mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-06 01:21:02 +00:00
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
This commit is contained in:
Gilles Peskine
GitHub
commit
193f94276e
3
ChangeLog.d/ssl_decrypt_buf-short_record.txt
Normal file
3
ChangeLog.d/ssl_decrypt_buf-short_record.txt
Normal file
@ -0,0 +1,3 @@
|
||||
Security
|
||||
* Fix a buffer overread when parsing short TLS application data records in
|
||||
null-cipher cipher suites. Credit to OSS-Fuzz.
|
||||
@ -1546,8 +1546,16 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
|
||||
if (rec->data_len < transform->maclen) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1,
|
||||
("Record too short for MAC:"
|
||||
" %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET,
|
||||
rec->data_len, transform->maclen));
|
||||
return MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
}
|
||||
|
||||
/* The only supported stream cipher is "NULL",
|
||||
* so there's nothing to do here.*/
|
||||
* so there's no encryption to do here.*/
|
||||
} else
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
@ -2010,7 +2018,7 @@ hmac_failed_etm_enabled:
|
||||
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
|
||||
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
|
||||
|
||||
/* If the initial value of padlen was such that
|
||||
/* For CBC+MAC, If the initial value of padlen was such that
|
||||
* data_len < maclen + padlen + 1, then padlen
|
||||
* got reset to 1, and the initial check
|
||||
* data_len >= minlen + maclen + 1
|
||||
@ -2022,6 +2030,9 @@ hmac_failed_etm_enabled:
|
||||
* subtracted either padlen + 1 (if the padding was correct)
|
||||
* or 0 (if the padding was incorrect) since then,
|
||||
* hence data_len >= maclen in any case.
|
||||
*
|
||||
* For stream ciphers, we checked above that
|
||||
* data_len >= maclen.
|
||||
*/
|
||||
rec->data_len -= transform->maclen;
|
||||
ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
|
||||
|
||||
@ -516,6 +516,27 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
size_t cid0_len,
|
||||
size_t cid1_len);
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
/**
|
||||
* \param[in,out] record The record to prepare.
|
||||
* It must contain the data to MAC at offset
|
||||
* `record->data_offset`, of length
|
||||
* `record->data_length`.
|
||||
* On success, write the MAC immediately
|
||||
* after the data and increment
|
||||
* `record->data_length` accordingly.
|
||||
* \param[in,out] transform_out The out transform, typically prepared by
|
||||
* mbedtls_test_ssl_build_transforms().
|
||||
* Its HMAC context may be used. Other than that
|
||||
* it is treated as an input parameter.
|
||||
*
|
||||
* \return 0 on success, an `MBEDTLS_ERR_xxx` error code
|
||||
* or -1 on error.
|
||||
*/
|
||||
int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
|
||||
mbedtls_ssl_transform *transform_out);
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||
|
||||
/*
|
||||
* Populate a session structure for serialization tests.
|
||||
* Choose dummy values, mostly non-0 to distinguish from the init default.
|
||||
|
||||
@ -1467,6 +1467,64 @@ cleanup:
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
|
||||
mbedtls_ssl_transform *transform_out)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
||||
#endif
|
||||
|
||||
/* Serialized version of record header for MAC purposes */
|
||||
unsigned char add_data[13];
|
||||
memcpy(add_data, record->ctr, 8);
|
||||
add_data[8] = record->type;
|
||||
add_data[9] = record->ver[0];
|
||||
add_data[10] = record->ver[1];
|
||||
add_data[11] = (record->data_len >> 8) & 0xff;
|
||||
add_data[12] = (record->data_len >> 0) & 0xff;
|
||||
|
||||
/* MAC with additional data */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t sign_mac_length = 0;
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
|
||||
transform_out->psa_mac_enc,
|
||||
transform_out->psa_mac_alg));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
|
||||
record->buf + record->data_offset,
|
||||
record->data_len));
|
||||
/* Use a temporary buffer for the MAC, because with the truncated HMAC
|
||||
* extension, there might not be enough room in the record for the
|
||||
* full-length MAC. */
|
||||
unsigned char mac[PSA_HASH_MAX_SIZE];
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
|
||||
mac, sizeof(mac),
|
||||
&sign_mac_length));
|
||||
#else
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
|
||||
record->buf + record->data_offset,
|
||||
record->data_len));
|
||||
/* Use a temporary buffer for the MAC, because with the truncated HMAC
|
||||
* extension, there might not be enough room in the record for the
|
||||
* full-length MAC. */
|
||||
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
|
||||
#endif
|
||||
memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
|
||||
record->data_len += transform_out->maclen;
|
||||
|
||||
return 0;
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_mac_abort(&operation);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||
|
||||
int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
|
||||
int ticket_len,
|
||||
const char *crt_file)
|
||||
|
||||
@ -2681,390 +2681,6 @@ Record crypt, little space, NULL cipher, 1.2, MD5, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
|
||||
|
||||
SSL TLS 1.3 Key schedule: Secret evolution #1
|
||||
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
|
||||
# Initial secret to Early Secret
|
||||
|
||||
@ -1464,235 +1464,6 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
|
||||
int length_selector)
|
||||
{
|
||||
/*
|
||||
* Test record decryption for CBC without EtM, focused on the verification
|
||||
* of padding and MAC.
