developer | 29c4d2d | 2022-12-26 19:41:22 +0800 | [diff] [blame] | 1 | From 31bd19e0e0254b910cccfd3ddc6a6a9222bbcfc0 Mon Sep 17 00:00:00 2001 |
| 2 | From: Glenn Strauss <gstrauss@gluelogic.com> |
| 3 | Date: Sun, 9 Oct 2022 05:12:17 -0400 |
| 4 | Subject: [PATCH 3/7] mbedtls: annotate with TEST_FAIL() for hwsim tests |
| 5 | |
| 6 | Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> |
| 7 | --- |
| 8 | src/crypto/crypto_mbedtls.c | 124 ++++++++++++++++++++++++++++++++++++ |
| 9 | 1 file changed, 124 insertions(+) |
| 10 | |
| 11 | --- a/src/crypto/crypto_mbedtls.c |
| 12 | +++ b/src/crypto/crypto_mbedtls.c |
| 13 | @@ -280,6 +280,9 @@ __attribute_noinline__ |
| 14 | static int md_vector(size_t num_elem, const u8 *addr[], const size_t *len, |
| 15 | u8 *mac, mbedtls_md_type_t md_type) |
| 16 | { |
| 17 | + if (TEST_FAIL()) |
| 18 | + return -1; |
| 19 | + |
| 20 | mbedtls_md_context_t ctx; |
| 21 | mbedtls_md_init(&ctx); |
| 22 | if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 0) != 0){ |
| 23 | @@ -343,6 +346,9 @@ __attribute_noinline__ |
| 24 | static int sha384_512_vector(size_t num_elem, const u8 *addr[], |
| 25 | const size_t *len, u8 *mac, int is384) |
| 26 | { |
| 27 | + if (TEST_FAIL()) |
| 28 | + return -1; |
| 29 | + |
| 30 | struct mbedtls_sha512_context ctx; |
| 31 | mbedtls_sha512_init(&ctx); |
| 32 | #if MBEDTLS_VERSION_MAJOR >= 3 |
| 33 | @@ -375,6 +381,9 @@ int sha384_vector(size_t num_elem, const |
| 34 | #include <mbedtls/sha256.h> |
| 35 | int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| 36 | { |
| 37 | + if (TEST_FAIL()) |
| 38 | + return -1; |
| 39 | + |
| 40 | struct mbedtls_sha256_context ctx; |
| 41 | mbedtls_sha256_init(&ctx); |
| 42 | #if MBEDTLS_VERSION_MAJOR >= 3 |
| 43 | @@ -397,6 +406,9 @@ int sha256_vector(size_t num_elem, const |
| 44 | #include <mbedtls/sha1.h> |
| 45 | int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| 46 | { |
| 47 | + if (TEST_FAIL()) |
| 48 | + return -1; |
| 49 | + |
| 50 | struct mbedtls_sha1_context ctx; |
| 51 | mbedtls_sha1_init(&ctx); |
| 52 | #if MBEDTLS_VERSION_MAJOR >= 3 |
| 53 | @@ -419,6 +431,9 @@ int sha1_vector(size_t num_elem, const u |
| 54 | #include <mbedtls/md5.h> |
| 55 | int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| 56 | { |
| 57 | + if (TEST_FAIL()) |
| 58 | + return -1; |
| 59 | + |
| 60 | struct mbedtls_md5_context ctx; |
| 61 | mbedtls_md5_init(&ctx); |
| 62 | #if MBEDTLS_VERSION_MAJOR >= 3 |
| 63 | @@ -441,6 +456,9 @@ int md5_vector(size_t num_elem, const u8 |
| 64 | #include <mbedtls/md4.h> |
| 65 | int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| 66 | { |
| 67 | + if (TEST_FAIL()) |
| 68 | + return -1; |
| 69 | + |
| 70 | struct mbedtls_md4_context ctx; |
| 71 | mbedtls_md4_init(&ctx); |
| 72 | mbedtls_md4_starts_ret(&ctx); |
| 73 | @@ -460,6 +478,9 @@ static int hmac_vector(const u8 *key, si |
| 74 | const u8 *addr[], const size_t *len, u8 *mac, |
| 75 | mbedtls_md_type_t md_type) |
| 76 | { |
| 77 | + if (TEST_FAIL()) |
| 78 | + return -1; |
| 79 | + |
| 80 | mbedtls_md_context_t ctx; |
| 81 | mbedtls_md_init(&ctx); |
| 82 | if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 1) != 0){ |
| 83 | @@ -571,6 +592,9 @@ static int hmac_kdf_expand(const u8 *prk |
| 84 | const char *label, const u8 *info, size_t info_len, |
| 85 | u8 *okm, size_t okm_len, mbedtls_md_type_t md_type) |
| 86 | { |
| 87 | + if (TEST_FAIL()) |
| 88 | + return -1; |
| 89 | + |
| 90 | const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); |
| 91 | #ifdef MBEDTLS_HKDF_C |
| 92 | if (label == NULL) /* RFC 5869 HKDF-Expand when (label == NULL) */ |
| 93 | @@ -663,6 +687,9 @@ static int hmac_prf_bits(const u8 *key, |
| 94 | const u8 *data, size_t data_len, u8 *buf, |
| 95 | size_t buf_len_bits, mbedtls_md_type_t md_type) |
| 96 | { |
| 97 | + if (TEST_FAIL()) |
| 98 | + return -1; |
| 99 | + |
| 100 | mbedtls_md_context_t ctx; |
| 101 | mbedtls_md_init(&ctx); |
| 102 | const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); |
| 103 | @@ -938,6 +965,9 @@ int pbkdf2_sha1(const char *passphrase, |
| 104 | |
| 105 | static void *aes_crypt_init_mode(const u8 *key, size_t len, int mode) |
| 106 | { |
| 107 | + if (TEST_FAIL()) |
| 108 | + return NULL; |
| 109 | + |
| 110 | mbedtls_aes_context *aes = os_malloc(sizeof(*aes)); |
| 111 | if (!aes) |
| 112 | return NULL; |
| 113 | @@ -996,6 +1026,9 @@ void aes_decrypt_deinit(void *ctx) |
| 114 | /* aes-wrap.c */ |
| 115 | int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) |
| 116 | { |
| 117 | + if (TEST_FAIL()) |
| 118 | + return -1; |
| 119 | + |
| 120 | mbedtls_nist_kw_context ctx; |
| 121 | mbedtls_nist_kw_init(&ctx); |
| 122 | size_t olen; |
| 123 | @@ -1010,6 +1043,9 @@ int aes_wrap(const u8 *kek, size_t kek_l |
| 124 | /* aes-unwrap.c */ |
| 125 | int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, u8 *plain) |
| 126 | { |
| 127 | + if (TEST_FAIL()) |
| 128 | + return -1; |
| 129 | + |
| 130 | mbedtls_nist_kw_context ctx; |
| 131 | mbedtls_nist_kw_init(&ctx); |
| 132 | size_t olen; |
| 133 | @@ -1041,6 +1077,9 @@ int omac1_aes_vector( |
| 134 | const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], |
| 135 | const size_t *len, u8 *mac) |
| 136 | { |
| 137 | + if (TEST_FAIL()) |
| 138 | + return -1; |
| 139 | + |
| 140 | mbedtls_cipher_type_t cipher_type; |
| 141 | switch (key_len) { |
| 142 | case 16: cipher_type = MBEDTLS_CIPHER_AES_128_ECB; break; |
| 143 | @@ -1103,6 +1142,9 @@ int omac1_aes_256(const u8 *key, const u |
| 144 | /* aes-encblock.c */ |
| 145 | int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out) |
| 146 | { |
| 147 | + if (TEST_FAIL()) |
| 148 | + return -1; |
| 149 | + |
| 150 | mbedtls_aes_context aes; |
| 151 | mbedtls_aes_init(&aes); |
| 152 | int ret = mbedtls_aes_setkey_enc(&aes, key, 128) |
| 153 | @@ -1118,6 +1160,9 @@ int aes_128_encrypt_block(const u8 *key, |
| 154 | int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce, |
| 155 | u8 *data, size_t data_len) |
| 156 | { |
| 157 | + if (TEST_FAIL()) |
| 158 | + return -1; |
| 159 | + |
| 160 | unsigned char counter[MBEDTLS_AES_BLOCK_SIZE]; |
| 161 | unsigned char stream_block[MBEDTLS_AES_BLOCK_SIZE]; |
| 162 | os_memcpy(counter, nonce, MBEDTLS_AES_BLOCK_SIZE);/*(must be writable)*/ |
| 163 | @@ -1160,11 +1205,17 @@ static int aes_128_cbc_oper(const u8 *ke |
| 164 | |
| 165 | int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) |
| 166 | { |
| 167 | + if (TEST_FAIL()) |
| 168 | + return -1; |
| 169 | + |
| 170 | return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_ENCRYPT); |
| 171 | } |
| 172 | |
| 173 | int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) |
| 174 | { |
| 175 | + if (TEST_FAIL()) |
| 176 | + return -1; |
| 177 | + |
| 178 | return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_DECRYPT); |
| 179 | } |
| 180 | |
| 181 | @@ -1407,6 +1458,10 @@ int crypto_hash_finish(struct crypto_has |
| 182 | } |
| 183 | mbedtls_md_free(mctx); |
| 184 | os_free(mctx); |
| 185 | + |
| 186 | + if (TEST_FAIL()) |
| 187 | + return -1; |
| 188 | + |
| 189 | return 0; |
| 190 | } |
| 191 | |
| 192 | @@ -1421,6 +1476,9 @@ int crypto_hash_finish(struct crypto_has |
| 193 | |
| 194 | struct crypto_bignum *crypto_bignum_init(void) |
| 195 | { |
| 196 | + if (TEST_FAIL()) |
| 197 | + return NULL; |
| 198 | + |
| 199 | mbedtls_mpi *bn = os_malloc(sizeof(*bn)); |
| 200 | if (bn) |
| 201 | mbedtls_mpi_init(bn); |
| 202 | @@ -1429,6 +1487,9 @@ struct crypto_bignum *crypto_bignum_init |
| 203 | |
| 204 | struct crypto_bignum *crypto_bignum_init_set(const u8 *buf, size_t len) |
| 205 | { |
| 206 | + if (TEST_FAIL()) |
| 207 | + return NULL; |
| 208 | + |
| 209 | mbedtls_mpi *bn = os_malloc(sizeof(*bn)); |
| 210 | if (bn) { |
| 211 | mbedtls_mpi_init(bn); |
| 212 | @@ -1442,6 +1503,9 @@ struct crypto_bignum *crypto_bignum_init |
| 213 | |
| 214 | struct crypto_bignum *crypto_bignum_init_uint(unsigned int val) |
| 215 | { |
| 216 | + if (TEST_FAIL()) |
| 217 | + return NULL; |
| 218 | + |
| 219 | #if 0 /*(hostap use of this interface passes int, not uint)*/ |
| 220 | val = host_to_be32(val); |
| 221 | return crypto_bignum_init_set((const u8 *)&val, sizeof(val)); |
| 222 | @@ -1467,6 +1531,9 @@ void crypto_bignum_deinit(struct crypto_ |
| 223 | int crypto_bignum_to_bin(const struct crypto_bignum *a, |
| 224 | u8 *buf, size_t buflen, size_t padlen) |
| 225 | { |
| 226 | + if (TEST_FAIL()) |
| 227 | + return -1; |
| 228 | + |
| 229 | size_t n = mbedtls_mpi_size((mbedtls_mpi *)a); |
| 230 | if (n < padlen) |
| 231 | n = padlen; |
| 232 | @@ -1477,6 +1544,9 @@ int crypto_bignum_to_bin(const struct cr |
| 233 | |
| 234 | int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m) |
| 235 | { |
| 236 | + if (TEST_FAIL()) |
| 237 | + return -1; |
| 238 | + |
| 239 | /*assert(r != m);*//* r must not be same as m for mbedtls_mpi_random()*/ |
| 240 | #if MBEDTLS_VERSION_NUMBER >= 0x021B0000 /* mbedtls 2.27.0 */ |
| 241 | return mbedtls_mpi_random((mbedtls_mpi *)r, 0, (mbedtls_mpi *)m, |
| 242 | @@ -1513,6 +1583,9 @@ int crypto_bignum_exptmod(const struct c |
| 243 | const struct crypto_bignum *c, |
| 244 | struct crypto_bignum *d) |
| 245 | { |
| 246 | + if (TEST_FAIL()) |
| 247 | + return -1; |
| 248 | + |
| 249 | /* (check if input params match d; d is the result) */ |
| 250 | /* (a == d) is ok in current mbedtls implementation */ |
| 251 | if (b == d || c == d) { /*(not ok; store result in intermediate)*/ |
