Add new mbedtls_pkcs5_pbe2_ext function
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 424ecd8..86c6a05 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -29,28 +29,47 @@
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
void pbes2_encrypt(int params_tag, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out)
+ data_t *data, int datalen, int ref_ret,
+ data_t *ref_out, int ref_out_len)
{
int my_ret;
mbedtls_asn1_buf params;
unsigned char *my_out = NULL;
-
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
MD_PSA_INIT();
+ /* This parameter is only used when MBEDTLS_CIPHER_PADDING_PKCS7 is enabled */
+ (void) ref_out_len;
params.tag = params_tag;
params.p = params_hex->x;
params.len = params_hex->len;
- ASSERT_ALLOC(my_out, ref_out->len);
+ ASSERT_ALLOC(my_out, datalen);
my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_ENCRYPT,
pw->x, pw->len, data->x, data->len, my_out);
- TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ TEST_EQUAL(my_ret, ref_ret);
+ }
if (ref_ret == 0) {
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_ENCRYPT,
+ pw->x, pw->len, data->x, data->len, my_out,
+ datalen, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ TEST_EQUAL(my_out_len, (size_t) ref_out_len);
+ }
+#endif
+
exit:
mbedtls_free(my_out);
MD_PSA_DONE();
@@ -59,27 +78,47 @@
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out)
+ data_t *data, int datalen, int ref_ret,
+ data_t *ref_out, int ref_out_len)
{
int my_ret;
mbedtls_asn1_buf params;
unsigned char *my_out = NULL;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
MD_PSA_INIT();
+ /* This parameter is only used when MBEDTLS_CIPHER_PADDING_PKCS7 is enabled */
+ (void) ref_out_len;
+
params.tag = params_tag;
params.p = params_hex->x;
params.len = params_hex->len;
- ASSERT_ALLOC(my_out, ref_out->len);
+ ASSERT_ALLOC(my_out, datalen);
my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT,
pw->x, pw->len, data->x, data->len, my_out);
- TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ TEST_EQUAL(my_ret, ref_ret);
+ }
if (ref_ret == 0) {
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_DECRYPT,
+ pw->x, pw->len, data->x, data->len, my_out,
+ datalen, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ TEST_EQUAL(my_out_len, (size_t) ref_out_len);
+ }
+#endif
exit:
mbedtls_free(my_out);