|
||||
*
|
||||
* Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
|
||||
* the test framework doesn't support alternation in dependency statements,
|
||||
* just depend on AES.
|
||||
*
|
||||
* The length_selector argument is interpreted as follows:
|
||||
* - if it's -1, the plaintext length is 0 and minimal padding is applied
|
||||
* - if it's -2, the plaintext length is 0 and maximal padding is applied
|
||||
* - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
|
||||
* it's the length of the rest of the padding, that is, excluding the
|
||||
* byte that encodes the length. The minimal non-zero plaintext length
|
||||
* that gives this padding_length is automatically selected.
|
||||
*/
|
||||
mbedtls_ssl_context ssl; /* ONLY for debugging */
|
||||
mbedtls_ssl_transform t0, t1;
|
||||
mbedtls_record rec, rec_save;
|
||||
unsigned char *buf = NULL, *buf_save = NULL;
|
||||
size_t buflen, olen = 0;
|
||||
size_t plaintext_len, block_size, i;
|
||||
unsigned char padlen; /* excluding the padding_length byte */
|
||||
unsigned char add_data[13];
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
||||
size_t sign_mac_length = 0;
|
||||
unsigned char mac[PSA_HASH_MAX_SIZE];
|
||||
#else
|
||||
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
||||
#endif
|
||||
int exp_ret;
|
||||
int ret;
|
||||
const unsigned char pad_max_len = 255; /* Per the standard */
|
||||
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_transform_init(&t0);
|
||||
mbedtls_ssl_transform_init(&t1);
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
/* Set up transforms with dummy keys */
|
||||
ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
|
||||
0, trunc_hmac,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2,
|
||||
0, 0);
|
||||
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
/* Determine padding/plaintext length */
|
||||
TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
|
||||
block_size = t0.ivlen;
|
||||
if (length_selector < 0) {
|
||||
plaintext_len = 0;
|
||||
|
||||
/* Minimal padding
|
||||
* The +1 is for the padding_length byte, not counted in padlen. */
|
||||
padlen = block_size - (t0.maclen + 1) % block_size;
|
||||
|
||||
/* Maximal padding? */
|
||||
if (length_selector == -2) {
|
||||
padlen += block_size * ((pad_max_len - padlen) / block_size);
|
||||
}
|
||||
} else {
|
||||
padlen = length_selector;
|
||||
|
||||
/* Minimal non-zero plaintext_length giving desired padding.
|
||||
* The +1 is for the padding_length byte, not counted in padlen. */
|
||||
plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
|
||||
}
|
||||
|
||||
/* Prepare a buffer for record data */
|
||||
buflen = block_size
|
||||
+ plaintext_len
|
||||
+ t0.maclen
|
||||
+ padlen + 1;
|
||||
TEST_CALLOC(buf, buflen);
|
||||
TEST_CALLOC(buf_save, buflen);
|
||||
|
||||
/* Prepare a dummy record header */
|
||||
memset(rec.ctr, 0, sizeof(rec.ctr));
|
||||
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||
mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2);
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
rec.cid_len = 0;
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
/* Prepare dummy record content */
|
||||
rec.buf = buf;
|
||||
rec.buf_len = buflen;
|
||||
rec.data_offset = block_size;
|
||||
rec.data_len = plaintext_len;
|
||||
memset(rec.buf + rec.data_offset, 42, rec.data_len);
|
||||
|
||||
/* Serialized version of record header for MAC purposes */
|
||||
memcpy(add_data, rec.ctr, 8);
|
||||
add_data[8] = rec.type;
|
||||
add_data[9] = rec.ver[0];
|
||||
add_data[10] = rec.ver[1];
|
||||
add_data[11] = (rec.data_len >> 8) & 0xff;
|
||||
add_data[12] = (rec.data_len >> 0) & 0xff;
|
||||
|
||||
/* Set dummy IV */
|
||||
memset(t0.iv_enc, 0x55, t0.ivlen);
|
||||
memcpy(rec.buf, t0.iv_enc, t0.ivlen);
|
||||
|
||||
/*
|
||||
* Prepare a pre-encryption record (with MAC and padding), and save it.
|
||||
*/
|
||||
|
||||
/* MAC with additional data */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
|
||||
t0.psa_mac_enc,
|
||||
t0.psa_mac_alg));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
|
||||
rec.buf + rec.data_offset,
|
||||
rec.data_len));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
|
||||
mac, sizeof(mac),
|
||||
&sign_mac_length));
|
||||
#else
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
|
||||
rec.buf + rec.data_offset,
|
||||
rec.data_len));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
|
||||
#endif
|
||||
|
||||
memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
|
||||
rec.data_len += t0.maclen;
|
||||
|
||||
/* Pad */
|
||||
memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
|
||||
rec.data_len += padlen + 1;
|
||||
|
||||
/* Save correct pre-encryption record */
|
||||
rec_save = rec;
|
||||
rec_save.buf = buf_save;
|
||||
memcpy(buf_save, buf, buflen);
|
||||
|
||||
/*
|
||||
* Encrypt and decrypt the correct record, expecting success
|
||||
*/
|
||||
TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
|
||||
&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
|
||||
rec.data_len, rec.buf + rec.data_offset, &olen));
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
|
||||
|
||||
/*
|
||||
* Modify each byte of the pre-encryption record before encrypting and
|
||||
* decrypting it, expecting failure every time.
|
||||
*/
|
||||
for (i = block_size; i < buflen; i++) {
|
||||
mbedtls_test_set_step(i);
|
||||
|
||||
/* Restore correct pre-encryption record */
|
||||
rec = rec_save;
|
||||
rec.buf = buf;
|
||||
memcpy(buf, buf_save, buflen);
|
||||
|
||||
/* Corrupt one byte of the data (could be plaintext, MAC or padding) */
|
||||
rec.buf[i] ^= 0x01;
|
||||
|
||||
/* Encrypt */
|
||||
TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
|
||||
&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
|
||||
rec.data_len, rec.buf + rec.data_offset, &olen));
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
/* Decrypt and expect failure */
|
||||
TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
|
||||
mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
|
||||
}
|
||||
|
||||
/*
|
||||
* Use larger values of the padding bytes - with small buffers, this tests
|
||||
* the case where the announced padlen would be larger than the buffer
|
||||
* (and before that, than the buffer minus the size of the MAC), to make
|
||||
* sure our padding checking code does not perform any out-of-bounds reads
|
||||
* in this case. (With larger buffers, ie when the plaintext is long or
|
||||
* maximal length padding is used, this is less relevant but still doesn't
|
||||
* hurt to test.)
|
||||
*
|
||||
* (Start the loop with correct padding, just to double-check that record
|
||||
* saving did work, and that we're overwriting the correct bytes.)
|
||||
*/
|
||||
for (i = padlen; i <= pad_max_len; i++) {
|
||||
mbedtls_test_set_step(i);
|
||||
|
||||
/* Restore correct pre-encryption record */
|
||||
rec = rec_save;
|
||||
rec.buf = buf;
|
||||
memcpy(buf, buf_save, buflen);
|
||||
|
||||
/* Set padding bytes to new value */
|
||||
memset(buf + buflen - padlen - 1, i, padlen + 1);
|
||||
|
||||
/* Encrypt */
|
||||
TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
|
||||
&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
|
||||
rec.data_len, rec.buf + rec.data_offset, &olen));
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
/* Decrypt and expect failure except the first time */
|
||||
exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_transform_free(&t0);
|
||||
mbedtls_ssl_transform_free(&t1);
|
||||
mbedtls_free(buf);
|
||||
mbedtls_free(buf_save);
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_hkdf_expand_label(int hash_alg,
|
||||
data_t *secret,
|
||||
|
||||
312
tests/suites/test_suite_ssl_decrypt.function
Normal file
312
tests/suites/test_suite_ssl_decrypt.function
Normal file
@ -0,0 +1,312 @@
|
||||
/* BEGIN_HEADER */
|
||||
/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative
|
||||
* testing (using malformed inputs). */
|
||||
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <ssl_misc.h>
|
||||
#include <test/ssl_helpers.h>
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_SSL_TLS_C
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
void ssl_decrypt_null(int hash_id)
|
||||
{
|
||||
mbedtls_ssl_transform transform_in, transform_out;
|
||||
mbedtls_ssl_transform_init(&transform_in);
|
||||
mbedtls_ssl_transform_init(&transform_out);
|
||||
const mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
const mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NULL;
|
||||
mbedtls_record rec_good = {
|
||||
.ctr = { 0 },
|
||||
.type = MBEDTLS_SSL_MSG_APPLICATION_DATA,
|
||||
.ver = { 0, 0 }, /* Will be set by a function call below */
|
||||
.buf = NULL,
|
||||
.buf_len = 0,
|
||||
.data_offset = 0,
|
||||
.data_len = 0,
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
.cid_len = 0,
|
||||
.cid = { 0 },
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
};
|
||||
mbedtls_ssl_write_version(rec_good.ver,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
version);
|
||||
const char sample_plaintext[3] = "ABC";
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_init(&ssl);
|
||||
uint8_t *buf = NULL;
|
||||
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
TEST_EQUAL(mbedtls_test_ssl_build_transforms(&transform_in, &transform_out,
|
||||
cipher_type, hash_id, 0, 0,
|
||||
version,
|
||||
0, 0), 0);
|
||||
|
||||
const size_t plaintext_length = sizeof(sample_plaintext);
|
||||
rec_good.buf_len = plaintext_length + transform_in.maclen;
|
||||
rec_good.data_len = plaintext_length;
|
||||
TEST_CALLOC(rec_good.buf, rec_good.buf_len);
|
||||
memcpy(rec_good.buf, sample_plaintext, plaintext_length);
|
||||
TEST_EQUAL(mbedtls_test_ssl_prepare_record_mac(&rec_good,
|
||||
&transform_out), 0);
|
||||
|
||||
/* Good case */
|
||||
mbedtls_record rec = rec_good;
|
||||
TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), 0);
|
||||
|
||||
/* Change any one byte of the plaintext or MAC. The MAC will be wrong. */
|
||||
TEST_CALLOC(buf, rec.buf_len);
|
||||
for (size_t i = 0; i < rec.buf_len; i++) {
|
||||
mbedtls_test_set_step(i);
|
||||
rec = rec_good;
|
||||
rec.buf = buf;
|
||||
memcpy(buf, rec_good.buf, rec.buf_len);
|
||||
buf[i] ^= 1;
|
||||
TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
|
||||
MBEDTLS_ERR_SSL_INVALID_MAC);
|
||||
}
|
||||
mbedtls_free(buf);
|
||||
buf = NULL;
|
||||
|
||||
/* Shorter input buffer. Either the MAC will be wrong, or there isn't
|
||||
* enough room for a MAC. */
|
||||
for (size_t n = 1; n < rec.buf_len; n++) {
|
||||
mbedtls_test_set_step(n);
|
||||
rec = rec_good;
|
||||
TEST_CALLOC(buf, n);
|
||||
rec.buf = buf;
|
||||
rec.buf_len = n;
|
||||
rec.data_len = n;
|
||||
memcpy(buf, rec_good.buf, n);
|
||||
TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
|
||||
MBEDTLS_ERR_SSL_INVALID_MAC);
|
||||
mbedtls_free(buf);
|
||||
buf = NULL;
|
||||
}
|
||||
|
||||
/* For robustness, check a 0-length buffer (non-null, then null).
|
||||
* This should not reach mbedtls_ssl_decrypt_buf() as used in the library,
|
||||
* so the exact error doesn't matter, but we don't want a crash. */
|
||||
{
|
||||
const uint8_t buf1[1] = { 'a' };
|
||||
rec = rec_good;
|
||||
/* We won't write to buf1[0] since it's out of range, so we can cast
|
||||
* the const away. */
|
||||
rec.buf = (uint8_t *) buf1;
|
||||
rec.buf_len = 0;
|
||||
TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
|
||||
MBEDTLS_ERR_SSL_INTERNAL_ERROR);
|
||||
}
|
||||
rec = rec_good;
|
||||
rec.buf = NULL;
|
||||
rec.buf_len = 0;
|
||||
TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
|
||||
MBEDTLS_ERR_SSL_INTERNAL_ERROR);
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_transform_free(&transform_in);
|
||||
mbedtls_ssl_transform_free(&transform_out);
|
||||
mbedtls_free(rec_good.buf);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_free(buf);
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
|
||||
int length_selector)
|
||||
{
|
||||
/*
|
||||
* Test record decryption for CBC without EtM, focused on the verification
|
||||
* of padding and MAC.
|
||||
*
|
||||
* Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
|
||||
* the test framework doesn't support alternation in dependency statements,
|
||||
* just depend on AES.
|
||||
*
|
||||
* The length_selector argument is interpreted as follows:
|
||||
* - if it's -1, the plaintext length is 0 and minimal padding is applied
|
||||
* - if it's -2, the plaintext length is 0 and maximal padding is applied
|
||||
* - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
|
||||
* it's the length of the rest of the padding, that is, excluding the
|
||||
* byte that encodes the length. The minimal non-zero plaintext length
|
||||
* that gives this padding_length is automatically selected.
|
||||
*/
|
||||
mbedtls_ssl_context ssl; /* ONLY for debugging */
|
||||
mbedtls_ssl_transform t0, t1;
|
||||
mbedtls_record rec, rec_save;
|
||||
unsigned char *buf = NULL, *buf_save = NULL;
|
||||
size_t buflen, olen = 0;
|
||||
size_t plaintext_len, block_size, i;
|
||||
unsigned char padlen; /* excluding the padding_length byte */
|
||||
int exp_ret;
|
||||
int ret;
|
||||
const unsigned char pad_max_len = 255; /* Per the standard */
|
||||
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_transform_init(&t0);
|
||||
mbedtls_ssl_transform_init(&t1);
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
/* Set up transforms with dummy keys */
|
||||
ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
|
||||
0, trunc_hmac,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2,
|
||||
0, 0);
|
||||
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
/* Determine padding/plaintext length */
|
||||
TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
|
||||
block_size = t0.ivlen;
|
||||
if (length_selector < 0) {
|
||||
plaintext_len = 0;
|
||||
|
||||
/* Minimal padding
|
||||
* The +1 is for the padding_length byte, not counted in padlen. */
|
||||
padlen = block_size - (t0.maclen + 1) % block_size;
|
||||
|
||||
/* Maximal padding? */
|
||||
if (length_selector == -2) {
|
||||
padlen += block_size * ((pad_max_len - padlen) / block_size);
|
||||
}
|
||||
} else {
|
||||
padlen = length_selector;
|
||||
|
||||
/* Minimal non-zero plaintext_length giving desired padding.
|
||||
* The +1 is for the padding_length byte, not counted in padlen. */
|
||||
plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
|
||||
}
|
||||
|
||||
/* Prepare a buffer for record data */
|
||||
buflen = block_size
|
||||
+ plaintext_len
|
||||
+ t0.maclen
|
||||
+ padlen + 1;
|
||||
TEST_CALLOC(buf, buflen);
|
||||
TEST_CALLOC(buf_save, buflen);
|
||||
|
||||
/* Prepare a dummy record header */
|
||||
memset(rec.ctr, 0, sizeof(rec.ctr));
|
||||
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||
mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2);
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
rec.cid_len = 0;
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
/* Prepare dummy record content */
|
||||
rec.buf = buf;
|
||||
rec.buf_len = buflen;
|
||||
rec.data_offset = block_size;
|
||||
rec.data_len = plaintext_len;
|
||||
memset(rec.buf + rec.data_offset, 42, rec.data_len);
|
||||
|
||||
/* Set dummy IV */
|
||||
memset(t0.iv_enc, 0x55, t0.ivlen);
|
||||
memcpy(rec.buf, t0.iv_enc, t0.ivlen);
|
||||
|
||||
/*
|
||||
* Prepare a pre-encryption record (with MAC and padding), and save it.