| 252 | @@ -1540,6 +1613,9 @@ int crypto_bignum_inverse(const struct c |
| 253 | const struct crypto_bignum *b, |
| 254 | struct crypto_bignum *c) |
| 255 | { |
| 256 | + if (TEST_FAIL()) |
| 257 | + return -1; |
| 258 | + |
| 259 | return mbedtls_mpi_inv_mod((mbedtls_mpi *)c, |
| 260 | (const mbedtls_mpi *)a, |
| 261 | (const mbedtls_mpi *)b) ? -1 : 0; |
| 262 | @@ -1549,6 +1625,9 @@ int crypto_bignum_sub(const struct crypt |
| 263 | const struct crypto_bignum *b, |
| 264 | struct crypto_bignum *c) |
| 265 | { |
| 266 | + if (TEST_FAIL()) |
| 267 | + return -1; |
| 268 | + |
| 269 | return mbedtls_mpi_sub_mpi((mbedtls_mpi *)c, |
| 270 | (const mbedtls_mpi *)a, |
| 271 | (const mbedtls_mpi *)b) ? -1 : 0; |
| 272 | @@ -1558,6 +1637,9 @@ int crypto_bignum_div(const struct crypt |
| 273 | const struct crypto_bignum *b, |
| 274 | struct crypto_bignum *c) |
| 275 | { |
| 276 | + if (TEST_FAIL()) |
| 277 | + return -1; |
| 278 | + |
| 279 | /*(most current use of this crypto.h interface has a == c (result), |
| 280 | * so store result in an intermediate to avoid overwritten input)*/ |
| 281 | mbedtls_mpi R; |
| 282 | @@ -1575,6 +1657,9 @@ int crypto_bignum_addmod(const struct cr |
| 283 | const struct crypto_bignum *c, |
| 284 | struct crypto_bignum *d) |
| 285 | { |
| 286 | + if (TEST_FAIL()) |
| 287 | + return -1; |
| 288 | + |
| 289 | return mbedtls_mpi_add_mpi((mbedtls_mpi *)d, |
| 290 | (const mbedtls_mpi *)a, |
| 291 | (const mbedtls_mpi *)b) |
| 292 | @@ -1588,6 +1673,9 @@ int crypto_bignum_mulmod(const struct cr |
| 293 | const struct crypto_bignum *c, |
| 294 | struct crypto_bignum *d) |
| 295 | { |
| 296 | + if (TEST_FAIL()) |
| 297 | + return -1; |
| 298 | + |
| 299 | return mbedtls_mpi_mul_mpi((mbedtls_mpi *)d, |
| 300 | (const mbedtls_mpi *)a, |
| 301 | (const mbedtls_mpi *)b) |
| 302 | @@ -1600,6 +1688,9 @@ int crypto_bignum_sqrmod(const struct cr |
| 303 | const struct crypto_bignum *b, |
| 304 | struct crypto_bignum *c) |
| 305 | { |
| 306 | + if (TEST_FAIL()) |
| 307 | + return -1; |
| 308 | + |
| 309 | #if 1 |
| 310 | return crypto_bignum_mulmod(a, a, b, c); |
| 311 | #else |
| 312 | @@ -1650,6 +1741,9 @@ int crypto_bignum_is_odd(const struct cr |
| 313 | int crypto_bignum_legendre(const struct crypto_bignum *a, |
| 314 | const struct crypto_bignum *p) |
| 315 | { |
| 316 | + if (TEST_FAIL()) |
| 317 | + return -2; |
| 318 | + |
| 319 | /* Security Note: |
| 320 | * mbedtls_mpi_exp_mod() is not documented to run in constant time, |
| 321 | * though mbedtls/library/bignum.c uses constant_time_internal.h funcs. |
| 322 | @@ -1702,6 +1796,9 @@ int crypto_mod_exp(const u8 *base, size_ |
| 323 | const u8 *modulus, size_t modulus_len, |
| 324 | u8 *result, size_t *result_len) |
| 325 | { |
| 326 | + if (TEST_FAIL()) |
| 327 | + return -1; |
| 328 | + |
| 329 | mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result; |
| 330 | mbedtls_mpi_init(&bn_base); |
| 331 | mbedtls_mpi_init(&bn_exp); |
| 332 | @@ -1769,6 +1866,9 @@ static int crypto_mbedtls_dh_init_public |
| 333 | int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, |
| 334 | u8 *pubkey) |
| 335 | { |
| 336 | + if (TEST_FAIL()) |
