + +static void close_output( FILE* stdout ) +{ + fclose( stdout ); +} #endif /* __unix__ || __APPLE__ __MACH__ */ static int unhexify( unsigned char *obuf, const char *ibuf ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 14209a576e44..afff5a482343 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,7 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; - int stdout_fd = 0; + int stdout_fd = -1; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -499,6 +499,11 @@ int main(int argc, const char *argv[]) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + if( stdout_fd != -1 ) + close_output( stdout ); +#endif /* __unix__ || __APPLE__ __MACH__ */ + return( total_errors != 0 ); } From e019296ab7d0206dc6bc137a398b3f7f5c15f733 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 23:07:30 +0100 Subject: [PATCH 173/272] Fix stdio redirection memory leak in test suites --- tests/suites/helpers.function | 5 +++++ tests/suites/main_test.function | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5938447af1c2..ff3ab99e489d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -140,6 +140,11 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } + +static void close_output( FILE* stdout ) +{ + fclose( stdout ); +} #endif /* __unix__ || __APPLE__ __MACH__ */ static int unhexify( unsigned char *obuf, const char *ibuf ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 14209a576e44..afff5a482343 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,7 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; - int stdout_fd = 0; + int stdout_fd = -1; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -499,6 +499,11 @@ int main(int argc, const char *argv[]) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + if( stdout_fd != -1 ) + close_output( stdout ); +#endif /* __unix__ || __APPLE__ __MACH__ */ + return( total_errors != 0 ); } From e709f7c9e07b54542f368297272b0fca36304300 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 Oct 2016 11:26:29 +0100 Subject: [PATCH 174/272] Fix global variable shadowing --- tests/suites/helpers.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ff3ab99e489d..63815df852b7 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -141,9 +141,9 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } -static void close_output( FILE* stdout ) +static void close_output( FILE* out_stream ) { - fclose( stdout ); + fclose( out_stream ); } #endif /* __unix__ || __APPLE__ __MACH__ */ From e9bdaa251f0267e9d9e79c56ae51ab741f5a004f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 11 Aug 2016 10:45:14 +0100 Subject: [PATCH 175/272] Actually apply debug_level settings in cert_app --- programs/x509/cert_app.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 3f50a7a1481b..c6434fe1f30e 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -57,6 +57,7 @@ int main( void ) #include "mbedtls/net.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" +#include "mbedtls/debug.h" #include #include @@ -380,6 +381,10 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold( opt.debug_level ); +#endif + /* * 2. Start the connection */ From 2d6599284f0b2b9414dca3fbf04a33ee89f6ffa7 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 11 Aug 2016 10:45:33 +0100 Subject: [PATCH 176/272] Do not add empty cert / key in cert_app --- programs/x509/cert_app.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c6434fe1f30e..73e853e978a0 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -153,9 +153,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; mbedtls_x509_crl cacrl; - mbedtls_pk_context pkey; int i, j; uint32_t flags; int verify = 0; @@ -170,7 +168,6 @@ int main( int argc, char *argv[] ) mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); - mbedtls_x509_crt_init( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init( &cacrl ); #else @@ -178,7 +175,6 @@ int main( int argc, char *argv[] ) it to the verify function */ memset( &cacrl, 0, sizeof(mbedtls_x509_crl) ); #endif - mbedtls_pk_init( &pkey ); if( argc == 0 ) { @@ -423,12 +419,6 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); - if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); - goto ssl_exit; - } - if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); @@ -484,11 +474,9 @@ int main( int argc, char *argv[] ) mbedtls_net_free( &server_fd ); mbedtls_x509_crt_free( &cacert ); - mbedtls_x509_crt_free( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_free( &cacrl ); #endif - mbedtls_pk_free( &pkey ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); From 77d779e8bb3a1c1cc9e31f61408b143779bc947b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 26 Sep 2016 20:48:56 +0100 Subject: [PATCH 177/272] Update for ChangeLog for fixes for cert_app --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index e74640dc7fca..be3d9753357a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Bugfix enabled unless others were also present. Found by David Fernandez. #428 * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on a contribution from Tobias Tangemann. #541 + * Fixed cert_app sample program for debug output and for use when no root + certificates are provided. * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf data structure until after error checks are successful. Found by subramanyam-c. From 3616f6f2619e4911ce8b4bbb80642aa6111acd2f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 14 Sep 2016 14:32:09 +0100 Subject: [PATCH 178/272] Rename net.{c,h} to net_sockets.{c,h} The library/net.c and its corresponding include/mbedtls/net.h file are renamed to library/net_sockets.c and include/mbedtls/net_sockets.h respectively. This is to avoid naming collisions in projects which also have files with the common name 'net'. --- ChangeLog | 4 + include/mbedtls/config.h | 2 +- include/mbedtls/net.h | 212 ++-------------------------- include/mbedtls/net_sockets.h | 225 ++++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 7 +- library/CMakeLists.txt | 2 +- library/Makefile | 7 +- library/error.c | 2 +- library/{net.c => net_sockets.c} | 2 +- programs/pkey/dh_client.c | 2 +- programs/pkey/dh_server.c | 2 +- programs/ssl/dtls_client.c | 2 +- programs/ssl/dtls_server.c | 2 +- programs/ssl/mini_client.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_fork_server.c | 2 +- programs/ssl/ssl_mail_client.c | 2 +- programs/ssl/ssl_pthread_server.c | 2 +- programs/ssl/ssl_server.c | 2 +- programs/ssl/ssl_server2.c | 2 +- programs/test/udp_proxy.c | 2 +- programs/x509/cert_app.c | 2 +- scripts/footprint.sh | 2 +- scripts/generate_errors.pl | 3 + tests/scripts/all.sh | 2 +- visualc/VS2010/mbedTLS.vcxproj | 4 +- yotta/data/README.md | 2 +- 28 files changed, 272 insertions(+), 232 deletions(-) create mode 100644 include/mbedtls/net_sockets.h rename library/{net.c => net_sockets.c} (99%) diff --git a/ChangeLog b/ChangeLog index be3d9753357a..1a8ed66acf90 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,10 @@ Changes through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. * Added optimization for code space for X.509/OID based on configured features. (contributed by Aviv Palivoda) + * Renamed source file library/net.c to library/net_sockets.c to avoid + naming collision in projects which also have files with the common name + net.c. For consistency, the corresponding header file, net.h, is marked as + deprecated, and its contents moved to net_sockets.h. = mbed TLS 2.3.0 branch released 2016-06-28 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8d7d63110bdc..8a892d74c467 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1960,7 +1960,7 @@ * environment: * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * - * Module: library/net.c + * Module: library/net_sockets.c * * This module provides networking routines. */ diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h index 8c6534cfb8d3..774559b3cf6e 100644 --- a/include/mbedtls/net.h +++ b/include/mbedtls/net.h @@ -1,9 +1,9 @@ /** * \file net.h * - * \brief Network communication functions + * \brief Deprecated header file that includes mbedtls/net_sockets.h * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,207 +19,13 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_NET_H -#define MBEDTLS_NET_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include "ssl.h" - -#include -#include - -#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ -#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ -#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ -#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ -#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ -#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ -#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ -#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ -#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ - -#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ - -#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ -#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Wrapper type for sockets. - * - * Currently backed by just a file descriptor, but might be more in the future - * (eg two file descriptors for combined IPv4 + IPv6 support, or additional - * structures for hand-made UDP demultiplexing). - */ -typedef struct -{ - int fd; /**< The underlying file descriptor */ -} -mbedtls_net_context; - -/** - * \brief Initialize a context - * Just makes the context ready to be used or freed safely. - * - * \param ctx Context to initialize - */ -void mbedtls_net_init( mbedtls_net_context *ctx ); - -/** - * \brief Initiate a connection with host:port in the given protocol - * - * \param ctx Socket to use - * \param host Host to connect to - * \param port Port to connect to - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_CONNECT_FAILED - * - * \note Sets the socket in connected mode even with UDP. - */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); - -/** - * \brief Create a receiving socket on bind_ip:port in the chosen - * protocol. If bind_ip == NULL, all interfaces are bound. - * - * \param ctx Socket to use - * \param bind_ip IP to bind to, can be NULL - * \param port Port number to use - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_LISTEN_FAILED * - * \note Regardless of the protocol, opens the sockets and binds it. - * In addition, make the socket listening if protocol is TCP. + * \deprecated Superseded by mbedtls/net_sockets.h */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); - -/** - * \brief Accept a connection from a remote client - * - * \param bind_ctx Relevant socket - * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address - * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written - * - * \return 0 if successful, or - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to - * non-blocking and accept() would block. - */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ); - -/** - * \brief Set the socket blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ); - -/** - * \brief Set the socket non-blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); - -/** - * \brief Portable usleep helper - * - * \param usec Amount of microseconds to sleep - * - * \note Real amount of time slept will not be less than - * select()'s timeout granularity (typically, 10ms). - */ -void mbedtls_net_usleep( unsigned long usec ); - -/** - * \brief Read at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * - * \return the number of bytes received, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. - */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); - -/** - * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to read from - * \param len The length of the buffer - * - * \return the number of bytes sent, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. - */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); - -/** - * \brief Read at most 'len' characters, blocking for at most - * 'timeout' seconds. If no error occurs, the actual amount - * read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (wait forever) - * - * \return the number of bytes received, - * or a non-zero error code: - * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note This function will block (until data becomes available or - * timeout is reached) even if the socket is set to - * non-blocking. Handling timeouts with non-blocking reads - * requires a different strategy. - */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ); - -/** - * \brief Gracefully shutdown the connection and free associated data - * - * \param ctx The context to free - */ -void mbedtls_net_free( mbedtls_net_context *ctx ); - -#ifdef __cplusplus -} -#endif -#endif /* net.h */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#include "mbedtls/net_sockets.h" +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h" +#endif /* MBEDTLS_DEPRECATED_WARNING */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h new file mode 100644 index 000000000000..de335526fe9b --- /dev/null +++ b/include/mbedtls/net_sockets.h @@ -0,0 +1,225 @@ +/** + * \file net_sockets.h + * + * \brief Network communication functions + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_NET_SOCKETS_H +#define MBEDTLS_NET_SOCKETS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "ssl.h" + +#include +#include + +#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ +#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ +#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ +#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ +#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ +#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ +#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ +#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ +#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ +#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ + +#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ + +#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ +#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Wrapper type for sockets. + * + * Currently backed by just a file descriptor, but might be more in the future + * (eg two file descriptors for combined IPv4 + IPv6 support, or additional + * structures for hand-made UDP demultiplexing). + */ +typedef struct +{ + int fd; /**< The underlying file descriptor */ +} +mbedtls_net_context; + +/** + * \brief Initialize a context + * Just makes the context ready to be used or freed safely. + * + * \param ctx Context to initialize + */ +void mbedtls_net_init( mbedtls_net_context *ctx ); + +/** + * \brief Initiate a connection with host:port in the given protocol + * + * \param ctx Socket to use + * \param host Host to connect to + * \param port Port to connect to + * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP + * + * \return 0 if successful, or one of: + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_UNKNOWN_HOST, + * MBEDTLS_ERR_NET_CONNECT_FAILED + * + * \note Sets the socket in connected mode even with UDP. + */ +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); + +/** + * \brief Create a receiving socket on bind_ip:port in the chosen + * protocol. If bind_ip == NULL, all interfaces are bound. + * + * \param ctx Socket to use + * \param bind_ip IP to bind to, can be NULL + * \param port Port number to use + * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP + * + * \return 0 if successful, or one of: + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_BIND_FAILED, + * MBEDTLS_ERR_NET_LISTEN_FAILED + * + * \note Regardless of the protocol, opens the sockets and binds it. + * In addition, make the socket listening if protocol is TCP. + */ +int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); + +/** + * \brief Accept a connection from a remote client + * + * \param bind_ctx Relevant socket + * \param client_ctx Will contain the connected client socket + * \param client_ip Will contain the client IP address + * \param buf_size Size of the client_ip buffer + * \param ip_len Will receive the size of the client IP written + * + * \return 0 if successful, or + * MBEDTLS_ERR_NET_ACCEPT_FAILED, or + * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, + * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to + * non-blocking and accept() would block. + */ +int mbedtls_net_accept( mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len ); + +/** + * \brief Set the socket blocking + * + * \param ctx Socket to set + * + * \return 0 if successful, or a non-zero error code + */ +int mbedtls_net_set_block( mbedtls_net_context *ctx ); + +/** + * \brief Set the socket non-blocking + * + * \param ctx Socket to set + * + * \return 0 if successful, or a non-zero error code + */ +int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); + +/** + * \brief Portable usleep helper + * + * \param usec Amount of microseconds to sleep + * + * \note Real amount of time slept will not be less than + * select()'s timeout granularity (typically, 10ms). + */ +void mbedtls_net_usleep( unsigned long usec ); + +/** + * \brief Read at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer + * + * \return the number of bytes received, + * or a non-zero error code; with a non-blocking socket, + * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. + */ +int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); + +/** + * \brief Write at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to read from + * \param len The length of the buffer + * + * \return the number of bytes sent, + * or a non-zero error code; with a non-blocking socket, + * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. + */ +int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); + +/** + * \brief Read at most 'len' characters, blocking for at most + * 'timeout' seconds. If no error occurs, the actual amount + * read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer + * \param timeout Maximum number of milliseconds to wait for data + * 0 means no timeout (wait forever) + * + * \return the number of bytes received, + * or a non-zero error code: + * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note This function will block (until data becomes available or + * timeout is reached) even if the socket is set to + * non-blocking. Handling timeouts with non-blocking reads + * requires a different strategy. + */ +int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, + uint32_t timeout ); + +/** + * \brief Gracefully shutdown the connection and free associated data + * + * \param ctx The context to free + */ +void mbedtls_net_free( mbedtls_net_context *ctx ); + +#ifdef __cplusplus +} +#endif + +#endif /* net_sockets.h */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c0bfd3e0773d..1c0513da7f6e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1105,9 +1105,10 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for * the conventions those callbacks must follow. * - * \note On some platforms, net.c provides \c mbedtls_net_send(), - * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout() - * that are suitable to be used here. + * \note On some platforms, net_sockets.c provides + * \c mbedtls_net_send(), \c mbedtls_net_recv() and + * \c mbedtls_net_recv_timeout() that are suitable to be used + * here. */ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6aeb38525fba..98fe8c9c54d4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -71,7 +71,7 @@ set(src_x509 set(src_tls debug.c - net.c + net_sockets.c ssl_cache.c ssl_ciphersuites.c ssl_cli.c diff --git a/library/Makefile b/library/Makefile index 00528b3c860e..4b296282b7c9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -68,9 +68,10 @@ OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ x509_csr.o x509write_crt.o x509write_csr.o -OBJS_TLS= debug.o net.o ssl_cache.o \ - ssl_ciphersuites.o ssl_cli.o \ - ssl_cookie.o ssl_srv.o ssl_ticket.o \ +OBJS_TLS= debug.o net_sockets.o \ + ssl_cache.o ssl_ciphersuites.o \ + ssl_cli.o ssl_cookie.o \ + ssl_srv.o ssl_ticket.o \ ssl_tls.o .SILENT: diff --git a/library/error.c b/library/error.c index 4bd15bfee483..71d4faa7080f 100644 --- a/library/error.c +++ b/library/error.c @@ -102,7 +102,7 @@ #endif #if defined(MBEDTLS_NET_C) -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #endif #if defined(MBEDTLS_OID_C) diff --git a/library/net.c b/library/net_sockets.c similarity index 99% rename from library/net.c rename to library/net_sockets.c index 8b96321bc648..cc06cbfad391 100644 --- a/library/net.c +++ b/library/net_sockets.c @@ -38,7 +38,7 @@ #include #endif -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 8ebf34a77b03..48b97cee9f7e 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -37,7 +37,7 @@ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 7eef845dfb99..173a29d35532 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -37,7 +37,7 @@ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index b37eb838cdc0..442a3fb7c13d 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -51,7 +51,7 @@ int main( void ) #include -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 1d6eb3bea06e..9d0dda4d1a4e 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -67,7 +67,7 @@ int main( void ) #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/timing.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 1d787313e1eb..290455e9ae3f 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -68,7 +68,7 @@ int main( void ) #include -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 3516e15c9f32..591f737ae1b9 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -52,7 +52,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 78f9e00f50f3..a1d71e1b3d24 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -49,7 +49,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 363f38f73d13..7624896a34f1 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -66,7 +66,7 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/timing.h" #include diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index c807eb569b9b..4a22771d759f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -54,7 +54,7 @@ int main( void ) #include "mbedtls/base64.h" #include "mbedtls/error.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index c4b02ac54ca6..9a05ad8fd312 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -66,7 +66,7 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index c7f5267958dc..fd54f1726a70 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -65,7 +65,7 @@ int main( void ) #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6d4e9165bd21..18bda599faec 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -50,7 +50,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index b698c78f0cc9..20624d227fac 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -50,7 +50,7 @@ int main( void ) } #else -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/ssl.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 73e853e978a0..c893ca8de16c 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -54,7 +54,7 @@ int main( void ) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" #include "mbedtls/debug.h" diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 9d3c6294f47f..d38e50af2728 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -85,7 +85,7 @@ doit() echo "(generated by $0)" > "$OUTFILE" echo "" >> "$OUTFILE" -log "Footprint of standard configurations (minus net.c, timing.c, fs_io)" +log "Footprint of standard configurations (minus net_sockets.c, timing.c, fs_io)" log "for bare-metal ARM Cortex-M3/M4 microcontrollers." VERSION_H="include/mbedtls/version.h" diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 9605d68026f2..cfcf07c8f3cf 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -90,6 +90,9 @@ $include_name =~ tr/A-Z/a-z/; $include_name = "" if ($include_name eq "asn1"); + # Fix faulty ones + $include_name = "net_sockets" if ($module_name eq "NET"); + my $found_ll = grep $_ eq $module_name, @low_level_modules; my $found_hl = grep $_ eq $module_name, @high_level_modules; if (!$found_ll && !$found_hl) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f40d52f4d60b..afbcaffc5921 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -332,7 +332,7 @@ scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C CC=gcc CFLAGS='-Werror -O0' make -msg "build: full config except net.c, make, gcc -std=c99 -pedantic" # ~ 30s +msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 04b7377bbb9d..a92e581e0516 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -179,7 +179,7 @@ - + @@ -244,7 +244,7 @@ - + diff --git a/yotta/data/README.md b/yotta/data/README.md index 7ec7cef4c704..b748aac32bbb 100644 --- a/yotta/data/README.md +++ b/yotta/data/README.md @@ -72,7 +72,7 @@ While the two editions share the same code base, there are still a number of dif * The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS. -* The following components of mbed TLS are disabled in the mbed OS edition: `net.c` and `timing.c`. This is because mbed OS includes their equivalents. +* The following components of mbed TLS are disabled in the mbed OS edition: `net_sockets.c` and `timing.c`. This is because mbed OS include their equivalents. * The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above. From ba66e8958d5a81b371e41dc613780f64295455ce Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 19 Sep 2016 15:33:30 +0100 Subject: [PATCH 179/272] Add new config.h that does not need entropy source --- ChangeLog | 2 + configs/config-no-entropy.h | 84 +++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 configs/config-no-entropy.h diff --git a/ChangeLog b/ChangeLog index 1a8ed66acf90..61e901393ddf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ Features * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to configure the maximum length of a file path that can be buffered when calling mbedtls_x509_crt_parse_path(). + * Added a configuration file config-no-entropy.h that enables a subset of + library features that do not require an entropy source. Bugfix * Fix for platform time abstraction to avoid dependency issues where a build diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h new file mode 100644 index 000000000000..91e4a026465f --- /dev/null +++ b/configs/config-no-entropy.h @@ -0,0 +1,84 @@ +/** + * Minimal configuration of features that do not require an entropy source + * + * Copyright (C) 2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +/* + * Minimal configuration of features that do not require an entropy source + * Distinguishing reatures: + * - no entropy module + * - no TLS protocol implementation available due missing entropy source + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_PK_RSA_ALT_SUPPORT +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_SELF_TEST +#define MBEDTLS_VERSION_FEATURES +#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BASE64_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ERROR_C +#define MBEDTLS_GCM_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#define MBEDTLS_OID_C +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA512_C +#define MBEDTLS_VERSION_C +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_CRL_PARSE_C + +#include "check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ From 94d73b0b0ac3607d4bbad709123f112ef49ce465 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 23 Sep 2016 17:58:49 +0100 Subject: [PATCH 180/272] Add config macro for min bytes hw entropy --- ChangeLog | 3 +++ configs/config-no-entropy.h | 3 ++- include/mbedtls/config.h | 1 + include/mbedtls/entropy_poll.h | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 61e901393ddf..f3e60d3f53f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ Features calling mbedtls_x509_crt_parse_path(). * Added a configuration file config-no-entropy.h that enables a subset of library features that do not require an entropy source. + * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users + to configure the minimum number of bytes for entropy sources using the + mbedtls_hardware_poll() function. Bugfix * Fix for platform time abstraction to avoid dependency issues where a build diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 91e4a026465f..95f17d456bf2 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -22,7 +22,8 @@ * Minimal configuration of features that do not require an entropy source * Distinguishing reatures: * - no entropy module - * - no TLS protocol implementation available due missing entropy source + * - no TLS protocol implementation available due to absence of an entropy + * source * * See README.txt for usage instructions. */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8a892d74c467..a58519bd5609 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2509,6 +2509,7 @@ /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ /* Memory buffer allocator options */ //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index 430e8651c77f..81258d5f396b 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -41,7 +41,9 @@ extern "C" { #define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ #define MBEDTLS_ENTROPY_MIN_HAVEGE 32 /**< Minimum for HAVEGE */ #define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */ +#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE) #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ +#endif /** * \brief Entropy poll callback that provides 0 entropy. From 84c46db7462ff2dc501b731fce7dd8325b33798f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 22 Sep 2016 14:17:46 +0100 Subject: [PATCH 181/272] Fix scripts to support multiple openssl and gnutls --- tests/scripts/all.sh | 6 ++++ tests/scripts/basic-build-test.sh | 37 ++++++++++++++++++--- tests/scripts/yotta-build.sh | 55 +++++++++++++++++++++---------- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index afbcaffc5921..ee0df0cc45f4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -181,6 +181,12 @@ echo "GNUTLS_SERV: $GNUTLS_SERV" echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" +# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh +# we just export the variables they require +export OPENSSL_CMD="$OPENSSL" +export GNUTLS_CLI="$GNUTLS_CLI" +export GNUTLS_SERV="$GNUTLS_SERV" + # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index e8b616492824..b4058718a22d 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,11 +36,30 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi +: ${OPENSSL:="openssl"} +: ${OPENSSL_LEGACY:="$OPENSSL"} +: ${GNUTLS_CLI:="gnutls-cli"} +: ${GNUTLS_SERV:="gnutls-serv"} +: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} +: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} + +# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh +# we just export the variables they require +export OPENSSL_CMD="$OPENSSL" +export GNUTLS_CLI="$GNUTLS_CLI" +export GNUTLS_SERV="$GNUTLS_SERV" + CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" # Step 0 - print build environment info -scripts/output_env.sh +OPENSSL="$OPENSSL" \ + OPENSSL_LEGACY="$OPENSSL_LEGACY" \ + GNUTLS_CLI="$GNUTLS_CLI" \ + GNUTLS_SERV="$GNUTLS_SERV" \ + GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \ + scripts/output_env.sh echo # Step 1 - Make and instrumented build for code coverage @@ -65,7 +84,15 @@ sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT echo # Step 2c - Compatibility tests -sh compat.sh |tee compat-test-$TEST_OUTPUT +sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ + tee compat-test-$TEST_OUTPUT +OPENSSL_CMD="$OPENSSL_LEGACY" \ + sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT +OPENSSL_CMD="$OPENSSL_LEGACY" \ + GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ + GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ + sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + tee -a compat-test-$TEST_OUTPUT echo # Step 3 - Process the coverage report @@ -128,9 +155,9 @@ TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) # Step 4c - System Compatibility tests echo "System/Compatibility tests - tests/compat.sh" -PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') -SKIPPED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') -EXED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p') +PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') +SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') +EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS)) echo "Passed : $PASSED_TESTS" diff --git a/tests/scripts/yotta-build.sh b/tests/scripts/yotta-build.sh index 19cc576648c2..4bae34aa3409 100755 --- a/tests/scripts/yotta-build.sh +++ b/tests/scripts/yotta-build.sh @@ -1,12 +1,26 @@ #!/bin/sh -# Do test builds of the yotta module for all supported targets +# yotta-build.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# To run test builds of the yotta module for all supported targets. set -eu -yotta/create-module.sh -cd yotta/module -yt update || true # needs network +check_tools() +{ + for TOOL in "$@"; do + if ! `hash "$TOOL" >/dev/null 2>&1`; then + echo "$TOOL not found!" >&2 + exit 1 + fi + done +} yotta_build() { @@ -19,22 +33,29 @@ yotta_build() yt -t $TARGET build -d } +# Make sure the tools we need are available. +check_tools "arm-none-eabi-gcc" "armcc" "yotta" + +yotta/create-module.sh +cd yotta/module +yt update || true # needs network + if uname -a | grep 'Linux.*x86' >/dev/null; then yotta_build x86-linux-native fi if uname -a | grep 'Darwin.*x86' >/dev/null; then yotta_build x86-osx-native fi -if which armcc >/dev/null && armcc --help >/dev/null 2>&1; then - yotta_build frdm-k64f-armcc - #yotta_build nordic-nrf51822-16k-armcc -fi -if which arm-none-eabi-gcc >/dev/null; then - yotta_build frdm-k64f-gcc - #yotta_build st-nucleo-f401re-gcc # dirent - #yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 - #yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform - #yotta_build bbc-microbit-classic-gcc # fails in minar-platform - #yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4 - #yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 -fi + +# armcc build tests. +yotta_build frdm-k64f-armcc +#yotta_build nordic-nrf51822-16k-armcc + +# arm-none-eabi-gcc build tests. +yotta_build frdm-k64f-gcc +#yotta_build st-nucleo-f401re-gcc # dirent +#yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 +#yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform +#yotta_build bbc-microbit-classic-gcc # fails in minar-platform +#yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4 +#yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4 From 42547d0cf75b06732283bd955c53be1798d47954 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 9 Sep 2016 09:10:28 +0100 Subject: [PATCH 182/272] Set selftest verbose flag to boost coverage --- tests/suites/test_suite_aes.function | 2 +- tests/suites/test_suite_arc4.function | 2 +- tests/suites/test_suite_base64.function | 2 +- tests/suites/test_suite_camellia.function | 2 +- tests/suites/test_suite_ccm.function | 2 +- tests/suites/test_suite_ctr_drbg.function | 2 +- tests/suites/test_suite_des.function | 2 +- tests/suites/test_suite_dhm.function | 2 +- tests/suites/test_suite_ecjpake.function | 2 +- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_entropy.function | 2 +- tests/suites/test_suite_gcm.function | 2 +- tests/suites/test_suite_hmac_drbg.function | 2 +- tests/suites/test_suite_mdx.function | 8 ++++---- tests/suites/test_suite_memory_buffer_alloc.function | 2 +- tests/suites/test_suite_mpi.function | 2 +- tests/suites/test_suite_pkcs5.function | 2 +- tests/suites/test_suite_rsa.function | 2 +- tests/suites/test_suite_shax.function | 6 +++--- tests/suites/test_suite_timing.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_xtea.function | 2 +- 22 files changed, 27 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 97bf51b88a03..c5f0eaac9776 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -292,6 +292,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void aes_selftest() { - TEST_ASSERT( mbedtls_aes_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 3da7d8830bb1..a4b401b62b48 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -41,6 +41,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void arc4_selftest() { - TEST_ASSERT( mbedtls_arc4_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index ab6d88ca7433..77fa7fdedf3a 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -119,6 +119,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void base64_selftest() { - TEST_ASSERT( mbedtls_base64_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_base64_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 8c69a96ee5f5..9df6482a8db3 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -224,6 +224,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void camellia_selftest() { - TEST_ASSERT( mbedtls_camellia_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_camellia_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 13371eb9ee34..2f5c77c2c77b 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -10,7 +10,7 @@ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void mbedtls_ccm_self_test( ) { - TEST_ASSERT( mbedtls_ccm_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 3c7873b3182a..3acfb8baed24 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -216,6 +216,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ctr_drbg_selftest( ) { - TEST_ASSERT( mbedtls_ctr_drbg_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index aecd419e5439..2e73a77681c6 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -362,6 +362,6 @@ void des_key_parity_run() /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void des_selftest() { - TEST_ASSERT( mbedtls_des_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_des_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 002c20bf4f4f..b9b8e1956be0 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -123,6 +123,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void dhm_selftest() { - TEST_ASSERT( mbedtls_dhm_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 8d867b73646f..11cf8dc94312 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -101,7 +101,7 @@ cleanup: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ecjpake_selftest() { - TEST_ASSERT( mbedtls_ecjpake_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ecjpake_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index eee648693c87..afe61ec61763 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -507,6 +507,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ecp_selftest() { - TEST_ASSERT( mbedtls_ecp_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 5b97cad3dee0..97a21bc18b7d 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -380,6 +380,6 @@ void entropy_nv_seed( char *read_seed_str ) /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void entropy_selftest( int result ) { - TEST_ASSERT( mbedtls_entropy_self_test( 0 ) == result ); + TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result ); } /* END_CASE */ diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 9d841dc12aee..56c7e1899a52 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -119,6 +119,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void gcm_selftest() { - TEST_ASSERT( mbedtls_gcm_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index 3cc96421ea0c..52094700b502 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -314,6 +314,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void hmac_drbg_selftest( ) { - TEST_ASSERT( mbedtls_hmac_drbg_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_hmac_drbg_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 3d233638bf5f..9d0ee471f855 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -88,27 +88,27 @@ void ripemd160_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */ void md2_selftest() { - TEST_ASSERT( mbedtls_md2_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */ void md4_selftest() { - TEST_ASSERT( mbedtls_md4_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */ void md5_selftest() { - TEST_ASSERT( mbedtls_md5_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_md5_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_SELF_TEST */ void ripemd160_selftest() { - TEST_ASSERT( mbedtls_ripemd160_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_ripemd160_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index 04dd68bec4e7..a0c70d8a2032 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -25,7 +25,7 @@ static int check_pointer( void *p ) /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mbedtls_memory_buffer_alloc_self_test( ) { - TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index e5d0850f194d..b94c8898010e 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -877,6 +877,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mpi_selftest() { - TEST_ASSERT( mbedtls_mpi_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index b1f796e0992f..8fabec085c46 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -82,6 +82,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void pkcs5_selftest( ) { - TEST_ASSERT( mbedtls_pkcs5_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_pkcs5_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 59cbb5c97f7b..8837e3a837cb 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -690,6 +690,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { - TEST_ASSERT( mbedtls_rsa_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index ec326fcc974d..6b3ee9c54c5d 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -112,20 +112,20 @@ void mbedtls_sha512(char *hex_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_SELF_TEST */ void sha1_selftest() { - TEST_ASSERT( mbedtls_sha1_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha1_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */ void sha256_selftest() { - TEST_ASSERT( mbedtls_sha256_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */ void sha512_selftest() { - TEST_ASSERT( mbedtls_sha512_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 74f711c7d845..5882f85d7482 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -10,6 +10,6 @@ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void timing_selftest() { - TEST_ASSERT( mbedtls_timing_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_timing_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c476ec50788c..2affab79b5d6 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -623,6 +623,6 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */ void x509_selftest() { - TEST_ASSERT( mbedtls_x509_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index e294a9bd2610..cbc714a12fe6 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -124,6 +124,6 @@ void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string, /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void xtea_selftest() { - TEST_ASSERT( mbedtls_xtea_self_test( 0 ) == 0 ); + TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 ); } /* END_CASE */ From 0be2b01a6b0ff15091318dc87fc153c20a58bbce Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 26 Sep 2016 09:15:44 +0100 Subject: [PATCH 183/272] Add safety check to sample mutex implementation Due to inconsistent freeing strategy in pkparse.c the sample mutex implementation in threading.c could lead to undefined behaviour by destroying the same mutex several times. This fix prevents mutexes from being destroyed several times in the sample threading implementation. --- ChangeLog | 2 ++ library/threading.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f3e60d3f53f9..a10559f8bcf3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fixed default threading implementation to avoid accidental double + initialisations and double frees. * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf data structure until after error checks are successful. Found by subramanyam-c. diff --git a/library/threading.c b/library/threading.c index 1b6d9cd44517..83ec01a45fde 100644 --- a/library/threading.c +++ b/library/threading.c @@ -32,7 +32,7 @@ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) { - if( mutex == NULL ) + if( mutex == NULL || mutex->is_valid ) return; mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0; @@ -40,10 +40,11 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex ) { - if( mutex == NULL ) + if( mutex == NULL || !mutex->is_valid ) return; (void) pthread_mutex_destroy( &mutex->mutex ); + mutex->is_valid = 0; } static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex ) From 45feb6ef20dba7826a56e80494e6b450bd5612cd Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Fri, 11 Dec 2015 15:49:45 +0000 Subject: [PATCH 184/272] Add support for AES-128-CMAC and AES-CMAC-PRF-128 --- include/mbedtls/cmac.h | 139 +++++++++++ include/mbedtls/config.h | 12 + library/CMakeLists.txt | 1 + library/cmac.c | 527 +++++++++++++++++++++++++++++++++++++++ programs/test/selftest.c | 6 + 5 files changed, 685 insertions(+) create mode 100644 include/mbedtls/cmac.h create mode 100644 library/cmac.c diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h new file mode 100644 index 000000000000..08483f685654 --- /dev/null +++ b/include/mbedtls/cmac.h @@ -0,0 +1,139 @@ +/** + * \file cmac.h + * + * \brief The CMAC Mode for Authentication + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_CMAC_H +#define MBEDTLS_CMAC_H + +#include "cipher.h" + +#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x000D /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x000F /**< Verification failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief CCM context structure + */ +typedef struct { + mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ + unsigned char K1[16]; + unsigned char K2[16]; +} +mbedtls_cmac_context; + +/** + * \brief Initialize CMAC context (just makes references valid) + * Makes the context ready for mbedtls_cmac_setkey() or + * mbedtls_cmac_free(). + * + * \param ctx CMAC context to initialize + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC initialization + * + * \param ctx CMAC context to be initialized + * \param cipher cipher to use (a 128-bit block cipher) + * \param key encryption key + * \param keybits key size in bits (must be acceptable by the cipher) + * + * \return 0 if successful, or a cipher specific error code + */ +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ); + +/** + * \brief Free a CMAC context and underlying cipher sub-context + * + * \param ctx CMAC context to free + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC generate + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer for holding the generated tag + * \param tag_len length of the tag to generate in bytes + * must be between 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful + */ +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ); + +/** + * \brief CMAC verify + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify + * \param tag_len length of the tag to verify in bytes + * must be 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful and authenticated, + * MBEDTLS_ERR_CMAC_AUTH_FAILED if tag does not match + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ); + +/** + * \brief AES-CMAC-128-PRF + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param key PRF key + * \param key_len PRF key length + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify (16 bytes) + * + * \return 0 if successful + */ +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_len, + const unsigned char *input, + unsigned char *tag ); + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_cmac_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_H */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a58519bd5609..6e031362939c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1671,6 +1671,18 @@ */ #define MBEDTLS_CIPHER_C +/** + * \def MBEDTLS_CMAC_C + * + * Enable the CMAC mode for 128-bit block cipher. + * + * Module: library/cmac.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * + */ +#define MBEDTLS_CMAC_C + /** * \def MBEDTLS_CTR_DRBG_C * diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 98fe8c9c54d4..eeb8e84ca5b8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -15,6 +15,7 @@ set(src_crypto ccm.c cipher.c cipher_wrap.c + cmac.c ctr_drbg.c des.c dhm.c diff --git a/library/cmac.c b/library/cmac.c new file mode 100644 index 000000000000..73ee6d049b8b --- /dev/null +++ b/library/cmac.c @@ -0,0 +1,527 @@ +/* + * NIST SP800-38B compliant CMAC implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +/* + * Definition of CMAC: + * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf + * RFC 4493 "The AES-CMAC Algorithm" + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_CMAC_C) + +#include "mbedtls/cmac.h" + +#include + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_PLATFORM_C */ +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +/* + * Macros for common operations. + * Results in smaller compiled code than static inline functions. + */ + +/* + * XOR 128-bit + */ +#define XOR_128(i1, i2, o) \ + for( i = 0; i < 16; i++ ) \ + ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; + +/* + * Update the CMAC state in Mn using an input block x + * TODO: Compiler optimisation + */ +#define UPDATE_CMAC( x ) \ + XOR_128( Mn, ( x ), Mn ); \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ + return( ret ); + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +/* + * Initialize context + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); +} + +/* + * Leftshift a 16-byte block by 1 bit + * \note output can be same as input + */ +static void leftshift_onebit(unsigned char *input, unsigned char *output) +{ + int i; + unsigned char temp; + unsigned char overflow = 0; + + for( i = 15; i >= 0; i-- ) + { + temp = input[i]; + output[i] = temp << 1; + output[i] |= overflow; + overflow = temp >> 7; + } + return; +} + +/* + * Generate subkeys + */ +static int generate_subkeys(mbedtls_cmac_context *ctx) +{ + static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ + int ret; + unsigned char L[16]; + size_t olen; + + /* Calculate Ek(0) */ + memset( L, 0, 16 ); + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) + { + return( ret ); + } + + /* + * Generate K1 + * If MSB(L) = 0, then K1 = (L << 1) + * If MSB(L) = 1, then K1 = (L << 1) ^ Rb + */ + leftshift_onebit( L, ctx->K1 ); + ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ + + /* + * Generate K2 + * If MSB(K1) == 0, then K2 = (K1 << 1) + * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb + */ + leftshift_onebit( ctx->K1, ctx->K2 ); + ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ + + return( 0 ); +} + +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ) +{ + int ret; + const mbedtls_cipher_info_t *cipher_info; + + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); + if( cipher_info == NULL ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + if( cipher_info->block_size != 16 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + mbedtls_cipher_free( &ctx->cipher_ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + return( ret ); + } + + return( generate_subkeys(ctx) ); +} + +/* + * Free context + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) +{ + mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); +} + +/* TODO: Use cipher padding function? */ +static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) +{ + size_t j; + + /* original last block */ + for( j = 0; j < 16; j++ ) + { + if( j < length ) + { + pad[j] = lastb[j]; + } + else if( j == length ) + { + pad[j] = 0x80; + } + else + { + pad[j] = 0x00; + } + } +} + +/* + * Generate tag on complete message + */ +static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + unsigned char Mn[16]; + unsigned char M_last[16]; + unsigned char padded[16]; + int n, i, j, ret, flag; + size_t olen; + + /* + * Check length requirements: SP800-38B A + * 4 is a worst case bottom limit + */ + if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + /* TODO: Use cipher padding function? */ + // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); + + n = ( length + 15 ) / 16; /* n is number of rounds */ + + if( n == 0 ) + { + n = 1; + flag = 0; + } + else + { + flag = ( ( length % 16 ) == 0); + } + + /* Calculate last block */ + if( flag ) + { + /* Last block is complete block */ + XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); + } + else + { + /* TODO: Use cipher padding function? */ + padding( &input[16 * (n - 1)], padded, length % 16 ); + XOR_128( padded, ctx->K2, M_last ); + } + + memset( Mn, 0, 16 ); + + for( j = 0; j < n - 1; j++ ) + { + UPDATE_CMAC(&input[16 * j]); + } + + UPDATE_CMAC(M_last); + + memcpy( tag, Mn, 16 ); + + return( 0 ); +} + +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + return( cmac_generate( ctx, length, input, tag, tag_len ) ); +} + +/* + * Authenticated decryption + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ) +{ + int ret; + unsigned char check_tag[16]; + unsigned char i; + int diff; + + if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + { + return ret; + } + + /* Check tag in "constant-time" */ + for( diff = 0, i = 0; i < tag_len; i++ ) + { + diff |= tag[i] ^ check_tag[i]; + } + + if( diff != 0 ) + { + return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); + } + + return( 0 ); +} + +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_length, + const unsigned char *input, + unsigned char *tag ) +{ + int ret; + unsigned char zero_key[16]; + unsigned char int_key[16]; + + if( key_length == 16 ) + { + /* Use key as is */ + memcpy(int_key, key, 16); + } + else + { + mbedtls_cmac_context zero_ctx; + + /* Key is AES_CMAC(0, key) */ + mbedtls_cmac_init( &zero_ctx ); + memset(zero_key, 0, 16); + ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); + if( ret != 0 ) + { + return( ret ); + } + ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + if( ret != 0 ) + { + return( ret ); + } + } + + ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); + if( ret != 0 ) + { + return( ret ); + } + return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); +} + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/* + * Examples 1 to 4 from SP800-3B corrected Appendix D.1 + * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + */ + +#define NB_CMAC_TESTS 4 +#define NB_PRF_TESTS 3 + +/* Key */ +static const unsigned char key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +/* Assume we don't need to test Ek0 as this is a function of the cipher */ + +/* Subkey K1 */ +static const unsigned char K1[] = { + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde +}; + +/* Subkey K2 */ +static const unsigned char K2[] = { + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b +}; + +/* All Messages */ +static const unsigned char M[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 +}; + +static const unsigned char T[NB_CMAC_TESTS][16] = { + { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + }, + { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + }, + { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + }, + { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + } +}; + +/* Sizes in bytes */ +static const size_t Mlen[NB_CMAC_TESTS] = { + 0, + 16, + 40, + 64 +}; + +/* PRF K */ +static const unsigned char PRFK[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0xed, 0xcb +}; + +/* Sizes in bytes */ +static const size_t PRFKlen[NB_PRF_TESTS] = { + 18, + 16, + 10 +}; + +/* PRF M */ +static const unsigned char PRFM[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 +}; + +static const unsigned char PRFT[NB_PRF_TESTS][16] = { + { + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + }, + { + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + }, + { + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + } +}; + + +int mbedtls_cmac_self_test( int verbose ) +{ + mbedtls_cmac_context ctx; + unsigned char tag[16]; + int i; + int ret; + + mbedtls_cmac_init( &ctx ); + + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed" ); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || + ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS; i++ ) + { + mbedtls_printf( " AES-128-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + if( ret != 0 || + memcmp( tag, T[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + + mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + mbedtls_cmac_free( &ctx ); + + if( verbose != 0 ) + mbedtls_printf( "\n" ); + + return( 0 ); +} + +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#endif /* MBEDTLS_CMAC_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 89c66169e584..17fdb2128a22 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -32,6 +32,7 @@ #include "mbedtls/dhm.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" +#include "mbedtls/cmac.h" #include "mbedtls/md2.h" #include "mbedtls/md4.h" #include "mbedtls/md5.h" @@ -277,6 +278,11 @@ int main( int argc, char *argv[] ) suites_tested++; #endif +#if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) + if( ( ret = mbedtls_cmac_self_test( v ) ) != 0 ) + return( ret ); +#endif + #if defined(MBEDTLS_BASE64_C) if( mbedtls_base64_self_test( v ) != 0 ) { From c45554448cd90d9325ba5a43e15382e7dbc5f679 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 15:18:33 +0000 Subject: [PATCH 185/272] Added MBEDTLS_CMAC_C --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 5d20ba019957..23b5620eff6f 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -462,6 +462,9 @@ static const char *features[] = { #if defined(MBEDTLS_CERTS_C) "MBEDTLS_CERTS_C", #endif /* MBEDTLS_CERTS_C */ +#if defined(MBEDTLS_CMAC_C) + "MBEDTLS_CMAC_C", +#endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CIPHER_C) "MBEDTLS_CIPHER_C", #endif /* MBEDTLS_CIPHER_C */ From 2fa11cd1975b4c1a485447200b990398da7c7e67 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 17:13:29 +0000 Subject: [PATCH 186/272] Added CMAC as proper low-level module and changed error returns --- include/mbedtls/cmac.h | 4 ++-- include/mbedtls/error.h | 1 + library/error.c | 11 +++++++++++ scripts/generate_errors.pl | 2 +- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 08483f685654..65017ef5c527 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -25,8 +25,8 @@ #include "cipher.h" -#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x000D /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x000F /**< Verification failed. */ +#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5e549f6b6a78..703233ae9856 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -66,6 +66,7 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F + * CMAC 2 0x0011-0x0013 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/library/error.c b/library/error.c index 71d4faa7080f..8c38cf2940e7 100644 --- a/library/error.c +++ b/library/error.c @@ -69,6 +69,10 @@ #include "mbedtls/cipher.h" #endif +#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif + #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif @@ -578,6 +582,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CMAC_C) + if( use_ret == -(MBEDTLS_ERR_CMAC_BAD_INPUT) ) + mbedtls_snprintf( buf, buflen, "CMAC - Bad input parameters to function" ); + if( use_ret == -(MBEDTLS_ERR_CMAC_VERIFY_FAILED) ) + mbedtls_snprintf( buf, buflen, "CMAC - Verification failed" ); +#endif /* MBEDTLS_CMAC_C */ + #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cfcf07c8f3cf..dd91151d6059 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -33,7 +33,7 @@ "BASE64", "XTEA", "PBKDF2", "OID", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); + "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM", "CMAC" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", "PK", "PKCS12", "PKCS5" ); From 9518e88fa027474560cbf94391595c823090bc55 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 17:34:33 +0000 Subject: [PATCH 187/272] Use autogenerated version_features.c --- library/version_features.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/version_features.c b/library/version_features.c index 23b5620eff6f..0a2f06575189 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -462,12 +462,12 @@ static const char *features[] = { #if defined(MBEDTLS_CERTS_C) "MBEDTLS_CERTS_C", #endif /* MBEDTLS_CERTS_C */ -#if defined(MBEDTLS_CMAC_C) - "MBEDTLS_CMAC_C", -#endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CIPHER_C) "MBEDTLS_CIPHER_C", #endif /* MBEDTLS_CIPHER_C */ +#if defined(MBEDTLS_CMAC_C) + "MBEDTLS_CMAC_C", +#endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) "MBEDTLS_CTR_DRBG_C", #endif /* MBEDTLS_CTR_DRBG_C */ From 468320d6f5188b34a35f43add5a91063a45e4e73 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Mon, 14 Dec 2015 17:52:55 +0000 Subject: [PATCH 188/272] Bad code in function documentation --- include/mbedtls/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 65017ef5c527..c01fdc963239 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -100,7 +100,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, * must be 4, 6, 8, 10, 14 or 16 * * \return 0 if successful and authenticated, - * MBEDTLS_ERR_CMAC_AUTH_FAILED if tag does not match + * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, const unsigned char *input, From 9bf1e5dd3bed0c0197442a345abb78d1011cb122 Mon Sep 17 00:00:00 2001 From: Robert Cragie Date: Tue, 15 Dec 2015 07:38:11 +0000 Subject: [PATCH 189/272] Line endings wrong --- include/mbedtls/cmac.h | 278 +++++------ library/cmac.c | 1054 ++++++++++++++++++++-------------------- 2 files changed, 666 insertions(+), 666 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index c01fdc963239..282d549a4361 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,139 +1,139 @@ -/** - * \file cmac.h - * - * \brief The CMAC Mode for Authentication - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_CMAC_H -#define MBEDTLS_CMAC_H - -#include "cipher.h" - -#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief CCM context structure - */ -typedef struct { - mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char K1[16]; - unsigned char K2[16]; -} -mbedtls_cmac_context; - -/** - * \brief Initialize CMAC context (just makes references valid) - * Makes the context ready for mbedtls_cmac_setkey() or - * mbedtls_cmac_free(). - * - * \param ctx CMAC context to initialize - */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); - -/** - * \brief CMAC initialization - * - * \param ctx CMAC context to be initialized - * \param cipher cipher to use (a 128-bit block cipher) - * \param key encryption key - * \param keybits key size in bits (must be acceptable by the cipher) - * - * \return 0 if successful, or a cipher specific error code - */ -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief Free a CMAC context and underlying cipher sub-context - * - * \param ctx CMAC context to free - */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); - -/** - * \brief CMAC generate - * - * \param ctx CMAC context - * \param length length of the input data in bytes - * \param input buffer holding the input data - * \param tag buffer for holding the generated tag - * \param tag_len length of the tag to generate in bytes - * must be between 4, 6, 8, 10, 14 or 16 - * - * \return 0 if successful - */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - unsigned char *tag, size_t tag_len ); - -/** - * \brief CMAC verify - * - * \param ctx CMAC context - * \param length length of the input data in bytes - * \param input buffer holding the input data - * \param tag buffer holding the tag to verify - * \param tag_len length of the tag to verify in bytes - * must be 4, 6, 8, 10, 14 or 16 - * - * \return 0 if successful and authenticated, - * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match - */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - const unsigned char *tag, size_t tag_len ); - -/** - * \brief AES-CMAC-128-PRF - * - * \param ctx CMAC context - * \param length length of the input data in bytes - * \param key PRF key - * \param key_len PRF key length - * \param input buffer holding the input data - * \param tag buffer holding the tag to verify (16 bytes) - * - * \return 0 if successful - */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *key, size_t key_len, - const unsigned char *input, - unsigned char *tag ); - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_cmac_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CMAC_H */ +/** + * \file cmac.h + * + * \brief The CMAC Mode for Authentication + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_CMAC_H +#define MBEDTLS_CMAC_H + +#include "cipher.h" + +#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief CCM context structure + */ +typedef struct { + mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ + unsigned char K1[16]; + unsigned char K2[16]; +} +mbedtls_cmac_context; + +/** + * \brief Initialize CMAC context (just makes references valid) + * Makes the context ready for mbedtls_cmac_setkey() or + * mbedtls_cmac_free(). + * + * \param ctx CMAC context to initialize + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC initialization + * + * \param ctx CMAC context to be initialized + * \param cipher cipher to use (a 128-bit block cipher) + * \param key encryption key + * \param keybits key size in bits (must be acceptable by the cipher) + * + * \return 0 if successful, or a cipher specific error code + */ +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ); + +/** + * \brief Free a CMAC context and underlying cipher sub-context + * + * \param ctx CMAC context to free + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); + +/** + * \brief CMAC generate + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer for holding the generated tag + * \param tag_len length of the tag to generate in bytes + * must be between 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful + */ +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ); + +/** + * \brief CMAC verify + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify + * \param tag_len length of the tag to verify in bytes + * must be 4, 6, 8, 10, 14 or 16 + * + * \return 0 if successful and authenticated, + * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ); + +/** + * \brief AES-CMAC-128-PRF + * + * \param ctx CMAC context + * \param length length of the input data in bytes + * \param key PRF key + * \param key_len PRF key length + * \param input buffer holding the input data + * \param tag buffer holding the tag to verify (16 bytes) + * + * \return 0 if successful + */ +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_len, + const unsigned char *input, + unsigned char *tag ); + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_cmac_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_H */ diff --git a/library/cmac.c b/library/cmac.c index 73ee6d049b8b..2ba58b6faa75 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,527 +1,527 @@ -/* - * NIST SP800-38B compliant CMAC implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -/* - * Definition of CMAC: - * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf - * RFC 4493 "The AES-CMAC Algorithm" - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_CMAC_C) - -#include "mbedtls/cmac.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -/* - * Macros for common operations. - * Results in smaller compiled code than static inline functions. - */ - -/* - * XOR 128-bit - */ -#define XOR_128(i1, i2, o) \ - for( i = 0; i < 16; i++ ) \ - ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; - -/* - * Update the CMAC state in Mn using an input block x - * TODO: Compiler optimisation - */ -#define UPDATE_CMAC( x ) \ - XOR_128( Mn, ( x ), Mn ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ - return( ret ); - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * Initialize context - */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); -} - -/* - * Leftshift a 16-byte block by 1 bit - * \note output can be same as input - */ -static void leftshift_onebit(unsigned char *input, unsigned char *output) -{ - int i; - unsigned char temp; - unsigned char overflow = 0; - - for( i = 15; i >= 0; i-- ) - { - temp = input[i]; - output[i] = temp << 1; - output[i] |= overflow; - overflow = temp >> 7; - } - return; -} - -/* - * Generate subkeys - */ -static int generate_subkeys(mbedtls_cmac_context *ctx) -{ - static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ - int ret; - unsigned char L[16]; - size_t olen; - - /* Calculate Ek(0) */ - memset( L, 0, 16 ); - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) - { - return( ret ); - } - - /* - * Generate K1 - * If MSB(L) = 0, then K1 = (L << 1) - * If MSB(L) = 1, then K1 = (L << 1) ^ Rb - */ - leftshift_onebit( L, ctx->K1 ); - ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ - - /* - * Generate K2 - * If MSB(K1) == 0, then K2 = (K1 << 1) - * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb - */ - leftshift_onebit( ctx->K1, ctx->K2 ); - ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ - - return( 0 ); -} - -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ - int ret; - const mbedtls_cipher_info_t *cipher_info; - - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - mbedtls_cipher_free( &ctx->cipher_ctx ); - - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); - - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); - } - - return( generate_subkeys(ctx) ); -} - -/* - * Free context - */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) -{ - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); -} - -/* TODO: Use cipher padding function? */ -static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) -{ - size_t j; - - /* original last block */ - for( j = 0; j < 16; j++ ) - { - if( j < length ) - { - pad[j] = lastb[j]; - } - else if( j == length ) - { - pad[j] = 0x80; - } - else - { - pad[j] = 0x00; - } - } -} - -/* - * Generate tag on complete message - */ -static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - unsigned char *tag, size_t tag_len ) -{ - unsigned char Mn[16]; - unsigned char M_last[16]; - unsigned char padded[16]; - int n, i, j, ret, flag; - size_t olen; - - /* - * Check length requirements: SP800-38B A - * 4 is a worst case bottom limit - */ - if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - /* TODO: Use cipher padding function? */ - // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - - n = ( length + 15 ) / 16; /* n is number of rounds */ - - if( n == 0 ) - { - n = 1; - flag = 0; - } - else - { - flag = ( ( length % 16 ) == 0); - } - - /* Calculate last block */ - if( flag ) - { - /* Last block is complete block */ - XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); - } - else - { - /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, length % 16 ); - XOR_128( padded, ctx->K2, M_last ); - } - - memset( Mn, 0, 16 ); - - for( j = 0; j < n - 1; j++ ) - { - UPDATE_CMAC(&input[16 * j]); - } - - UPDATE_CMAC(M_last); - - memcpy( tag, Mn, 16 ); - - return( 0 ); -} - -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - unsigned char *tag, size_t tag_len ) -{ - return( cmac_generate( ctx, length, input, tag, tag_len ) ); -} - -/* - * Authenticated decryption - */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, - const unsigned char *tag, size_t tag_len ) -{ - int ret; - unsigned char check_tag[16]; - unsigned char i; - int diff; - - if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) - { - return ret; - } - - /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) - { - diff |= tag[i] ^ check_tag[i]; - } - - if( diff != 0 ) - { - return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); - } - - return( 0 ); -} - -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *key, size_t key_length, - const unsigned char *input, - unsigned char *tag ) -{ - int ret; - unsigned char zero_key[16]; - unsigned char int_key[16]; - - if( key_length == 16 ) - { - /* Use key as is */ - memcpy(int_key, key, 16); - } - else - { - mbedtls_cmac_context zero_ctx; - - /* Key is AES_CMAC(0, key) */ - mbedtls_cmac_init( &zero_ctx ); - memset(zero_key, 0, 16); - ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); - if( ret != 0 ) - { - return( ret ); - } - ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); - if( ret != 0 ) - { - return( ret ); - } - } - - ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); - if( ret != 0 ) - { - return( ret ); - } - return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); -} - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -/* - * Examples 1 to 4 from SP800-3B corrected Appendix D.1 - * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf - */ - -#define NB_CMAC_TESTS 4 -#define NB_PRF_TESTS 3 - -/* Key */ -static const unsigned char key[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c -}; - -/* Assume we don't need to test Ek0 as this is a function of the cipher */ - -/* Subkey K1 */ -static const unsigned char K1[] = { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde -}; - -/* Subkey K2 */ -static const unsigned char K2[] = { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b -}; - -/* All Messages */ -static const unsigned char M[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 -}; - -static const unsigned char T[NB_CMAC_TESTS][16] = { - { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 - }, - { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c - }, - { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 - }, - { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe - } -}; - -/* Sizes in bytes */ -static const size_t Mlen[NB_CMAC_TESTS] = { - 0, - 16, - 40, - 64 -}; - -/* PRF K */ -static const unsigned char PRFK[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0xed, 0xcb -}; - -/* Sizes in bytes */ -static const size_t PRFKlen[NB_PRF_TESTS] = { - 18, - 16, - 10 -}; - -/* PRF M */ -static const unsigned char PRFM[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 -}; - -static const unsigned char PRFT[NB_PRF_TESTS][16] = { - { - 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, - 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a - }, - { - 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, - 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d - }, - { - 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, - 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d - } -}; - - -int mbedtls_cmac_self_test( int verbose ) -{ - mbedtls_cmac_context ctx; - unsigned char tag[16]; - int i; - int ret; - - mbedtls_cmac_init( &ctx ); - - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed" ); - - return( 1 ); - } - - if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || - ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS; i++ ) - { - mbedtls_printf( " AES-128-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); - if( ret != 0 || - memcmp( tag, T[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - for( i = 0; i < NB_PRF_TESTS; i++ ) - { - mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - - mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); - - if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - mbedtls_cmac_free( &ctx ); - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); -} - -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -#endif /* MBEDTLS_CMAC_C */ +/* + * NIST SP800-38B compliant CMAC implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +/* + * Definition of CMAC: + * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf + * RFC 4493 "The AES-CMAC Algorithm" + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_CMAC_C) + +#include "mbedtls/cmac.h" + +#include + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_PLATFORM_C */ +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +/* + * Macros for common operations. + * Results in smaller compiled code than static inline functions. + */ + +/* + * XOR 128-bit + */ +#define XOR_128(i1, i2, o) \ + for( i = 0; i < 16; i++ ) \ + ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; + +/* + * Update the CMAC state in Mn using an input block x + * TODO: Compiler optimisation + */ +#define UPDATE_CMAC( x ) \ + XOR_128( Mn, ( x ), Mn ); \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ + return( ret ); + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +/* + * Initialize context + */ +void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); +} + +/* + * Leftshift a 16-byte block by 1 bit + * \note output can be same as input + */ +static void leftshift_onebit(unsigned char *input, unsigned char *output) +{ + int i; + unsigned char temp; + unsigned char overflow = 0; + + for( i = 15; i >= 0; i-- ) + { + temp = input[i]; + output[i] = temp << 1; + output[i] |= overflow; + overflow = temp >> 7; + } + return; +} + +/* + * Generate subkeys + */ +static int generate_subkeys(mbedtls_cmac_context *ctx) +{ + static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ + int ret; + unsigned char L[16]; + size_t olen; + + /* Calculate Ek(0) */ + memset( L, 0, 16 ); + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) + { + return( ret ); + } + + /* + * Generate K1 + * If MSB(L) = 0, then K1 = (L << 1) + * If MSB(L) = 1, then K1 = (L << 1) ^ Rb + */ + leftshift_onebit( L, ctx->K1 ); + ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ + + /* + * Generate K2 + * If MSB(K1) == 0, then K2 = (K1 << 1) + * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb + */ + leftshift_onebit( ctx->K1, ctx->K2 ); + ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ + + return( 0 ); +} + +int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ) +{ + int ret; + const mbedtls_cipher_info_t *cipher_info; + + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); + if( cipher_info == NULL ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + if( cipher_info->block_size != 16 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + mbedtls_cipher_free( &ctx->cipher_ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + return( ret ); + } + + return( generate_subkeys(ctx) ); +} + +/* + * Free context + */ +void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) +{ + mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); +} + +/* TODO: Use cipher padding function? */ +static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) +{ + size_t j; + + /* original last block */ + for( j = 0; j < 16; j++ ) + { + if( j < length ) + { + pad[j] = lastb[j]; + } + else if( j == length ) + { + pad[j] = 0x80; + } + else + { + pad[j] = 0x00; + } + } +} + +/* + * Generate tag on complete message + */ +static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + unsigned char Mn[16]; + unsigned char M_last[16]; + unsigned char padded[16]; + int n, i, j, ret, flag; + size_t olen; + + /* + * Check length requirements: SP800-38B A + * 4 is a worst case bottom limit + */ + if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + + /* TODO: Use cipher padding function? */ + // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); + + n = ( length + 15 ) / 16; /* n is number of rounds */ + + if( n == 0 ) + { + n = 1; + flag = 0; + } + else + { + flag = ( ( length % 16 ) == 0); + } + + /* Calculate last block */ + if( flag ) + { + /* Last block is complete block */ + XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); + } + else + { + /* TODO: Use cipher padding function? */ + padding( &input[16 * (n - 1)], padded, length % 16 ); + XOR_128( padded, ctx->K2, M_last ); + } + + memset( Mn, 0, 16 ); + + for( j = 0; j < n - 1; j++ ) + { + UPDATE_CMAC(&input[16 * j]); + } + + UPDATE_CMAC(M_last); + + memcpy( tag, Mn, 16 ); + + return( 0 ); +} + +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + unsigned char *tag, size_t tag_len ) +{ + return( cmac_generate( ctx, length, input, tag, tag_len ) ); +} + +/* + * Authenticated decryption + */ +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *input, + const unsigned char *tag, size_t tag_len ) +{ + int ret; + unsigned char check_tag[16]; + unsigned char i; + int diff; + + if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + { + return ret; + } + + /* Check tag in "constant-time" */ + for( diff = 0, i = 0; i < tag_len; i++ ) + { + diff |= tag[i] ^ check_tag[i]; + } + + if( diff != 0 ) + { + return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); + } + + return( 0 ); +} + +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, + const unsigned char *key, size_t key_length, + const unsigned char *input, + unsigned char *tag ) +{ + int ret; + unsigned char zero_key[16]; + unsigned char int_key[16]; + + if( key_length == 16 ) + { + /* Use key as is */ + memcpy(int_key, key, 16); + } + else + { + mbedtls_cmac_context zero_ctx; + + /* Key is AES_CMAC(0, key) */ + mbedtls_cmac_init( &zero_ctx ); + memset(zero_key, 0, 16); + ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); + if( ret != 0 ) + { + return( ret ); + } + ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + if( ret != 0 ) + { + return( ret ); + } + } + + ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); + if( ret != 0 ) + { + return( ret ); + } + return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); +} + +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +/* + * Examples 1 to 4 from SP800-3B corrected Appendix D.1 + * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + */ + +#define NB_CMAC_TESTS 4 +#define NB_PRF_TESTS 3 + +/* Key */ +static const unsigned char key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +/* Assume we don't need to test Ek0 as this is a function of the cipher */ + +/* Subkey K1 */ +static const unsigned char K1[] = { + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde +}; + +/* Subkey K2 */ +static const unsigned char K2[] = { + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b +}; + +/* All Messages */ +static const unsigned char M[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 +}; + +static const unsigned char T[NB_CMAC_TESTS][16] = { + { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + }, + { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + }, + { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + }, + { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + } +}; + +/* Sizes in bytes */ +static const size_t Mlen[NB_CMAC_TESTS] = { + 0, + 16, + 40, + 64 +}; + +/* PRF K */ +static const unsigned char PRFK[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0xed, 0xcb +}; + +/* Sizes in bytes */ +static const size_t PRFKlen[NB_PRF_TESTS] = { + 18, + 16, + 10 +}; + +/* PRF M */ +static const unsigned char PRFM[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 +}; + +static const unsigned char PRFT[NB_PRF_TESTS][16] = { + { + 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b, + 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a + }, + { + 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52, + 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d + }, + { + 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee, + 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d + } +}; + + +int mbedtls_cmac_self_test( int verbose ) +{ + mbedtls_cmac_context ctx; + unsigned char tag[16]; + int i; + int ret; + + mbedtls_cmac_init( &ctx ); + + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed" ); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || + ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS; i++ ) + { + mbedtls_printf( " AES-128-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + if( ret != 0 || + memcmp( tag, T[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + + mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + mbedtls_cmac_free( &ctx ); + + if( verbose != 0 ) + mbedtls_printf( "\n" ); + + return( 0 ); +} + +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + +#endif /* MBEDTLS_CMAC_C */ From 9c83eebe67e51e8e5524b72e8886d6fd73b85f59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 10:48:02 +0000 Subject: [PATCH 190/272] cmac: improve argument order and naming - always use the pattern "buffer, length" - avoid using unqualified "length" as a name when there are more than one --- include/mbedtls/cmac.h | 18 +++++++++--------- library/cmac.c | 38 +++++++++++++++++++------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 282d549a4361..3b5c13e9980d 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -77,24 +77,24 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \brief CMAC generate * * \param ctx CMAC context - * \param length length of the input data in bytes * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes * must be between 4, 6, 8, 10, 14 or 16 * * \return 0 if successful */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ); /** * \brief CMAC verify * * \param ctx CMAC context - * \param length length of the input data in bytes * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes * must be 4, 6, 8, 10, 14 or 16 @@ -102,25 +102,25 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, * \return 0 if successful and authenticated, * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ); /** * \brief AES-CMAC-128-PRF * * \param ctx CMAC context - * \param length length of the input data in bytes * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) * * \return 0 if successful */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_len, - const unsigned char *input, + const unsigned char *input, size_t in_len, unsigned char *tag ); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) diff --git a/library/cmac.c b/library/cmac.c index 2ba58b6faa75..0d93c9736587 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -200,8 +200,8 @@ static void padding(const unsigned char *lastb, unsigned char *pad, const size_t /* * Generate tag on complete message */ -static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +static int cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { unsigned char Mn[16]; @@ -211,7 +211,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, size_t olen; /* - * Check length requirements: SP800-38B A + * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) @@ -220,7 +220,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, /* TODO: Use cipher padding function? */ // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - n = ( length + 15 ) / 16; /* n is number of rounds */ + n = ( in_len + 15 ) / 16; /* n is number of rounds */ if( n == 0 ) { @@ -229,7 +229,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, } else { - flag = ( ( length % 16 ) == 0); + flag = ( ( in_len % 16 ) == 0); } /* Calculate last block */ @@ -241,7 +241,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, else { /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, length % 16 ); + padding( &input[16 * (n - 1)], padded, in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } @@ -259,18 +259,18 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, return( 0 ); } -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { - return( cmac_generate( ctx, length, input, tag, tag_len ) ); + return( cmac_generate( ctx, input, in_len, tag, tag_len ) ); } /* * Authenticated decryption */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ) { int ret; @@ -278,7 +278,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, unsigned char i; int diff; - if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len) ) != 0 ) { return ret; } @@ -297,9 +297,9 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, return( 0 ); } -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_length, - const unsigned char *input, + const unsigned char *input, size_t in_len, unsigned char *tag ) { int ret; @@ -323,7 +323,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, { return( ret ); } - ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) { return( ret ); @@ -335,7 +335,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, { return( ret ); } - return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); + return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); } #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -473,7 +473,7 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); - ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || memcmp( tag, T[i], 16 ) != 0 ) { @@ -482,7 +482,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); if( ret != 0 ) { if( verbose != 0 ) @@ -499,7 +499,7 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag); if( ret != 0 || memcmp( tag, PRFT[i], 16 ) != 0 ) From a4dfa0550f4aec79d29e95e6e13abda56601a940 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 11:00:47 +0000 Subject: [PATCH 191/272] cmac: fix whitespace/codingstyle issues --- library/cmac.c | 61 +++++++++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 26 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 0d93c9736587..fa32212eba3c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -54,7 +54,7 @@ /* * XOR 128-bit */ -#define XOR_128(i1, i2, o) \ +#define XOR_128( i1, i2, o ) \ for( i = 0; i < 16; i++ ) \ ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; @@ -64,7 +64,8 @@ */ #define UPDATE_CMAC( x ) \ XOR_128( Mn, ( x ), Mn ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, Mn, 16, Mn, &olen ) ) != 0 ) \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ + Mn, 16, Mn, &olen ) ) != 0 ) \ return( ret ); /* Implementation that should never be optimized out by the compiler */ @@ -84,7 +85,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) * Leftshift a 16-byte block by 1 bit * \note output can be same as input */ -static void leftshift_onebit(unsigned char *input, unsigned char *output) +static void leftshift_onebit( unsigned char *input, unsigned char *output ) { int i; unsigned char temp; @@ -97,27 +98,29 @@ static void leftshift_onebit(unsigned char *input, unsigned char *output) output[i] |= overflow; overflow = temp >> 7; } + return; } /* * Generate subkeys */ -static int generate_subkeys(mbedtls_cmac_context *ctx) +static int generate_subkeys( mbedtls_cmac_context *ctx ) { - static const unsigned char Rb[2] = {0x00, 0x87}; /* Note - block size 16 only */ + static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ int ret; unsigned char L[16]; size_t olen; /* Calculate Ek(0) */ memset( L, 0, 16 ); - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, 16, L, &olen ) ) != 0 ) + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, + L, 16, L, &olen ) ) != 0 ) { return( ret ); } - /* + /* * Generate K1 * If MSB(L) = 0, then K1 = (L << 1) * If MSB(L) = 1, then K1 = (L << 1) ^ Rb @@ -132,7 +135,7 @@ static int generate_subkeys(mbedtls_cmac_context *ctx) */ leftshift_onebit( ctx->K1, ctx->K2 ); ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ - + return( 0 ); } @@ -144,7 +147,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, int ret; const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); + cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, + MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); @@ -157,12 +161,12 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, return( ret ); if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) + MBEDTLS_ENCRYPT ) ) != 0 ) { return( ret ); } - return( generate_subkeys(ctx) ); + return( generate_subkeys( ctx ) ); } /* @@ -175,7 +179,9 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) } /* TODO: Use cipher padding function? */ -static void padding(const unsigned char *lastb, unsigned char *pad, const size_t length) +static void padding( const unsigned char *lastb, + unsigned char *pad, + const size_t length ) { size_t j; @@ -236,12 +242,12 @@ static int cmac_generate( mbedtls_cmac_context *ctx, if( flag ) { /* Last block is complete block */ - XOR_128( &input[16 * (n - 1)], ctx->K1, M_last ); + XOR_128( &input[16 * ( n - 1 )], ctx->K1, M_last ); } else { /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, in_len % 16 ); + padding( &input[16 * ( n - 1 )], padded, in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } @@ -249,10 +255,10 @@ static int cmac_generate( mbedtls_cmac_context *ctx, for( j = 0; j < n - 1; j++ ) { - UPDATE_CMAC(&input[16 * j]); + UPDATE_CMAC( &input[16 * j] ); } - UPDATE_CMAC(M_last); + UPDATE_CMAC( M_last ); memcpy( tag, Mn, 16 ); @@ -277,8 +283,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, unsigned char check_tag[16]; unsigned char i; int diff; - - if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len) ) != 0 ) + + if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) { return ret; } @@ -309,7 +315,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, if( key_length == 16 ) { /* Use key as is */ - memcpy(int_key, key, 16); + memcpy( int_key, key, 16 ); } else { @@ -317,8 +323,9 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, /* Key is AES_CMAC(0, key) */ mbedtls_cmac_init( &zero_ctx ); - memset(zero_key, 0, 16); - ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); + memset( zero_key, 0, 16 ); + ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, + zero_key, 8 * sizeof zero_key ); if( ret != 0 ) { return( ret ); @@ -330,7 +337,8 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, } } - ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); + ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, + int_key, 8 * sizeof int_key ); if( ret != 0 ) { return( ret ); @@ -424,7 +432,7 @@ static const size_t PRFKlen[NB_PRF_TESTS] = { static const unsigned char PRFM[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 + 0x10, 0x11, 0x12, 0x13 }; static const unsigned char PRFT[NB_PRF_TESTS][16] = { @@ -472,7 +480,7 @@ int mbedtls_cmac_self_test( int verbose ) for( i = 0; i < NB_CMAC_TESTS; i++ ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); - + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || memcmp( tag, T[i], 16 ) != 0 ) @@ -482,6 +490,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); if( ret != 0 ) { @@ -499,8 +508,8 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag); - + mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag ); + if( ret != 0 || memcmp( tag, PRFT[i], 16 ) != 0 ) { From 756bcf763187b062c6754d216fdc4cef771e5dd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 11:28:16 +0000 Subject: [PATCH 192/272] cmac: factor multiply by u to its own function We're doing exactly the same operation for K1 and K2. --- library/cmac.c | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index fa32212eba3c..8f6574a203a6 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -82,24 +82,28 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) } /* - * Leftshift a 16-byte block by 1 bit - * \note output can be same as input + * Multiply by u in GF(2^128) + * + * As explained in the paper, this can be achieved as + * If MSB(p) = 0, then p = (p << 1) + * If MSB(p) = 1, then p = (p << 1) ^ Rb + * with Rb = 0x87 + * + * Input and output MUST not point to the same buffer */ -static void leftshift_onebit( unsigned char *input, unsigned char *output ) +static void multiply_by_u( unsigned char *output, const unsigned char *input ) { - int i; - unsigned char temp; + static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ unsigned char overflow = 0; + int i; for( i = 15; i >= 0; i-- ) { - temp = input[i]; - output[i] = temp << 1; - output[i] |= overflow; - overflow = temp >> 7; + output[i] = input[i] << 1 | overflow; + overflow = input[i] >> 7; } - return; + output[15] ^= Rb[input[0] >> 7]; /* "Constant-time" operation */ } /* @@ -107,7 +111,6 @@ static void leftshift_onebit( unsigned char *input, unsigned char *output ) */ static int generate_subkeys( mbedtls_cmac_context *ctx ) { - static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ int ret; unsigned char L[16]; size_t olen; @@ -121,20 +124,10 @@ static int generate_subkeys( mbedtls_cmac_context *ctx ) } /* - * Generate K1 - * If MSB(L) = 0, then K1 = (L << 1) - * If MSB(L) = 1, then K1 = (L << 1) ^ Rb - */ - leftshift_onebit( L, ctx->K1 ); - ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */ - - /* - * Generate K2 - * If MSB(K1) == 0, then K2 = (K1 << 1) - * If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb + * Generate K1 and K2 */ - leftshift_onebit( ctx->K1, ctx->K2 ); - ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */ + multiply_by_u( ctx->K1, L ); + multiply_by_u( ctx->K2, ctx->K1 ); return( 0 ); } From 28ea79152115b4b02543d1696d522830931b040c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 11:30:00 +0000 Subject: [PATCH 193/272] cmac: zeroize sensitive intermediate values --- library/cmac.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/cmac.c b/library/cmac.c index 8f6574a203a6..87846a617df3 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -129,6 +129,8 @@ static int generate_subkeys( mbedtls_cmac_context *ctx ) multiply_by_u( ctx->K1, L ); multiply_by_u( ctx->K2, ctx->K1 ); + mbedtls_zeroize( L, sizeof( L ) ); + return( 0 ); } @@ -336,6 +338,9 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, { return( ret ); } + + mbedtls_zeroize( int_key, sizeof( int_key ) ); + return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); } From 89b8d837239f9d63ece784e50897bf2bc718ea2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 13:05:03 +0000 Subject: [PATCH 194/272] cmac: make subkey gen more constant-time The previous version had secret-dependent memory accesses. While it was probably not an issue in practice cause the two bytes of the array are probably on the same cache line anyway, as a matter of principle this should be avoided. --- library/cmac.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 87846a617df3..af0439a430eb 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -93,7 +93,8 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static void multiply_by_u( unsigned char *output, const unsigned char *input ) { - static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */ + const unsigned char Rb = 0x87; /* block size 16 only */ + unsigned char mask; unsigned char overflow = 0; int i; @@ -103,7 +104,20 @@ static void multiply_by_u( unsigned char *output, const unsigned char *input ) overflow = input[i] >> 7; } - output[15] ^= Rb[input[0] >> 7]; /* "Constant-time" operation */ + /* mask = ( input[0] >> 7 ) ? 0xff : 0x00 + * using bit operations to avoid branches */ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + mask = - ( input[0] >> 7 ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + output[15] ^= Rb & mask; } /* From da8724fbc693c39a3402c30b951cd47dc2830211 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 13:14:04 +0000 Subject: [PATCH 195/272] cmac: clean up padding function and comments --- library/cmac.c | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index af0439a430eb..1287c820a71e 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -187,28 +187,26 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); } -/* TODO: Use cipher padding function? */ -static void padding( const unsigned char *lastb, - unsigned char *pad, - const size_t length ) +/* + * Create padded last block from (partial) last block. + * + * We can't use the padding option from the cipher layer, as it only works for + * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. + */ +static void padding( unsigned char padded_block[16], + const unsigned char *last_block, + size_t length ) { size_t j; - /* original last block */ for( j = 0; j < 16; j++ ) { if( j < length ) - { - pad[j] = lastb[j]; - } + padded_block[j] = last_block[j]; else if( j == length ) - { - pad[j] = 0x80; - } + padded_block[j] = 0x80; else - { - pad[j] = 0x00; - } + padded_block[j] = 0x00; } } @@ -232,9 +230,6 @@ static int cmac_generate( mbedtls_cmac_context *ctx, if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - /* TODO: Use cipher padding function? */ - // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - n = ( in_len + 15 ) / 16; /* n is number of rounds */ if( n == 0 ) @@ -255,8 +250,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, } else { - /* TODO: Use cipher padding function? */ - padding( &input[16 * ( n - 1 )], padded, in_len % 16 ); + padding( padded, &input[16 * ( n - 1 )], in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } From 59ae4bad18e3e4cd5983badb3ca7fd0f7fd06557 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 14:27:55 +0000 Subject: [PATCH 196/272] cmac: some more padding-related tune-ups - use one less temporary buffer - pedantic: in_len + 15 was a potential overflow - use a more explicit name instead of 'flag' - Mn was a bit misleading --- library/cmac.c | 51 ++++++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 29 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 1287c820a71e..d9e94a6fc0bd 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -54,19 +54,20 @@ /* * XOR 128-bit */ -#define XOR_128( i1, i2, o ) \ +#define XOR_128( o, i1, i2 ) \ for( i = 0; i < 16; i++ ) \ ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; /* - * Update the CMAC state in Mn using an input block x - * TODO: Compiler optimisation + * Update the CMAC state using an input block x */ #define UPDATE_CMAC( x ) \ - XOR_128( Mn, ( x ), Mn ); \ +do { \ + XOR_128( state, ( x ), state ); \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - Mn, 16, Mn, &olen ) ) != 0 ) \ - return( ret ); + state, 16, state, &olen ) ) != 0 ) \ + return( ret ); \ +} while( 0 ) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -217,10 +218,9 @@ static int cmac_generate( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { - unsigned char Mn[16]; + unsigned char state[16]; unsigned char M_last[16]; - unsigned char padded[16]; - int n, i, j, ret, flag; + int n, i, j, ret, needs_padding; size_t olen; /* @@ -230,40 +230,33 @@ static int cmac_generate( mbedtls_cmac_context *ctx, if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - n = ( in_len + 15 ) / 16; /* n is number of rounds */ - - if( n == 0 ) - { - n = 1; - flag = 0; - } + if( in_len == 0 ) + needs_padding = 1; else - { - flag = ( ( in_len % 16 ) == 0); - } + needs_padding = in_len % 16 != 0; + + n = in_len / 16 + needs_padding; /* Calculate last block */ - if( flag ) + if( needs_padding ) { - /* Last block is complete block */ - XOR_128( &input[16 * ( n - 1 )], ctx->K1, M_last ); + padding( M_last, input + 16 * ( n - 1 ), in_len % 16 ); + XOR_128( M_last, M_last, ctx->K2 ); } else { - padding( padded, &input[16 * ( n - 1 )], in_len % 16 ); - XOR_128( padded, ctx->K2, M_last ); + /* Last block is complete block */ + XOR_128( M_last, input + 16 * ( n - 1 ), ctx->K1 ); } - memset( Mn, 0, 16 ); + memset( state, 0, 16 ); for( j = 0; j < n - 1; j++ ) - { - UPDATE_CMAC( &input[16 * j] ); - } + UPDATE_CMAC( input + 16 * j ); UPDATE_CMAC( M_last ); - memcpy( tag, Mn, 16 ); + memcpy( tag, state, 16 ); return( 0 ); } From 5f8639fea2207e7d27399b9b333a96ca8f744bf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 15:03:05 +0000 Subject: [PATCH 197/272] cmac: reduce visibility of macros The #undef is usefull for people who want to to amalgamated releases --- library/cmac.c | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index d9e94a6fc0bd..35c32f3a5c87 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -46,29 +46,6 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ -/* - * Macros for common operations. - * Results in smaller compiled code than static inline functions. - */ - -/* - * XOR 128-bit - */ -#define XOR_128( o, i1, i2 ) \ - for( i = 0; i < 16; i++ ) \ - ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; - -/* - * Update the CMAC state using an input block x - */ -#define UPDATE_CMAC( x ) \ -do { \ - XOR_128( state, ( x ), state ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - state, 16, state, &olen ) ) != 0 ) \ - return( ret ); \ -} while( 0 ) - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -211,6 +188,25 @@ static void padding( unsigned char padded_block[16], } } +/* + * XOR 128-bit + * Here, macro results in smaller compiled code than static inline function + */ +#define XOR_128( o, i1, i2 ) \ + for( i = 0; i < 16; i++ ) \ + ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; + +/* + * Update the CMAC state using an input block x + */ +#define UPDATE_CMAC( x ) \ +do { \ + XOR_128( state, ( x ), state ); \ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ + state, 16, state, &olen ) ) != 0 ) \ + return( ret ); \ +} while( 0 ) + /* * Generate tag on complete message */ @@ -261,6 +257,9 @@ static int cmac_generate( mbedtls_cmac_context *ctx, return( 0 ); } +#undef XOR_128 +#undef UPDATE_CMAC + int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) From a878d3b6e37ccfb3d9237ad97c147f55cf1ce91a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 15:05:57 +0000 Subject: [PATCH 198/272] cmac: avoid useless wrapping of function probably a leftover from an earlier stage --- library/cmac.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 35c32f3a5c87..ff7cb2109e8c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -210,9 +210,10 @@ do { \ /* * Generate tag on complete message */ -static int cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ) +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, + unsigned char *tag, size_t tag_len ) + { unsigned char state[16]; unsigned char M_last[16]; @@ -260,13 +261,6 @@ static int cmac_generate( mbedtls_cmac_context *ctx, #undef XOR_128 #undef UPDATE_CMAC -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ) -{ - return( cmac_generate( ctx, input, in_len, tag, tag_len ) ); -} - /* * Authenticated decryption */ @@ -279,7 +273,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, unsigned char i; int diff; - if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) + if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, + check_tag, tag_len ) ) != 0 ) { return ret; } From 2b0e21f13080bb22bd12bc6be5a125b9e48d2c9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Jan 2016 15:09:09 +0000 Subject: [PATCH 199/272] cmac: more cosmetic changes --- include/mbedtls/cmac.h | 2 ++ library/cmac.c | 46 +++++++++++++++++++++--------------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 3b5c13e9980d..c2ae83be16a9 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -108,6 +108,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, /** * \brief AES-CMAC-128-PRF + * TODO: add reference to the standard * * \param ctx CMAC context * \param key PRF key @@ -115,6 +116,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) + * TODO: update description of tag * * \return 0 if successful */ diff --git a/library/cmac.c b/library/cmac.c index ff7cb2109e8c..23b8044ffe34 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -69,7 +69,8 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) * * Input and output MUST not point to the same buffer */ -static void multiply_by_u( unsigned char *output, const unsigned char *input ) +static void cmac_multiply_by_u( unsigned char *output, + const unsigned char *input ) { const unsigned char Rb = 0x87; /* block size 16 only */ unsigned char mask; @@ -101,7 +102,7 @@ static void multiply_by_u( unsigned char *output, const unsigned char *input ) /* * Generate subkeys */ -static int generate_subkeys( mbedtls_cmac_context *ctx ) +static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) { int ret; unsigned char L[16]; @@ -118,14 +119,17 @@ static int generate_subkeys( mbedtls_cmac_context *ctx ) /* * Generate K1 and K2 */ - multiply_by_u( ctx->K1, L ); - multiply_by_u( ctx->K2, ctx->K1 ); + cmac_multiply_by_u( ctx->K1, L ); + cmac_multiply_by_u( ctx->K2, ctx->K1 ); mbedtls_zeroize( L, sizeof( L ) ); return( 0 ); } +/* + * Set key and prepare context for use + */ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, @@ -153,7 +157,7 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, return( ret ); } - return( generate_subkeys( ctx ) ); + return( cmac_generate_subkeys( ctx ) ); } /* @@ -171,9 +175,9 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void padding( unsigned char padded_block[16], - const unsigned char *last_block, - size_t length ) +static void cmac_pad( unsigned char padded_block[16], + const unsigned char *last_block, + size_t length ) { size_t j; @@ -237,7 +241,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, /* Calculate last block */ if( needs_padding ) { - padding( M_last, input + 16 * ( n - 1 ), in_len % 16 ); + cmac_pad( M_last, input + 16 * ( n - 1 ), in_len % 16 ); XOR_128( M_last, M_last, ctx->K2 ); } else @@ -262,7 +266,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, #undef UPDATE_CMAC /* - * Authenticated decryption + * Verify tag on complete message */ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, @@ -281,18 +285,19 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, /* Check tag in "constant-time" */ for( diff = 0, i = 0; i < tag_len; i++ ) - { diff |= tag[i] ^ check_tag[i]; - } if( diff != 0 ) - { return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); - } return( 0 ); } +/* + * PRF based on CMAC with AES-128 + * TODO: add reference to the standard + * TODO: do we need to take a cmac_context as an argument here? + */ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, @@ -317,22 +322,17 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); if( ret != 0 ) - { return( ret ); - } + ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) - { return( ret ); - } } ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); if( ret != 0 ) - { return( ret ); - } mbedtls_zeroize( int_key, sizeof( int_key ) ); @@ -341,7 +341,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* - * Examples 1 to 4 from SP800-3B corrected Appendix D.1 + * Examples 1 to 4 from SP800-38B corrected Appendix D.1 * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf */ @@ -456,7 +456,7 @@ int mbedtls_cmac_self_test( int verbose ) if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) { if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed" ); + mbedtls_printf( " CMAC: setup failed\n" ); return( 1 ); } @@ -465,7 +465,7 @@ int mbedtls_cmac_self_test( int verbose ) ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) { if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed" ); + mbedtls_printf( " CMAC: subkey generation failed\n" ); return( 1 ); } From 5a8c004f79650ad84644c64d635e8c70d353ad54 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 17 May 2016 10:17:31 -0700 Subject: [PATCH 200/272] Added cmac.o to libary/Makefile --- library/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/Makefile b/library/Makefile index 4b296282b7c9..28f92315a0f9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -48,9 +48,9 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ asn1parse.o asn1write.o base64.o \ bignum.o blowfish.o camellia.o \ ccm.o cipher.o cipher_wrap.o \ - ctr_drbg.o des.o dhm.o \ - ecdh.o ecdsa.o ecjpake.o \ - ecp.o \ + cmac.o ctr_drbg.o des.o \ + dhm.o ecdh.o ecdsa.o \ + ecjpake.o ecp.o \ ecp_curves.o entropy.o entropy_poll.o \ error.o gcm.o havege.o \ hmac_drbg.o md.o md2.o \ From 7c6476c3309bc3a931e02e91a9ba3a458eb52579 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 14:29:51 -0700 Subject: [PATCH 201/272] CMAC support for cipher with 64bit blocks (DES/3DES) --- include/mbedtls/cmac.h | 10 +- library/cmac.c | 521 ++++++++++++++++++++++++++++++++++------- 2 files changed, 443 insertions(+), 88 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index c2ae83be16a9..3e02f912e409 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -37,8 +37,8 @@ extern "C" { */ typedef struct { mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char K1[16]; - unsigned char K2[16]; + unsigned char* K1; + unsigned char* K2; } mbedtls_cmac_context; @@ -108,9 +108,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, /** * \brief AES-CMAC-128-PRF - * TODO: add reference to the standard + * See RFC * - * \param ctx CMAC context * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data @@ -120,8 +119,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * * \return 0 if successful */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, - const unsigned char *key, size_t key_len, +int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, unsigned char *tag ); diff --git a/library/cmac.c b/library/cmac.c index 23b8044ffe34..ab4a82ddfa6f 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -60,24 +60,39 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) } /* - * Multiply by u in GF(2^128) + * Multiplication by u in the Galois field of GF(2^n) * - * As explained in the paper, this can be achieved as + * As explained in the paper, this can computed: * If MSB(p) = 0, then p = (p << 1) - * If MSB(p) = 1, then p = (p << 1) ^ Rb - * with Rb = 0x87 + * If MSB(p) = 1, then p = (p << 1) ^ R_n + * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST not point to the same buffer + * Block size must be 8 byes or 16 bytes. */ -static void cmac_multiply_by_u( unsigned char *output, - const unsigned char *input ) +static int cmac_multiply_by_u( unsigned char *output, + const unsigned char *input, + size_t blocksize) { - const unsigned char Rb = 0x87; /* block size 16 only */ - unsigned char mask; - unsigned char overflow = 0; - int i; - for( i = 15; i >= 0; i-- ) + const unsigned char R_128 = 0x87; + const unsigned char R_64 = 0x1B; + unsigned char R_n, mask; + unsigned char overflow = 0x00; + int i, starting_index; + + starting_index = blocksize -1; + + if(blocksize == 16){ + R_n = R_128; + } else if(blocksize == 8) { + R_n = R_64; + } else { + return MBEDTLS_ERR_CMAC_BAD_INPUT; + } + + + for( i = starting_index; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -96,7 +111,8 @@ static void cmac_multiply_by_u( unsigned char *output, #pragma warning( pop ) #endif - output[15] ^= Rb & mask; + output[starting_index] ^= R_n & mask; + return 0; } /* @@ -104,27 +120,35 @@ static void cmac_multiply_by_u( unsigned char *output, */ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) { - int ret; - unsigned char L[16]; - size_t olen; + int ret, keybytes; + unsigned char *L; + size_t olen, block_size; + + ret = 0; + block_size = ctx->cipher_ctx.cipher_info->block_size; + + L = mbedtls_calloc(block_size, sizeof(unsigned char)); /* Calculate Ek(0) */ - memset( L, 0, 16 ); + memset( L, 0, block_size ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, - L, 16, L, &olen ) ) != 0 ) + L, block_size, L, &olen ) ) != 0 ) { - return( ret ); + goto exit; } /* * Generate K1 and K2 */ - cmac_multiply_by_u( ctx->K1, L ); - cmac_multiply_by_u( ctx->K2, ctx->K1 ); - - mbedtls_zeroize( L, sizeof( L ) ); - - return( 0 ); + if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size) ) != 0 ) + goto exit; + if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size) ) != 0 ) + goto exit; + + exit: + mbedtls_zeroize( L, sizeof( L ) ); + free(L); + return ret; } /* @@ -135,7 +159,7 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret; + int ret, blocksize; const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, @@ -143,8 +167,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, if( cipher_info == NULL ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); mbedtls_cipher_free( &ctx->cipher_ctx ); @@ -165,8 +189,15 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) { + int block_size; + block_size = ctx->cipher_ctx.cipher_info->block_size; + mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_cmac_context ) ); + + mbedtls_zeroize(ctx->K1, block_size * sizeof( unsigned char ) ); + mbedtls_zeroize(ctx->K2, block_size * sizeof( unsigned char ) ); + mbedtls_free( ctx->K1 ); + mbedtls_free( ctx->K2 ); } /* @@ -176,16 +207,17 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ static void cmac_pad( unsigned char padded_block[16], + size_t padded_block_len, const unsigned char *last_block, - size_t length ) + size_t last_block_len ) { size_t j; - for( j = 0; j < 16; j++ ) + for( j = 0; j < padded_block_len; j++ ) { - if( j < length ) + if( j < last_block_len ) padded_block[j] = last_block[j]; - else if( j == length ) + else if( j == last_block_len ) padded_block[j] = 0x80; else padded_block[j] = 0x00; @@ -193,11 +225,11 @@ static void cmac_pad( unsigned char padded_block[16], } /* - * XOR 128-bit + * XOR Block * Here, macro results in smaller compiled code than static inline function */ -#define XOR_128( o, i1, i2 ) \ - for( i = 0; i < 16; i++ ) \ +#define XOR_BLOCK( o, i1, i2 ) \ + for( i = 0; i < block_size; i++ ) \ ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; /* @@ -205,9 +237,10 @@ static void cmac_pad( unsigned char padded_block[16], */ #define UPDATE_CMAC( x ) \ do { \ - XOR_128( state, ( x ), state ); \ + XOR_BLOCK( state, ( x ), state ); \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - state, 16, state, &olen ) ) != 0 ) \ + state, block_size, \ + state, &olen ) ) != 0 ) \ return( ret ); \ } while( 0 ) @@ -219,50 +252,61 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *tag, size_t tag_len ) { - unsigned char state[16]; - unsigned char M_last[16]; + + unsigned char *state; + unsigned char *M_last; int n, i, j, ret, needs_padding; - size_t olen; + size_t olen, block_size; + + + ret = 0; + block_size = ctx->cipher_ctx.cipher_info->block_size; + + state = mbedtls_calloc(block_size, sizeof(unsigned char) ); + M_last = mbedtls_calloc(block_size, sizeof(unsigned char) ); /* * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ - if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); if( in_len == 0 ) needs_padding = 1; else - needs_padding = in_len % 16 != 0; + needs_padding = in_len % block_size != 0; - n = in_len / 16 + needs_padding; + n = in_len / block_size + needs_padding; /* Calculate last block */ if( needs_padding ) { - cmac_pad( M_last, input + 16 * ( n - 1 ), in_len % 16 ); - XOR_128( M_last, M_last, ctx->K2 ); + cmac_pad( M_last, block_size, input + block_size * ( n - 1 ), in_len % block_size ); + XOR_BLOCK( M_last, M_last, ctx->K2 ); } else { /* Last block is complete block */ - XOR_128( M_last, input + 16 * ( n - 1 ), ctx->K1 ); + XOR_BLOCK( M_last, input + block_size * ( n - 1 ), ctx->K1 ); } - memset( state, 0, 16 ); + memset( state, 0, block_size ); for( j = 0; j < n - 1; j++ ) - UPDATE_CMAC( input + 16 * j ); + UPDATE_CMAC( input + block_size * j ); UPDATE_CMAC( M_last ); - memcpy( tag, state, 16 ); + memcpy( tag, state, block_size ); - return( 0 ); + exit: + free(state); + free(M_last); + return( ret ); } -#undef XOR_128 +#undef XOR_BLOCK #undef UPDATE_CMAC /* @@ -273,14 +317,17 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, const unsigned char *tag, size_t tag_len ) { int ret; - unsigned char check_tag[16]; + unsigned char *check_tag; unsigned char i; int diff; + check_tag = mbedtls_calloc(ctx->cipher_ctx.cipher_info->block_size, + sizeof(unsigned char) ); + if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) { - return ret; + goto exit; } /* Check tag in "constant-time" */ @@ -288,25 +335,29 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, diff |= tag[i] ^ check_tag[i]; if( diff != 0 ) - return( MBEDTLS_ERR_CMAC_VERIFY_FAILED ); + ret = MBEDTLS_ERR_CMAC_VERIFY_FAILED; + goto exit; - return( 0 ); + exit: + free(check_tag); + return ret; } /* * PRF based on CMAC with AES-128 - * TODO: add reference to the standard - * TODO: do we need to take a cmac_context as an argument here? + * See RFC 4615 */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, - const unsigned char *key, size_t key_length, +int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, unsigned char *tag ) { int ret; + mbedtls_cmac_context ctx; unsigned char zero_key[16]; unsigned char int_key[16]; + mbedtls_cmac_init(&ctx); + if( key_length == 16 ) { /* Use key as is */ @@ -322,21 +373,27 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, zero_key, 8 * sizeof zero_key ); if( ret != 0 ) - return( ret ); + goto exit; ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) - return( ret ); + goto exit; } - ret = mbedtls_cmac_setkey( ctx, MBEDTLS_CIPHER_ID_AES, + ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, int_key, 8 * sizeof int_key ); if( ret != 0 ) - return( ret ); + goto exit; mbedtls_zeroize( int_key, sizeof( int_key ) ); - return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); + ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); + + exit: + mbedtls_cmac_free(&ctx); + return( ret ); + + } #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -345,30 +402,116 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf */ -#define NB_CMAC_TESTS 4 +#define NB_CMAC_TESTS_AES_128 4 +#define NB_CMAC_TESTS_AES_192 4 +#define NB_CMAC_TESTS_AES_256 4 +#define NB_CMAC_TESTS_3DES 4 + #define NB_PRF_TESTS 3 -/* Key */ -static const unsigned char key[] = { +/* AES 128 Key */ +static const unsigned char aes_128_key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; +/* AES 192 Key */ +static const unsigned char aes_192_key[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; + +/* AES 256 Key */ +static const unsigned char aes_256_key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +}; + +/* 3DES 112 bit key */ +static const unsigned char des3_2key_key[] = { + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, + 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 +}; + +/* 3DES 168 bit key */ +static const unsigned char des3_3key_key[] = { + 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, + 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, + 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 +}; + + + /* Assume we don't need to test Ek0 as this is a function of the cipher */ /* Subkey K1 */ -static const unsigned char K1[] = { +static const unsigned char aes_128_k1[] = { 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde }; /* Subkey K2 */ -static const unsigned char K2[] = { +static const unsigned char aes_128_k2[] = { 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b }; -/* All Messages */ + + +/* Subkey K1 */ +static const unsigned char aes_192_k1[] = { + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 +}; + +/* Subkey K2 */ +static const unsigned char aes_192_k2[] = { + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c +}; + +/* Subkey K1 */ +static const unsigned char aes_256_k1[] = { + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f +}; + +/* Subkey K2 */ +static const unsigned char aes_256_k2[] = { + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 +}; + + +/* Subkey K1 */ +static const unsigned char des3_2key_k1[] = { + 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef +}; + +/* Subkey K2 */ +static const unsigned char des3_2key_k2[] = { + 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 +}; + +/* Subkey K1 */ +static const unsigned char des3_3key_k1[] = { + 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f +}; + +/* Subkey K2 */ +static const unsigned char des3_3key_k2[] = { + 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 +}; + +/* Assume we don't need to test Ek0 as this is a function of the cipher */ + + + +/* All Messages are the same. The difference is the length */ static const unsigned char M[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, @@ -380,7 +523,7 @@ static const unsigned char M[] = { 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -static const unsigned char T[NB_CMAC_TESTS][16] = { +static const unsigned char T_128[NB_CMAC_TESTS_3DES][16] = { { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 @@ -400,13 +543,91 @@ static const unsigned char T[NB_CMAC_TESTS][16] = { }; /* Sizes in bytes */ -static const size_t Mlen[NB_CMAC_TESTS] = { +static const size_t Mlen[NB_CMAC_TESTS_AES_192] = { 0, 16, 40, 64 }; +static const size_t Mlen_3des[NB_CMAC_TESTS_AES_192] = { + 0, + 8, + 20, + 32 +}; + + + +static const unsigned char T_256[NB_CMAC_TESTS_AES_192][16] = { + { + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + }, + { + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + }, + { + 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, + 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + }, + { + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + } +}; + +static const unsigned char T_192[NB_CMAC_TESTS_AES_192][16] = { + { + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + }, + { + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + }, + { + 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, + 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + }, + { + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + } +}; + +static const unsigned char T_3des_2key[NB_CMAC_TESTS_AES_192][16] = { + { + 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 + }, + { + 0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 + }, + { + 0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e + }, + { + 0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 + } +}; + +static const unsigned char T_3des_3key[NB_CMAC_TESTS_AES_192][16] = { + { + 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 + }, + { + 0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 + }, + { + 0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed + }, + { + 0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 + } +}; + + /* PRF K */ static const unsigned char PRFK[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -453,7 +674,8 @@ int mbedtls_cmac_self_test( int verbose ) mbedtls_cmac_init( &ctx ); - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + // AES 128 bit key + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_128_key, 8 * sizeof(aes_128_key) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( " CMAC: setup failed\n" ); @@ -461,8 +683,8 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - if( ( memcmp( ctx.K1, K1, 16 ) != 0 ) || - ( memcmp( ctx.K2, K2, 16 ) != 0 ) ) + if( ( memcmp( ctx.K1, aes_128_k1, 16 ) != 0 ) || + ( memcmp( ctx.K2, aes_128_k2, 16 ) != 0 ) ) { if( verbose != 0 ) mbedtls_printf( " CMAC: subkey generation failed\n" ); @@ -470,13 +692,13 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - for( i = 0; i < NB_CMAC_TESTS; i++ ) + for( i = 0; i < NB_CMAC_TESTS_AES_128; i++ ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || - memcmp( tag, T[i], 16 ) != 0 ) + memcmp( tag, T_128[i], 16 ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -484,7 +706,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_128[i], 16 ); if( ret != 0 ) { if( verbose != 0 ) @@ -497,14 +719,130 @@ int mbedtls_cmac_self_test( int verbose ) mbedtls_printf( "passed\n" ); } - for( i = 0; i < NB_PRF_TESTS; i++ ) + // AES 192 bit key + if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_192_key, 8 * sizeof(aes_192_key) ) != 0 ) { - mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed\n" ); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, aes_192_k1, 16 ) != 0 ) || + ( memcmp( ctx.K2, aes_192_k2, 16 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed\n" ); + + return( 1 ); + } - mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag ); + for( i = 0; i < NB_CMAC_TESTS_AES_192; i++ ) + { + mbedtls_printf( " AES-192-CMAC #%u: ", i ); + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) + memcmp( tag, T_192[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_192[i], 16 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + // 3DES 2 key bit key + if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_2key_key, 8 * sizeof(des3_2key_key) )) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed %i\n", ret); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, des3_2key_k1, 8 ) != 0 ) || + ( memcmp( ctx.K2, des3_2key_k2, 8 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed\n" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) + { + mbedtls_printf( " DES-112-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); + if( ret != 0 || + memcmp( tag, T_3des_2key[i], 8 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_2key[i], 8 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + // 3DES 3 key + if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_3key_key, 8 * sizeof(des3_3key_key) )) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: setup failed %i\n", ret); + + return( 1 ); + } + + if( ( memcmp( ctx.K1, des3_3key_k1, 8 ) != 0 ) || + ( memcmp( ctx.K2, des3_3key_k2, 8 ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( " CMAC: subkey generation failed\n" ); + + return( 1 ); + } + + for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) + { + mbedtls_printf( " DES-168-CMAC #%u: ", i ); + + ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); + if( ret != 0 || + memcmp( tag, T_3des_3key[i], 8 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } + + ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_3key[i], 8 ); + if( ret != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -518,6 +856,25 @@ int mbedtls_cmac_self_test( int verbose ) mbedtls_cmac_free( &ctx ); + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); + + mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); + + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } else if( verbose != 0 ) + { + mbedtls_printf( "passed\n" ); + } + } + if( verbose != 0 ) mbedtls_printf( "\n" ); From 029d79bf2587b4323ac6587c894ba74811292ac4 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 16:05:18 -0700 Subject: [PATCH 202/272] Updated comments for CMAC in config.h --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6e031362939c..f6f431bfb0f9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1674,11 +1674,11 @@ /** * \def MBEDTLS_CMAC_C * - * Enable the CMAC mode for 128-bit block cipher. + * Enable the CMAC mode for block ciphers. * * Module: library/cmac.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C * */ #define MBEDTLS_CMAC_C From 3c0412a443fc46e323de9bb7b5c3b8bce866f2d0 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 14:23:50 -0700 Subject: [PATCH 203/272] Fixed CMAC tag length --- library/cmac.c | 363 +++++++++++++++++++------------------------------ 1 file changed, 143 insertions(+), 220 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index ab4a82ddfa6f..8348939f11f4 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -59,6 +59,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); } + /* * Multiplication by u in the Galois field of GF(2^n) * @@ -298,7 +299,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, UPDATE_CMAC( M_last ); - memcpy( tag, state, block_size ); + memcpy( tag, state, tag_len ); exit: free(state); @@ -444,74 +445,59 @@ static const unsigned char des3_3key_key[] = { 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 }; - - -/* Assume we don't need to test Ek0 as this is a function of the cipher */ - -/* Subkey K1 */ -static const unsigned char aes_128_k1[] = { - 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, - 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde -}; - -/* Subkey K2 */ -static const unsigned char aes_128_k2[] = { - 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, - 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b -}; - - - -/* Subkey K1 */ -static const unsigned char aes_192_k1[] = { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 -}; - -/* Subkey K2 */ -static const unsigned char aes_192_k2[] = { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c -}; - -/* Subkey K1 */ -static const unsigned char aes_256_k1[] = { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f -}; - -/* Subkey K2 */ -static const unsigned char aes_256_k2[] = { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 +static const unsigned char aes_128_subkeys[2][16] = { + { + 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, + 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde + }, + { + 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, + 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b + } }; - -/* Subkey K1 */ -static const unsigned char des3_2key_k1[] = { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef +static const unsigned char aes_192_subkeys[2][16] = { + { + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + }, + { + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c + } }; -/* Subkey K2 */ -static const unsigned char des3_2key_k2[] = { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 +static const unsigned char aes_256_subkeys[2][16] = { + { + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + }, + { + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + } }; -/* Subkey K1 */ -static const unsigned char des3_3key_k1[] = { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f +static const unsigned char des3_2key_subkeys[2][8] = { + { + 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + }, + { + 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + } }; -/* Subkey K2 */ -static const unsigned char des3_3key_k2[] = { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 +static const unsigned char des3_3key_subkeys[2][8] = { + { + 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + }, + { + 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + } }; -/* Assume we don't need to test Ek0 as this is a function of the cipher */ - - -/* All Messages are the same. The difference is the length */ +/* All Messages are truncated from the same 64 byte buffer. */ static const unsigned char M[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, @@ -597,7 +583,7 @@ static const unsigned char T_192[NB_CMAC_TESTS_AES_192][16] = { } }; -static const unsigned char T_3des_2key[NB_CMAC_TESTS_AES_192][16] = { +static const unsigned char T_3des_2key[4][8] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -612,7 +598,7 @@ static const unsigned char T_3des_2key[NB_CMAC_TESTS_AES_192][16] = { } }; -static const unsigned char T_3des_3key[NB_CMAC_TESTS_AES_192][16] = { +static const unsigned char T_3des_3key[4][8] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -664,197 +650,134 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { } }; - -int mbedtls_cmac_self_test( int verbose ) +int test_cmac_with_cipher(int verbose, + const unsigned char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + size_t message_lengths[4], + const unsigned char* subkeys, + const unsigned char* expected_result, + mbedtls_cipher_id_t cipher_id, + int block_size) { - mbedtls_cmac_context ctx; - unsigned char tag[16]; - int i; - int ret; + const int num_tests = 4; + mbedtls_cmac_context ctx; + int i, ret; + unsigned char* tag; + tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); mbedtls_cmac_init( &ctx ); - // AES 128 bit key - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_128_key, 8 * sizeof(aes_128_key) ) != 0 ) + if( ( ret = mbedtls_cmac_setkey( &ctx, cipher_id, key, keybits ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( " CMAC: setup failed\n" ); - - return( 1 ); + goto exit; } - if( ( memcmp( ctx.K1, aes_128_k1, 16 ) != 0 ) || - ( memcmp( ctx.K2, aes_128_k2, 16 ) != 0 ) ) + if( ( ret = memcmp( ctx.K1, subkeys, block_size ) != 0 ) || + ( ret = memcmp( ctx.K2, &subkeys[block_size], block_size ) != 0 ) ) { if( verbose != 0 ) mbedtls_printf( " CMAC: subkey generation failed\n" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_AES_128; i++ ) - { - mbedtls_printf( " AES-128-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); - if( ret != 0 || - memcmp( tag, T_128[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_128[i], 16 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - // AES 192 bit key - if( mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, aes_192_key, 8 * sizeof(aes_192_key) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed\n" ); - - return( 1 ); + goto exit; } - if( ( memcmp( ctx.K1, aes_192_k1, 16 ) != 0 ) || - ( memcmp( ctx.K2, aes_192_k2, 16 ) != 0 ) ) + for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); + mbedtls_printf( " %s CMAC #%u: ", testname, i +1 ); - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_AES_192; i++ ) - { - mbedtls_printf( " AES-192-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); - if( ret != 0 || - memcmp( tag, T_192[i], 16 ) != 0 ) + if( ( ret = mbedtls_cmac_generate( &ctx, messages, message_lengths[i], tag, block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - - return( 1 ); + goto exit; } - - ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T_192[i], 16 ); - if( ret != 0 ) + if( ( ret = memcmp( tag, &expected_result[i * block_size], block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - // 3DES 2 key bit key - if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_2key_key, 8 * sizeof(des3_2key_key) )) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed %i\n", ret); - - return( 1 ); - } - - if( ( memcmp( ctx.K1, des3_2key_k1, 8 ) != 0 ) || - ( memcmp( ctx.K2, des3_2key_k2, 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) - { - mbedtls_printf( " DES-112-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); - if( ret != 0 || - memcmp( tag, T_3des_2key[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + goto exit; } - ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_2key[i], 8 ); - if( ret != 0 ) + if( ( ret = mbedtls_cmac_verify( &ctx, messages, message_lengths[i], &expected_result[i * block_size], block_size ) != 0 ) ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + mbedtls_printf( "passed\n" ); } + exit: + free( tag ); + mbedtls_cmac_free( &ctx ); + return( ret ); +} - // 3DES 3 key - if( (ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_3DES, des3_3key_key, 8 * sizeof(des3_3key_key) )) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed %i\n", ret); - - return( 1 ); - } - - if( ( memcmp( ctx.K1, des3_3key_k1, 8 ) != 0 ) || - ( memcmp( ctx.K2, des3_3key_k2, 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); - - return( 1 ); - } - - for( i = 0; i < NB_CMAC_TESTS_3DES; i++ ) - { - mbedtls_printf( " DES-168-CMAC #%u: ", i ); - - ret = mbedtls_cmac_generate( &ctx, M, Mlen_3des[i], tag, 8 ); - if( ret != 0 || - memcmp( tag, T_3des_3key[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } - - ret = mbedtls_cmac_verify( &ctx, M, Mlen_3des[i], T_3des_3key[i], 8 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } +int mbedtls_cmac_self_test( int verbose ) +{ + mbedtls_cmac_context ctx; + unsigned char tag[16]; + int i; + int ret; - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } + test_cmac_with_cipher(verbose, + "AES 128", + aes_128_key, + 128, + M, + Mlen, + aes_128_subkeys, + T_128, + MBEDTLS_CIPHER_ID_AES, + 16 ); + + test_cmac_with_cipher(verbose, + "AES 192", + aes_192_key, + 192, + M, + Mlen, + aes_192_subkeys, + T_192, + MBEDTLS_CIPHER_ID_AES, + 16 ); + + test_cmac_with_cipher(verbose, + "AES 256", + aes_256_key, + 256, + M, + Mlen, + aes_256_subkeys, + T_256, + MBEDTLS_CIPHER_ID_AES, + 16 ); + + test_cmac_with_cipher(verbose, + "3DES 2 key", + des3_2key_key, + 192, + M, + Mlen_3des, + des3_2key_subkeys, + T_3des_2key, + MBEDTLS_CIPHER_ID_3DES, + 8 ); + + test_cmac_with_cipher(verbose, + "3DES 3 key", + des3_3key_key, + 192, + M, + Mlen_3des, + des3_3key_subkeys, + T_3des_3key, + MBEDTLS_CIPHER_ID_3DES, + 8 ); - mbedtls_cmac_free( &ctx ); for( i = 0; i < NB_PRF_TESTS; i++ ) { @@ -877,7 +800,7 @@ int mbedtls_cmac_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); - +*/ return( 0 ); } From d666eb5c119045a0bebe0e2c396313b0839296aa Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 15:59:23 -0700 Subject: [PATCH 204/272] More cleanup of CMAC selftests --- library/cmac.c | 331 +++++++++++++++++++++++++------------------------ 1 file changed, 169 insertions(+), 162 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 8348939f11f4..0de85bcc5703 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -397,55 +397,49 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#ifdef MBEDTLS_SELF_TEST /* - * Examples 1 to 4 from SP800-38B corrected Appendix D.1 + * CMAC test data from SP800-38B Appendix D.1 (corrected) * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + * + * AES-CMAC-PRF-128 test data from RFC 4615 + * https://tools.ietf.org/html/rfc4615#page-4 */ -#define NB_CMAC_TESTS_AES_128 4 -#define NB_CMAC_TESTS_AES_192 4 -#define NB_CMAC_TESTS_AES_256 4 -#define NB_CMAC_TESTS_3DES 4 - +#define NB_CMAC_TESTS_PER_KEY 4 #define NB_PRF_TESTS 3 +#define AES_BLOCK_SIZE 16 +#define DES3_BLOCK_SIZE 8 -/* AES 128 Key */ -static const unsigned char aes_128_key[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c -}; - -/* AES 192 Key */ -static const unsigned char aes_192_key[] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b -}; - -/* AES 256 Key */ -static const unsigned char aes_256_key[] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) +/* All CMAC test inputs are truncated from the same 64 byte buffer. */ +static const unsigned char test_message[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; +#endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ -/* 3DES 112 bit key */ -static const unsigned char des3_2key_key[] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 +#ifdef MBEDTLS_AES_C +/* Truncation point of message for AES CMAC tests */ +static const size_t aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + 0, + 16, + 40, + 64 }; -/* 3DES 168 bit key */ -static const unsigned char des3_3key_key[] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 +/* AES 128 CMAC Test Data */ +static const unsigned char aes_128_key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; - -static const unsigned char aes_128_subkeys[2][16] = { +static const unsigned char aes_128_subkeys[2][AES_BLOCK_SIZE] = { { 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde @@ -455,97 +449,78 @@ static const unsigned char aes_128_subkeys[2][16] = { 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; - -static const unsigned char aes_192_subkeys[2][16] = { +static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { { - 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, - 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }, { - 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, - 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c - } -}; - -static const unsigned char aes_256_subkeys[2][16] = { - { - 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, - 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }, { - 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, - 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 - } -}; - -static const unsigned char des3_2key_subkeys[2][8] = { - { - 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }, { - 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } }; -static const unsigned char des3_3key_subkeys[2][8] = { +/* AES 192 CMAC Test Data */ +static const unsigned char aes_192_key[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; +static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { { - 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, + 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 }, { - 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, + 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; - - -/* All Messages are truncated from the same 64 byte buffer. */ -static const unsigned char M[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 -}; - -static const unsigned char T_128[NB_CMAC_TESTS_3DES][16] = { +static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 }, { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 }, { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, + 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e }, { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 } }; -/* Sizes in bytes */ -static const size_t Mlen[NB_CMAC_TESTS_AES_192] = { - 0, - 16, - 40, - 64 +/* AES 256 CMAC Test Data */ +static const unsigned char aes_256_key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; - -static const size_t Mlen_3des[NB_CMAC_TESTS_AES_192] = { - 0, - 8, - 20, - 32 +static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { + { + 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, + 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f + }, + { + 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, + 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 + } }; - - - -static const unsigned char T_256[NB_CMAC_TESTS_AES_192][16] = { +static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { { 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 @@ -563,27 +538,32 @@ static const unsigned char T_256[NB_CMAC_TESTS_AES_192][16] = { 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 } }; +#endif /* MBEDTLS_AES_C */ -static const unsigned char T_192[NB_CMAC_TESTS_AES_192][16] = { - { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 - }, - { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 - }, +#ifdef MBEDTLS_DES_C +/* Truncation point of message for 3DES CMAC tests */ +static const size_t des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { + 0, + 8, + 20, + 32 +}; + +/* 3DES 2 Key CMAC Test Data */ +static const unsigned char des3_2key_key[] = { + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, + 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 +}; +static const unsigned char des3_2key_subkeys[2][8] = { { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + 0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef }, { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 } }; - -static const unsigned char T_3des_2key[4][8] = { +static const unsigned char T_3des_2key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -598,7 +578,21 @@ static const unsigned char T_3des_2key[4][8] = { } }; -static const unsigned char T_3des_3key[4][8] = { +/* 3DES 3 Key CMAC Test Data */ +static const unsigned char des3_3key_key[] = { + 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, + 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, + 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 +}; +static const unsigned char des3_3key_subkeys[2][8] = { + { + 0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f + }, + { + 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 + } +}; +static const unsigned char T_3des_3key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -613,8 +607,10 @@ static const unsigned char T_3des_3key[4][8] = { } }; +#endif /* MBEDTLS_DES_C */ -/* PRF K */ +#ifdef MBEDTLS_AES_C +/* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, @@ -649,6 +645,7 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d } }; +#endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher(int verbose, const unsigned char* testname, @@ -716,94 +713,104 @@ int test_cmac_with_cipher(int verbose, return( ret ); } -int mbedtls_cmac_self_test( int verbose ) -{ - mbedtls_cmac_context ctx; - unsigned char tag[16]; +#ifdef MBEDTLS_AES_C +int test_aes128_cmac_prf( verbose ) { int i; int ret; + unsigned char tag[16]; + for( i = 0; i < NB_PRF_TESTS; i++ ) + { + mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); + ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); + if( ret != 0 || + memcmp( tag, PRFT[i], 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( ret ); + } else if( verbose != 0 ) + { + mbedtls_printf( "passed\n" ); + } + } + return( ret ); +} +#endif /* MBEDTLS_AES_C */ +int mbedtls_cmac_self_test( int verbose ) +{ + int ret; + +#ifdef MBEDTLS_AES_C test_cmac_with_cipher(verbose, "AES 128", aes_128_key, 128, - M, - Mlen, + test_message, + aes_message_lengths, aes_128_subkeys, - T_128, + aes_128_expected_result, MBEDTLS_CIPHER_ID_AES, - 16 ); + AES_BLOCK_SIZE ); test_cmac_with_cipher(verbose, "AES 192", aes_192_key, 192, - M, - Mlen, + test_message, + aes_message_lengths, aes_192_subkeys, - T_192, + aes_192_expected_result, MBEDTLS_CIPHER_ID_AES, - 16 ); + AES_BLOCK_SIZE ); test_cmac_with_cipher(verbose, "AES 256", aes_256_key, 256, - M, - Mlen, + test_message, + aes_message_lengths, aes_256_subkeys, - T_256, + aes_256_expected_result, MBEDTLS_CIPHER_ID_AES, - 16 ); + AES_BLOCK_SIZE ); +#endif /* MBEDTLS_AES_C */ +#ifdef MBEDTLS_DES_C test_cmac_with_cipher(verbose, "3DES 2 key", des3_2key_key, 192, - M, - Mlen_3des, + test_message, + des3_message_lengths, des3_2key_subkeys, T_3des_2key, MBEDTLS_CIPHER_ID_3DES, - 8 ); + DES3_BLOCK_SIZE ); test_cmac_with_cipher(verbose, "3DES 3 key", des3_3key_key, 192, - M, - Mlen_3des, + test_message, + des3_message_lengths, des3_3key_subkeys, T_3des_3key, MBEDTLS_CIPHER_ID_3DES, - 8 ); + DES3_BLOCK_SIZE ); +#endif /* MBEDTLS_DES_C */ - - for( i = 0; i < NB_PRF_TESTS; i++ ) - { - mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - - mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); - - if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } else if( verbose != 0 ) - { - mbedtls_printf( "passed\n" ); - } - } +#ifdef MBEDTLS_AES_C + test_aes128_cmac_prf( verbose ); +#endif /* MBEDTLS_AES_C */ if( verbose != 0 ) mbedtls_printf( "\n" ); -*/ + return( 0 ); } -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_CMAC_C */ From afdb60f84fdbf10d327b014a94a070f6c9de97f6 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 16:02:42 -0700 Subject: [PATCH 205/272] Only compile AES CMAC PRF support if MBEDTLS_AES_C is defined and other cleanups --- include/mbedtls/cmac.h | 37 ++++++++++++----------- library/cmac.c | 66 +++++++++++++++++++++--------------------- 2 files changed, 53 insertions(+), 50 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 3e02f912e409..fed337d5c119 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -33,12 +33,12 @@ extern "C" { #endif /** - * \brief CCM context structure + * \brief CMAC context structure */ typedef struct { mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char* K1; - unsigned char* K2; + unsigned char* K1; /*!< CMAC Subkey 1 */ + unsigned char* K2; /*!< CMAC Subkey 2 */ } mbedtls_cmac_context; @@ -52,12 +52,12 @@ mbedtls_cmac_context; void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); /** - * \brief CMAC initialization + * \brief Initialize the CMAC context * * \param ctx CMAC context to be initialized - * \param cipher cipher to use (a 128-bit block cipher) + * \param cipher cipher to use * \param key encryption key - * \param keybits key size in bits (must be acceptable by the cipher) + * \param keybits encryption key size in bits (must be acceptable by the cipher) * * \return 0 if successful, or a cipher specific error code */ @@ -68,20 +68,22 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, /** * \brief Free a CMAC context and underlying cipher sub-context + * Securely wipes sub keys and other sensitive data. * * \param ctx CMAC context to free */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); /** - * \brief CMAC generate + * \brief Generate a CMAC tag. * * \param ctx CMAC context * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes - * must be between 4, 6, 8, 10, 14 or 16 + * Must be 4, 6, 8 if cipher block size is 64 + * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 * * \return 0 if successful */ @@ -90,47 +92,48 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *tag, size_t tag_len ); /** - * \brief CMAC verify + * \brief Verify a CMAC tag. * * \param ctx CMAC context * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes - * must be 4, 6, 8, 10, 14 or 16 - * - * \return 0 if successful and authenticated, + * Must be 4, 6, 8 if cipher block size is 64 + * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 + * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ); +#ifdef MBEDTLS_AES_C /** * \brief AES-CMAC-128-PRF - * See RFC + * See RFC 4615 for details * * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) - * TODO: update description of tag * * \return 0 if successful */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, - unsigned char *tag ); + unsigned char tag[16] ); +#endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed */ int mbedtls_cmac_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ #ifdef __cplusplus } diff --git a/library/cmac.c b/library/cmac.c index 0de85bcc5703..3d223194be4f 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -73,7 +73,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, - size_t blocksize) + size_t blocksize ) { const unsigned char R_128 = 0x87; @@ -84,12 +84,12 @@ static int cmac_multiply_by_u( unsigned char *output, starting_index = blocksize -1; - if(blocksize == 16){ + if( blocksize == 16 ){ R_n = R_128; - } else if(blocksize == 8) { + } else if( blocksize == 8 ) { R_n = R_64; } else { - return MBEDTLS_ERR_CMAC_BAD_INPUT; + return( MBEDTLS_ERR_CMAC_BAD_INPUT ); } @@ -113,7 +113,7 @@ static int cmac_multiply_by_u( unsigned char *output, #endif output[starting_index] ^= R_n & mask; - return 0; + return( 0 ); } /* @@ -128,7 +128,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; - L = mbedtls_calloc(block_size, sizeof(unsigned char)); + L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); /* Calculate Ek(0) */ memset( L, 0, block_size ); @@ -141,15 +141,15 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) /* * Generate K1 and K2 */ - if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size) ) != 0 ) + if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 ) goto exit; - if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size) ) != 0 ) + if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) goto exit; exit: mbedtls_zeroize( L, sizeof( L ) ); - free(L); - return ret; + free( L ); + return( ret ); } /* @@ -195,8 +195,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize(ctx->K1, block_size * sizeof( unsigned char ) ); - mbedtls_zeroize(ctx->K2, block_size * sizeof( unsigned char ) ); + mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); + mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); mbedtls_free( ctx->K1 ); mbedtls_free( ctx->K2 ); } @@ -263,8 +263,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; - state = mbedtls_calloc(block_size, sizeof(unsigned char) ); - M_last = mbedtls_calloc(block_size, sizeof(unsigned char) ); + state = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + M_last = mbedtls_calloc( block_size, sizeof( unsigned char ) ); /* * Check in_len requirements: SP800-38B A @@ -302,8 +302,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, memcpy( tag, state, tag_len ); exit: - free(state); - free(M_last); + free( state ); + free( M_last ); return( ret ); } @@ -322,8 +322,8 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, unsigned char i; int diff; - check_tag = mbedtls_calloc(ctx->cipher_ctx.cipher_info->block_size, - sizeof(unsigned char) ); + check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, + sizeof( unsigned char ) ); if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) @@ -340,24 +340,25 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, goto exit; exit: - free(check_tag); - return ret; + free( check_tag ); + return( ret ); } +#ifdef MBEDTLS_AES_C /* * PRF based on CMAC with AES-128 * See RFC 4615 */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, - unsigned char *tag ) + unsigned char tag[16] ) { int ret; mbedtls_cmac_context ctx; unsigned char zero_key[16]; unsigned char int_key[16]; - mbedtls_cmac_init(&ctx); + mbedtls_cmac_init(&ctx ); if( key_length == 16 ) { @@ -368,7 +369,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, { mbedtls_cmac_context zero_ctx; - /* Key is AES_CMAC(0, key) */ + /* Key is AES_CMAC( 0, key ) */ mbedtls_cmac_init( &zero_ctx ); memset( zero_key, 0, 16 ); ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, @@ -391,11 +392,10 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); exit: - mbedtls_cmac_free(&ctx); + mbedtls_cmac_free( &ctx ); return( ret ); - - } +#endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_SELF_TEST /* @@ -647,7 +647,7 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ -int test_cmac_with_cipher(int verbose, +int test_cmac_with_cipher( int verbose, const unsigned char* testname, const unsigned char* key, int keybits, @@ -656,7 +656,7 @@ int test_cmac_with_cipher(int verbose, const unsigned char* subkeys, const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, - int block_size) + int block_size ) { const int num_tests = 4; mbedtls_cmac_context ctx; @@ -743,7 +743,7 @@ int mbedtls_cmac_self_test( int verbose ) int ret; #ifdef MBEDTLS_AES_C - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "AES 128", aes_128_key, 128, @@ -754,7 +754,7 @@ int mbedtls_cmac_self_test( int verbose ) MBEDTLS_CIPHER_ID_AES, AES_BLOCK_SIZE ); - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "AES 192", aes_192_key, 192, @@ -765,7 +765,7 @@ int mbedtls_cmac_self_test( int verbose ) MBEDTLS_CIPHER_ID_AES, AES_BLOCK_SIZE ); - test_cmac_with_cipher(verbose, + test_cmac_with_cipher ( verbose, "AES 256", aes_256_key, 256, @@ -778,7 +778,7 @@ int mbedtls_cmac_self_test( int verbose ) #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "3DES 2 key", des3_2key_key, 192, @@ -789,7 +789,7 @@ int mbedtls_cmac_self_test( int verbose ) MBEDTLS_CIPHER_ID_3DES, DES3_BLOCK_SIZE ); - test_cmac_with_cipher(verbose, + test_cmac_with_cipher( verbose, "3DES 3 key", des3_3key_key, 192, From 3d3c9b8be728bf7930b0cd935620a6792f4de437 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 16:36:56 -0700 Subject: [PATCH 206/272] More cleanup of CMAC self tests --- library/cmac.c | 125 ++++++++++++++++++++++++++++--------------------- 1 file changed, 71 insertions(+), 54 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 3d223194be4f..477e35f98780 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -743,66 +743,83 @@ int mbedtls_cmac_self_test( int verbose ) int ret; #ifdef MBEDTLS_AES_C - test_cmac_with_cipher( verbose, - "AES 128", - aes_128_key, - 128, - test_message, - aes_message_lengths, - aes_128_subkeys, - aes_128_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ); - - test_cmac_with_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - aes_192_subkeys, - aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ); - - test_cmac_with_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - aes_256_subkeys, - aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ); + if( ( ret = test_cmac_with_cipher( verbose, + "AES 128", + aes_128_key, + 128, + test_message, + aes_message_lengths, + aes_128_subkeys, + aes_128_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } + + if( ( ret = test_cmac_with_cipher( verbose, + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + aes_192_subkeys, + aes_192_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } + + if( ( ret = test_cmac_with_cipher ( verbose, + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + aes_256_subkeys, + aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C - test_cmac_with_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - des3_2key_subkeys, - T_3des_2key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ); - - test_cmac_with_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - des3_3key_subkeys, - T_3des_3key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ); + if( ( ret = test_cmac_with_cipher( verbose, + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + des3_2key_subkeys, + T_3des_2key, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } + + if( ( ret = test_cmac_with_cipher( verbose, + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + des3_3key_subkeys, + T_3des_3key, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) + { + return( ret ); + } #endif /* MBEDTLS_DES_C */ #ifdef MBEDTLS_AES_C - test_aes128_cmac_prf( verbose ); + if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) + return( ret ); + #endif /* MBEDTLS_AES_C */ if( verbose != 0 ) From 86ff986884111b25064c2136857b1691358344e8 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 16:38:36 -0700 Subject: [PATCH 207/272] selftest supports cmac if only MBEDTLS_DES_C is defined Other minor typo fixes --- include/mbedtls/cmac.h | 6 +- include/mbedtls/error.h | 2 +- library/cmac.c | 145 +++++++++++++++++++++++---------------- library/error.c | 2 + programs/test/selftest.c | 2 +- 5 files changed, 95 insertions(+), 62 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index fed337d5c119..b94b6edccaa7 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -27,6 +27,8 @@ #define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ +#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Memory Allocation failed. */ + #ifdef __cplusplus extern "C" { @@ -83,7 +85,7 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 + * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 * * \return 0 if successful */ @@ -100,7 +102,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128 + * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 703233ae9856..6e3905d864ca 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -66,7 +66,7 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F - * CMAC 2 0x0011-0x0013 + * CMAC 3 0x0011-0x0015 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/library/cmac.c b/library/cmac.c index 477e35f98780..39ebb8709855 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -121,7 +121,7 @@ static int cmac_multiply_by_u( unsigned char *output, */ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) { - int ret, keybytes; + int ret; unsigned char *L; size_t olen, block_size; @@ -129,7 +129,11 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) block_size = ctx->cipher_ctx.cipher_info->block_size; L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - + if( L == NULL) + { + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } /* Calculate Ek(0) */ memset( L, 0, block_size ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, @@ -147,7 +151,8 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) goto exit; exit: - mbedtls_zeroize( L, sizeof( L ) ); + if( L != NULL ) + mbedtls_zeroize( L, sizeof( L ) ); free( L ); return( ret ); } @@ -160,7 +165,7 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret, blocksize; + int ret; const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, @@ -171,6 +176,9 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + if(ctx->K1 == NULL || ctx->K2 == NULL ) + return MBEDTLS_ERR_CMAC_ALLOC_FAILED; + mbedtls_cipher_free( &ctx->cipher_ctx ); if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) @@ -242,7 +250,9 @@ do { \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ state, block_size, \ state, &olen ) ) != 0 ) \ - return( ret ); \ + { \ + goto exit; \ + } \ } while( 0 ) /* @@ -256,8 +266,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *state; unsigned char *M_last; - int n, i, j, ret, needs_padding; - size_t olen, block_size; + int n, j, ret, needs_padding; + size_t olen, block_size, i; ret = 0; @@ -266,12 +276,21 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, state = mbedtls_calloc( block_size, sizeof( unsigned char ) ); M_last = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + if( state == NULL || M_last == NULL ) + { + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } + /* * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + { + ret = MBEDTLS_ERR_CMAC_BAD_INPUT; + goto exit; + } if( in_len == 0 ) needs_padding = 1; @@ -324,6 +343,11 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, sizeof( unsigned char ) ); + if(check_tag == NULL) + { + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, check_tag, tag_len ) ) != 0 ) @@ -427,7 +451,7 @@ static const unsigned char test_message[] = { #ifdef MBEDTLS_AES_C /* Truncation point of message for AES CMAC tests */ -static const size_t aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { +static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, 16, 40, @@ -435,7 +459,7 @@ static const size_t aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { }; /* AES 128 CMAC Test Data */ -static const unsigned char aes_128_key[] = { +static const unsigned char aes_128_key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; @@ -469,7 +493,7 @@ static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL }; /* AES 192 CMAC Test Data */ -static const unsigned char aes_192_key[] = { +static const unsigned char aes_192_key[24] = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b @@ -504,7 +528,7 @@ static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL }; /* AES 256 CMAC Test Data */ -static const unsigned char aes_256_key[] = { +static const unsigned char aes_256_key[32] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, @@ -542,7 +566,7 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL #ifdef MBEDTLS_DES_C /* Truncation point of message for 3DES CMAC tests */ -static const size_t des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { +static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, 8, 20, @@ -550,7 +574,7 @@ static const size_t des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { }; /* 3DES 2 Key CMAC Test Data */ -static const unsigned char des3_2key_key[] = { +static const unsigned char des3_2key_key[24] = { 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 @@ -563,7 +587,7 @@ static const unsigned char des3_2key_subkeys[2][8] = { 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 } }; -static const unsigned char T_3des_2key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -579,7 +603,7 @@ static const unsigned char T_3des_2key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = }; /* 3DES 3 Key CMAC Test Data */ -static const unsigned char des3_3key_key[] = { +static const unsigned char des3_3key_key[24] = { 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 @@ -592,7 +616,7 @@ static const unsigned char des3_3key_subkeys[2][8] = { 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 } }; -static const unsigned char T_3des_3key[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -648,11 +672,11 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { #endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher( int verbose, - const unsigned char* testname, + char* testname, const unsigned char* key, int keybits, const unsigned char* messages, - size_t message_lengths[4], + const unsigned int message_lengths[4], const unsigned char* subkeys, const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, @@ -664,6 +688,11 @@ int test_cmac_with_cipher( int verbose, unsigned char* tag; tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + if( tag == NULL ){ + ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + goto exit; + } + mbedtls_cmac_init( &ctx ); if( ( ret = mbedtls_cmac_setkey( &ctx, cipher_id, key, keybits ) ) != 0 ) @@ -714,7 +743,7 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C -int test_aes128_cmac_prf( verbose ) { +int test_aes128_cmac_prf( int verbose ) { int i; int ret; unsigned char tag[16]; @@ -749,8 +778,8 @@ int mbedtls_cmac_self_test( int verbose ) 128, test_message, aes_message_lengths, - aes_128_subkeys, - aes_128_expected_result, + (const unsigned char*) aes_128_subkeys, + (const unsigned char*) aes_128_expected_result, MBEDTLS_CIPHER_ID_AES, AES_BLOCK_SIZE ) !=0 ) ) { @@ -758,29 +787,29 @@ int mbedtls_cmac_self_test( int verbose ) } if( ( ret = test_cmac_with_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - aes_192_subkeys, - aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + (const unsigned char*) aes_192_subkeys, + (const unsigned char*) aes_192_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } if( ( ret = test_cmac_with_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - aes_256_subkeys, - aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char*) aes_256_subkeys, + (const unsigned char*) aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } @@ -788,29 +817,29 @@ int mbedtls_cmac_self_test( int verbose ) #ifdef MBEDTLS_DES_C if( ( ret = test_cmac_with_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - des3_2key_subkeys, - T_3des_2key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_2key_subkeys, + (const unsigned char*) des3_2key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } if( ( ret = test_cmac_with_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - des3_3key_subkeys, - T_3des_3key, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_3key_subkeys, + (const unsigned char*) des3_3key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } diff --git a/library/error.c b/library/error.c index 8c38cf2940e7..7ec8420e97b4 100644 --- a/library/error.c +++ b/library/error.c @@ -587,6 +587,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CMAC - Bad input parameters to function" ); if( use_ret == -(MBEDTLS_ERR_CMAC_VERIFY_FAILED) ) mbedtls_snprintf( buf, buflen, "CMAC - Verification failed" ); + if( use_ret == -(MBEDTLS_ERR_CMAC_ALLOC_FAILED) ) + mbedtls_snprintf( buf, buflen, "CMAC - Failed to allocate memory" ); #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 17fdb2128a22..74eed598e6f6 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -278,7 +278,7 @@ int main( int argc, char *argv[] ) suites_tested++; #endif -#if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CMAC_C) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) if( ( ret = mbedtls_cmac_self_test( v ) ) != 0 ) return( ret ); #endif From db5c70e0802cadc0ed22f282c040eec8bfcab023 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Mon, 23 May 2016 20:17:04 -0700 Subject: [PATCH 208/272] better handling of failed calloc --- library/cmac.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 39ebb8709855..4c25a67d03e8 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -173,12 +173,6 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, if( cipher_info == NULL ) return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); - ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); - - if(ctx->K1 == NULL || ctx->K2 == NULL ) - return MBEDTLS_ERR_CMAC_ALLOC_FAILED; - mbedtls_cipher_free( &ctx->cipher_ctx ); if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) @@ -190,6 +184,16 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, return( ret ); } + ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + + if( ctx->K1 == NULL || ctx->K2 == NULL ) + { + mbedtls_free(ctx->K1); + mbedtls_free(ctx->K2); + return( MBEDTLS_ERR_CMAC_ALLOC_FAILED ); + } + return( cmac_generate_subkeys( ctx ) ); } From e260feacbe5c2ed1fe4834661f11cda1f52ebb00 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 19:02:53 -0700 Subject: [PATCH 209/272] cmac.c whitespace cleanup --- library/cmac.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 4c25a67d03e8..09a705d650ff 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -59,7 +59,6 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); } - /* * Multiplication by u in the Galois field of GF(2^n) * @@ -267,13 +266,11 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, unsigned char *tag, size_t tag_len ) { - unsigned char *state; unsigned char *M_last; int n, j, ret, needs_padding; size_t olen, block_size, i; - ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; From 6eae89bb6f821c6db0f75859d7def9e9774d27d0 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 19 May 2016 19:05:57 -0700 Subject: [PATCH 210/272] No CMAC minimum tag length is specified by NIST SP800-38B A Minor Typo Changes --- include/mbedtls/cmac.h | 8 +++--- library/cmac.c | 58 ++++++++++++++++++++---------------------- 2 files changed, 31 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index b94b6edccaa7..5a59f90d61df 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -84,8 +84,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes - * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 64 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 * * \return 0 if successful */ @@ -101,8 +101,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes - * Must be 4, 6, 8 if cipher block size is 64 - * Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 64 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ diff --git a/library/cmac.c b/library/cmac.c index 09a705d650ff..063a9d1c3584 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -62,7 +62,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) /* * Multiplication by u in the Galois field of GF(2^n) * - * As explained in the paper, this can computed: + * As explained in the paper, this can be computed: * If MSB(p) = 0, then p = (p << 1) * If MSB(p) = 1, then p = (p << 1) ^ R_n * with R_64 = 0x1B and R_128 = 0x87 @@ -245,7 +245,7 @@ static void cmac_pad( unsigned char padded_block[16], ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; /* - * Update the CMAC state using an input block x + * Update the CMAC state using an input block */ #define UPDATE_CMAC( x ) \ do { \ @@ -283,11 +283,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, goto exit; } - /* - * Check in_len requirements: SP800-38B A - * 4 is a worst case bottom limit - */ - if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 ) + if( tag_len < 2 || tag_len > block_size || tag_len % 2 != 0 ) { ret = MBEDTLS_ERR_CMAC_BAD_INPUT; goto exit; @@ -495,9 +491,9 @@ static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL /* AES 192 CMAC Test Data */ static const unsigned char aes_192_key[24] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { { @@ -530,10 +526,10 @@ static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL /* AES 256 CMAC Test Data */ static const unsigned char aes_256_key[32] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { { @@ -576,9 +572,9 @@ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { /* 3DES 2 Key CMAC Test Data */ static const unsigned char des3_2key_key[24] = { - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, - 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, - 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, + 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, + 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 }; static const unsigned char des3_2key_subkeys[2][8] = { { @@ -605,9 +601,9 @@ static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3 /* 3DES 3 Key CMAC Test Data */ static const unsigned char des3_3key_key[24] = { - 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, - 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, - 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 + 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, + 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, + 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 }; static const unsigned char des3_3key_subkeys[2][8] = { { @@ -673,18 +669,18 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { #endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher( int verbose, - char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* subkeys, - const unsigned char* expected_result, - mbedtls_cipher_id_t cipher_id, - int block_size ) + char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + const unsigned int message_lengths[4], + const unsigned char* subkeys, + const unsigned char* expected_result, + mbedtls_cipher_id_t cipher_id, + int block_size ) { - const int num_tests = 4; - mbedtls_cmac_context ctx; + const int num_tests = 4; + mbedtls_cmac_context ctx; int i, ret; unsigned char* tag; From cdd1f6d96cf7122836d662e7547bab2eb6d8a755 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Fri, 20 May 2016 06:33:01 -0700 Subject: [PATCH 211/272] Removed unneed memsets and fixed spacing --- library/cmac.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 063a9d1c3584..d32d1c7e710d 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -74,7 +74,6 @@ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, size_t blocksize ) { - const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; unsigned char R_n, mask; @@ -91,7 +90,6 @@ static int cmac_multiply_by_u( unsigned char *output, return( MBEDTLS_ERR_CMAC_BAD_INPUT ); } - for( i = starting_index; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; @@ -128,13 +126,12 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) block_size = ctx->cipher_ctx.cipher_info->block_size; L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( L == NULL) + if( L == NULL ) { ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; goto exit; } /* Calculate Ek(0) */ - memset( L, 0, block_size ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, L, block_size, L, &olen ) ) != 0 ) { @@ -152,7 +149,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) exit: if( L != NULL ) mbedtls_zeroize( L, sizeof( L ) ); - free( L ); + mbedtls_free( L ); return( ret ); } @@ -308,8 +305,6 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, XOR_BLOCK( M_last, input + block_size * ( n - 1 ), ctx->K1 ); } - memset( state, 0, block_size ); - for( j = 0; j < n - 1; j++ ) UPDATE_CMAC( input + block_size * j ); @@ -318,8 +313,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, memcpy( tag, state, tag_len ); exit: - free( state ); - free( M_last ); + mbedtls_free( state ); + mbedtls_free( M_last ); return( ret ); } @@ -340,7 +335,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, sizeof( unsigned char ) ); - if(check_tag == NULL) + if( check_tag == NULL ) { ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; goto exit; @@ -361,7 +356,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, goto exit; exit: - free( check_tag ); + mbedtls_free( check_tag ); return( ret ); } @@ -727,14 +722,14 @@ int test_cmac_with_cipher( int verbose, if( ( ret = mbedtls_cmac_verify( &ctx, messages, message_lengths[i], &expected_result[i * block_size], block_size ) != 0 ) ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - goto exit; + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; } mbedtls_printf( "passed\n" ); } exit: - free( tag ); + mbedtls_free( tag ); mbedtls_cmac_free( &ctx ); return( ret ); } From 4e067035b7cae06ab1c9ffe890fcfe67a87c3c8b Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Fri, 20 May 2016 18:25:43 -0700 Subject: [PATCH 212/272] Do not zeroize null pointer --- library/cmac.c | 85 ++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 41 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index d32d1c7e710d..1a6f31376e43 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -82,11 +82,14 @@ static int cmac_multiply_by_u( unsigned char *output, starting_index = blocksize -1; - if( blocksize == 16 ){ + if( blocksize == 16 ) + { R_n = R_128; - } else if( blocksize == 8 ) { + } else if( blocksize == 8 ) + { R_n = R_64; - } else { + } else + { return( MBEDTLS_ERR_CMAC_BAD_INPUT ); } @@ -122,7 +125,6 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) unsigned char *L; size_t olen, block_size; - ret = 0; block_size = ctx->cipher_ctx.cipher_info->block_size; L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); @@ -143,7 +145,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) */ if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 ) goto exit; - if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) + if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) goto exit; exit: @@ -203,8 +205,10 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); - mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); + if( ctx->K1 != NULL ) + mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); + if( ctx->K2 != NULL ) + mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); mbedtls_free( ctx->K1 ); mbedtls_free( ctx->K2 ); } @@ -261,7 +265,6 @@ do { \ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) - { unsigned char *state; unsigned char *M_last; @@ -389,7 +392,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, mbedtls_cmac_init( &zero_ctx ); memset( zero_key, 0, 16 ); ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, - zero_key, 8 * sizeof zero_key ); + zero_key, 8 * sizeof( zero_key ) ); if( ret != 0 ) goto exit; @@ -399,17 +402,16 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - int_key, 8 * sizeof int_key ); + int_key, 8 * sizeof( int_key ) ); if( ret != 0 ) goto exit; - mbedtls_zeroize( int_key, sizeof( int_key ) ); - ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); exit: - mbedtls_cmac_free( &ctx ); - return( ret ); + mbedtls_zeroize( int_key, sizeof( int_key ) ); + mbedtls_cmac_free( &ctx ); + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -680,7 +682,8 @@ int test_cmac_with_cipher( int verbose, unsigned char* tag; tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( tag == NULL ){ + if( tag == NULL ) + { ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; goto exit; } @@ -735,7 +738,8 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C -int test_aes128_cmac_prf( int verbose ) { +int test_aes128_cmac_prf( int verbose ) +{ int i; int ret; unsigned char tag[16]; @@ -794,14 +798,14 @@ int mbedtls_cmac_self_test( int verbose ) if( ( ret = test_cmac_with_cipher ( verbose, "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - (const unsigned char*) aes_256_subkeys, - (const unsigned char*) aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char*) aes_256_subkeys, + (const unsigned char*) aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } @@ -810,28 +814,28 @@ int mbedtls_cmac_self_test( int verbose ) #ifdef MBEDTLS_DES_C if( ( ret = test_cmac_with_cipher( verbose, "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_2key_subkeys, - (const unsigned char*) des3_2key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_2key_subkeys, + (const unsigned char*) des3_2key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } if( ( ret = test_cmac_with_cipher( verbose, "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_3key_subkeys, - (const unsigned char*) des3_3key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_3key_subkeys, + (const unsigned char*) des3_3key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } @@ -840,7 +844,6 @@ int mbedtls_cmac_self_test( int verbose ) #ifdef MBEDTLS_AES_C if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) return( ret ); - #endif /* MBEDTLS_AES_C */ if( verbose != 0 ) From fe9ff01c49c1d2e4af695bf84ef8632a8421d841 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Mon, 23 May 2016 12:49:50 -0700 Subject: [PATCH 213/272] Fixed some build warnings --- library/cmac.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/library/cmac.c b/library/cmac.c index 1a6f31376e43..3c584049c0d1 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -441,6 +441,14 @@ static const unsigned char test_message[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; +/* Function Prototype */ +int test_cmac_with_cipher( int verbose, const char* testname, const unsigned char* key, + int keybits, const unsigned char* messages, + const unsigned int message_lengths[4], const unsigned char* subkeys, + const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, + int block_size ); + + #endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ #ifdef MBEDTLS_AES_C @@ -666,7 +674,7 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { #endif /* MBEDTLS_AES_C */ int test_cmac_with_cipher( int verbose, - char* testname, + const char* testname, const unsigned char* key, int keybits, const unsigned char* messages, @@ -738,6 +746,9 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C +/* Function Prototype */ +int test_aes128_cmac_prf( int verbose ); + int test_aes128_cmac_prf( int verbose ) { int i; From bbed660aa1fce7a5618e8850da8dbaa82f12fcb8 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Mon, 23 May 2016 15:01:59 -0700 Subject: [PATCH 214/272] Changed test function to inline to pass tests/scripts/check-names.sh --- library/cmac.c | 131 +++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 70 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 3c584049c0d1..d5198341861b 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -441,12 +441,6 @@ static const unsigned char test_message[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -/* Function Prototype */ -int test_cmac_with_cipher( int verbose, const char* testname, const unsigned char* key, - int keybits, const unsigned char* messages, - const unsigned int message_lengths[4], const unsigned char* subkeys, - const unsigned char* expected_result, mbedtls_cipher_id_t cipher_id, - int block_size ); #endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ @@ -673,16 +667,16 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ -int test_cmac_with_cipher( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* subkeys, - const unsigned char* expected_result, - mbedtls_cipher_id_t cipher_id, - int block_size ) +static inline int cmac_test_wth_cipher( int verbose, + const char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + const unsigned int message_lengths[4], + const unsigned char* subkeys, + const unsigned char* expected_result, + mbedtls_cipher_id_t cipher_id, + int block_size ) { const int num_tests = 4; mbedtls_cmac_context ctx; @@ -746,10 +740,7 @@ int test_cmac_with_cipher( int verbose, } #ifdef MBEDTLS_AES_C -/* Function Prototype */ -int test_aes128_cmac_prf( int verbose ); - -int test_aes128_cmac_prf( int verbose ) +static inline int test_aes128_cmac_prf( int verbose ) { int i; int ret; @@ -779,74 +770,74 @@ int mbedtls_cmac_self_test( int verbose ) int ret; #ifdef MBEDTLS_AES_C - if( ( ret = test_cmac_with_cipher( verbose, - "AES 128", - aes_128_key, - 128, - test_message, - aes_message_lengths, - (const unsigned char*) aes_128_subkeys, - (const unsigned char*) aes_128_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "AES 128", + aes_128_key, + 128, + test_message, + aes_message_lengths, + (const unsigned char*) aes_128_subkeys, + (const unsigned char*) aes_128_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } - if( ( ret = test_cmac_with_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - (const unsigned char*) aes_192_subkeys, - (const unsigned char*) aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + (const unsigned char*) aes_192_subkeys, + (const unsigned char*) aes_192_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } - if( ( ret = test_cmac_with_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - (const unsigned char*) aes_256_subkeys, - (const unsigned char*) aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher ( verbose, + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char*) aes_256_subkeys, + (const unsigned char*) aes_256_expected_result, + MBEDTLS_CIPHER_ID_AES, + AES_BLOCK_SIZE ) !=0 ) ) { return( ret ); } #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C - if( ( ret = test_cmac_with_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_2key_subkeys, - (const unsigned char*) des3_2key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_2key_subkeys, + (const unsigned char*) des3_2key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } - if( ( ret = test_cmac_with_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*) des3_3key_subkeys, - (const unsigned char*) des3_3key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + if( ( ret = cmac_test_wth_cipher( verbose, + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char*) des3_3key_subkeys, + (const unsigned char*) des3_3key_expected_result, + MBEDTLS_CIPHER_ID_3DES, + DES3_BLOCK_SIZE ) !=0 ) ) { return( ret ); } From ba426948b288103dcd2054f6a3fbb9e2c46604a2 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 24 May 2016 15:53:52 -0700 Subject: [PATCH 215/272] Minor change to pass build tests --- include/mbedtls/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 5a59f90d61df..5a09761c2113 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -27,7 +27,7 @@ #define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ -#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Memory Allocation failed. */ +#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Failed to allocate memory */ #ifdef __cplusplus From 0b21cdf7bcfae9e4d3f415afc2a2c9e2c249c737 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 24 May 2016 22:46:43 -0700 Subject: [PATCH 216/272] cleaned up indentation and braket issues in mbedtls_cmac_verify --- library/cmac.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/library/cmac.c b/library/cmac.c index d5198341861b..d8c809b416b9 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -355,8 +355,15 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, diff |= tag[i] ^ check_tag[i]; if( diff != 0 ) + { ret = MBEDTLS_ERR_CMAC_VERIFY_FAILED; goto exit; + } + else + { + ret = 0; + goto exit; + } exit: mbedtls_free( check_tag ); @@ -718,6 +725,7 @@ static inline int cmac_test_wth_cipher( int verbose, mbedtls_printf( "failed\n" ); goto exit; } + if( ( ret = memcmp( tag, &expected_result[i * block_size], block_size ) ) != 0 ) { if( verbose != 0 ) @@ -731,7 +739,9 @@ static inline int cmac_test_wth_cipher( int verbose, mbedtls_printf( "failed\n" ); goto exit; } - mbedtls_printf( "passed\n" ); + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); } exit: mbedtls_free( tag ); From 3d64431a33682d3ef5adc31f7ab2351e0bec6189 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 14:00:15 -0700 Subject: [PATCH 217/272] Minor CMAC fixes for merge --- configs/config-thread.h | 1 + include/mbedtls/check_config.h | 5 +++++ include/mbedtls/cmac.h | 2 +- include/mbedtls/config.h | 2 +- library/cmac.c | 25 +++++++++++++------------ 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index 3193a0404827..fdfa64aa46a7 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -39,6 +39,7 @@ /* mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_CMAC_C #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 75cdcbc2f034..8ebe438c034f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -77,6 +77,11 @@ #error "MBEDTLS_DHM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_CMAC_C) && \ + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_DES_C) +#error "MBEDTLS_CMAC_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 5a09761c2113..10c8633c9560 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -3,7 +3,7 @@ * * \brief The CMAC Mode for Authentication * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f6f431bfb0f9..2a49642810e2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1681,7 +1681,7 @@ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C * */ -#define MBEDTLS_CMAC_C +//#define MBEDTLS_CMAC_C /** * \def MBEDTLS_CTR_DRBG_C diff --git a/library/cmac.c b/library/cmac.c index d8c809b416b9..e57e024bb0c0 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,7 +1,8 @@ /* - * NIST SP800-38B compliant CMAC implementation + * \file cmac.c + * \brief NIST SP800-38B compliant CMAC implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,9 +21,10 @@ */ /* - * Definition of CMAC: - * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf - * RFC 4493 "The AES-CMAC Algorithm" + * References: + * - CMAC: NIST SP 800-38B + * - CMAC PRF: RFC 4493 + * - Additional test vectors: ISO/IEC 9797-1 */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -72,7 +74,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, - size_t blocksize ) + size_t blocksize ) { const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; @@ -151,7 +153,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) exit: if( L != NULL ) mbedtls_zeroize( L, sizeof( L ) ); - mbedtls_free( L ); + mbedtls_free( L ); return( ret ); } @@ -200,9 +202,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) { - int block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; - + int block_size; + block_size = ctx->cipher_ctx.cipher_info->block_size; mbedtls_cipher_free( &ctx->cipher_ctx ); if( ctx->K1 != NULL ) @@ -220,7 +221,7 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ static void cmac_pad( unsigned char padded_block[16], - size_t padded_block_len, + size_t padded_block_len, const unsigned char *last_block, size_t last_block_len ) { @@ -418,7 +419,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, exit: mbedtls_zeroize( int_key, sizeof( int_key ) ); mbedtls_cmac_free( &ctx ); - return( ret ); + return( ret ); } #endif /* MBEDTLS_AES_C */ From 5168618294119c0db8aa583fcf8e38906858b84e Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 14:21:01 -0700 Subject: [PATCH 218/272] Minor fixes to comments --- include/mbedtls/cmac.h | 13 +++++++------ library/cmac.c | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 10c8633c9560..325d22d5134f 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -57,7 +57,8 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); * \brief Initialize the CMAC context * * \param ctx CMAC context to be initialized - * \param cipher cipher to use + * \param cipher cipher to use. + Cipher block size must be 8 bytes or 16 bytes. * \param key encryption key * \param keybits encryption key size in bits (must be acceptable by the cipher) * @@ -84,8 +85,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes - * Must be 2, 4, 6, 8 if cipher block size is 64 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 8 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 * * \return 0 if successful */ @@ -101,8 +102,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes - * Must be 2, 4, 6, 8 if cipher block size is 64 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128 + * Must be 2, 4, 6, 8 if cipher block size is 8 + * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 * \return 0 if successful and authenticated * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ @@ -119,7 +120,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * \param key_len PRF key length * \param input buffer holding the input data * \param in_len length of the input data in bytes - * \param tag buffer holding the tag to verify (16 bytes) + * \param tag buffer holding the generated pseudorandom output * * \return 0 if successful */ diff --git a/library/cmac.c b/library/cmac.c index e57e024bb0c0..920c23d6a47a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -64,7 +64,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) /* * Multiplication by u in the Galois field of GF(2^n) * - * As explained in the paper, this can be computed: + * As explained in NIST SP 800-38B, this can be computed: * If MSB(p) = 0, then p = (p << 1) * If MSB(p) = 1, then p = (p << 1) ^ R_n * with R_64 = 0x1B and R_128 = 0x87 From 7b07e0e4b4a9b6c8585f2992b5d7943f48d9cc98 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 15:58:46 -0700 Subject: [PATCH 219/272] Fix build failure for thread config --- configs/config-thread.h | 2 +- library/cmac.c | 11 ++++++++--- programs/test/selftest.c | 7 +++++-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index fdfa64aa46a7..990fe08c6c92 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -39,7 +39,6 @@ /* mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_CMAC_C #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -58,6 +57,7 @@ #define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_CMAC_C #define MBEDTLS_ECJPAKE_C #define MBEDTLS_ECP_C #define MBEDTLS_ENTROPY_C diff --git a/library/cmac.c b/library/cmac.c index 920c23d6a47a..f86e4c5aaa20 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -39,14 +39,19 @@ #include -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) #include -#define mbedtls_printf printf +#define mbedtls_printf printf +#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )*/ #endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 74eed598e6f6..33f96ea13960 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -279,8 +279,11 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_CMAC_C) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) - if( ( ret = mbedtls_cmac_self_test( v ) ) != 0 ) - return( ret ); + if( ( mbedtls_cmac_self_test( v ) ) != 0 ) + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_BASE64_C) From 57104fb773cf5288233cec658123230e9624691b Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 16:17:36 -0700 Subject: [PATCH 220/272] Specify AES-CMAC-PRF buffer output size in comment --- include/mbedtls/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 325d22d5134f..ddacb2177d0b 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -120,7 +120,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, * \param key_len PRF key length * \param input buffer holding the input data * \param in_len length of the input data in bytes - * \param tag buffer holding the generated pseudorandom output + * \param tag buffer holding the generated pseudorandom output (16 bytes) * * \return 0 if successful */ From 0c79073a8b50db6cc2e239eee8d201655c025968 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:09:11 +0100 Subject: [PATCH 221/272] Refactor and change CMAC interface Change the CMAC interface to match the mbedtls_md_hmac_xxxx() interface. This changes the overall design of the CMAC interface to make it more consistent with the existing HMAC interface, and will allow incremental updates of input data rather than requiring all data to be presented at once, which is what the current interface requires. --- include/mbedtls/cipher.h | 10 + include/mbedtls/cmac.h | 150 ++++---- include/mbedtls/config.h | 3 +- library/cipher.c | 19 + library/cmac.c | 725 ++++++++++++++++++++++++--------------- library/error.c | 9 - 6 files changed, 573 insertions(+), 343 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index c9675544a9bc..b12e38843a0f 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -176,6 +176,11 @@ enum { */ typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t; +/** + * CMAC context (opaque struct). + */ +typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; + /** * Cipher information. Allows cipher functions to be called in a generic way. */ @@ -241,6 +246,11 @@ typedef struct { /** Cipher-specific context */ void *cipher_ctx; + +#if defined(MBEDTLS_CMAC_C) + /** CMAC Specific context */ + mbedtls_cmac_context_t *cmac_ctx; +#endif } mbedtls_cipher_context_t; /** diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index ddacb2177d0b..ceeb20addadf 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,9 +1,10 @@ /** * \file cmac.h * - * \brief The CMAC Mode for Authentication + * \brief Cipher-based Message Authentication Code (CMAC) Mode for + * Authentication * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright (C) 2015-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -23,110 +24,131 @@ #ifndef MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H -#include "cipher.h" - -#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */ -#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Failed to allocate memory */ - +#include "mbedtls/cipher.h" #ifdef __cplusplus extern "C" { #endif +#if defined(MBEDTLS_AES_C) +#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 16 /* longest known is AES */ +#else +#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 8 /* longest known is 3DES */ +#endif + /** * \brief CMAC context structure */ -typedef struct { - mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ - unsigned char* K1; /*!< CMAC Subkey 1 */ - unsigned char* K2; /*!< CMAC Subkey 2 */ +typedef struct mbedtls_cmac_context_t { + + /** Internal state of the CMAC algorithm */ + unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + + /** Unprocessed data - either data that was not block aligned and is still + * pending to be processed, or the final block */ + unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + + /** Length of data pending to be processed */ + size_t unprocessed_len; + + /** Flag to indicate if the last block needs padding */ + int padding_flag; } -mbedtls_cmac_context; +mbedtls_cmac_context_t; /** - * \brief Initialize CMAC context (just makes references valid) - * Makes the context ready for mbedtls_cmac_setkey() or - * mbedtls_cmac_free(). + * \brief Set the CMAC key and prepare to authenticate the input + * data. + * Should be called with an initialised cipher context. + * + * \param ctx Cipher context + * \param key CMAC key + * \param keybits length of the CMAC key in bits + * (must be acceptable by the cipher) * - * \param ctx CMAC context to initialize + * \return 0 if successful, or a cipher specific error code */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ); +int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keylen ); /** - * \brief Initialize the CMAC context - * - * \param ctx CMAC context to be initialized - * \param cipher cipher to use. - Cipher block size must be 8 bytes or 16 bytes. - * \param key encryption key - * \param keybits encryption key size in bits (must be acceptable by the cipher) - * - * \return 0 if successful, or a cipher specific error code + * \brief Generic CMAC process buffer. + * Called between mbedtls_cipher_cmac_starts() or + * mbedtls_cipher_cmac_reset() and + * mbedtls_cipher_cmac_finish(). + * May be called repeatedly. + * + * \param ctx CMAC context + * \param input buffer holding the data + * \param ilen length of the input data + * + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen ); /** - * \brief Free a CMAC context and underlying cipher sub-context - * Securely wipes sub keys and other sensitive data. + * \brief Output CMAC. + * Called after mbedtls_cipher_cmac_update(). + * Usually followed by mbedtls_cipher_cmac_reset(), then + * mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free(). + * + * \param ctx CMAC context + * \param output Generic CMAC checksum result * - * \param ctx CMAC context to free + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); +int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, + unsigned char *output ); /** - * \brief Generate a CMAC tag. + * \brief Prepare to authenticate a new message with the same key. + * Called after mbedtls_cipher_cmac_finish() and before + * mbedtls_cipher_cmac_update(). * - * \param ctx CMAC context - * \param input buffer holding the input data - * \param in_len length of the input data in bytes - * \param tag buffer for holding the generated tag - * \param tag_len length of the tag to generate in bytes - * Must be 2, 4, 6, 8 if cipher block size is 8 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 + * \param ctx CMAC context to be reset * - * \return 0 if successful + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); /** - * \brief Verify a CMAC tag. + * \brief Output = Generic_CMAC( hmac key, input buffer ) * - * \param ctx CMAC context - * \param input buffer holding the input data - * \param in_len length of the input data in bytes - * \param tag buffer holding the tag to verify - * \param tag_len length of the tag to verify in bytes - * Must be 2, 4, 6, 8 if cipher block size is 8 - * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16 - * \return 0 if successful and authenticated - * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match + * \param cipher_info message digest info + * \param key CMAC key + * \param keylen length of the CMAC key in bits + * \param input buffer holding the data + * \param ilen length of the input data + * \param output Generic CMAC-result + * + * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - const unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ); #ifdef MBEDTLS_AES_C /** * \brief AES-CMAC-128-PRF - * See RFC 4615 for details + * Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615 * * \param key PRF key - * \param key_len PRF key length + * \param key_len PRF key length in bytes * \param input buffer holding the input data * \param in_len length of the input data in bytes - * \param tag buffer holding the generated pseudorandom output (16 bytes) + * \param output buffer holding the generated pseudorandom output (16 bytes) * * \return 0 if successful */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, - unsigned char tag[16] ); + unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a49642810e2..4546d596a2fa 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1674,7 +1674,8 @@ /** * \def MBEDTLS_CMAC_C * - * Enable the CMAC mode for block ciphers. + * Enable the CMAC (Cipher-based Message Authentication Code) mode for block + * ciphers. * * Module: library/cmac.c * diff --git a/library/cipher.c b/library/cipher.c index bbe40eb395dc..a88343869c33 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -45,6 +45,17 @@ #include "mbedtls/ccm.h" #endif +#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) #define MBEDTLS_CIPHER_MODE_STREAM #endif @@ -127,6 +138,14 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) if( ctx == NULL ) return; +#if defined(MBEDTLS_CMAC_C) + if( ctx->cmac_ctx ) + { + mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) ); + mbedtls_free( ctx->cmac_ctx ); + } +#endif + if( ctx->cipher_ctx ) ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); diff --git a/library/cmac.c b/library/cmac.c index f86e4c5aaa20..1eb1c1074db9 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,5 +1,6 @@ /* * \file cmac.c + * * \brief NIST SP800-38B compliant CMAC implementation * * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved @@ -22,9 +23,21 @@ /* * References: - * - CMAC: NIST SP 800-38B - * - CMAC PRF: RFC 4493 - * - Additional test vectors: ISO/IEC 9797-1 + * + * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The + * CMAC Mode for Authentication + * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf + * + * - RFC 4493 - The AES-CMAC Algorithm + * https://tools.ietf.org/html/rfc4493 + * + * - RFC 4615 - The Advanced Encryption Standard-Cipher-based Message + * Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) + * Algorithm for the Internet Key Exchange Protocol (IKE) + * https://tools.ietf.org/html/rfc4615 + * + * Additional test vectors: ISO/IEC 9797-1 + * */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -46,35 +59,29 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_DES_C) ) #include #define mbedtls_printf printf -#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )*/ +#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || + * defined(MBEDTLS_DES_C) )*/ #endif /* MBEDTLS_PLATFORM_C */ - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * Initialize context - */ -void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_cmac_context ) ); + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* * Multiplication by u in the Galois field of GF(2^n) * * As explained in NIST SP 800-38B, this can be computed: - * If MSB(p) = 0, then p = (p << 1) - * If MSB(p) = 1, then p = (p << 1) ^ R_n - * with R_64 = 0x1B and R_128 = 0x87 * - * Input and output MUST not point to the same buffer + * If MSB(p) = 0, then p = (p << 1) + * If MSB(p) = 1, then p = (p << 1) ^ R_n + * with R_64 = 0x1B and R_128 = 0x87 + * + * Input and output MUST NOT point to the same buffer * Block size must be 8 byes or 16 bytes. */ static int cmac_multiply_by_u( unsigned char *output, @@ -85,22 +92,22 @@ static int cmac_multiply_by_u( unsigned char *output, const unsigned char R_64 = 0x1B; unsigned char R_n, mask; unsigned char overflow = 0x00; - int i, starting_index; - - starting_index = blocksize -1; + int i; if( blocksize == 16 ) { R_n = R_128; - } else if( blocksize == 8 ) + } + else if( blocksize == 8 ) { R_n = R_64; - } else + } + else { - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - for( i = starting_index; i >= 0; i-- ) + for( i = blocksize - 1; i >= 0; i-- ) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; @@ -108,6 +115,7 @@ static int cmac_multiply_by_u( unsigned char *output, /* mask = ( input[0] >> 7 ) ? 0xff : 0x00 * using bit operations to avoid branches */ + /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ #if defined(_MSC_VER) @@ -119,104 +127,53 @@ static int cmac_multiply_by_u( unsigned char *output, #pragma warning( pop ) #endif - output[starting_index] ^= R_n & mask; + output[ blocksize - 1 ] ^= R_n & mask; + return( 0 ); } /* * Generate subkeys + * + * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm */ -static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) +static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, + unsigned char* K1, unsigned char* K2 ) { int ret; - unsigned char *L; + unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; size_t olen, block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; + mbedtls_zeroize( L, sizeof( L ) ); + + block_size = ctx->cipher_info->block_size; - L = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( L == NULL ) - { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; - goto exit; - } /* Calculate Ek(0) */ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, - L, block_size, L, &olen ) ) != 0 ) - { + if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 ) goto exit; - } /* * Generate K1 and K2 */ - if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 ) + if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 ) goto exit; - if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 ) - goto exit; - - exit: - if( L != NULL ) - mbedtls_zeroize( L, sizeof( L ) ); - mbedtls_free( L ); - return( ret ); -} - -/* - * Set key and prepare context for use - */ -int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ - int ret; - const mbedtls_cipher_info_t *cipher_info; - - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CMAC_BAD_INPUT ); - - mbedtls_cipher_free( &ctx->cipher_ctx ); - - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); - } - - ctx->K1 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); - ctx->K2 = mbedtls_calloc( cipher_info->block_size, sizeof( unsigned char ) ); + if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 ) + goto exit; - if( ctx->K1 == NULL || ctx->K2 == NULL ) - { - mbedtls_free(ctx->K1); - mbedtls_free(ctx->K2); - return( MBEDTLS_ERR_CMAC_ALLOC_FAILED ); - } +exit: + mbedtls_zeroize( L, sizeof( L ) ); - return( cmac_generate_subkeys( ctx ) ); + return( ret ); } -/* - * Free context - */ -void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) +static void cmac_xor_block(unsigned char *output, const unsigned char *input1, + const unsigned char *input2, const size_t block_size ) { - int block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; - mbedtls_cipher_free( &ctx->cipher_ctx ); - - if( ctx->K1 != NULL ) - mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) ); - if( ctx->K2 != NULL ) - mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) ); - mbedtls_free( ctx->K1 ); - mbedtls_free( ctx->K2 ); + size_t index; + + for( index = 0; index < block_size; index++ ) + output[ index ] = input1[ index ] ^ input2[ index ]; } /* @@ -243,154 +200,266 @@ static void cmac_pad( unsigned char padded_block[16], } } -/* - * XOR Block - * Here, macro results in smaller compiled code than static inline function - */ -#define XOR_BLOCK( o, i1, i2 ) \ - for( i = 0; i < block_size; i++ ) \ - ( o )[i] = ( i1 )[i] ^ ( i2 )[i]; +int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keylen ) +{ + mbedtls_cipher_type_t type; + mbedtls_cmac_context_t *cmac_ctx; + unsigned int block_size; + int retval; -/* - * Update the CMAC state using an input block - */ -#define UPDATE_CMAC( x ) \ -do { \ - XOR_BLOCK( state, ( x ), state ); \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, \ - state, block_size, \ - state, &olen ) ) != 0 ) \ - { \ - goto exit; \ - } \ -} while( 0 ) + if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); -/* - * Generate tag on complete message - */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - unsigned char *tag, size_t tag_len ) + if( ( retval = mbedtls_cipher_setkey( ctx, key, keylen, + MBEDTLS_ENCRYPT ) ) != 0 ) + return( retval ); + + block_size = ctx->cipher_info->block_size; + type = ctx->cipher_info->type; + + switch( type ) + { + case MBEDTLS_CIPHER_AES_128_ECB: + case MBEDTLS_CIPHER_AES_192_ECB: + case MBEDTLS_CIPHER_AES_256_ECB: + case MBEDTLS_CIPHER_DES_EDE3_ECB: + break; + default: + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } + + /* Allocated and initialise in the cipher context memory for the CMAC + * context */ + cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) ); + if( cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + + ctx->cmac_ctx = cmac_ctx; + + mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + cmac_ctx->padding_flag = 1; + + return 0; +} + +int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen ) { + mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - unsigned char *M_last; - int n, j, ret, needs_padding; - size_t olen, block_size, i; + int n, j, ret = 0; + size_t olen, block_size; - ret = 0; - block_size = ctx->cipher_ctx.cipher_info->block_size; + if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || + ctx->cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - state = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - M_last = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + cmac_ctx = ctx->cmac_ctx; + block_size = ctx->cipher_info->block_size; + state = ctx->cmac_ctx->state; - if( state == NULL || M_last == NULL ) + /* Is their data still to process from the last call, that's equal to + * or greater than a block? */ + if( cmac_ctx->unprocessed_len > 0 && + ilen + cmac_ctx->unprocessed_len > block_size ) { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; - goto exit; + memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + block_size - cmac_ctx->unprocessed_len ); + + cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size ); + + if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, + &olen ) ) != 0 ) + { + goto exit; + } + + ilen -= block_size; + input += cmac_ctx->unprocessed_len; + + cmac_ctx->unprocessed_len = 0; } - if( tag_len < 2 || tag_len > block_size || tag_len % 2 != 0 ) + /* n is the number of blocks including any final partial block */ + n = ( ilen + block_size - 1 ) / block_size; + + /* Iterate across the input data in block sized chunks */ + for( j = 0; j < n - 1; j++ ) { - ret = MBEDTLS_ERR_CMAC_BAD_INPUT; - goto exit; + //char *ptr = input + block_size * j ; + cmac_xor_block( state, input, state, block_size ); + + if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, + &olen ) ) != 0 ) + goto exit; + + ilen -= block_size; + input += block_size; + + cmac_ctx->padding_flag = 0; } - if( in_len == 0 ) - needs_padding = 1; - else - needs_padding = in_len % block_size != 0; + /* If there is data left over that wasn't aligned to a block */ + if( ilen > 0 ) + { + memcpy( &cmac_ctx->unprocessed_block, input, ilen ); + cmac_ctx->unprocessed_len = ilen; + + if( ilen % block_size > 0 ) + cmac_ctx->padding_flag = 1; + else + cmac_ctx->padding_flag = 0; + } + +exit: + return( ret ); +} + +int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, + unsigned char *output ) +{ + mbedtls_cmac_context_t* cmac_ctx; + unsigned char *state; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + int ret; + size_t olen, block_size; + + if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || + output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - n = in_len / block_size + needs_padding; + cmac_ctx = ctx->cmac_ctx; + block_size = ctx->cipher_info->block_size; + state = cmac_ctx->state; + + mbedtls_zeroize( K1, sizeof(K1) ); + mbedtls_zeroize( K2, sizeof(K2) ); + cmac_generate_subkeys( ctx, K1, K2 ); + +// mbedtls_zeroize( M_last, sizeof(M_last) ); +// if( cmac_ctx->unprocessed_len > 0 ) +// needs_padding = 1; + + unsigned char *last_block = cmac_ctx->unprocessed_block; + //unsigned char *M_last = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( needs_padding ) + if( cmac_ctx->padding_flag ) { - cmac_pad( M_last, block_size, input + block_size * ( n - 1 ), in_len % block_size ); - XOR_BLOCK( M_last, M_last, ctx->K2 ); + cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); + cmac_xor_block( M_last, M_last, K2, block_size ); } else { /* Last block is complete block */ - XOR_BLOCK( M_last, input + block_size * ( n - 1 ), ctx->K1 ); + cmac_xor_block( M_last, last_block, K1, block_size ); } - for( j = 0; j < n - 1; j++ ) - UPDATE_CMAC( input + block_size * j ); - UPDATE_CMAC( M_last ); + cmac_xor_block( state, M_last, state, block_size ); + if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, + &olen ) ) != 0 ) + { + goto exit; + } - memcpy( tag, state, tag_len ); - exit: - mbedtls_free( state ); - mbedtls_free( M_last ); - return( ret ); + + memcpy( output, state, block_size ); + +exit: + /* Wipe the generated keys on the stack, and any other transients to avoid + * side channel leakage */ + mbedtls_zeroize( K1, sizeof(K1) ); + mbedtls_zeroize( K2, sizeof(K2) ); + + cmac_ctx->unprocessed_len = 0; + mbedtls_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_len ) ); + + mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE ); + return( ret ); } -#undef XOR_BLOCK -#undef UPDATE_CMAC +int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) +{ + mbedtls_cmac_context_t* cmac_ctx; -/* - * Verify tag on complete message - */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, - const unsigned char *input, size_t in_len, - const unsigned char *tag, size_t tag_len ) + if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cmac_ctx = ctx->cmac_ctx; + + /* Reset the internal state */ + cmac_ctx->unprocessed_len = 0; + mbedtls_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_len ) ); + + cmac_ctx->padding_flag = 1; + + return( 0 ); +} + +int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) { + mbedtls_cipher_context_t ctx; int ret; - unsigned char *check_tag; - unsigned char i; - int diff; - check_tag = mbedtls_calloc( ctx->cipher_ctx.cipher_info->block_size, - sizeof( unsigned char ) ); - if( check_tag == NULL ) - { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; - goto exit; - } + if( cipher_info == NULL || key == NULL || input == NULL || output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( ret = mbedtls_cmac_generate( ctx, input, in_len, - check_tag, tag_len ) ) != 0 ) - { + mbedtls_cipher_init( &ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) goto exit; - } - /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) - diff |= tag[i] ^ check_tag[i]; + ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( diff != 0 ) - { - ret = MBEDTLS_ERR_CMAC_VERIFY_FAILED; + if( ret != 0 ) goto exit; - } - else - { - ret = 0; + // Are we leaking here? Should we reset or free? + + ret = mbedtls_cipher_cmac_update( &ctx, input, ilen ); + if( ret != 0 ) goto exit; - } - exit: - mbedtls_free( check_tag ); - return( ret ); -} + mbedtls_cipher_cmac_finish( &ctx, output ); + if( ret != 0 ) + goto exit; +exit: + return( ret ); +} #ifdef MBEDTLS_AES_C + /* +// TODO - clean up comments * PRF based on CMAC with AES-128 * See RFC 4615 */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, - unsigned char tag[16] ) + unsigned char *output ) { int ret; - mbedtls_cmac_context ctx; + const mbedtls_cipher_info_t *cipher_info; unsigned char zero_key[16]; unsigned char int_key[16]; - mbedtls_cmac_init(&ctx ); + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + if( cipher_info == NULL ) + { + /* Failing at this point must be due to a build issue */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + goto exit; + } if( key_length == 16 ) { @@ -399,32 +468,21 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } else { - mbedtls_cmac_context zero_ctx; - - /* Key is AES_CMAC( 0, key ) */ - mbedtls_cmac_init( &zero_ctx ); memset( zero_key, 0, 16 ); - ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES, - zero_key, 8 * sizeof( zero_key ) ); - if( ret != 0 ) - goto exit; - ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); + ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key, + key_length, int_key ); if( ret != 0 ) goto exit; } - ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - int_key, 8 * sizeof( int_key ) ); - if( ret != 0 ) - goto exit; + ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len, + output ); - ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 ); +exit: + mbedtls_zeroize( int_key, sizeof( int_key ) ); - exit: - mbedtls_zeroize( int_key, sizeof( int_key ) ); - mbedtls_cmac_free( &ctx ); - return( ret ); + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -439,6 +497,8 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, #define NB_CMAC_TESTS_PER_KEY 4 #define NB_PRF_TESTS 3 + +// TODO - should use a value somewhere else #define AES_BLOCK_SIZE 16 #define DES3_BLOCK_SIZE 8 @@ -680,43 +740,104 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ +static int cmac_test_subkeys( int verbose, + const char* testname, + const unsigned char* key, + int keybits, + const unsigned char* subkeys, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests ) +{ + int i, ret; + mbedtls_cipher_context_t ctx; + const mbedtls_cipher_info_t *cipher_info; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + if( cipher_info == NULL ) + { + /* Failing at this point must be due to a build issue */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + goto exit; + } + + for( i = 0; i < num_tests; i++ ) + { + if( verbose != 0 ) + mbedtls_printf( " %s CMAC subkey #%u: ", testname, i +1 ); + + mbedtls_cipher_init( &ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "test execution failed\n" ); + + goto exit; + } + + if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "test execution failed\n" ); + + goto exit; + } + + ret = cmac_generate_subkeys( &ctx, K1, K2 ); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; + } + + if( ( ret = memcmp( K1, subkeys, block_size ) != 0 ) || + ( ret = memcmp( K2, &subkeys[block_size], block_size ) != 0 ) ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + goto exit; + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + +exit: + return( ret ); +} + static inline int cmac_test_wth_cipher( int verbose, const char* testname, const unsigned char* key, int keybits, const unsigned char* messages, const unsigned int message_lengths[4], - const unsigned char* subkeys, const unsigned char* expected_result, - mbedtls_cipher_id_t cipher_id, - int block_size ) + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests ) { - const int num_tests = 4; - mbedtls_cmac_context ctx; + const mbedtls_cipher_info_t *cipher_info; int i, ret; - unsigned char* tag; + unsigned char* output; - tag = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( tag == NULL ) + output = mbedtls_calloc( block_size, sizeof( unsigned char ) ); + if( output == NULL ) { - ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED; + ret = MBEDTLS_ERR_CIPHER_ALLOC_FAILED; goto exit; } - mbedtls_cmac_init( &ctx ); - - if( ( ret = mbedtls_cmac_setkey( &ctx, cipher_id, key, keybits ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CMAC: setup failed\n" ); - goto exit; - } - - if( ( ret = memcmp( ctx.K1, subkeys, block_size ) != 0 ) || - ( ret = memcmp( ctx.K2, &subkeys[block_size], block_size ) != 0 ) ) + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + if( cipher_info == NULL ) { - if( verbose != 0 ) - mbedtls_printf( " CMAC: subkey generation failed\n" ); + /* Failing at this point must be due to a build issue */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto exit; } @@ -725,34 +846,28 @@ static inline int cmac_test_wth_cipher( int verbose, if( verbose != 0 ) mbedtls_printf( " %s CMAC #%u: ", testname, i +1 ); - if( ( ret = mbedtls_cmac_generate( &ctx, messages, message_lengths[i], tag, block_size ) ) != 0 ) + if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, + message_lengths[i], output ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); goto exit; } - if( ( ret = memcmp( tag, &expected_result[i * block_size], block_size ) ) != 0 ) + if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); goto exit; } - if( ( ret = mbedtls_cmac_verify( &ctx, messages, message_lengths[i], &expected_result[i * block_size], block_size ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - goto exit; - } - if( verbose != 0 ) mbedtls_printf( "passed\n" ); } - exit: - mbedtls_free( tag ); - mbedtls_cmac_free( &ctx ); - return( ret ); +exit: + mbedtls_free( output ); + + return( ret ); } #ifdef MBEDTLS_AES_C @@ -760,14 +875,16 @@ static inline int test_aes128_cmac_prf( int verbose ) { int i; int ret; - unsigned char tag[16]; + unsigned char output[16]; + for( i = 0; i < NB_PRF_TESTS; i++ ) { mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); - ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, tag ); + ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); if( ret != 0 || - memcmp( tag, PRFT[i], 16 ) != 0 ) + memcmp( output, PRFT[i], 16 ) != 0 ) { + if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -784,18 +901,45 @@ static inline int test_aes128_cmac_prf( int verbose ) int mbedtls_cmac_self_test( int verbose ) { int ret; - + #ifdef MBEDTLS_AES_C + + /* AES-128 */ + if( ( ret = cmac_test_subkeys( verbose, + "AES 128", + aes_128_key, + 128, + (const unsigned char*) aes_128_subkeys, + MBEDTLS_CIPHER_AES_128_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + if( ( ret = cmac_test_wth_cipher( verbose, "AES 128", aes_128_key, 128, test_message, aes_message_lengths, - (const unsigned char*) aes_128_subkeys, (const unsigned char*) aes_128_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_AES_128_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + + /* AES-192 */ + if( ( ret = cmac_test_subkeys( verbose, + "AES 192", + aes_192_key, + 192, + (const unsigned char*) aes_192_subkeys, + MBEDTLS_CIPHER_AES_192_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } @@ -806,54 +950,97 @@ int mbedtls_cmac_self_test( int verbose ) 192, test_message, aes_message_lengths, - (const unsigned char*) aes_192_subkeys, (const unsigned char*) aes_192_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_AES_192_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { +mbedtls_printf("ret = %x\n", ret); + return( ret ); + } + + /* AES-256 */ + if( ( ret = cmac_test_subkeys( verbose, + "AES 256", + aes_256_key, + 256, + (const unsigned char*) aes_256_subkeys, + MBEDTLS_CIPHER_AES_256_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } - if( ( ret = cmac_test_wth_cipher ( verbose, + if( ( ret = cmac_test_wth_cipher ( verbose, "AES 256", aes_256_key, 256, test_message, aes_message_lengths, - (const unsigned char*) aes_256_subkeys, (const unsigned char*) aes_256_expected_result, - MBEDTLS_CIPHER_ID_AES, - AES_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_AES_256_ECB, + AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } #endif /* MBEDTLS_AES_C */ #ifdef MBEDTLS_DES_C + /* 3DES 2 key */ + if( ( ret = cmac_test_subkeys( verbose, + "3DES 2 key", + des3_2key_key, + 192, + (const unsigned char*) des3_2key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + + + if( ( ret = cmac_test_wth_cipher( verbose, "3DES 2 key", des3_2key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_2key_subkeys, (const unsigned char*) des3_2key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + { + return( ret ); + } + + /* 3DES 3 key */ + if( ( ret = cmac_test_subkeys( verbose, + "3DES 3 key", + des3_3key_key, + 192, + (const unsigned char*) des3_3key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } + if( ( ret = cmac_test_wth_cipher( verbose, "3DES 3 key", des3_3key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_3key_subkeys, (const unsigned char*) des3_3key_expected_result, - MBEDTLS_CIPHER_ID_3DES, - DES3_BLOCK_SIZE ) !=0 ) ) + MBEDTLS_CIPHER_DES_EDE3_ECB, + DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) !=0 ) ) { return( ret ); } diff --git a/library/error.c b/library/error.c index 7ec8420e97b4..e7b521bc758d 100644 --- a/library/error.c +++ b/library/error.c @@ -582,15 +582,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CMAC_C) - if( use_ret == -(MBEDTLS_ERR_CMAC_BAD_INPUT) ) - mbedtls_snprintf( buf, buflen, "CMAC - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_CMAC_VERIFY_FAILED) ) - mbedtls_snprintf( buf, buflen, "CMAC - Verification failed" ); - if( use_ret == -(MBEDTLS_ERR_CMAC_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "CMAC - Failed to allocate memory" ); -#endif /* MBEDTLS_CMAC_C */ - #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); From 937fddbfcb29fe886dc1a2b7ab3f93165dcf1760 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:13:31 +0100 Subject: [PATCH 222/272] Introduce a CMAC specific test suite --- tests/Makefile | 5 ++++ tests/suites/test_suite_cmac.data | 27 +++++++++++++++++++ tests/suites/test_suite_cmac.function | 37 +++++++++++++++++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 tests/suites/test_suite_cmac.data create mode 100644 tests/suites/test_suite_cmac.function diff --git a/tests/Makefile b/tests/Makefile index b86702c34511..23c68ec8679a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -50,6 +50,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \ + test_suite_cmac$(EXEXT) \ test_suite_cipher.aes$(EXEXT) \ test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \ test_suite_cipher.gcm$(EXEXT) \ @@ -236,6 +237,10 @@ test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data new file mode 100644 index 000000000000..a913ffdd8ec9 --- /dev/null +++ b/tests/suites/test_suite_cmac.data @@ -0,0 +1,27 @@ +CMAC self test +mbedtls_cmac_self_test: + +CMAC init #1 AES-128: OK +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:128:0 + +CMAC init #2 AES-192: OK +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_192_ECB:192:0 + +CMAC init #3 AES-256: OK +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_256_ECB:256:0 + +CMAC init #4 3DES : OK +depends_on:MBEDTLS_DES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_DES_EDE3_ECB:192:0 + +CMAC init #5 AES-224: bad key size +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #6 Camellia: wrong cipher +depends_on:MBEDTLS_CAMELLIA_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function new file mode 100644 index 000000000000..81a5a0aaa27c --- /dev/null +++ b/tests/suites/test_suite_cmac.function @@ -0,0 +1,37 @@ +/* BEGIN_HEADER */ +#include "mbedtls/cipher.h" +#include "mbedtls/cmac.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_CMAC_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +void mbedtls_cmac_self_test( ) +{ + TEST_ASSERT( mbedtls_cmac_self_test( 1 ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_cmac_setkey( int cipher_type, int key_size, + int result ) +{ + const mbedtls_cipher_info_t *cipher_info; + unsigned char key[32]; + unsigned char buf[16]; + unsigned char tmp[16]; + + memset( key, 0x2A, sizeof( key ) ); + TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) ); + + TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) + != NULL ); + + TEST_ASSERT( result == mbedtls_cipher_cmac( cipher_info, key, key_size, + buf, 16, tmp ) != 0 ); +} +/* END_CASE */ + From 32bb5af7e167e5e31d54d7537e66e044b7f319dd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:14:19 +0100 Subject: [PATCH 223/272] Add CMAC functions to the benchmark sample application --- programs/test/benchmark.c | 69 +++++++++++++++++++++++++++++++++++---- 1 file changed, 63 insertions(+), 6 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 8ab32f677905..86b84250ac95 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1,7 +1,7 @@ /* * Benchmark demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -61,6 +61,7 @@ int main( void ) #include "mbedtls/camellia.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" +#include "mbedtls/cmac.h" #include "mbedtls/havege.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/hmac_drbg.h" @@ -92,7 +93,8 @@ int main( void ) #define OPTIONS \ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \ - "arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\n" \ + "arc4, des3, des, camellia, blowfish,\n" \ + "aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n" \ "havege, ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" @@ -234,7 +236,9 @@ unsigned char buf[BUFSIZE]; typedef struct { char md4, md5, ripemd160, sha1, sha256, sha512, - arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish, + arc4, des3, des, + aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac, + camellia, blowfish, havege, ctr_drbg, hmac_drbg, rsa, dhm, ecdsa, ecdh; } todo_list; @@ -283,6 +287,10 @@ int main( int argc, char *argv[] ) todo.aes_gcm = 1; else if( strcmp( argv[i], "aes_ccm" ) == 0 ) todo.aes_ccm = 1; + else if( strcmp( argv[i], "aes_cmac" ) == 0 ) + todo.aes_cmac = 1; + else if( strcmp( argv[i], "des3_cmac" ) == 0 ) + todo.des3_cmac = 1; else if( strcmp( argv[i], "camellia" ) == 0 ) todo.camellia = 1; else if( strcmp( argv[i], "blowfish" ) == 0 ) @@ -358,7 +366,8 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_DES_C) && defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_DES_C) +#if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.des3 ) { mbedtls_des3_context des3; @@ -378,7 +387,25 @@ int main( int argc, char *argv[] ) mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des_free( &des ); } -#endif + +#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if defined(MBEDTLS_CMAC_C) + if( todo.des3_cmac ) + { + unsigned char output[8]; + const mbedtls_cipher_info_t *cipher_info; + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB ); + + TIME_AND_TSC( "3DES-CMAC", + mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, + BUFSIZE, output ) ); + } +#endif /* MBEDTLS_CMAC_C */ +#endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -447,7 +474,37 @@ int main( int argc, char *argv[] ) } } #endif -#endif +#if defined(MBEDTLS_CMAC_C) + if( todo.aes_cmac ) + { + unsigned char output[16]; + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_type_t cipher_type; + int keysize; + + for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; + keysize <= 256; + keysize += 64, cipher_type++ ) + { + mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize ); + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + + TIME_AND_TSC( title, + mbedtls_cipher_cmac( cipher_info, tmp, keysize, + buf, BUFSIZE, output ) ); + } + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + TIME_AND_TSC( "AES-CMAC-PRF-128", + mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, output ) ); + } +#endif /* MBEDTLS_CMAC_C */ +#endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.camellia ) From 53b5e9c0a96c2f5c64470f083ac637ba7845a154 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:15:58 +0100 Subject: [PATCH 224/272] Remove CMAC as a separate and independent error group --- include/mbedtls/error.h | 1 - scripts/generate_errors.pl | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 6e3905d864ca..5e549f6b6a78 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -66,7 +66,6 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F - * CMAC 3 0x0011-0x0015 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index dd91151d6059..cfcf07c8f3cf 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -33,7 +33,7 @@ "BASE64", "XTEA", "PBKDF2", "OID", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM", "CMAC" ); + "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", "PK", "PKCS12", "PKCS5" ); From 59b4c888fefd2d817101caa524c43ba1befbc035 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:17:01 +0100 Subject: [PATCH 225/272] Clean up comment formatting in md.h --- include/mbedtls/md.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index b90235533d54..9b996a951bb4 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -304,8 +304,8 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu /** * \brief Output HMAC. * Called after mbedtls_md_hmac_update(). - * Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(), - * or mbedtls_md_free(). + * Usually followed by mbedtls_md_hmac_reset(), + * mbedtls_md_hmac_starts(), or mbedtls_md_free(). * * \param ctx HMAC context * \param output Generic HMAC checksum result @@ -317,7 +317,8 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); /** * \brief Prepare to authenticate a new message with the same key. - * Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update(). + * Called after mbedtls_md_hmac_finish() and before + * mbedtls_md_hmac_update(). * * \param ctx HMAC context to be reset * From e5796c1fbcc65db958d110150e4f53130981adc3 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:17:37 +0100 Subject: [PATCH 226/272] Add CMAC to ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index a10559f8bcf3..2275d6e60c35 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.3.x branch released 2016-xx-xx Features + * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by + NIST SP 800-38B, RFC-4493 and RFC-4615. * Added hardware entropy selftest to verify that the hardware entropy source is functioning correctly. * Added a script to print build environment info for diagnostic use in test From 8a1a68cb2bd92717befcac6eafb03d1acdbb0999 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 14:39:15 +0100 Subject: [PATCH 227/272] Regenerate error.c file to remove CMAC --- library/error.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/error.c b/library/error.c index e7b521bc758d..71d4faa7080f 100644 --- a/library/error.c +++ b/library/error.c @@ -69,10 +69,6 @@ #include "mbedtls/cipher.h" #endif -#if defined(MBEDTLS_CMAC_C) -#include "mbedtls/cmac.h" -#endif - #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif From 08e890004c0fb6b255f6547d7ed195e90be86360 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 15:12:59 +0100 Subject: [PATCH 228/272] Fix naming in cmac.h to comply with check-names.sh --- include/mbedtls/cmac.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index ceeb20addadf..6d531dddb56d 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -37,9 +37,10 @@ extern "C" { #endif /** - * \brief CMAC context structure + * CMAC context structure - Contains internal state information only */ -typedef struct mbedtls_cmac_context_t { +struct mbedtls_cmac_context_t +{ /** Internal state of the CMAC algorithm */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; @@ -53,8 +54,7 @@ typedef struct mbedtls_cmac_context_t { /** Flag to indicate if the last block needs padding */ int padding_flag; -} -mbedtls_cmac_context_t; +}; /** * \brief Set the CMAC key and prepare to authenticate the input From 5805fbedcb95b0668af4a0505be67727f77da2bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 5 Oct 2016 15:33:53 +0100 Subject: [PATCH 229/272] Fix CMAC interface for doxygen Parameters didn't match the function definition. --- include/mbedtls/cmac.h | 2 +- library/cmac.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 6d531dddb56d..71f7ab43ac25 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -69,7 +69,7 @@ struct mbedtls_cmac_context_t * \return 0 if successful, or a cipher specific error code */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keylen ); + const unsigned char *key, size_t keybits ); /** * \brief Generic CMAC process buffer. diff --git a/library/cmac.c b/library/cmac.c index 1eb1c1074db9..5a6206ea9d08 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -201,7 +201,7 @@ static void cmac_pad( unsigned char padded_block[16], } int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keylen ) + const unsigned char *key, size_t keybits ) { mbedtls_cipher_type_t type; mbedtls_cmac_context_t *cmac_ctx; @@ -211,7 +211,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - if( ( retval = mbedtls_cipher_setkey( ctx, key, keylen, + if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); From f394e0943180b1e8572c8ce75cbf2d279a04ceff Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 12:49:58 +0100 Subject: [PATCH 230/272] Clean up and minor fixes following review Minor fixes following review including: * formatting changes including indentation and code style * corrections * removal of debug code * clarification of code through variable renaming * memory leak * compiler warnings --- include/mbedtls/check_config.h | 2 +- include/mbedtls/cmac.h | 13 +- include/mbedtls/config.h | 2 +- library/cmac.c | 285 ++++++++++++-------------- tests/suites/test_suite_cmac.function | 2 +- 5 files changed, 140 insertions(+), 164 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8ebe438c034f..fe86c1e8d117 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -78,7 +78,7 @@ #endif #if defined(MBEDTLS_CMAC_C) && \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_DES_C) + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) #error "MBEDTLS_CMAC_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 71f7ab43ac25..d94c015e0274 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -30,10 +30,13 @@ extern "C" { #endif +#define MBEDTLS_AES_BLOCK_SIZE 16 +#define MBEDTLS_DES3_BLOCK_SIZE 8 + #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 16 /* longest known is AES */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE 8 /* longest known is 3DES */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */ #endif /** @@ -43,11 +46,11 @@ struct mbedtls_cmac_context_t { /** Internal state of the CMAC algorithm */ - unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** Unprocessed data - either data that was not block aligned and is still * pending to be processed, or the final block */ - unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** Length of data pending to be processed */ size_t unprocessed_len; @@ -133,7 +136,7 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, const unsigned char *input, size_t ilen, unsigned char *output ); -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /** * \brief AES-CMAC-128-PRF * Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4546d596a2fa..498e5b59857f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1679,7 +1679,7 @@ * * Module: library/cmac.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C + * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C * */ //#define MBEDTLS_CMAC_C diff --git a/library/cmac.c b/library/cmac.c index 5a6206ea9d08..7fc513a45296 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,7 +1,7 @@ /* * \file cmac.c * - * \brief NIST SP800-38B compliant CMAC implementation + * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -63,8 +63,7 @@ defined(MBEDTLS_DES_C) ) #include #define mbedtls_printf printf -#endif /* defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || - * defined(MBEDTLS_DES_C) )*/ +#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ #endif /* MBEDTLS_PLATFORM_C */ /* Implementation that should never be optimized out by the compiler */ @@ -82,7 +81,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * with R_64 = 0x1B and R_128 = 0x87 * * Input and output MUST NOT point to the same buffer - * Block size must be 8 byes or 16 bytes. + * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES. */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, @@ -94,11 +93,11 @@ static int cmac_multiply_by_u( unsigned char *output, unsigned char overflow = 0x00; int i; - if( blocksize == 16 ) + if( blocksize == MBEDTLS_AES_BLOCK_SIZE ) { R_n = R_128; } - else if( blocksize == 8 ) + else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE ) { R_n = R_64; } @@ -141,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, unsigned char* K1, unsigned char* K2 ) { int ret; - unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; mbedtls_zeroize( L, sizeof( L ) ); @@ -167,8 +166,9 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, return( ret ); } -static void cmac_xor_block(unsigned char *output, const unsigned char *input1, - const unsigned char *input2, const size_t block_size ) +static void cmac_xor_block( unsigned char *output, const unsigned char *input1, + const unsigned char *input2, + const size_t block_size ) { size_t index; @@ -182,7 +182,7 @@ static void cmac_xor_block(unsigned char *output, const unsigned char *input1, * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void cmac_pad( unsigned char padded_block[16], +static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], size_t padded_block_len, const unsigned char *last_block, size_t last_block_len ) @@ -205,7 +205,6 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, { mbedtls_cipher_type_t type; mbedtls_cmac_context_t *cmac_ctx; - unsigned int block_size; int retval; if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) @@ -215,7 +214,6 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, MBEDTLS_ENCRYPT ) ) != 0 ) return( retval ); - block_size = ctx->cipher_info->block_size; type = ctx->cipher_info->type; switch( type ) @@ -288,7 +286,6 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* Iterate across the input data in block sized chunks */ for( j = 0; j < n - 1; j++ ) { - //char *ptr = input + block_size * j ; cmac_xor_block( state, input, state, block_size ); if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, @@ -321,10 +318,10 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, unsigned char *output ) { mbedtls_cmac_context_t* cmac_ctx; - unsigned char *state; - unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; - unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; - unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char *state, *last_block; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX]; int ret; size_t olen, block_size; @@ -336,16 +333,11 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_zeroize( K1, sizeof(K1) ); - mbedtls_zeroize( K2, sizeof(K2) ); + mbedtls_zeroize( K1, sizeof( K1 ) ); + mbedtls_zeroize( K2, sizeof( K2 ) ); cmac_generate_subkeys( ctx, K1, K2 ); -// mbedtls_zeroize( M_last, sizeof(M_last) ); -// if( cmac_ctx->unprocessed_len > 0 ) -// needs_padding = 1; - - unsigned char *last_block = cmac_ctx->unprocessed_block; - //unsigned char *M_last = cmac_ctx->unprocessed_block; + last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ if( cmac_ctx->padding_flag ) @@ -367,21 +359,20 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, goto exit; } - - memcpy( output, state, block_size ); exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_zeroize( K1, sizeof(K1) ); - mbedtls_zeroize( K2, sizeof(K2) ); + mbedtls_zeroize( K1, sizeof( K1 ) ); + mbedtls_zeroize( K2, sizeof( K2 ) ); + cmac_ctx->padding_flag = 1; cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_len ) ); + sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE ); + mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); return( ret ); } @@ -398,7 +389,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, sizeof( cmac_ctx->unprocessed_len ) ); - + mbedtls_zeroize( cmac_ctx->state, MBEDTLS_CIPHER_BLKSIZE_MAX ); cmac_ctx->padding_flag = 1; return( 0 ); @@ -421,28 +412,24 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, goto exit; ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( ret != 0 ) goto exit; - // Are we leaking here? Should we reset or free? ret = mbedtls_cipher_cmac_update( &ctx, input, ilen ); if( ret != 0 ) goto exit; - mbedtls_cipher_cmac_finish( &ctx, output ); - if( ret != 0 ) - goto exit; + ret = mbedtls_cipher_cmac_finish( &ctx, output ); exit: + mbedtls_cipher_free( &ctx ); + return( ret ); } -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /* -// TODO - clean up comments - * PRF based on CMAC with AES-128 - * See RFC 4615 + * Implementation of AES-CMAC-PRF-128 defined in RFC 4615 */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, @@ -450,8 +437,11 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, { int ret; const mbedtls_cipher_info_t *cipher_info; - unsigned char zero_key[16]; - unsigned char int_key[16]; + unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; + unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; + + if( key == NULL || input == NULL || output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); if( cipher_info == NULL ) @@ -461,14 +451,14 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, goto exit; } - if( key_length == 16 ) + if( key_length == MBEDTLS_AES_BLOCK_SIZE ) { /* Use key as is */ - memcpy( int_key, key, 16 ); + memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE ); } else { - memset( zero_key, 0, 16 ); + memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE ); ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key, key_length, int_key ); @@ -486,7 +476,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, } #endif /* MBEDTLS_AES_C */ -#ifdef MBEDTLS_SELF_TEST +#if defined(MBEDTLS_SELF_TEST) /* * CMAC test data from SP800-38B Appendix D.1 (corrected) * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf @@ -498,10 +488,6 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, #define NB_CMAC_TESTS_PER_KEY 4 #define NB_PRF_TESTS 3 -// TODO - should use a value somewhere else -#define AES_BLOCK_SIZE 16 -#define DES3_BLOCK_SIZE 8 - #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) /* All CMAC test inputs are truncated from the same 64 byte buffer. */ static const unsigned char test_message[] = { @@ -514,11 +500,9 @@ static const unsigned char test_message[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; +#endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */ - -#endif /* defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) */ - -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /* Truncation point of message for AES CMAC tests */ static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, @@ -532,7 +516,7 @@ static const unsigned char aes_128_key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; -static const unsigned char aes_128_subkeys[2][AES_BLOCK_SIZE] = { +static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde @@ -542,7 +526,7 @@ static const unsigned char aes_128_subkeys[2][AES_BLOCK_SIZE] = { 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; -static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { +static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 @@ -567,7 +551,7 @@ static const unsigned char aes_192_key[24] = { 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; -static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { +static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 @@ -577,7 +561,7 @@ static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; -static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { +static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 @@ -603,7 +587,7 @@ static const unsigned char aes_256_key[32] = { 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; -static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { +static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { { 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f @@ -613,7 +597,7 @@ static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 } }; -static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BLOCK_SIZE] = { +static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { { 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 @@ -633,7 +617,7 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL }; #endif /* MBEDTLS_AES_C */ -#ifdef MBEDTLS_DES_C +#if defined(MBEDTLS_DES_C) /* Truncation point of message for 3DES CMAC tests */ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { 0, @@ -656,7 +640,7 @@ static const unsigned char des3_2key_subkeys[2][8] = { 0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 } }; -static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { 0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 }, @@ -685,7 +669,7 @@ static const unsigned char des3_3key_subkeys[2][8] = { 0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 } }; -static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3_BLOCK_SIZE] = { +static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { { 0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 }, @@ -702,7 +686,7 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3 #endif /* MBEDTLS_DES_C */ -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) /* AES AES-CMAC-PRF-128 Test Data */ static const unsigned char PRFK[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -752,23 +736,22 @@ static int cmac_test_subkeys( int verbose, int i, ret; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; - unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; - unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX_SIZE]; + unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; cipher_info = mbedtls_cipher_info_from_type( cipher_type ); if( cipher_info == NULL ) { /* Failing at this point must be due to a build issue */ - ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - goto exit; + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } + mbedtls_cipher_init( &ctx ); + for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " %s CMAC subkey #%u: ", testname, i +1 ); - - mbedtls_cipher_init( &ctx ); + mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) { @@ -808,30 +791,25 @@ static int cmac_test_subkeys( int verbose, } exit: + mbedtls_cipher_free( &ctx ); + return( ret ); } -static inline int cmac_test_wth_cipher( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* expected_result, - mbedtls_cipher_type_t cipher_type, - int block_size, - int num_tests ) +static int cmac_test_wth_cipher( int verbose, + const char* testname, + const unsigned char* key, + int keybits, + const unsigned char* messages, + const unsigned int message_lengths[4], + const unsigned char* expected_result, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests ) { const mbedtls_cipher_info_t *cipher_info; int i, ret; - unsigned char* output; - - output = mbedtls_calloc( block_size, sizeof( unsigned char ) ); - if( output == NULL ) - { - ret = MBEDTLS_ERR_CIPHER_ALLOC_FAILED; - goto exit; - } + unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; cipher_info = mbedtls_cipher_info_from_type( cipher_type ); if( cipher_info == NULL ) @@ -864,32 +842,32 @@ static inline int cmac_test_wth_cipher( int verbose, if( verbose != 0 ) mbedtls_printf( "passed\n" ); } -exit: - mbedtls_free( output ); +exit: return( ret ); } -#ifdef MBEDTLS_AES_C -static inline int test_aes128_cmac_prf( int verbose ) +#if defined(MBEDTLS_AES_C) +static int test_aes128_cmac_prf( int verbose ) { int i; int ret; - unsigned char output[16]; + unsigned char output[MBEDTLS_AES_BLOCK_SIZE]; for( i = 0; i < NB_PRF_TESTS; i++ ) { mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); if( ret != 0 || - memcmp( output, PRFT[i], 16 ) != 0 ) + memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); return( ret ); - } else if( verbose != 0 ) + } + else if( verbose != 0 ) { mbedtls_printf( "passed\n" ); } @@ -902,17 +880,16 @@ int mbedtls_cmac_self_test( int verbose ) { int ret; -#ifdef MBEDTLS_AES_C - +#if defined(MBEDTLS_AES_C) /* AES-128 */ if( ( ret = cmac_test_subkeys( verbose, - "AES 128", - aes_128_key, - 128, - (const unsigned char*) aes_128_subkeys, - MBEDTLS_CIPHER_AES_128_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "AES 128", + aes_128_key, + 128, + (const unsigned char*)aes_128_subkeys, + MBEDTLS_CIPHER_AES_128_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } @@ -923,23 +900,23 @@ int mbedtls_cmac_self_test( int verbose ) 128, test_message, aes_message_lengths, - (const unsigned char*) aes_128_expected_result, + (const unsigned char*)aes_128_expected_result, MBEDTLS_CIPHER_AES_128_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } /* AES-192 */ if( ( ret = cmac_test_subkeys( verbose, - "AES 192", - aes_192_key, - 192, - (const unsigned char*) aes_192_subkeys, - MBEDTLS_CIPHER_AES_192_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "AES 192", + aes_192_key, + 192, + (const unsigned char*)aes_192_subkeys, + MBEDTLS_CIPHER_AES_192_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } @@ -950,103 +927,99 @@ int mbedtls_cmac_self_test( int verbose ) 192, test_message, aes_message_lengths, - (const unsigned char*) aes_192_expected_result, + (const unsigned char*)aes_192_expected_result, MBEDTLS_CIPHER_AES_192_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { -mbedtls_printf("ret = %x\n", ret); return( ret ); } /* AES-256 */ if( ( ret = cmac_test_subkeys( verbose, - "AES 256", - aes_256_key, - 256, - (const unsigned char*) aes_256_subkeys, - MBEDTLS_CIPHER_AES_256_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "AES 256", + aes_256_key, + 256, + (const unsigned char*)aes_256_subkeys, + MBEDTLS_CIPHER_AES_256_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } - if( ( ret = cmac_test_wth_cipher ( verbose, + if( ( ret = cmac_test_wth_cipher ( verbose, "AES 256", aes_256_key, 256, test_message, aes_message_lengths, - (const unsigned char*) aes_256_expected_result, + (const unsigned char*)aes_256_expected_result, MBEDTLS_CIPHER_AES_256_ECB, - AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } #endif /* MBEDTLS_AES_C */ -#ifdef MBEDTLS_DES_C +#if defined(MBEDTLS_DES_C) /* 3DES 2 key */ if( ( ret = cmac_test_subkeys( verbose, - "3DES 2 key", - des3_2key_key, - 192, - (const unsigned char*) des3_2key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "3DES 2 key", + des3_2key_key, + 192, + (const unsigned char*)des3_2key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } - - if( ( ret = cmac_test_wth_cipher( verbose, "3DES 2 key", des3_2key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_2key_expected_result, + (const unsigned char*)des3_2key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } /* 3DES 3 key */ if( ( ret = cmac_test_subkeys( verbose, - "3DES 3 key", - des3_3key_key, - 192, - (const unsigned char*) des3_3key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + "3DES 3 key", + des3_3key_key, + 192, + (const unsigned char*)des3_3key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } - if( ( ret = cmac_test_wth_cipher( verbose, "3DES 3 key", des3_3key_key, 192, test_message, des3_message_lengths, - (const unsigned char*) des3_3key_expected_result, + (const unsigned char*)des3_3key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, - DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) !