|
||||
*/
|
||||
TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0));
|
||||
|
||||
/* Pad */
|
||||
memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
|
||||
rec.data_len += padlen + 1;
|
||||
|
||||
/* Save correct pre-encryption record */
|
||||
rec_save = rec;
|
||||
rec_save.buf = buf_save;
|
||||
memcpy(buf_save, buf, buflen);
|
||||
|
||||
/*
|
||||
* Encrypt and decrypt the correct record, expecting success
|
||||
*/
|
||||
TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
|
||||
&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
|
||||
rec.data_len, rec.buf + rec.data_offset, &olen));
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
|
||||
|
||||
/*
|
||||
* Modify each byte of the pre-encryption record before encrypting and
|
||||
* decrypting it, expecting failure every time.
|
||||
*/
|
||||
for (i = block_size; i < buflen; i++) {
|
||||
mbedtls_test_set_step(i);
|
||||
|
||||
/* Restore correct pre-encryption record */
|
||||
rec = rec_save;
|
||||
rec.buf = buf;
|
||||
memcpy(buf, buf_save, buflen);
|
||||
|
||||
/* Corrupt one byte of the data (could be plaintext, MAC or padding) */
|
||||
rec.buf[i] ^= 0x01;
|
||||
|
||||
/* Encrypt */
|
||||
TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
|
||||
&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
|
||||
rec.data_len, rec.buf + rec.data_offset, &olen));
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
/* Decrypt and expect failure */
|
||||
TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
|
||||
mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
|
||||
}
|
||||
|
||||
/*
|
||||
* Use larger values of the padding bytes - with small buffers, this tests
|
||||
* the case where the announced padlen would be larger than the buffer
|
||||
* (and before that, than the buffer minus the size of the MAC), to make
|
||||
* sure our padding checking code does not perform any out-of-bounds reads
|
||||
* in this case. (With larger buffers, ie when the plaintext is long or
|
||||
* maximal length padding is used, this is less relevant but still doesn't
|
||||
* hurt to test.)
|
||||
*
|
||||
* (Start the loop with correct padding, just to double-check that record
|
||||
* saving did work, and that we're overwriting the correct bytes.)
|
||||
*/
|
||||
for (i = padlen; i <= pad_max_len; i++) {
|
||||
mbedtls_test_set_step(i);
|
||||
|
||||
/* Restore correct pre-encryption record */
|
||||
rec = rec_save;
|
||||
rec.buf = buf;
|
||||
memcpy(buf, buf_save, buflen);
|
||||
|
||||
/* Set padding bytes to new value */
|
||||
memset(buf + buflen - padlen - 1, i, padlen + 1);
|
||||
|
||||
/* Encrypt */
|
||||
TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
|
||||
&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
|
||||
rec.data_len, rec.buf + rec.data_offset, &olen));
|
||||
rec.data_offset -= t0.ivlen;
|
||||
rec.data_len += t0.ivlen;
|
||||
|
||||
/* Decrypt and expect failure except the first time */
|
||||
exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_transform_free(&t0);
|
||||
mbedtls_ssl_transform_free(&t1);
|
||||
mbedtls_free(buf);
|
||||
mbedtls_free(buf_save);
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
399
tests/suites/test_suite_ssl_decrypt.misc.data
Normal file
399
tests/suites/test_suite_ssl_decrypt.misc.data
Normal file
@ -0,0 +1,399 @@
|
||||
Decrypt null cipher, MD5
|
||||
depends_on:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_null:MBEDTLS_MD_MD5
|
||||
|
||||
Decrypt null cipher, SHA-1
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_null:MBEDTLS_MD_SHA1
|
||||
|
||||
Decrypt null cipher, SHA-256
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_null:MBEDTLS_MD_SHA256
|
||||
|
||||
Decrypt null cipher, SHA-384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_null:MBEDTLS_MD_SHA384
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES MD5 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
|
||||
|
||||
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
|
||||
|
||||
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
|
||||
|
||||
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
|
||||
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
|
||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
|
||||
Loading…
x
Reference in New Issue
Block a user