mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2024-12-28 15:17:21 +00:00
enforce input and output of ccm selftest on stack
In `mbedtls_ccm_self_test()`, enforce input and output buffers sent to the ccm API to be contigous and aligned, by copying the test vectors to buffers on the stack.
This commit is contained in:
parent
6c34268e20
commit
1b9b217abf
@ -381,7 +381,8 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
*/
|
||||
|
||||
#define NB_TESTS 3
|
||||
|
||||
#define CCM_SELFTEST_PT_MAX_LEN 24
|
||||
#define CCM_SELFTEST_CT_MAX_LEN 32
|
||||
/*
|
||||
* The data is the same for all tests, only the used length changes
|
||||
*/
|
||||
@ -401,7 +402,7 @@ static const unsigned char ad[] = {
|
||||
0x10, 0x11, 0x12, 0x13
|
||||
};
|
||||
|
||||
static const unsigned char msg[] = {
|
||||
static const unsigned char msg[CCM_SELFTEST_PT_MAX_LEN] = {
|
||||
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
@ -412,7 +413,7 @@ static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
|
||||
static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
|
||||
static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
|
||||
|
||||
static const unsigned char res[NB_TESTS][32] = {
|
||||
static const unsigned char res[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
|
||||
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
|
||||
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
|
||||
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
|
||||
@ -426,7 +427,13 @@ static const unsigned char res[NB_TESTS][32] = {
|
||||
int mbedtls_ccm_self_test( int verbose )
|
||||
{
|
||||
mbedtls_ccm_context ctx;
|
||||
unsigned char out[32];
|
||||
/*
|
||||
* Some hardware accelerators require the input and output buffers
|
||||
* would be in RAM, because the flash is not accessible.
|
||||
* Use buffers on the stack to hold the test vectors data.
|
||||
*/
|
||||
unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
|
||||
unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
|
||||
size_t i;
|
||||
int ret;
|
||||
|
||||
@ -445,27 +452,32 @@ int mbedtls_ccm_self_test( int verbose )
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
|
||||
|
||||
memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
|
||||
memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
|
||||
memcpy( plaintext, msg, msg_len[i] );
|
||||
|
||||
ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
|
||||
iv, iv_len[i], ad, add_len[i],
|
||||
msg, out,
|
||||
out + msg_len[i], tag_len[i] );
|
||||
iv, iv_len[i], ad, add_len[i],
|
||||
plaintext, ciphertext,
|
||||
ciphertext + msg_len[i], tag_len[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
||||
memcmp( ciphertext, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
|
||||
|
||||
ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
|
||||
iv, iv_len[i], ad, add_len[i],
|
||||
res[i], out,
|
||||
res[i] + msg_len[i], tag_len[i] );
|
||||
iv, iv_len[i], ad, add_len[i],
|
||||
ciphertext, plaintext,
|
||||
ciphertext + msg_len[i], tag_len[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( out, msg, msg_len[i] ) != 0 )
|
||||
memcmp( plaintext, msg, msg_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
Loading…
Reference in New Issue
Block a user