=0 ) ) + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY ) != 0 ) ) { return( ret ); } #endif /* MBEDTLS_DES_C */ -#ifdef MBEDTLS_AES_C +#if defined(MBEDTLS_AES_C) if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) return( ret ); #endif /* MBEDTLS_AES_C */ diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 81a5a0aaa27c..3b23b521e42f 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -31,7 +31,7 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, != NULL ); TEST_ASSERT( result == mbedtls_cipher_cmac( cipher_info, key, key_size, - buf, 16, tmp ) != 0 ); + buf, 16, tmp ) ); } /* END_CASE */ From ea680197f8cd89e13a9890178b2191bec94cb1d5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 10:27:22 +0100 Subject: [PATCH 231/272] Minor fixes to formatting and compilation conditions --- programs/test/benchmark.c | 11 ++++++----- programs/test/selftest.c | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 86b84250ac95..22a878db510d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -93,14 +93,14 @@ int main( void ) #define OPTIONS \ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \ - "arc4, des3, des, camellia, blowfish,\n" \ + "arc4, des3, des, camellia, blowfish,\n" \ "aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n" \ "havege, ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" #if defined(MBEDTLS_ERROR_C) #define PRINT_ERROR \ - mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ + mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ mbedtls_printf( "FAILED: %s\n", tmp ); #else #define PRINT_ERROR \ @@ -401,8 +401,8 @@ int main( int argc, char *argv[] ) cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB ); TIME_AND_TSC( "3DES-CMAC", - mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, - BUFSIZE, output ) ); + mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, + BUFSIZE, output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_DES_C */ @@ -501,7 +501,8 @@ int main( int argc, char *argv[] ) memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); TIME_AND_TSC( "AES-CMAC-PRF-128", - mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, output ) ); + mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, + output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_AES_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 33f96ea13960..1941ad051203 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -278,7 +278,7 @@ int main( int argc, char *argv[] ) suites_tested++; #endif -#if defined(MBEDTLS_CMAC_C) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_CMAC_C) if( ( mbedtls_cmac_self_test( v ) ) != 0 ) { suites_failed++; From 2127932fb87b94eadfe644a8a380aa7318295a0b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 10:39:49 +0100 Subject: [PATCH 232/272] Fixes following review Fixes issue of not zeroing entire block on reset and conditional compilation. --- library/cmac.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 7fc513a45296..9e4dc892ab29 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -59,8 +59,7 @@ #include #define mbedtls_calloc calloc #define mbedtls_free free -#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || \ - defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_SELF_TEST) #include #define mbedtls_printf printf #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */ @@ -388,8 +387,9 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_len ) ); - mbedtls_zeroize( cmac_ctx->state, MBEDTLS_CIPHER_BLKSIZE_MAX ); + sizeof( cmac_ctx->unprocessed_block )); + mbedtls_zeroize( cmac_ctx->state, + sizeof( cmac_ctx->state ) ); cmac_ctx->padding_flag = 1; return( 0 ); From 8254b6c9f39c6f6b6dea873b10aec9c3ab72c2ed Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 6 Oct 2016 15:23:39 +0100 Subject: [PATCH 233/272] Clean up of formatting, and potential integer overflow fix --- include/mbedtls/cmac.h | 2 +- library/cmac.c | 8 ++++---- programs/test/benchmark.c | 4 ++-- tests/Makefile | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index d94c015e0274..f64ae69b471d 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -48,7 +48,7 @@ struct mbedtls_cmac_context_t /** Internal state of the CMAC algorithm */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; - /** Unprocessed data - either data that was not block aligned and is still + /** Unprocessed data - either data that was not block aligned and is still * pending to be processed, or the final block */ unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; diff --git a/library/cmac.c b/library/cmac.c index 9e4dc892ab29..03d939278a2a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -245,7 +245,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, { mbedtls_cmac_context_t* cmac_ctx; unsigned char *state; - int n, j, ret = 0; + int n, j, ret = 0; size_t olen, block_size; if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || @@ -259,7 +259,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* Is their data still to process from the last call, that's equal to * or greater than a block? */ if( cmac_ctx->unprocessed_len > 0 && - ilen + cmac_ctx->unprocessed_len > block_size ) + ilen > block_size - cmac_ctx->unprocessed_len ) { memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], input, @@ -387,7 +387,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block )); + sizeof( cmac_ctx->unprocessed_block ) ); mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); cmac_ctx->padding_flag = 1; @@ -822,7 +822,7 @@ static int cmac_test_wth_cipher( int verbose, for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " %s CMAC #%u: ", testname, i +1 ); + mbedtls_printf( " %s CMAC #%u: ", testname, i + 1 ); if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, message_lengths[i], output ) ) != 0 ) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 22a878db510d..eb578e73067f 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -494,8 +494,8 @@ int main( int argc, char *argv[] ) cipher_info = mbedtls_cipher_info_from_type( cipher_type ); TIME_AND_TSC( title, - mbedtls_cipher_cmac( cipher_info, tmp, keysize, - buf, BUFSIZE, output ) ); + mbedtls_cipher_cmac( cipher_info, tmp, keysize, + buf, BUFSIZE, output ) ); } memset( buf, 0, sizeof( buf ) ); diff --git a/tests/Makefile b/tests/Makefile index 23c68ec8679a..4787f25085ec 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -50,7 +50,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \ - test_suite_cmac$(EXEXT) \ + test_suite_cmac$(EXEXT) \ test_suite_cipher.aes$(EXEXT) \ test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \ test_suite_cipher.gcm$(EXEXT) \ From 41dba28a2ae9bc7b7d4f1b859ae452f0a437b471 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Oct 2016 19:02:49 +0100 Subject: [PATCH 234/272] Add extra compilation conditions to gen_key.c #559 The sample application programs/pkey/gen_key.c uses the library function mbedtls_pk_write_key_pem() which is dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks. This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c sample application. --- programs/pkey/gen_key.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 63a3aeb98aa0..48126948d85a 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -120,12 +120,14 @@ int dev_random_entropy_poll( void *data, unsigned char *output, USAGE_DEV_RANDOM \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_PEM_WRITE_C" "not defined.\n" ); return( 0 ); } @@ -418,4 +420,6 @@ int main( int argc, char *argv[] ) return( ret ); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && + * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + From eb02fb5ad4c614489cc7226c1c7ba5487d597245 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 11:17:44 +0100 Subject: [PATCH 235/272] Update Changelog for fix #559 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2275d6e60c35..1ed73d9a0cf6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,9 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fixed sample application 'programs/pkey/gen_key.c' for builds where the + configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. + #559. * Fixed default threading implementation to avoid accidental double initialisations and double frees. * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf From ad882673dc31a4fba9c936cdc366d9cd147fc5de Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 12:55:43 +0100 Subject: [PATCH 236/272] Fix bracketing in cmac.c The bracketing in some expressions where an assignment was being made in an if statement in cmac.c had been accidentally broken and was causing compiler warnings with armcc. --- library/cmac.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 03d939278a2a..f755d409f09d 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -778,8 +778,8 @@ static int cmac_test_subkeys( int verbose, goto exit; } - if( ( ret = memcmp( K1, subkeys, block_size ) != 0 ) || - ( ret = memcmp( K2, &subkeys[block_size], block_size ) != 0 ) ) + if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || + ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -889,7 +889,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_128_subkeys, MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -903,7 +903,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_128_expected_result, MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -916,7 +916,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_192_subkeys, MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -930,7 +930,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_192_expected_result, MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -943,7 +943,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_256_subkeys, MBEDTLS_CIPHER_AES_256_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -957,7 +957,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)aes_256_expected_result, MBEDTLS_CIPHER_AES_256_ECB, MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -972,7 +972,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_2key_subkeys, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -986,7 +986,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_2key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -999,7 +999,7 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_3key_subkeys, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } @@ -1013,14 +1013,14 @@ int mbedtls_cmac_self_test( int verbose ) (const unsigned char*)des3_3key_expected_result, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) != 0 ) ) + NB_CMAC_TESTS_PER_KEY ) ) != 0 ) { return( ret ); } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) ) + if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 ) return( ret ); #endif /* MBEDTLS_AES_C */ From e19acd5e79e32533aa87da8dd94e758de07eb26c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 15:00:17 +0100 Subject: [PATCH 237/272] Add extra compilation conditions to X.509 samples The sample applications programs/pkey/cert_req.c and programs/pkey/cert_write.c use the library functions mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks. This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these sample application. --- programs/x509/cert_req.c | 5 +++-- programs/x509/cert_write.c | 11 ++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 5cafb80cd6ec..30df2162ae19 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -34,7 +34,8 @@ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_PEM_WRITE_C) int main( void ) { mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " @@ -341,4 +342,4 @@ int main( int argc, char *argv[] ) return( ret ); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 7907d8221f48..66e5f1dabbf2 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -32,10 +32,11 @@ #define mbedtls_printf printf #endif -#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_PEM_WRITE_C) int main( void ) { mbedtls_printf( "MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " @@ -664,4 +665,4 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - MBEDTLS_ERROR_C */ + MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */ From dcb989293991c3bc58e5a66a149b1b035581ce31 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Oct 2016 15:56:07 +0100 Subject: [PATCH 238/272] Update Changelog for fixes to X.509 sample apps --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ed73d9a0cf6..f03d50769ae5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,9 +31,9 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. - * Fixed sample application 'programs/pkey/gen_key.c' for builds where the - configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. - #559. + * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for + builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found + by inestlerode. #559. * Fixed default threading implementation to avoid accidental double initialisations and double frees. * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf From b93fdddf67b060ac16222f2fc4b5810209156d89 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 10:13:52 +0100 Subject: [PATCH 239/272] Revise Changelog to clarify and add credit --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index f03d50769ae5..9d591bb1e427 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fixed pthread implementation to avoid unintended double initialisations + and double frees. (found by Niklas Amnebratt) * Fixed default threading implementation to avoid accidental double initialisations and double frees. * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf From c61351df7202e16a92e608ded529a85cc7e0fdbe Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 10 Oct 2016 21:37:42 +0100 Subject: [PATCH 240/272] Fix issues in CMAC in repeated updates Successive calls to mbedtls_cipher_cmac_update() which weren't block aligned were failing, which is fixed by this commit. --- library/cmac.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index f755d409f09d..8ea0685b7a6a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -256,8 +256,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = ctx->cmac_ctx->state; - /* Is their data still to process from the last call, that's equal to - * or greater than a block? */ + /* Is there data still to process from the last call, that's greater in + * size than a block? */ if( cmac_ctx->unprocessed_len > 0 && ilen > block_size - cmac_ctx->unprocessed_len ) { @@ -273,9 +273,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, goto exit; } - ilen -= block_size; - input += cmac_ctx->unprocessed_len; - + input += block_size - cmac_ctx->unprocessed_len; + ilen -= block_size - cmac_ctx->unprocessed_len; cmac_ctx->unprocessed_len = 0; } @@ -300,8 +299,10 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* If there is data left over that wasn't aligned to a block */ if( ilen > 0 ) { - memcpy( &cmac_ctx->unprocessed_block, input, ilen ); - cmac_ctx->unprocessed_len = ilen; + memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + ilen ); + cmac_ctx->unprocessed_len += ilen; if( ilen % block_size > 0 ) cmac_ctx->padding_flag = 1; @@ -339,7 +340,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( cmac_ctx->padding_flag ) + if( cmac_ctx->padding_flag && cmac_ctx->unprocessed_len < block_size ) { cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); cmac_xor_block( M_last, M_last, K2, block_size ); From c3db62fd51ae99ae6f6dc10d1f0f2dfa8e790182 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 10 Oct 2016 21:41:03 +0100 Subject: [PATCH 241/272] Extend test coverage of CMAC Expands tests to include NULL tests and successive calls to mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset(). --- tests/suites/test_suite_cmac.data | 39 +++- tests/suites/test_suite_cmac.function | 273 +++++++++++++++++++++++++- 2 files changed, 309 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data index a913ffdd8ec9..70b7609e4898 100644 --- a/tests/suites/test_suite_cmac.data +++ b/tests/suites/test_suite_cmac.data @@ -1,6 +1,9 @@ CMAC self test mbedtls_cmac_self_test: +CMAC null arguments +mbedtls_cmac_null_args: + CMAC init #1 AES-128: OK depends_on:MBEDTLS_AES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:128:0 @@ -21,7 +24,41 @@ CMAC init #5 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -CMAC init #6 Camellia: wrong cipher +CMAC init #6 AES-0: bad key size +depends_on:MBEDTLS_AES_C +mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +CMAC init #7 Camellia: wrong cipher depends_on:MBEDTLS_CAMELLIA_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +CMAC Single Blocks #1 - Empty block, no updates +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746" + +CMAC Single Blocks #2 - Single 16 byte block +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"":-1:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" + +CMAC Single Blocks #3 - Single 64 byte block +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"":-1:"51f0bebf7e3b9d92fc49741779363cfe" + +CMAC Multiple Blocks #1 - Multiple 8 byte blocks +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172a":8:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" + +CMAC Multiple Blocks #2 - Multiple 16 byte blocks +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"ae2d8a571e03ac9c9eb76fac45af8e51":16:"30c81c46a35ce411e5fbc1191a0a52ef":16:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" + +CMAC Multiple Blocks #3 - Multiple variable sized blocks +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172aae2d8a571e03ac9c":16:"9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52ef":24:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" + +CMAC Multiple Blocks #4 - Multiple 8 byte blocks with gaps +mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":0:"6bc1bee22e409f96":8:"":0:"e93d7e117393172a":8:"070a16b46b4d4144f79bdd9dd04a287c" + +CMAC Multiple Operations, same key #1 - Empty, empty +mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367" + +CMAC Multiple Operations, same key #2 - Empty, 64 byte block +mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"a1d5df0eed790f794d77589659f39a11" + +CMAC Multiple Operations, same key #3 - variable byte blocks +mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11" + diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 3b23b521e42f..f452afef40d4 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -15,6 +15,87 @@ void mbedtls_cmac_self_test( ) } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_cmac_null_args( ) +{ + mbedtls_cipher_context_t ctx; + const mbedtls_cipher_info_t *cipher_info; + unsigned char test_key[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char test_data[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char test_output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + + mbedtls_cipher_init( &ctx ); + + /* Test NULL cipher info */ + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( NULL, test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac_reset( NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( NULL, + test_key, 128, + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + NULL, 128, + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + test_key, 128, + NULL, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + test_key, 128, + test_data, 16, + NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16, + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, + NULL, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, + test_data, 16, + NULL ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_cmac_setkey( int cipher_type, int key_size, int result ) @@ -30,8 +111,196 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - TEST_ASSERT( result == mbedtls_cipher_cmac( cipher_info, key, key_size, - buf, 16, tmp ) ); + TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size, + buf, 16, tmp ) ) != 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_cmac_multiple_blocks( int cipher_type, + char *key_string, int keybits, + int block_size, + char *block1_string, int block1_len, + char *block2_string, int block2_len, + char *block3_string, int block3_len, + char *block4_string, int block4_len, + char *expected_result_string ) +{ + unsigned char key[100]; + unsigned char block1[100]; + unsigned char block2[100]; + unsigned char block3[100]; + unsigned char block4[100]; + unsigned char expected_result[100]; + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx; + unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + + /* Convert the test parameters to binary data */ + unhexify( key, key_string ); + unhexify( block1, block1_string ); + unhexify( block2, block2_string ); + unhexify( block3, block3_string ); + unhexify( block4, block4_string ); + unhexify( expected_result, expected_result_string ); + + /* Validate the test inputs */ + TEST_ASSERT( block1_len <= 100 ); + TEST_ASSERT( block2_len <= 100 ); + TEST_ASSERT( block3_len <= 100 ); + TEST_ASSERT( block4_len <= 100 ); + + /* Set up */ + TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) + != NULL ); + + mbedtls_cipher_init( &ctx ); + + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, + (const unsigned char*)key, + keybits ) == 0 ); + + /* Multiple partial and complete blocks. A negative length means skip the + * update operation */ + if( block1_len >= 0) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block1, + block1_len ) == 0); + + if( block2_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block2, + block2_len ) == 0); + + if( block3_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block3, + block3_len ) == 0); + + if( block4_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block4, + block4_len ) == 0); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 ); + + TEST_ASSERT( memcmp( output, expected_result, block_size ) == 0 ); + + mbedtls_cipher_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_cmac_multiple_operations_same_key( int cipher_type, + char *key_string, int keybits, + int block_size, + char *block_a1_string, int block_a1_len, + char *block_a2_string, int block_a2_len, + char *block_a3_string, int block_a3_len, + char *expected_result_a_string, + char *block_b1_string, int block_b1_len, + char *block_b2_string, int block_b2_len, + char *block_b3_string, int block_b3_len, + char *expected_result_b_string ) +{ + unsigned char key[100]; + unsigned char block_a1[100]; + unsigned char block_a2[100]; + unsigned char block_a3[100]; + unsigned char block_b1[100]; + unsigned char block_b2[100]; + unsigned char block_b3[100]; + unsigned char expected_result_a[100], expected_result_b[100]; + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx; + unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; + + /* Convert the test parameters to binary data */ + unhexify( key, key_string ); + unhexify( block_a1, block_a1_string ); + unhexify( block_a2, block_a2_string ); + unhexify( block_a3, block_a3_string ); + + unhexify( block_b1, block_b1_string ); + unhexify( block_b2, block_b2_string ); + unhexify( block_b3, block_b3_string ); + + unhexify( expected_result_a, expected_result_a_string ); + unhexify( expected_result_b, expected_result_b_string ); + + /* Validate the test inputs */ + TEST_ASSERT( block_a1_len <= 100 ); + TEST_ASSERT( block_a2_len <= 100 ); + TEST_ASSERT( block_a3_len <= 100 ); + + TEST_ASSERT( block_b1_len <= 100 ); + TEST_ASSERT( block_b2_len <= 100 ); + TEST_ASSERT( block_b3_len <= 100 ); + + /* Set up */ + TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) + != NULL ); + + mbedtls_cipher_init( &ctx ); + + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, + (const unsigned char*)key, + keybits ) == 0 ); + + /* Sequence A */ + + /* Multiple partial and complete blocks. A negative length means skip the + * update operation */ + if( block_a1_len >= 0) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_a1, + block_a1_len ) == 0); + + if( block_a2_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_a2, + block_a2_len ) == 0); + + if( block_a3_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_a3, + block_a3_len ) == 0); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 ); + + TEST_ASSERT( memcmp( output, expected_result_a, block_size ) == 0 ); + + TEST_ASSERT( mbedtls_cipher_cmac_reset( &ctx ) == 0 ); + + /* Sequence B */ + + /* Multiple partial and complete blocks. A negative length means skip the + * update operation */ + if( block_b1_len >= 0) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_b1, + block_b1_len ) == 0); + + if( block_b2_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_b2, + block_b2_len ) == 0); + + if( block_b3_len >= 0 ) + TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, + (unsigned char*)block_b3, + block_b3_len ) == 0); + + TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 ); + + TEST_ASSERT( memcmp( output, expected_result_b, block_size ) == 0 ); + + + mbedtls_cipher_free( &ctx ); } /* END_CASE */ From 03faeac7ec986e5ebba907e0ed42f44849f9e0c1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 10 Oct 2016 22:03:39 +0100 Subject: [PATCH 242/272] Add CMAC test suite to CMakeLists.txt --- tests/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 13659de0fa04..21583c40adc9 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -61,6 +61,7 @@ add_test_suite(cipher cipher.des) add_test_suite(cipher cipher.gcm) add_test_suite(cipher cipher.null) add_test_suite(cipher cipher.padding) +add_test_suite(cmac) add_test_suite(ctr_drbg) add_test_suite(debug) add_test_suite(des) From 8739aa94031b8b8155b57b802b7e83d58be7f10a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 12:05:51 +0100 Subject: [PATCH 243/272] Fix exit and formatting in CMAC test suite Minor fixes following review. --- tests/suites/test_suite_cmac.function | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index f452afef40d4..1f88ddcfe449 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -79,9 +79,9 @@ void mbedtls_cmac_null_args( ) MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16, - test_data, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_data, 16, + test_output ) == + MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, NULL, 16, @@ -188,6 +188,7 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, TEST_ASSERT( memcmp( output, expected_result, block_size ) == 0 ); +exit: mbedtls_cipher_free( &ctx ); } /* END_CASE */ @@ -255,7 +256,7 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, /* Multiple partial and complete blocks. A negative length means skip the * update operation */ - if( block_a1_len >= 0) + if( block_a1_len >= 0 ) TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, (unsigned char*)block_a1, block_a1_len ) == 0); @@ -299,7 +300,7 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, TEST_ASSERT( memcmp( output, expected_result_b, block_size ) == 0 ); - +exit: mbedtls_cipher_free( &ctx ); } /* END_CASE */ From 33388669ec91904fb774f7aabcd33bf2fc5ff766 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 30 Sep 2016 13:11:29 +0100 Subject: [PATCH 244/272] Fix to test output in test suites Fixes the test suites to consistently use mbedtls_fprintf to output to stdout or stderr. Also redirects output from the tests to /dev/null to avoid confusing output if the test suite code or library outputs anything to stdout. --- tests/suites/helpers.function | 12 +++---- tests/suites/main_test.function | 61 ++++++++++++++++++++++++++++++--- 2 files changed, 62 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index d12be75cec5f..2475a3cc6acb 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -8,16 +8,13 @@ #include "mbedtls/platform.h" #else #include -#define mbedtls_printf printf #define mbedtls_fprintf fprintf -#define mbedtls_calloc calloc +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc #define mbedtls_free free #define mbedtls_exit exit #define mbedtls_time time #define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif @@ -355,7 +352,8 @@ static void test_fail( const char *test, int line_no, const char* filename ) { test_errors++; if( test_errors == 1 ) - mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n at line %d, %s\n", test, line_no, filename ); + mbedtls_fprintf( stdout, "FAILED\n" ); + mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, + filename ); } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ac5322e45367..ed5d4146c26b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -7,7 +7,8 @@ int verify_string( char **str ) if( (*str)[0] != '"' || (*str)[strlen( *str ) - 1] != '"' ) { - mbedtls_printf( "Expected string (with \"\") for parameter and got: %s\n", *str ); + mbedtls_fprintf( stderr, + "Expected string (with \"\") for parameter and got: %s\n", *str ); return( -1 ); } @@ -60,7 +61,8 @@ int verify_int( char *str, int *value ) MAPPING_CODE - mbedtls_printf( "Expected integer for parameter and got: %s\n", str ); + mbedtls_fprintf( stderr, + "Expected integer for parameter and got: %s\n", str ); return( KEY_VALUE_MAPPING_NOT_FOUND ); } @@ -77,6 +79,12 @@ SUITE_POST_DEP /*----------------------------------------------------------------------------*/ /* Test dispatch code */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#include +#endif +#include + + int dep_check( char *str ) { if( str == NULL ) @@ -249,6 +257,7 @@ int main(int argc, const char *argv[]) const char **test_files = NULL; int testfile_count = 0; int option_verbose = 0; + int tests_stdout; /* Other Local variables */ int arg_index = 1; @@ -343,7 +352,8 @@ int main(int argc, const char *argv[]) { if( unmet_dep_count > 0 ) { - mbedtls_printf("FATAL: Dep count larger than zero at start of loop\n"); + mbedtls_fprintf( stderr, + "FATAL: Dep count larger than zero at start of loop\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -379,7 +389,7 @@ int main(int argc, const char *argv[]) unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { - mbedtls_printf("FATAL: Out of memory\n"); + mbedtls_fprintf( stderr, "FATAL: Out of memory\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -395,7 +405,50 @@ int main(int argc, const char *argv[]) if( unmet_dep_count == 0 ) { test_errors = 0; + +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + /* Suppress all output from the library unless we're verbose + * mode + */ + if( !option_verbose ) + { + /* Redirect all stdout output to /dev/null */ + tests_stdout = dup( fileno(stdout) ); + if( tests_stdout == -1 ) + { + /* Redirection has failed with no stdout so exit */ + exit(1); + } + + fflush( stdout ); + fclose( stdout ); + stdout = fopen("/dev/null", "w" ); + if( stdout == NULL ) + { + /* Redirection has failed with no stdout so exit */ + exit(1); + } + } +#endif /* __unix__ || __APPLE__ __MACH__ */ + ret = dispatch_test( cnt, params ); + +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + if( !option_verbose ) + { + /* Restore stdout */ + fflush( stdout ); + fclose( stdout ); + + stdout = fdopen ( tests_stdout, "w"); + if( stdout == NULL ) + { + /* Redirection has failed with no stdout so exit */ + exit(1); + } + } +#endif /* __unix__ || __APPLE__ __MACH__ */ + } if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) From 2d9c46767a0897d7bc6c91e1905681b19fee7d2a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 5 Oct 2016 10:57:49 +0100 Subject: [PATCH 245/272] Fix minor style issues in test framework --- tests/suites/helpers.function | 40 +++++++++++++++++++++++++++++++++ tests/suites/main_test.function | 40 +++++++-------------------------- 2 files changed, 48 insertions(+), 32 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2475a3cc6acb..5938447af1c2 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -34,6 +34,9 @@ typedef UINT32 uint32_t; #include +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#include +#endif /*----------------------------------------------------------------------------*/ /* Constants */ @@ -102,6 +105,43 @@ static int test_errors = 0; /*----------------------------------------------------------------------------*/ /* Helper Functions */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +static int redirect_output( FILE** out_stream, const char* path ) +{ + int stdout_fd = dup( fileno( *out_stream ) ); + + if( stdout_fd == -1 ) + { + return -1; + } + + fflush( *out_stream ); + fclose( *out_stream ); + *out_stream = fopen( path, "w" ); + + if( *out_stream == NULL ) + { + return -1; + } + + return stdout_fd; +} + +static int restore_output( FILE** out_stream, int old_fd ) +{ + fflush( *out_stream ); + fclose( *out_stream ); + + *out_stream = fdopen( old_fd, "w" ); + if( *out_stream == NULL ) + { + return -1; + } + + return 0; +} +#endif /* __unix__ || __APPLE__ __MACH__ */ + static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ed5d4146c26b..14209a576e44 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -79,12 +79,6 @@ SUITE_POST_DEP /*----------------------------------------------------------------------------*/ /* Test dispatch code */ -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) -#include -#endif -#include - - int dep_check( char *str ) { if( str == NULL ) @@ -257,7 +251,6 @@ int main(int argc, const char *argv[]) const char **test_files = NULL; int testfile_count = 0; int option_verbose = 0; - int tests_stdout; /* Other Local variables */ int arg_index = 1; @@ -268,6 +261,7 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; + int stdout_fd = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -353,7 +347,7 @@ int main(int argc, const char *argv[]) if( unmet_dep_count > 0 ) { mbedtls_fprintf( stderr, - "FATAL: Dep count larger than zero at start of loop\n"); + "FATAL: Dep count larger than zero at start of loop\n" ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -389,7 +383,7 @@ int main(int argc, const char *argv[]) unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { - mbedtls_fprintf( stderr, "FATAL: Out of memory\n"); + mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -412,21 +406,11 @@ int main(int argc, const char *argv[]) */ if( !option_verbose ) { - /* Redirect all stdout output to /dev/null */ - tests_stdout = dup( fileno(stdout) ); - if( tests_stdout == -1 ) - { - /* Redirection has failed with no stdout so exit */ - exit(1); - } - - fflush( stdout ); - fclose( stdout ); - stdout = fopen("/dev/null", "w" ); - if( stdout == NULL ) + stdout_fd = redirect_output( &stdout, "/dev/null" ); + if( stdout_fd == -1 ) { /* Redirection has failed with no stdout so exit */ - exit(1); + exit( 1 ); } } #endif /* __unix__ || __APPLE__ __MACH__ */ @@ -434,18 +418,10 @@ int main(int argc, const char *argv[]) ret = dispatch_test( cnt, params ); #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - if( !option_verbose ) + if( !option_verbose && restore_output( &stdout, stdout_fd ) ) { - /* Restore stdout */ - fflush( stdout ); - fclose( stdout ); - - stdout = fdopen ( tests_stdout, "w"); - if( stdout == NULL ) - { /* Redirection has failed with no stdout so exit */ - exit(1); - } + exit( 1 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ From 4f85907b5a7ddf4694331faf4c4775237afde427 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 11 Oct 2016 10:13:52 +0100 Subject: [PATCH 246/272] Revise Changelog to clarify and add credit --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9d591bb1e427..641ce1635f08 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,8 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fixed pthread implementation to avoid unintended double initialisations + and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. From 2b3b740574b19946d7db27d08248b68b5bcccc40 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 Oct 2016 10:49:26 +0100 Subject: [PATCH 247/272] Remove unnecessary flag from CMAC context --- include/mbedtls/cmac.h | 4 ---- library/cmac.c | 12 +----------- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index f64ae69b471d..75e0b97c4ad7 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -44,7 +44,6 @@ extern "C" { */ struct mbedtls_cmac_context_t { - /** Internal state of the CMAC algorithm */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -54,9 +53,6 @@ struct mbedtls_cmac_context_t /** Length of data pending to be processed */ size_t unprocessed_len; - - /** Flag to indicate if the last block needs padding */ - int padding_flag; }; /** diff --git a/library/cmac.c b/library/cmac.c index 8ea0685b7a6a..62f2a6abb455 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -235,7 +235,6 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, ctx->cmac_ctx = cmac_ctx; mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); - cmac_ctx->padding_flag = 1; return 0; } @@ -292,8 +291,6 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, ilen -= block_size; input += block_size; - - cmac_ctx->padding_flag = 0; } /* If there is data left over that wasn't aligned to a block */ @@ -303,11 +300,6 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, input, ilen ); cmac_ctx->unprocessed_len += ilen; - - if( ilen % block_size > 0 ) - cmac_ctx->padding_flag = 1; - else - cmac_ctx->padding_flag = 0; } exit: @@ -340,7 +332,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( cmac_ctx->padding_flag && cmac_ctx->unprocessed_len < block_size ) + if( cmac_ctx->unprocessed_len < block_size ) { cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); cmac_xor_block( M_last, M_last, K2, block_size ); @@ -367,7 +359,6 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, mbedtls_zeroize( K1, sizeof( K1 ) ); mbedtls_zeroize( K2, sizeof( K2 ) ); - cmac_ctx->padding_flag = 1; cmac_ctx->unprocessed_len = 0; mbedtls_zeroize( cmac_ctx->unprocessed_block, sizeof( cmac_ctx->unprocessed_block ) ); @@ -391,7 +382,6 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) sizeof( cmac_ctx->unprocessed_block ) ); mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); - cmac_ctx->padding_flag = 1; return( 0 ); } From f04f54d432a4392c6697b247fb11de274a9040dd Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 10 Oct 2016 15:46:20 +0100 Subject: [PATCH 248/272] Add seed cmdline arg to test scripts --- tests/scripts/all.sh | 19 +++++++++++++++++++ tests/ssl-opt.sh | 6 +++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ee0df0cc45f4..6b3396059dbc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -32,6 +32,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 +RELEASE=0 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -48,6 +49,8 @@ usage() printf " -h|--help\t\tPrint this help.\n" printf " -m|--memory\t\tAdditional optional memory tests.\n" printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" + printf " -s|--seed\t\tInteger seed value to use for this test run.\n" + printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" @@ -106,6 +109,13 @@ while [ $# -gt 0 ]; do --force|-f) FORCE=1 ;; + --seed|-s) + shift + SEED="$1" + ;; + --release-test|-r) + RELEASE=1 + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -171,9 +181,15 @@ else fi fi +if [ $RELEASE -eq 1 ]; then + # Fix the seed value to 1 to ensure that the tests are deterministic. + SEED=1 +fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" +echo "SEED: ${SEED-"UNSET"}" echo "OPENSSL: $OPENSSL" echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" echo "GNUTLS_CLI: $GNUTLS_CLI" @@ -187,6 +203,9 @@ export OPENSSL_CMD="$OPENSSL" export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_SERV="$GNUTLS_SERV" +# Avoid passing --seed flag in every call to ssl-opt.sh +[ ! -z ${SEED+set} ] && export SEED + # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d9c45cd7a240..429d9cd19afa 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -58,6 +58,7 @@ print_usage() { printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" + printf " --seed\tInteger seed value to use for this test run\n" } get_options() { @@ -81,6 +82,9 @@ get_options() { -p|--preserve-logs) PRESERVE_LOGS=1 ;; + --seed) + shift; SEED="$1" + ;; -h|--help) print_usage exit 0 @@ -595,7 +599,7 @@ unset PORT_BASE # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" -P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT" +P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" From fe4db8f575a856d760a066ce608fb1b3f28aa7bc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 11 Oct 2016 15:41:40 +0100 Subject: [PATCH 249/272] Fix memory leak in test_suite_cmac.function --- tests/suites/test_suite_cmac.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 1f88ddcfe449..0cb437b67064 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,6 +93,9 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +exit: + mbedtls_cipher_free( &ctx ); } /* END_CASE */ @@ -144,6 +147,8 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, unhexify( block4, block4_string ); unhexify( expected_result, expected_result_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block1_len <= 100 ); TEST_ASSERT( block2_len <= 100 ); @@ -154,8 +159,6 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, @@ -231,6 +234,8 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, unhexify( expected_result_a, expected_result_a_string ); unhexify( expected_result_b, expected_result_b_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block_a1_len <= 100 ); TEST_ASSERT( block_a2_len <= 100 ); @@ -244,8 +249,6 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, From d7b90498060198510769d7dfbae150132ada705a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 12 Oct 2016 10:00:42 +0100 Subject: [PATCH 250/272] Fix memory leaks in CMAC tests --- library/cmac.c | 21 ++++++++++++++------- tests/suites/test_suite_cmac.function | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 62f2a6abb455..ee2fe056ce6c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -737,19 +737,19 @@ static int cmac_test_subkeys( int verbose, return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } - mbedtls_cipher_init( &ctx ); - for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); + mbedtls_cipher_init( &ctx ); + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, @@ -758,7 +758,7 @@ static int cmac_test_subkeys( int verbose, if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } ret = cmac_generate_subkeys( &ctx, K1, K2 ); @@ -766,7 +766,8 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || @@ -774,16 +775,22 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_cipher_free( &ctx ); } -exit: + goto exit; + +cleanup: mbedtls_cipher_free( &ctx ); +exit: return( ret ); } diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 0cb437b67064..4b31ab2ffd88 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,7 +93,6 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - exit: mbedtls_cipher_free( &ctx ); } @@ -114,6 +113,7 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); + memset( buf, 0x2A, sizeof( buf ) ); TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size, buf, 16, tmp ) ) != 0 ); } From 2280e9cc483000f45ddfa915a3b53845fef68ab4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 12:06:50 +0100 Subject: [PATCH 251/272] Fix typo in docs for mbedtls_x509write_csr_der() --- include/mbedtls/x509_csr.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 7a9c2e0550ef..fe9843cb545e 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -282,7 +282,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * * \note f_rng may be NULL if RSA is used for signature and the * signature is made offline (otherwise f_rng is desirable - * for couermeasures against timing attacks). + * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, From 410d3dd3c72d7c0909619af078785bac24097f96 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 09:52:41 +0100 Subject: [PATCH 252/272] Fix 1 byte overread in mbedtls_asn1_get_int() --- ChangeLog | 2 ++ library/asn1parse.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 641ce1635f08..bde41778465c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,8 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fix conditional statement that would cause a 1 byte overread in + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. * Fixed pthread implementation to avoid unintended double initialisations and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for diff --git a/library/asn1parse.c b/library/asn1parse.c index ffa2f5299a44..4dd65c03c029 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( ret ); - if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) + if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); *val = 0; From 9af0280aa51d6fb36f16f31042d60835a439d2b8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 16:37:59 +0100 Subject: [PATCH 253/272] Updated Changelog for fix #599 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bde41778465c..57a573592aab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,7 +32,7 @@ Bugfix * Fixed cert_app sample program for debug output and for use when no root certificates are provided. * Fix conditional statement that would cause a 1 byte overread in - mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 * Fixed pthread implementation to avoid unintended double initialisations and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for From 314d8a840060c8c9e8ff713f7ff107f57f23e006 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 10:09:30 +0100 Subject: [PATCH 254/272] Fix documentation for mbedtls_gcm_finish() Fix implementation and documentation missmatch for the function arguments to mbedtls_gcm_finish(). Also, removed redundant if condition that always evaluates to true. --- ChangeLog | 2 ++ include/mbedtls/gcm.h | 4 ++-- library/gcm.c | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57a573592aab..7782470bca16 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,8 @@ Bugfix * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf data structure until after error checks are successful. Found by subramanyam-c. + * Fix documentation and implementation missmatch for function arguments of + mbedtls_gcm_finish(). Found by cmiatpaar. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 6743ac9a5f9e..1b77aaedd48f 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * 16 bytes. * * \param ctx GCM context - * \param tag buffer for holding the tag (may be NULL if tag_len is 0) - * \param tag_len length of the tag to generate + * \param tag buffer for holding the tag + * \param tag_len length of the tag to generate (must be at least 4) * * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT */ diff --git a/library/gcm.c b/library/gcm.c index aaacf97d6127..f1210c52c39a 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, if( tag_len > 16 || tag_len < 4 ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); - if( tag_len != 0 ) - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy( tag, ctx->base_ectr, tag_len ); if( orig_len || orig_add_len ) { From 468a84c7df44f5491b5b420de9c76d226a130163 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 19:47:29 +0100 Subject: [PATCH 255/272] Clarified Changelog for fix #602 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7782470bca16..82bbff4ec9ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,7 +46,7 @@ Bugfix data structure until after error checks are successful. Found by subramanyam-c. * Fix documentation and implementation missmatch for function arguments of - mbedtls_gcm_finish(). Found by cmiatpaar. + mbedtls_gcm_finish(). Found by cmiatpaar. #602 Changes * Extended test coverage of special cases, and added new timing test suite. From e5dc20246938e680ae9be5e0740bc25a06d6c290 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Sep 2016 13:18:12 +0100 Subject: [PATCH 256/272] Restore P>Q in RSA key generation (#558) The PKCS#1 standard says nothing about the relation between P and Q but many libraries guarantee P>Q and mbed TLS did so too in earlier versions. This commit restores this behaviour. --- ChangeLog | 1 + library/rsa.c | 18 ++++++++---------- tests/suites/test_suite_rsa.data | 2 +- tests/suites/test_suite_rsa.function | 1 + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 82bbff4ec9ea..5350a3ebdb00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,7 @@ Bugfix subramanyam-c. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 + * Guarantee that P>Q at RSA key generation. #558 Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/rsa.c b/library/rsa.c index 7a33689b2e38..40ef2a9480fa 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); + if( nbits % 2 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); /* @@ -116,16 +119,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - if( nbits % 2 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); - } if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -134,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) continue; + if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index d522332a26f7..af168805fd34 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key -mbedtls_rsa_gen_key:1025:3:0 +mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8837e3a837cb..d48bc8595e28 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); } exit: From d05192501bd6793370e4a2c0e35436ef213acfd6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 00:14:37 +0100 Subject: [PATCH 257/272] Added credit to Changelog for fix #558 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 5350a3ebdb00..5306d52d4276 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,7 +47,7 @@ Bugfix subramanyam-c. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 - * Guarantee that P>Q at RSA key generation. #558 + * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 Changes * Extended test coverage of special cases, and added new timing test suite. From 6437b221a349c2714bb723b0c7c8cb79c47c7f5a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 23:07:30 +0100 Subject: [PATCH 258/272] Fix stdio redirection memory leak in test suites --- tests/suites/helpers.function | 5 +++++ tests/suites/main_test.function | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5938447af1c2..ff3ab99e489d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -140,6 +140,11 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } + +static void close_output( FILE* stdout ) +{ + fclose( stdout ); +} #endif /* __unix__ || __APPLE__ __MACH__ */ static int unhexify( unsigned char *obuf, const char *ibuf ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 14209a576e44..afff5a482343 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,7 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; - int stdout_fd = 0; + int stdout_fd = -1; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -499,6 +499,11 @@ int main(int argc, const char *argv[]) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + if( stdout_fd != -1 ) + close_output( stdout ); +#endif /* __unix__ || __APPLE__ __MACH__ */ + return( total_errors != 0 ); } From f45dab19394b281b8d7776b94cb5354f58847c7c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 Oct 2016 11:26:29 +0100 Subject: [PATCH 259/272] Fix global variable shadowing --- tests/suites/helpers.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ff3ab99e489d..63815df852b7 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -141,9 +141,9 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } -static void close_output( FILE* stdout ) +static void close_output( FILE* out_stream ) { - fclose( stdout ); + fclose( out_stream ); } #endif /* __unix__ || __APPLE__ __MACH__ */ From b81496b9b57156732c0648aa763b2395f101661c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 14:03:37 +0100 Subject: [PATCH 260/272] Update and clean up Changelog for #622 --- ChangeLog | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5306d52d4276..4d1ff8ff9fb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,13 +38,9 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. - * Fixed pthread implementation to avoid unintended double initialisations - and double frees. (found by Niklas Amnebratt) - * Fixed default threading implementation to avoid accidental double - initialisations and double frees. * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf data structure until after error checks are successful. Found by - subramanyam-c. + subramanyam-c. #622 * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 From bb83b42700cb74091ffc4c98b83b8889694616a6 Mon Sep 17 00:00:00 2001 From: Russ Butler Date: Wed, 12 Oct 2016 17:36:50 -0500 Subject: [PATCH 261/272] Use allocated memory for SHA self tests Reduce the stack usage of the testing framework by dynamically allocating the memory used for the test. --- library/sha256.c | 15 ++++++++++++++- library/sha512.c | 15 ++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 4e82c0b79313..ad25d38333f9 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -41,7 +41,10 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ @@ -389,10 +392,19 @@ static const unsigned char sha256_test_sum[6][32] = int mbedtls_sha256_self_test( int verbose ) { int i, j, k, buflen, ret = 0; - unsigned char buf[1024]; + unsigned char *buf; unsigned char sha256sum[32]; mbedtls_sha256_context ctx; + buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); + if( NULL == buf ) + { + if( verbose != 0 ) + mbedtls_printf( "Buffer allocation failed\n" ); + + return( 1 ); + } + mbedtls_sha256_init( &ctx ); for( i = 0; i < 6; i++ ) @@ -436,6 +448,7 @@ int mbedtls_sha256_self_test( int verbose ) exit: mbedtls_sha256_free( &ctx ); + mbedtls_free( buf ); return( ret ); } diff --git a/library/sha512.c b/library/sha512.c index 0f9e1e5352f7..724522ac68f7 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -47,7 +47,10 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ @@ -445,10 +448,19 @@ static const unsigned char sha512_test_sum[6][64] = int mbedtls_sha512_self_test( int verbose ) { int i, j, k, buflen, ret = 0; - unsigned char buf[1024]; + unsigned char *buf; unsigned char sha512sum[64]; mbedtls_sha512_context ctx; + buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); + if( NULL == buf ) + { + if( verbose != 0 ) + mbedtls_printf( "Buffer allocation failed\n" ); + + return( 1 ); + } + mbedtls_sha512_init( &ctx ); for( i = 0; i < 6; i++ ) @@ -492,6 +504,7 @@ int mbedtls_sha512_self_test( int verbose ) exit: mbedtls_sha512_free( &ctx ); + mbedtls_free( buf ); return( ret ); } From 59bffa2df06cadb673b046d5738693f4b0f45cc9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 15:55:56 +0100 Subject: [PATCH 262/272] Update Changelog for X.509 unrecognised field fix --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 87768ff1aef0..c242d1f272e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,8 @@ Changes naming collision in projects which also have files with the common name net.c. For consistency, the corresponding header file, net.h, is marked as deprecated, and its contents moved to net_sockets.h. + * Changed the strategy for X.509 certificate parsing and validation, to no + longer disregard certificates with unrecognised fields. = mbed TLS 2.3.0 branch released 2016-06-28 From 2bd0fbaad076578941cbe4e253000218bfe27775 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 16:29:56 +0100 Subject: [PATCH 263/272] Update to Changelog for #626 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9f82b69f39cc..ec9219bd77e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,7 +47,7 @@ Bugfix * Fix potential byte overread when verifying malformed SERVER_HELLO in ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken. * Fix check for validity of date when parsing in mbedtls_x509_get_time(). - Found by subramanyam-c. + Found by subramanyam-c. #626 Changes * Extended test coverage of special cases, and added new timing test suite. From 99000142cba168b410669631a654efc23117952a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 17:21:01 +0100 Subject: [PATCH 264/272] Merge fix for IE Certificate Compatibility --- ChangeLog | 3 + include/mbedtls/ssl.h | 2 + include/mbedtls/ssl_internal.h | 6 ++ library/error.c | 4 ++ library/ssl_cli.c | 9 +++ library/ssl_srv.c | 63 +++++++++++++------- library/ssl_tls.c | 106 +++++++++++++++++++++++++++++---- tests/ssl-opt.sh | 18 ++++++ 8 files changed, 178 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index ec9219bd77e3..8d99bf4f08a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ Bugfix ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken. * Fix check for validity of date when parsing in mbedtls_x509_get_time(). Found by subramanyam-c. #626 + * Fix compatibility issue with Internet Explorer client authentication, + where the limited hash choices prevented the client from sending its + certificate. Found by teumas. #513 Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1c0513da7f6e..ba499d2bde61 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -107,6 +107,8 @@ #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ +#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ +#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ /* * Various constants diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index d63d7d4e7ecf..668c0f567cc9 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -355,6 +355,11 @@ int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); + int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); @@ -384,6 +389,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); unsigned char mbedtls_ssl_hash_from_md_alg( int md ); +int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); #if defined(MBEDTLS_ECP_C) int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); diff --git a/library/error.c b/library/error.c index 71d4faa7080f..dd2db0c45c01 100644 --- a/library/error.c +++ b/library/error.c @@ -435,6 +435,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - The client initiated a reconnect from the same port" ); if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) ) mbedtls_snprintf( buf, buflen, "SSL - Record header looks valid but is not expected" ); + if( use_ret == -(MBEDTLS_ERR_SSL_NON_FATAL) ) + mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" ); + if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) + mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 39fcd6cb1e57..223823b3cd6b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2639,6 +2639,15 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); +#if defined(MBEDTLS_DEBUG_C) + unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; + size_t i; + + for( i = 0; i < sig_alg_len; i += 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d,%d", sig_alg[i], sig_alg[i + 1] ) ); + } +#endif n += 2 + sig_alg_len; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 4b0f9971430f..fc0d2d7b4272 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1043,7 +1043,6 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->transform_negotiate->ciphersuite_info = ciphersuite_info; - mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info ); /* * SSLv2 Client Hello relevant renegotiation security checks @@ -1840,7 +1839,6 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->transform_negotiate->ciphersuite_info = ciphersuite_info; - mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info ); ssl->state++; @@ -2556,29 +2554,27 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) */ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - /* - * Only use current running hash algorithm that is already required - * for requested ciphersuite. - */ - ssl->handshake->verify_sig_alg = MBEDTLS_SSL_HASH_SHA256; - - if( ssl->transform_negotiate->ciphersuite_info->mac == - MBEDTLS_MD_SHA384 ) - { - ssl->handshake->verify_sig_alg = MBEDTLS_SSL_HASH_SHA384; - } + const int *cur; /* * Supported signature algorithms */ + for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) + { + unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur ); + + if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) + continue; + #if defined(MBEDTLS_RSA_C) - p[2 + sa_len++] = ssl->handshake->verify_sig_alg; - p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA; + p[2 + sa_len++] = hash; + p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA; #endif #if defined(MBEDTLS_ECDSA_C) - p[2 + sa_len++] = ssl->handshake->verify_sig_alg; - p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA; + p[2 + sa_len++] = hash; + p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA; #endif + } p[0] = (unsigned char)( sa_len >> 8 ); p[1] = (unsigned char)( sa_len ); @@ -3581,17 +3577,28 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) return( 0 ); } - /* Needs to be done before read_record() to exclude current message */ - ssl->handshake->calc_verify( ssl, hash ); + /* Read the message without adding it to the checksum */ + do { - if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); + return( ret ); + } + + ret = mbedtls_ssl_handle_message_type( ssl ); + + } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); + + if( 0 != ret ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); return( ret ); } ssl->state++; + /* Process the message contents */ if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) { @@ -3638,14 +3645,19 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) /* * Hash */ - if( ssl->in_msg[i] != ssl->handshake->verify_sig_alg ) + md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] ); + + if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" " for verify message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - md_alg = mbedtls_ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg ); +#if !defined(MBEDTLS_MD_SHA1) + if( MBEDTLS_MD_SHA1 == md_alg ) + hash_start += 16; +#endif /* Info from md_alg will be used instead */ hashlen = 0; @@ -3696,6 +3708,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } + /* Calculate hash and verify signature */ + ssl->handshake->calc_verify( ssl, hash ); + if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk, md_alg, hash_start, hashlen, ssl->in_msg + i, sig_len ) ) != 0 ) @@ -3704,6 +3719,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) return( ret ); } + mbedtls_ssl_update_handshake_status( ssl ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index df7b73495794..52723187b9cf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3082,7 +3082,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) { @@ -3164,6 +3164,12 @@ static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } + return( 0 ); +} + +void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) +{ + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && ssl->handshake != NULL ) { @@ -3178,8 +3184,6 @@ static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->handshake->in_msg_seq++; } #endif - - return( 0 ); } /* @@ -3735,6 +3739,38 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); + do { + + if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); + return( ret ); + } + + ret = mbedtls_ssl_handle_message_type( ssl ); + + } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); + + if( 0 != ret ) + { + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); + return( ret ); + } + + if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) + { + mbedtls_ssl_update_handshake_status( ssl ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); + + return( 0 ); +} + +int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) +{ + int ret; + if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen ) { /* @@ -3748,9 +3784,6 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", ssl->in_msg, ssl->in_msglen ); - if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 ) - return( ret ); - return( 0 ); } @@ -3759,7 +3792,10 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) /* * Read the record header and parse it */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) read_record_header: +#endif + if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); @@ -3913,13 +3949,22 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) } #endif + return( 0 ); +} + +int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) +{ + int ret; + /* * Handle particular types of records */ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) + { return( ret ); + } } if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) @@ -3967,11 +4012,9 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ /* Silently ignore: fetch new message */ - goto read_record_header; + return MBEDTLS_ERR_SSL_NON_FATAL; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); - return( 0 ); } @@ -7602,4 +7645,47 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport, } } +int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) +{ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + + switch( md ) + { +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) +#if defined(MBEDTLS_MD5_C) + case MBEDTLS_SSL_HASH_MD5: + ssl->handshake->calc_verify = ssl_calc_verify_tls; + break; +#endif +#if defined(MBEDTLS_SHA1_C) + case MBEDTLS_SSL_HASH_SHA1: + ssl->handshake->calc_verify = ssl_calc_verify_tls; + break; +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_SSL_HASH_SHA384: + ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; + break; +#endif +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_SSL_HASH_SHA256: + ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; + break; +#endif + default: + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + } + + return 0; +#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */ + (void) ssl; + (void) md; + + return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +} + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 429d9cd19afa..09a947e654b6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1725,6 +1725,24 @@ run_test "Authentication: server badcert, client none" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: client SHA256, server required" \ + "$P_SRV auth_mode=required" \ + "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ + key_file=data_files/server6.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + 0 \ + -c "Supported Signature Algorithm found: 4," \ + -c "Supported Signature Algorithm found: 5," + +run_test "Authentication: client SHA384, server required" \ + "$P_SRV auth_mode=required" \ + "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ + key_file=data_files/server6.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ + 0 \ + -c "Supported Signature Algorithm found: 4," \ + -c "Supported Signature Algorithm found: 5," + run_test "Authentication: client badcert, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ From 8e004104020dd4328434e8a207245b0327bbb9b1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 14 Oct 2016 00:48:33 +0100 Subject: [PATCH 265/272] Merge fix for AEAD Random IVs --- ChangeLog | 4 ++++ include/mbedtls/config.h | 12 ------------ library/ssl_tls.c | 12 ------------ library/version_features.c | 3 --- tests/ssl-opt.sh | 39 ++++++++++++++++++++++++++++++++++---- 5 files changed, 39 insertions(+), 31 deletions(-) diff --git a/ChangeLog b/ChangeLog index 86f36bbb2cd0..5f4774a5d497 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.3.x branch released 2016-xx-xx Security + * Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant + with RFC5116 and could lead to session key recovery in very long TLS + sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic - + "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS") * Fix potential stack corruption in mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when the signature is copied to the buffer without checking whether there is enough space in the destination. The diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 498e5b59857f..6fc9c772aef7 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -940,18 +940,6 @@ */ //#define MBEDTLS_SHA256_SMALLER -/** - * \def MBEDTLS_SSL_AEAD_RANDOM_IV - * - * Generate a random IV rather than using the record sequence number as a - * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). - * - * Using the sequence number is generally recommended. - * - * Uncomment this macro to always use random IVs with AEAD ciphersuites. - */ -//#define MBEDTLS_SSL_AEAD_RANDOM_IV - /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 52723187b9cf..84a04ae53f31 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1373,17 +1373,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) /* * Generate IV */ -#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV) - ret = ssl->conf->f_rng( ssl->conf->p_rng, - ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); - if( ret != 0 ) - return( ret ); - - memcpy( ssl->out_iv, - ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); -#else if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) { /* Reminder if we ever add an AEAD mode with a different size */ @@ -1394,7 +1383,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, ssl->out_ctr, 8 ); memcpy( ssl->out_iv, ssl->out_ctr, 8 ); -#endif MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); diff --git a/library/version_features.c b/library/version_features.c index 0a2f06575189..e866e67a2307 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -324,9 +324,6 @@ static const char *features[] = { #if defined(MBEDTLS_SHA256_SMALLER) "MBEDTLS_SHA256_SMALLER", #endif /* MBEDTLS_SHA256_SMALLER */ -#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV) - "MBEDTLS_SSL_AEAD_RANDOM_IV", -#endif /* MBEDTLS_SSL_AEAD_RANDOM_IV */ #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 09a947e654b6..57155b89d46a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -333,8 +333,10 @@ detect_dtls() { # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output +# -u pattern lines after pattern must be unique in client output # -S pattern pattern that must be absent in server output # -C pattern pattern that must be absent in client output +# -U pattern lines after pattern must be unique in server output run_test() { NAME="$1" shift 1 @@ -475,28 +477,49 @@ run_test() { case $1 in "-s") if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "-s $2" + fail "pattern '$2' MUST be present in the Server output" return fi ;; "-c") if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "-c $2" + fail "pattern '$2' MUST be present in the Client output" return fi ;; "-S") if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - fail "-S $2" + fail "pattern '$2' MUST NOT be present in the Server output" return fi ;; "-C") if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - fail "-C $2" + fail "pattern '$2' MUST NOT be present in the Client output" + return + fi + ;; + + # The filtering in the following two options (-u and -U) do the following + # - ignore valgrind output + # - filter out everything but lines right after the pattern occurances + # - keep one of each non-unique line + # - count how many lines remain + # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 + # if there were no duplicates. + "-U") + if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then + fail "lines following pattern '$2' must be unique in Server output" + return + fi + ;; + + "-u") + if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then + fail "lines following pattern '$2' must be unique in Client output" return fi ;; @@ -639,6 +662,14 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" +# Test for uniqueness of IVs in AEAD ciphersuites +run_test "Unique IV in GCM" \ + "$P_SRV exchanges=20 debug_level=4" \ + "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + 0 \ + -u "IV used" \ + -U "IV used" + # Tests for rc4 option requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES From 240f185b7900ad4421ab52a63ae756e096b8d1d3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 14 Oct 2016 15:23:21 +0100 Subject: [PATCH 266/272] Update ChangeLog for MBEDTLS_SELF_TEST fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 5f4774a5d497..e98d46ee6bfa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,7 @@ Bugfix * Fix compatibility issue with Internet Explorer client authentication, where the limited hash choices prevented the client from sending its certificate. Found by teumas. #513 + * Fix compilation without MBEDTLS_SELF_TEST enabled. Changes * Extended test coverage of special cases, and added new timing test suite. From ef8fa012eaaff1c2f86b158833c300db5b4d8d2e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 16 Oct 2016 00:44:08 +0100 Subject: [PATCH 267/272] Tidied up style and phrasing of ChangeLog --- ChangeLog | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index e98d46ee6bfa..27a2f1e23d78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,14 +3,15 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.3.x branch released 2016-xx-xx Security - * Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant - with RFC5116 and could lead to session key recovery in very long TLS - sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic - - "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS") - * Fix potential stack corruption in mbedtls_x509write_crt_der() and + * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant + with RFC-5116 and could lead to session key recovery in very long TLS + sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in + TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic. + https://eprint.iacr.org/2016/475.pdf + * Fixed potential stack corruption in mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when the signature is copied to the buffer without checking whether there is enough space in the destination. The - issue cannot be triggered remotely. (found by Jethro Beekman) + issue cannot be triggered remotely. Found by Jethro Beekman. Features * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by @@ -22,7 +23,7 @@ Features * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to configure the maximum length of a file path that can be buffered when calling mbedtls_x509_crt_parse_path(). - * Added a configuration file config-no-entropy.h that enables a subset of + * Added a configuration file config-no-entropy.h that configures the subset of library features that do not require an entropy source. * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users to configure the minimum number of bytes for entropy sources using the @@ -33,18 +34,18 @@ Bugfix may need time but not the standard C library abstraction, and added configuration consistency checks to check_config.h * Fix dependency issue in Makefile to allow parallel builds. - * Fix incorrect handling of block lengths in crypt_and_hash sample program, - when GCM is used. #441 + * Fix incorrect handling of block lengths in crypt_and_hash.c sample program, + when GCM is used. Found by udf2457. #441 * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't enabled unless others were also present. Found by David Fernandez. #428 * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on a contribution from Tobias Tangemann. #541 - * Fixed cert_app sample program for debug output and for use when no root + * Fixed cert_app.c sample program for debug output and for use when no root certificates are provided. * Fix conditional statement that would cause a 1 byte overread in mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 * Fixed pthread implementation to avoid unintended double initialisations - and double frees. (found by Niklas Amnebratt) + and double frees. Found by Niklas Amnebratt. * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. @@ -72,7 +73,7 @@ Changes * Added support for a Yotta specific configuration file - through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. * Added optimization for code space for X.509/OID based on configured - features. (contributed by Aviv Palivoda) + features. Contributed by Aviv Palivoda. * Renamed source file library/net.c to library/net_sockets.c to avoid naming collision in projects which also have files with the common name net.c. For consistency, the corresponding header file, net.h, is marked as From 16c54ee9c807143c7c0f484ad6cf2fe8d2418368 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 16 Oct 2016 19:34:39 +0100 Subject: [PATCH 268/272] Update library version number to 2.4.0 --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- visualc/VS2010/mbedTLS.vcxproj | 4 ++++ 6 files changed, 15 insertions(+), 11 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index b13083cbe8fd..f2fcc8b04d48 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.3.0 source code documentation + * @mainpage mbed TLS v2.4.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 253e1844f15a..344be8c7933e 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.3.0" +PROJECT_NAME = "mbed TLS v2.4.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index b40aa5103a2b..6c0cc9b088bd 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -38,7 +38,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 3 +#define MBEDTLS_VERSION_MINOR 4 #define MBEDTLS_VERSION_PATCH 0 /** @@ -46,9 +46,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02030000 -#define MBEDTLS_VERSION_STRING "2.3.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.3.0" +#define MBEDTLS_VERSION_NUMBER 0x02040000 +#define MBEDTLS_VERSION_STRING "2.4.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index eeb8e84ca5b8..6eb11f203cc3 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.3.0 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.0 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.3.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.4.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.3.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.4.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index f9c20116c777..52f09edaecdc 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.3.0" +check_compiletime_version:"2.4.0" Check runtime library version -check_runtime_version:"2.3.0" +check_runtime_version:"2.4.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index a92e581e0516..85dc3d809182 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -157,6 +157,7 @@ + @@ -179,6 +180,7 @@ + @@ -189,6 +191,7 @@ + @@ -223,6 +226,7 @@ + From 19dbd41c5bd0ec8748ed7a6712e4620e3fd1c9ee Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 16 Oct 2016 19:35:49 +0100 Subject: [PATCH 269/272] Update Changelog version number to 2.4.0 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 27a2f1e23d78..f96786d72a3d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.3.x branch released 2016-xx-xx += mbed TLS 2.4.0 branch released 2016-10-17 Security * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant From ac1b845d4c2f412797a7484381c38406ea8d41ea Mon Sep 17 00:00:00 2001 From: Stefan Grundmann Date: Mon, 15 Aug 2016 19:37:02 +0000 Subject: [PATCH 270/272] support ASN.1 encoding of negative integers and integers larger than 255 # Conflicts: # library/asn1write.c # tests/suites/test_suite_asn1write.data # tests/suites/test_suite_asn1write.function --- library/asn1write.c | 124 ++++++++++++++----------- tests/suites/test_suite_asn1write.data | 11 ++- 2 files changed, 79 insertions(+), 56 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 5669d3f8c703..6a83e32eb0ff 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -219,65 +219,85 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) { int ret; size_t len = 0; - size_t val_buf_len = 0; - unsigned char val_buf[8]; // consider that size of int <= 64 bit - const int one_const = 1; - const int is_bigendian = (*(char*)&one_const) == 0; - - const unsigned char * begin = is_bigendian ? - (const unsigned char *)&val : - (const unsigned char *)&val + sizeof(val) - 1; - - const unsigned char * end = is_bigendian ? - (const unsigned char *)&val + sizeof(val) : - (const unsigned char *)&val - 1; - - const int inc = is_bigendian ? +1 : -1; - - const unsigned char * prev = begin; - const unsigned char * curr = begin + inc; - int is_trim_finished = 0; - size_t trimed_cnt = 0; + // + // a better world: + // + // the loop below terminates after at most sizeof(int)+1 iterations: + // because of + // + // P >> (8 * sizeof(int)) == 0 for all P >= 0 + // and + // N >> (8 * sizeof(int)) == -1 for all N < 0 + // + // it is valid to encode and then right shift 8 bits until the result + // of the shift operation is either 0 or -1. + // + // since ASN.1 BER/DER Integer encoding is specified as + // two's complement, MSB of leading payload octet must be + // 1 for negative and 0 for non-negative integers. + // + // 7 bit right shift of val and check for 0 or -1 as termination + // condition ensures that a padding octet is written if the + // MSB of the encoded octet does not match the sign of + // the input. + // + // for ( ;; ) + // { + // if( *p - start < 1 ) + // return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + // *--(*p) = (unsigned char)(val & 0xFF); + // len += 1; + // + // if( val >> 7 == 0 || val >> 7 == -1 ) + // break; + // + // val >>= 8; + // } + // + // reality: + // + // 1) Arithmethic right shift on signed integers is + // implementation-defined behaviour for negative integers. + // + // one can emulate arithmetic right shift with sign extension for + // negative input by using a logical right shift and then set the + // shifted-in bits to one. + // + // but since + // 2) The ISO C standard allows three encoding methods for signed + // integers: two's complement, one's complement and sign/magnitude. + // + // the two's complement encoding has to be ensured. + // - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + unsigned int v, fix7, fix8, cmp; + + if( val < 0 ) { + v = ~((unsigned int) -val) + 1; + fix7 = 0xFE << (sizeof(int) -1) * 8; + fix8 = 0xFF << (sizeof(int) -1) * 8; + cmp = -1; + } else { + v = (unsigned int)val; + fix7 = 0; + fix8 = 0; + cmp = 0; + } - for(; curr != end; curr += inc ) + for( ;; ) { - if( !is_trim_finished ) - { - const int is_ones_leading = - ( *prev == 0xFF ) && ( ( *curr & 0x80 ) == 0x80 ); - const int is_zeros_leading = - ( *prev == 0x00 ) && ( ( *curr & 0x80 ) == 0x00 ); - if( is_ones_leading || is_zeros_leading ) - { - ++trimed_cnt; - } - else - { - is_trim_finished = 1; - } - } - - if( is_trim_finished ) - { // Not else for previous 'if' statement - val_buf[val_buf_len++] = *prev; - } - - prev = curr; - } + if( *p - start < 1 ) + return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - /* process integer last byte */ - val_buf[val_buf_len++] = *prev; + *--(*p) = (unsigned char) (v & 0xFF); + len += 1; - if( *p - start < (int)val_buf_len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if( (v >> 7 | fix7) == cmp ) + break; - *p -= val_buf_len; - len += val_buf_len; - memcpy( *p, val_buf, val_buf_len ); + v = v >> 8 | fix8; + } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) ); diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data index e4ccd28c5cfd..a9488dad1491 100644 --- a/tests/suites/test_suite_asn1write.data +++ b/tests/suites/test_suite_asn1write.data @@ -53,10 +53,13 @@ ASN.1 Write Integer #0 (Zero) mbedtls_asn1_write_int:0:"020100":3:3 ASN.1 Write Integer #1 (Small positive) -mbedtls_asn1_write_int:123:"02017B":3:3 +mbedtls_asn1_write_int:23:"020117":3:3 -ASN.1 Write Integer #2 (Big positive) -mbedtls_asn1_write_int:305419896:"020412345678":6:6 +ASN.1 Write Integer #2 (Small negative) +mbedtls_asn1_write_int:-42:"0201D6":3:3 + +ASN.1 Write Integer #3 (small MSB adjusted positive) +mbedtls_asn1_write_int:128:"02020080":4:4 ASN.1 Write Integer #3 (Small negative) mbedtls_asn1_write_int:-16:"0201F0":3:3 @@ -71,4 +74,4 @@ ASN.1 Write Integer #6 (Buffer too small for len) mbedtls_asn1_write_int:-231451016:"0204F2345678":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ASN.1 Write Integer #7 (Buffer too small for integer) -mbedtls_asn1_write_int:-231451016:"0204F2345678":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL +mbedtls_asn1_write_int:-231451016:"0204F2345678":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL \ No newline at end of file From fd6a69a0ee43cf6f640b2dc9979cf813c4c06ff5 Mon Sep 17 00:00:00 2001 From: Sergey Seroshtan Date: Mon, 5 Dec 2016 16:57:03 +0200 Subject: [PATCH 271/272] Add test: ASN.1 Write Integer #5 (Big positive) --- tests/suites/test_suite_asn1write.data | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data index a9488dad1491..e2c6407d0441 100644 --- a/tests/suites/test_suite_asn1write.data +++ b/tests/suites/test_suite_asn1write.data @@ -67,11 +67,14 @@ mbedtls_asn1_write_int:-16:"0201F0":3:3 ASN.1 Write Integer #4 (Big negative) mbedtls_asn1_write_int:-231451016:"0204F2345678":6:6 -ASN.1 Write Integer #5 (Buffer too small for tag) +ASN.1 Write Integer #5 (Big positive) +mbedtls_asn1_write_int:305419896:"020412345678":6:6 + +ASN.1 Write Integer #6 (Buffer too small for tag) mbedtls_asn1_write_int:-231451016:"0204F2345678":5:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -ASN.1 Write Integer #6 (Buffer too small for len) +ASN.1 Write Integer #7 (Buffer too small for len) mbedtls_asn1_write_int:-231451016:"0204F2345678":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -ASN.1 Write Integer #7 (Buffer too small for integer) -mbedtls_asn1_write_int:-231451016:"0204F2345678":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL \ No newline at end of file +ASN.1 Write Integer #8 (Buffer too small for integer) +mbedtls_asn1_write_int:-231451016:"0204F2345678":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL From bd80b5202b8405b7a295d919c176a45d94811b61 Mon Sep 17 00:00:00 2001 From: Sergey Seroshtan Date: Wed, 7 Dec 2016 10:41:44 +0200 Subject: [PATCH 272/272] Add changes of version 2.0.1 to the 'VirgilChangeLog' file --- VirgilChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/VirgilChangeLog b/VirgilChangeLog index d5d8cd821ee2..7e3cb2bdd5db 100644 --- a/VirgilChangeLog +++ b/VirgilChangeLog @@ -1,5 +1,13 @@ Virgil Security ChangeLog (Sorted per version, date) += Virgil Security 2.0.1 released 2016-12-07 + +Changes + * Update to mbed TLS version 2.4.0 + * Replace custom implementation of support ASN.1 encoding of negative integers and integers larger than 255, + by applying commit https://github.com/sg2342/mbedtls/commit/b684c0ee0746c05a8e8896283ef90a09d1d0bf9d + + = Virgil Security 2.0.0 released 2016-09-30 Features