espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-06-17 22:39:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

ssl_helpers: allow mbedtls_test_ssl_build_transforms to work without CIPHER_C

Browse Source 
A new internal function is added to get cipher's info (mode, key bits and
iv len) without relying on CIPHER_C. This function is basically a lookup
table used only for test purposes.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-10-27 11:55:02 +02:00
parent d531dab4f6
commit 31ad3a14cc
1 changed files with 140 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
tests/src/test_helpers/ssl_helpers.c
View File

@ -1108,6 +1108,123 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC &&
MBEDTLS_AES_C */ MBEDTLS_AES_C */
static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type,
mbedtls_cipher_mode_t *cipher_mode,
size_t *key_bits, size_t *iv_len)
{
switch (cipher_type) {
case MBEDTLS_CIPHER_AES_128_CBC:
*cipher_mode = MBEDTLS_MODE_CBC;
*key_bits = 128;
*iv_len = 16;
break;
case MBEDTLS_CIPHER_AES_256_CBC:
*cipher_mode = MBEDTLS_MODE_CBC;
*key_bits = 256;
*iv_len = 16;
break;
case MBEDTLS_CIPHER_ARIA_128_CBC:
*cipher_mode = MBEDTLS_MODE_CBC;
*key_bits = 128;
*iv_len = 16;
break;
case MBEDTLS_CIPHER_ARIA_256_CBC:
*cipher_mode = MBEDTLS_MODE_CBC;
*key_bits = 256;
*iv_len = 16;
break;
case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
*cipher_mode = MBEDTLS_MODE_CBC;
*key_bits = 128;
*iv_len = 16;
break;
case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
*cipher_mode = MBEDTLS_MODE_CBC;
*key_bits = 256;
*iv_len = 16;
break;
case MBEDTLS_CIPHER_AES_128_CCM:
*cipher_mode = MBEDTLS_MODE_CCM;
*key_bits = 128;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_AES_192_CCM:
*cipher_mode = MBEDTLS_MODE_CCM;
*key_bits = 192;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_AES_256_CCM:
*cipher_mode = MBEDTLS_MODE_CCM;
*key_bits = 256;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
*cipher_mode = MBEDTLS_MODE_CCM;
*key_bits = 128;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
*cipher_mode = MBEDTLS_MODE_CCM;
*key_bits = 192;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
*cipher_mode = MBEDTLS_MODE_CCM;
*key_bits = 256;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_AES_128_GCM:
*cipher_mode = MBEDTLS_MODE_GCM;
*key_bits = 128;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_AES_192_GCM:
*cipher_mode = MBEDTLS_MODE_GCM;
*key_bits = 192;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_AES_256_GCM:
*cipher_mode = MBEDTLS_MODE_GCM;
*key_bits = 256;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
*cipher_mode = MBEDTLS_MODE_GCM;
*key_bits = 128;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
*cipher_mode = MBEDTLS_MODE_GCM;
*key_bits = 192;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
*cipher_mode = MBEDTLS_MODE_GCM;
*key_bits = 256;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_CHACHA20_POLY1305:
*cipher_mode = MBEDTLS_MODE_CHACHAPOLY;
*key_bits = 256;
*iv_len = 12;
break;
case MBEDTLS_CIPHER_NULL:
*cipher_mode = MBEDTLS_MODE_STREAM;
*key_bits = 0;
*iv_len = 0;
break;
default:
*cipher_mode = MBEDTLS_MODE_NONE;
*key_bits = 0;
*iv_len = 0;
}
}
int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out, mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id, int cipher_type, int hash_id,
@ -1116,18 +1233,22 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
size_t cid0_len, size_t cid0_len,
size_t cid1_len) size_t cid1_len)
{ {
mbedtls_cipher_info_t const *cipher_info; mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE;
size_t key_bits = 0;
int ret = 0; int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type; psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg; psa_algorithm_t alg;
size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif #endif
size_t keylen, maclen, ivlen; #if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_info_t const *cipher_info;
#endif
size_t keylen, maclen, ivlen = 0;
unsigned char *key0 = NULL, *key1 = NULL; unsigned char *key0 = NULL, *key1 = NULL;
unsigned char *md0 = NULL, *md1 = NULL; unsigned char *md0 = NULL, *md1 = NULL;
unsigned char iv_enc[16], iv_dec[16]; unsigned char iv_enc[16], iv_dec[16];
@ -1144,15 +1265,11 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
maclen = 0; maclen = 0;
mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type,
/* Pick cipher */ &cipher_mode, &key_bits, &ivlen);
cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
CHK(cipher_info != NULL);
CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
/* Pick keys */ /* Pick keys */
keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; keylen = key_bits / 8;
/* Allocate `keylen + 1` bytes to ensure that we get /* Allocate `keylen + 1` bytes to ensure that we get
* a non-NULL pointers from `mbedtls_calloc` even if * a non-NULL pointers from `mbedtls_calloc` even if
* `keylen == 0` in the case of the NULL cipher. */ * `keylen == 0` in the case of the NULL cipher. */
@ -1161,6 +1278,12 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
memset(key0, 0x1, keylen); memset(key0, 0x1, keylen);
memset(key1, 0x2, keylen); memset(key1, 0x2, keylen);
#if defined(MBEDTLS_CIPHER_C)
/* Pick cipher */
cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
CHK(cipher_info != NULL);
CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
#if !defined(MBEDTLS_USE_PSA_CRYPTO) #if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* Setup cipher contexts */ /* Setup cipher contexts */
CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
@ -1169,7 +1292,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
#if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_CIPHER_MODE_CBC)
if (cipher_info->mode == MBEDTLS_MODE_CBC) { if (cipher_mode == MBEDTLS_MODE_CBC) {
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
MBEDTLS_PADDING_NONE) == 0); MBEDTLS_PADDING_NONE) == 0);
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
@ -1197,12 +1320,13 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
MBEDTLS_DECRYPT) MBEDTLS_DECRYPT)
== 0); == 0);
#endif #endif /* !MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_CIPHER_C */
/* Setup MAC contexts */ /* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if (cipher_info->mode == MBEDTLS_MODE_CBC || if (cipher_mode == MBEDTLS_MODE_CBC ||
cipher_info->mode == MBEDTLS_MODE_STREAM) { cipher_mode == MBEDTLS_MODE_STREAM) {
#if !defined(MBEDTLS_USE_PSA_CRYPTO) #if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
CHK(md_info != NULL); CHK(md_info != NULL);
@ -1240,7 +1364,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
md1, maclen, md1, maclen,
&t_out->psa_mac_enc) == PSA_SUCCESS); &t_out->psa_mac_enc) == PSA_SUCCESS);
if (cipher_info->mode == MBEDTLS_MODE_STREAM || if (cipher_mode == MBEDTLS_MODE_STREAM ||
etm == MBEDTLS_SSL_ETM_DISABLED) { etm == MBEDTLS_SSL_ETM_DISABLED) {
/* mbedtls_ct_hmac() requires the key to be exportable */ /* mbedtls_ct_hmac() requires the key to be exportable */
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
@ -1279,7 +1403,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
/* Pick IV's (regardless of whether they /* Pick IV's (regardless of whether they
* are being used by the transform). */ * are being used by the transform). */
ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
memset(iv_enc, 0x3, sizeof(iv_enc)); memset(iv_enc, 0x3, sizeof(iv_enc));
memset(iv_dec, 0x4, sizeof(iv_dec)); memset(iv_dec, 0x4, sizeof(iv_dec));
@ -1300,7 +1423,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
t_out->ivlen = ivlen; t_out->ivlen = ivlen;
t_in->ivlen = ivlen; t_in->ivlen = ivlen;
switch (cipher_info->mode) { switch (cipher_mode) {
case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM: case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)