Add new mbedtls_pkcs12_pbe_ext function to replace old function
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index b557098..92b4d5d 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -70,33 +70,47 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void pkcs12_pbe_encrypt(int cipher, int md, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out)
+void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret, data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf pbe_params;
unsigned char *my_out = NULL;
mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
- size_t block_size;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
MD_PSA_INIT();
- block_size = mbedtls_cipher_info_get_block_size(mbedtls_cipher_info_from_type(cipher_alg));
- TEST_CALLOC(my_out, ((data->len/block_size) + 1) * block_size);
+ TEST_CALLOC(my_out, outsize);
- pbe_params.tag = params_hex->x[0];
- pbe_params.len = params_hex->x[1];
- pbe_params.p = params_hex->x + 2;
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
- my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
- md_alg, pw->x, pw->len, data->x, data->len, my_out);
- TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
if (ref_ret == 0) {
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
exit:
mbedtls_free(my_out);
MD_PSA_DONE();
@@ -104,31 +118,48 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void pkcs12_pbe_decrypt(int cipher, int md, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out)
+void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret, data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf pbe_params;
unsigned char *my_out = NULL;
mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
MD_PSA_INIT();
- TEST_CALLOC(my_out, data->len);
+ TEST_CALLOC(my_out, outsize);
- pbe_params.tag = params_hex->x[0];
- pbe_params.len = params_hex->x[1];
- pbe_params.p = params_hex->x + 2;
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
- my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
- md_alg, pw->x, pw->len, data->x, data->len, my_out);
- TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+
if (ref_ret == 0) {
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
exit:
mbedtls_free(my_out);
MD_PSA_DONE();