| 337 | + return -1; |
| 338 | + |
| 339 | #if 0 /*(crypto_dh_init() duplicated (and identical) in crypto_*.c modules)*/ |
| 340 | size_t pubkey_len, pad; |
| 341 | |
| 342 | @@ -1810,6 +1910,9 @@ int crypto_dh_derive_secret(u8 generator |
| 343 | const u8 *pubkey, size_t pubkey_len, |
| 344 | u8 *secret, size_t *len) |
| 345 | { |
| 346 | + if (TEST_FAIL()) |
| 347 | + return -1; |
| 348 | + |
| 349 | #if 0 |
| 350 | if (pubkey_len > prime_len || |
| 351 | (pubkey_len == prime_len && |
| 352 | @@ -2512,6 +2615,9 @@ const struct crypto_ec_point * crypto_ec |
| 353 | |
| 354 | struct crypto_ec_point *crypto_ec_point_init(struct crypto_ec *e) |
| 355 | { |
| 356 | + if (TEST_FAIL()) |
| 357 | + return NULL; |
| 358 | + |
| 359 | mbedtls_ecp_point *p = os_malloc(sizeof(*p)); |
| 360 | if (p != NULL) |
| 361 | mbedtls_ecp_point_init(p); |
| 362 | @@ -2536,6 +2642,9 @@ int crypto_ec_point_x(struct crypto_ec * |
| 363 | int crypto_ec_point_to_bin(struct crypto_ec *e, |
| 364 | const struct crypto_ec_point *point, u8 *x, u8 *y) |
| 365 | { |
| 366 | + if (TEST_FAIL()) |
| 367 | + return -1; |
| 368 | + |
| 369 | /* crypto.h documents crypto_ec_point_to_bin() output is big-endian */ |
| 370 | size_t len = CRYPTO_EC_plen(e); |
| 371 | if (x) { |
| 372 | @@ -2563,6 +2672,9 @@ int crypto_ec_point_to_bin(struct crypto |
| 373 | struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e, |
| 374 | const u8 *val) |
| 375 | { |
| 376 | + if (TEST_FAIL()) |
| 377 | + return NULL; |
| 378 | + |
| 379 | size_t len = CRYPTO_EC_plen(e); |
| 380 | mbedtls_ecp_point *p = os_malloc(sizeof(*p)); |
| 381 | u8 buf[1+MBEDTLS_MPI_MAX_SIZE*2]; |
| 382 | @@ -2615,6 +2727,9 @@ int crypto_ec_point_add(struct crypto_ec |
| 383 | const struct crypto_ec_point *b, |
| 384 | struct crypto_ec_point *c) |
| 385 | { |
| 386 | + if (TEST_FAIL()) |
| 387 | + return -1; |
| 388 | + |
| 389 | /* mbedtls does not provide an mbedtls_ecp_point add function */ |
| 390 | mbedtls_mpi one; |
| 391 | mbedtls_mpi_init(&one); |
| 392 | @@ -2631,6 +2746,9 @@ int crypto_ec_point_mul(struct crypto_ec |
| 393 | const struct crypto_bignum *b, |
| 394 | struct crypto_ec_point *res) |
| 395 | { |
| 396 | + if (TEST_FAIL()) |
| 397 | + return -1; |
| 398 | + |
| 399 | return mbedtls_ecp_mul( |
| 400 | (mbedtls_ecp_group *)e, (mbedtls_ecp_point *)res, |
| 401 | (const mbedtls_mpi *)b, (const mbedtls_ecp_point *)p, |
| 402 | @@ -2639,6 +2757,9 @@ int crypto_ec_point_mul(struct crypto_ec |
| 403 | |
| 404 | int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p) |
| 405 | { |
| 406 | + if (TEST_FAIL()) |
| 407 | + return -1; |
| 408 | + |
| 409 | if (mbedtls_ecp_get_type((mbedtls_ecp_group *)e) |
| 410 | == MBEDTLS_ECP_TYPE_MONTGOMERY) { |
| 411 | /* e.g. MBEDTLS_ECP_DP_CURVE25519 and MBEDTLS_ECP_DP_CURVE448 */ |
| 412 | @@ -2751,6 +2872,9 @@ struct crypto_bignum * |
| 413 | crypto_ec_point_compute_y_sqr(struct crypto_ec *e, |
| 414 | const struct crypto_bignum *x) |
| 415 | { |
| 416 | + if (TEST_FAIL()) |
| 417 | + return NULL; |
| 418 | + |
| 419 | mbedtls_mpi *y2 = os_malloc(sizeof(*y2)); |
| 420 | if (y2 == NULL) |
| 421 | return NULL; |