From 701742500ddf9cbae6875efa344e21a8a013dd62 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Jun 2021 15:10:15 +0100 Subject: [PATCH] Add DoS test case for ecp_check_pub A test case for which the loop would take practically forever if it was reached. The point would be to validate that the loop is not reached. The test case should cause the CI to time out if starting with the current code, ecp_check_pubkey_mx() was changed to call ecp_check_pubkey_x25519() first and run the mbedtls_mpi_size(() test afterwards, which would make no semantic difference in terms of memory contents when the function returns, but would open the way for a DoS. Signed-off-by: Janos Follath --- tests/suites/test_suite_ecp.data | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 61e37f1d1c92..153bff3b7927 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -36,13 +36,17 @@ ECP curve info #8 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1" -ECP check pubkey Montgomery #1 (too big) +ECP check pubkey Montgomery #1 (biggest) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 + +ECP check pubkey Montgomery #2 (too big) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY -ECP check pubkey Montgomery #2 (biggest) +ECP check pubkey Montgomery #3 (DoS big) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 +ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"0100000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery y ignored depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED