diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 7f989a0eb..f0316e5f2 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -77,7 +77,8 @@ struct mbedtls_cmac_context_t * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB, * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB, * or MBEDTLS_CIPHER_DES_EDE3_ECB. - * \param key The CMAC key. This must not be \c NULL. + * \param key The CMAC key. This must be a readable buffer of length + * \p keybits Bits. * \param keybits The length of the CMAC key in bits. * Must be supported by the cipher. * @@ -97,7 +98,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * * \param ctx The cipher context used for the CMAC operation. * This must be initialized. - * \param input The buffer holding the input data. This must not be \c NULL. + * \param input The buffer holding the input data. This must be a + * readable buffer of length \p ilen Bytes. It may be + * \c NULL if ilen == 0. * \param ilen The length of the input data. * * \return \c 0 on success. @@ -158,9 +161,12 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \param cipher_info The cipher information. This must not be \c NULL. * \param key The CMAC key. This must not be \c NULL. * \param keylen The length of the CMAC key in bits. - * \param input The buffer holding the input data. This must not be \c NULL. + * \param input The buffer holding the input data. This must be a + * readable buffer of length \p ilen Bytes. It may be + * \c NULL if ilen == 0. * \param ilen The length of the input data. - * \param output The buffer for the generic CMAC result. This must not be \c NULL. + * \param output The buffer for the generic CMAC result. + * This must not be \c NULL. * * \return \c 0 on success. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA diff --git a/library/cmac.c b/library/cmac.c index 5d101e1c7..9b7e8bf6b 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -68,6 +68,10 @@ #if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) +#define MBEDTLS_CMAC_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) +#define MBEDTLS_CMAC_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * Multiplication by u in the Galois field of GF(2^n) * @@ -206,8 +210,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, mbedtls_cmac_context_t *cmac_ctx; int retval; - if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( key != NULL ); if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits, MBEDTLS_ENCRYPT ) ) != 0 ) @@ -247,9 +252,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, int ret = 0; size_t n, j, olen, block_size; - if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || - ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( input != NULL ); cmac_ctx = ctx->cmac_ctx; block_size = ctx->cipher_info->block_size; @@ -318,9 +323,9 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, int ret; size_t olen, block_size; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || - output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( ctx->cmac_ctx != NULL ); cmac_ctx = ctx->cmac_ctx; block_size = ctx->cipher_info->block_size; @@ -372,8 +377,9 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) { mbedtls_cmac_context_t* cmac_ctx; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + MBEDTLS_CMAC_VALIDATE_RET( ctx != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( ctx->cipher_info != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( ctx->cmac_ctx != NULL ); cmac_ctx = ctx->cmac_ctx; @@ -395,8 +401,10 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, mbedtls_cipher_context_t ctx; int ret; - if( cipher_info == NULL || key == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + MBEDTLS_CMAC_VALIDATE_RET( cipher_info != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( key != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( input != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( output != NULL ); mbedtls_cipher_init( &ctx ); @@ -432,8 +440,9 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; - if( key == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + MBEDTLS_CMAC_VALIDATE_RET( key != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( input != NULL ); + MBEDTLS_CMAC_VALIDATE_RET( output != NULL ); cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); if( cipher_info == NULL ) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index cabf1070c..a74e86a32 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -15,7 +15,7 @@ void mbedtls_cmac_self_test( ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void mbedtls_cmac_null_args( ) { mbedtls_cipher_context_t ctx; @@ -27,71 +27,56 @@ void mbedtls_cmac_null_args( ) mbedtls_cipher_init( &ctx ); /* Test NULL cipher info */ - TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_update( &ctx, test_data, 16 ) ); cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); + TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); - TEST_ASSERT( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_starts( NULL, test_key, 128 ) ); - TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_starts( &ctx, NULL, 128 ) ); - TEST_ASSERT( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_update( NULL, test_data, 16 ) ); - TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_update( &ctx, NULL, 16 ) ); - TEST_ASSERT( mbedtls_cipher_cmac_finish( NULL, test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_finish( NULL, test_output ) ); - TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, NULL ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_finish( &ctx, NULL ) ); - TEST_ASSERT( mbedtls_cipher_cmac_reset( NULL ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + TEST_INVALID_PARAM( mbedtls_cipher_cmac_reset( NULL ) ); - TEST_ASSERT( mbedtls_cipher_cmac( NULL, + TEST_INVALID_PARAM( mbedtls_cipher_cmac( NULL, test_key, 128, test_data, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_output ) ); - TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + TEST_INVALID_PARAM( mbedtls_cipher_cmac( cipher_info, NULL, 128, test_data, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_output ) ); - TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + TEST_INVALID_PARAM( mbedtls_cipher_cmac( cipher_info, test_key, 128, NULL, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_output ) ); - TEST_ASSERT( mbedtls_cipher_cmac( cipher_info, + TEST_INVALID_PARAM( mbedtls_cipher_cmac( cipher_info, test_key, 128, test_data, 16, - NULL ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + NULL ) ); - TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16, + TEST_INVALID_PARAM( mbedtls_aes_cmac_prf_128( NULL, 16, test_data, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_output ) ); - TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, + TEST_INVALID_PARAM( mbedtls_aes_cmac_prf_128( test_key, 16, NULL, 16, - test_output ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + test_output ) ); - TEST_ASSERT( mbedtls_aes_cmac_prf_128( test_key, 16, + TEST_INVALID_PARAM( mbedtls_aes_cmac_prf_128( test_key, 16, test_data, 16, - NULL ) == - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + NULL ) ); exit: mbedtls_cipher_free( &ctx );