eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe

Browse source 
Improve & test legacy mbedtls_pkcs12_pbe
This commit is contained in:
Gilles Peskine 2023-09-08 13:08:05 +02:00 committed by GitHub
commit 31d49cd57f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 137 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

28
tests/suites/test_suite_pkcs12.data
View file

@ -33,3 +33,31 @@ pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"01234567
PKCS#12 derive key: MD5: Valid password and salt
depends_on:MBEDTLS_MD_CAN_MD5
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0
PBE Encrypt, pad = 7 (OK)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_encrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAAAA":0:"5F2C15056A36F3A78856E9E662DD27CB"
PBE Encrypt, pad = 8 (OK)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_encrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":0:"5F2C15056A36F3A70F70A3D4EC4004A8"
PBE Encrypt, pad = 8 (PKCS7 padding disabled)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_encrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
PBE Decrypt, pad = 7 (OK)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_decrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A78856E9E662DD27CB":0:"AAAAAAAAAAAAAAAAAA"
PBE Decrypt, pad = 8 (OK)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_decrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":0:"AAAAAAAAAAAAAAAA"
PBE Decrypt, (Invalid padding & PKCS7 padding disabled)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_decrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":0:"AAAAAAAAAAAAAAAAAA07070707070708"
PBE Decrypt, (Invalid padding & PKCS7 padding enabled)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pkcs12_pbe_decrypt:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"300E0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH:"AAAAAAAAAAAAAAAAAA07070707070708"

66
tests/suites/test_suite_pkcs12.function
View file

@ -68,3 +68,69 @@ exit:
MD_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
void pkcs12_pbe_encrypt(int cipher, int md, data_t *params_hex, data_t *pw,
data_t *data, int ref_ret, data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf pbe_params;
unsigned char *my_out = NULL;
mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
size_t block_size;
MD_PSA_INIT();
block_size = mbedtls_cipher_info_get_block_size(mbedtls_cipher_info_from_type(cipher_alg));
TEST_CALLOC(my_out, ((data->len/block_size) + 1) * block_size);
pbe_params.tag = params_hex->x[0];
pbe_params.len = params_hex->x[1];
pbe_params.p = params_hex->x + 2;
my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
md_alg, pw->x, pw->len, data->x, data->len, my_out);
TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
exit:
mbedtls_free(my_out);
MD_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
void pkcs12_pbe_decrypt(int cipher, int md, data_t *params_hex, data_t *pw,
data_t *data, int ref_ret, data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf pbe_params;
unsigned char *my_out = NULL;
mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
MD_PSA_INIT();
TEST_CALLOC(my_out, data->len);
pbe_params.tag = params_hex->x[0];
pbe_params.len = params_hex->x[1];
pbe_params.p = params_hex->x + 2;
my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
md_alg, pw->x, pw->len, data->x, data->len, my_out);
TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
exit:
mbedtls_free(my_out);
MD_PSA_DONE();
}
/* END_CASE */