Initial prototype and demonstrator for parameter validation
Adds a new configurable option for the parameter validation level.
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index e0fc238..e7b9510 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -56,6 +56,17 @@
/* Error codes in range 0x0023-0x0025 */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
+#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0027 /**< Invalid
+input data. */
+
+#if defined( MBEDTLS_CHECK_PARAMS )
+#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) \
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA; \
+ } while(0);
+#else
+/* No validation of parameters will be performed */
+#define MBEDTLS_AES_VALIDATE( cond)
+#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 7c9acb2..dff75ae 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -221,6 +221,25 @@
*/
//#define MBEDTLS_DEPRECATED_REMOVED
+/**
+ * \def MBEDTLS_PARAM_VALIDATION_LEVEL
+ *
+ * The defined parameter validation level for the library. This configuration
+ * controls whether the library validates parameters passed to it.
+ *
+ * Application code that deals with 3rd party input may wish to enable such
+ * validation, whilst code on closed systems, such as embedded systems, where
+ * the input is controlled and predictable, may wish to disable it entirely to
+ * reduce the code size of the library.
+ *
+ * When the symbol is not defined, no parameter validation except that required
+ * to ensure the integrity or security of the library are performed.
+ *
+ * When the symbol is defined, all parameters will be validated, and an error
+ * code returned where appropriate.
+ */
+#define MBEDTLS_CHECK_PARAMS
+
/* \} name SECTION: System support */
/**
diff --git a/library/aes.c b/library/aes.c
index b0aea00..dff424b 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -531,14 +531,7 @@
unsigned int i;
uint32_t *RK;
-#if !defined(MBEDTLS_AES_ROM_TABLES)
- if( aes_init_done == 0 )
- {
- aes_gen_tables();
- aes_init_done = 1;
-
- }
-#endif
+ MBEDTLS_AES_VALIDATE( ctx != NULL && key != NULL );
switch( keybits )
{
@@ -548,6 +541,15 @@
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
}
+#if !defined(MBEDTLS_AES_ROM_TABLES)
+ if( aes_init_done == 0 )
+ {
+ aes_gen_tables();
+ aes_init_done = 1;
+
+ }
+#endif
+
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index c5f0eaa..513c145 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -289,6 +289,23 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void aes_invalid_param( )
+{
+ mbedtls_aes_context dummy_ctx;
+ const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+
+ /* mbedtls_aes_setkey_enc() */
+ TEST_ASSERT( mbedtls_aes_setkey_enc( NULL, key, 128 )
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 )
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+
+exit:
+ return;
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void aes_selftest()
{
diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data
index bbb222f..3ec916d 100644
--- a/tests/suites/test_suite_aes.rest.data
+++ b/tests/suites/test_suite_aes.rest.data
@@ -10,6 +10,10 @@
AES-256-CBC Decrypt (Invalid input length)
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+AES - Invalid parameters
+depends_on:MBEDTLS_CHECK_PARAMS
+aes_invalid_param:
+
AES Selftest
depends_on:MBEDTLS_SELF_TEST
aes_selftest: