Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
security concerns.
* Add tests to check these scenarios. Test data has been
generated by the below code using OpenSSL as a reference:
int main()
{
char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
unsigned char *ciphertext = NULL;
int iter = 10;
X509_ALGOR *alg = X509_ALGOR_new();
int ciphertext_len = 0;
int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
alg->parameter = ASN1_TYPE_new();
struct asn1_object_st * aobj;
PKCS5_pbe_set0_algor(alg, alg_nid, iter,
salt, sizeof(salt)-1);
aobj = alg->algorithm;
printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
printf("06%.2X", aobj->length);
for (int i = 0; i < aobj->length; i++) {
printf("%.2X", aobj->data[i]);
}
for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
printf("%.2X", alg->parameter->value.asn1_string->data[i]);
}
printf("\":\"");
for (int i = 0; i < sizeof(pass)-1; i++) {
printf("%.2X", pass[i] & 0xFF);
}
printf("\":\"");
for (int i = 0; i < sizeof(plaintext)-1; i++) {
printf("%.2X", plaintext[i]);
}
printf("\":");
printf("0");
printf(":\"");
unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);
if (res == NULL)
printf("Encryption failed!\n");
for (int i = 0; i < ciphertext_len; i++) {
printf("%.2X", res[i]);
}
printf("\"\n");
return 0;
}
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Remove unnecessary "../library" prefix from test suite include. This
aligns the test suite with the development branch
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The hardware module name otherName SAN contains 2 OIDs:
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.
This change fixes 2 issues:
1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.
This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
reused but with changing padding data in last block to
check for valid/invalid padding.
* Document new behaviour, known limitations and possible
security concerns.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
The seed file is part of the stable interface of PSA_CRYPTO_INJECT_ENTROPY,
because it has to survive a library upgrade on a device. So check that its
existence and content are as expected at each point in the tested life cycle.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This function was written before the PSA storage layer switched to the PSA
ITS API as its storage abstraction. Now we can just call PSA ITS functions
unconditionally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When MBEDTLS_PSA_INJECT_ENTROPY is enabled, we disable standard entropy
sources, so mbedtls_entropy_func() doesn't work out of the box. Disable
tests that rely on it. MBEDTLS_PSA_INJECT_ENTROPY is intended for PSA-only
environments anyway, so it doesn't matter if some legacy features don't work
normally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The seed file must exist before running tests. Because the location is
somewhat platform- and configuration-dependent, and to be friendly to
developers who run test suites individually and aren't familiar with this
feature, rely on the test framework code rather than on test scripts to
create the seed file.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ECP group compare function should not check the value of T. We only need
to assert the value of T after the ECP group copy function is called.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Test against a string with no '=' or ',' in it, which previously caused
mbedtls_x509_string_to_names() to return 0.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
