yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-02-23 16:14:52 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
mbedtls/tests
History
Waleed Elmelegy 255db80910 Improve & test legacy mbedtls_pkcs12_pbe 
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
2023-09-05 15:45:55 +01:00
..
.jenkins
configs Tests: provide necessary functions for MBEDTLS_PSA_INJECT_ENTROPY 2023-04-28 21:18:33 +02:00
data_files Merge pull request #7971 from AgathiyanB/fix-data-files-makefile 2023-08-21 14:43:07 +00:00
docker/bionic Point to docker images used in the CI 2022-12-15 10:08:26 +01:00
git-scripts Fix typographical errors in .md files found by cspell 2022-07-29 13:44:01 +01:00
include Remove obsolete header inclusions 2023-08-21 16:10:06 +02:00
opt-testcases Adapt names (curves -> groups) 2023-07-05 09:26:26 +02:00
scripts Merge pull request #7579 from daverodgman/safer-ct-asm 2023-08-28 08:26:29 +00:00
src Remove new bignum when not needed 2023-08-17 14:36:59 +01:00
suites Improve & test legacy mbedtls_pkcs12_pbe 2023-09-05 15:45:55 +01:00
.gitignore Add gitignore anchors to denote generated files 2023-07-06 17:58:18 +01:00
CMakeLists.txt New test suite for the low-level hash interface 2023-08-22 09:59:42 +02:00
compat-in-docker.sh Use OPENSSL everywhere, not OPENSSL_CMD 2022-12-19 11:42:12 +01:00
compat.sh Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases 2023-07-10 12:08:32 +01:00
context-info.sh
Descriptions.txt
make-in-docker.sh Point to docker images used in the CI 2022-12-15 10:08:26 +01:00
Makefile New test suite for the low-level hash interface 2023-08-22 09:59:42 +02:00
ssl-opt-in-docker.sh Use OPENSSL everywhere, not OPENSSL_CMD 2022-12-19 11:42:12 +01:00
ssl-opt.sh ssl-opt: remove redundant requirement for RSA_C 2023-08-11 09:37:14 +02:00