From 8c9def3e7fa05bda96fefd49076d1d6a1a6417cd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Feb 2018 10:02:12 +0100 Subject: [PATCH] PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests. --- include/psa/crypto.h | 79 ++++- library/psa_crypto.c | 301 +++++++++++++++++++- tests/suites/test_suite_psa_crypto.data | 8 + tests/suites/test_suite_psa_crypto.function | 63 ++++ 4 files changed, 437 insertions(+), 14 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 060c007ec..5fb35685d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -144,6 +144,9 @@ typedef uint32_t psa_key_type_t; #define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \ (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0) +#define PSA_KEY_TYPE_IS_RAW_BYTES(type) \ + (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_RAW_DATA || \ + ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC) #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_ASYMMETRIC) #define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \ @@ -157,6 +160,13 @@ typedef uint32_t psa_key_type_t; #define PSA_KEY_TYPE_IS_ECC(type) \ (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_BASE) +#define PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) \ + ( \ + (type) == PSA_KEY_TYPE_AES ? 16 : \ + (type) == PSA_KEY_TYPE_DES ? 8 : \ + (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \ + 0) + /** \brief Encoding of a cryptographic algorithm. * * For algorithms that can be applied to multiple key types, this type @@ -223,25 +233,42 @@ typedef uint32_t psa_algorithm_t; #define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x01000012) #define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013) +#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000) #define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x02800000) #define PSA_ALG_HMAC(hash_alg) \ - (PSA_ALG_HMAC_BASE | (hash_alg)) -#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02000001) -#define PSA_ALG_CMAC ((psa_algorithm_t)0x02000002) -#define PSA_ALG_GMAC ((psa_algorithm_t)0x02000003) + (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_HMAC_HASH(hmac_alg) \ + (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_HMAC(alg) \ + (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \ + PSA_ALG_HMAC_BASE) +#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000) +#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001) +#define PSA_ALG_CMAC ((psa_algorithm_t)0x02c00002) +#define PSA_ALG_GMAC ((psa_algorithm_t)0x02c00003) +#define PSA_ALG_IS_CIPHER_MAC(alg) \ + (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \ + PSA_ALG_CIPHER_MAC_BASE) -#define PSA_ALG_BLOCK_CIPHER_BASE_MASK ((psa_algorithm_t)0x000000ff) +#define PSA_ALG_CIPHER_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000) +#define PSA_ALG_BLOCK_CIPHER_BASE ((psa_algorithm_t)0x04000001) +#define PSA_ALG_BLOCK_CIPHER_MODE_MASK ((psa_algorithm_t)0x000000ff) #define PSA_ALG_BLOCK_CIPHER_PADDING_MASK ((psa_algorithm_t)0x007f0000) #define PSA_ALG_BLOCK_CIPHER_PAD_PKCS7 ((psa_algorithm_t)0x00010000) +#define PSA_ALG_IS_BLOCK_CIPHER(alg) \ + (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_SUBCATEGORY_MASK)) == \ + PSA_ALG_BLOCK_CIPHER_BASE) + #define PSA_ALG_CBC_BASE ((psa_algorithm_t)0x04000001) -#define PSA_ALG_CFB_BASE ((psa_algorithm_t)0x04000003) -#define PSA_ALG_OFB_BASE ((psa_algorithm_t)0x04000004) -#define PSA_ALG_XTS_BASE ((psa_algorithm_t)0x04000005) +#define PSA_ALG_CFB_BASE ((psa_algorithm_t)0x04000002) +#define PSA_ALG_OFB_BASE ((psa_algorithm_t)0x04000003) +#define PSA_ALG_XTS_BASE ((psa_algorithm_t)0x04000004) #define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800000) #define PSA_ALG_CTR ((psa_algorithm_t)0x04800001) +#define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800002) -#define PSA_ALG_CCM ((psa_algorithm_t)0x06000002) -#define PSA_ALG_GCM ((psa_algorithm_t)0x06000003) +#define PSA_ALG_CCM ((psa_algorithm_t)0x06000001) +#define PSA_ALG_GCM ((psa_algorithm_t)0x06000002) #define PSA_ALG_RSA_PKCS1V15_RAW ((psa_algorithm_t)0x10010000) #define PSA_ALG_RSA_PSS_MGF1 ((psa_algorithm_t)0x10020000) @@ -575,6 +602,38 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); /**@}*/ +/** \defgroup MAC Message authentication codes + * @{ + */ + +typedef struct psa_mac_operation_s psa_mac_operation_t; + +#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \ + (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_FINAL_SIZE(PSA_ALG_HMAC_HASH(alg)) : \ + PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \ + 0) + +psa_status_t psa_mac_start(psa_mac_operation_t *operation, + psa_key_slot_t key, + psa_algorithm_t alg); + +psa_status_t psa_mac_update(psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length); + +psa_status_t psa_mac_finish(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length); + +psa_status_t psa_mac_verify(psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length); + +psa_status_t psa_mac_abort(psa_mac_operation_t *operation); + +/**@}*/ + /** \defgroup asymmetric Asymmetric cryptography * @{ */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ca275495f..e264990ff 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -303,7 +303,7 @@ psa_status_t psa_import_key(psa_key_slot_t key, if( slot->type != PSA_KEY_TYPE_NONE ) return( PSA_ERROR_OCCUPIED_SLOT ); - if( type == PSA_KEY_TYPE_RAW_DATA ) + if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) { if( data_length > SIZE_MAX / 8 ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -374,7 +374,7 @@ psa_status_t psa_destroy_key(psa_key_slot_t key) if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); - if( slot->type == PSA_KEY_TYPE_RAW_DATA ) + if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) { mbedtls_free( slot->data.raw.data ); } @@ -420,7 +420,7 @@ psa_status_t psa_get_key_information(psa_key_slot_t key, if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); - if( slot->type == PSA_KEY_TYPE_RAW_DATA ) + if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) { if( bits != NULL ) *bits = slot->data.raw.bytes * 8; @@ -465,7 +465,7 @@ psa_status_t psa_export_key(psa_key_slot_t key, if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); - if( slot->type == PSA_KEY_TYPE_RAW_DATA ) + if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) { if( slot->data.raw.bytes > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); @@ -856,6 +856,299 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, /****************************************************************/ +/* MAC */ +/****************************************************************/ + +static const mbedtls_cipher_info_t *mbedtls_cipher_info_of_psa( + psa_algorithm_t alg, + psa_key_type_t key_type, + size_t key_bits ) +{ + mbedtls_cipher_id_t cipher_id; + mbedtls_cipher_mode_t mode; + + if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ) + { + if( PSA_ALG_IS_BLOCK_CIPHER( alg ) ) + alg &= ~PSA_ALG_BLOCK_CIPHER_MODE_MASK; + switch( alg ) + { + case PSA_ALG_STREAM_CIPHER: + mode = MBEDTLS_MODE_STREAM; + break; + case PSA_ALG_CBC_BASE: + mode = MBEDTLS_MODE_CBC; + break; + case PSA_ALG_CFB_BASE: + mode = MBEDTLS_MODE_CFB; + break; + case PSA_ALG_OFB_BASE: + mode = MBEDTLS_MODE_OFB; + break; + case PSA_ALG_CTR: + mode = MBEDTLS_MODE_CTR; + break; + case PSA_ALG_CCM: + mode = MBEDTLS_MODE_CCM; + break; + case PSA_ALG_GCM: + mode = MBEDTLS_MODE_GCM; + break; + default: + return( NULL ); + } + } + else if( alg == PSA_ALG_CMAC ) + mode = MBEDTLS_MODE_ECB; + else if( alg == PSA_ALG_GMAC ) + mode = MBEDTLS_MODE_GCM; + else + return( NULL ); + + switch( key_type ) + { + case PSA_KEY_TYPE_AES: + cipher_id = MBEDTLS_CIPHER_ID_AES; + break; + case PSA_KEY_TYPE_DES: + if( key_bits == 64 ) + cipher_id = MBEDTLS_CIPHER_ID_DES; + else + cipher_id = MBEDTLS_CIPHER_ID_3DES; + break; + case PSA_KEY_TYPE_CAMELLIA: + cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA; + break; + case PSA_KEY_TYPE_ARC4: + cipher_id = MBEDTLS_CIPHER_ID_ARC4; + break; + default: + return( NULL ); + } + + return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) ); +} + +psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) +{ + switch( operation->alg ) + { +#if defined(MBEDTLS_CMAC_C) + case PSA_ALG_CMAC: + mbedtls_cipher_free( &operation->ctx.cmac ); + break; +#endif /* MBEDTLS_CMAC_C */ + default: +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + mbedtls_md_free( &operation->ctx.hmac ); + else +#endif /* MBEDTLS_MD_C */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 0; + operation->has_input = 0; + return( PSA_SUCCESS ); +} + +psa_status_t psa_mac_start( psa_mac_operation_t *operation, + psa_key_slot_t key, + psa_algorithm_t alg ) +{ + int ret = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + psa_status_t status; + key_slot_t *slot; + psa_key_type_t key_type; + size_t key_bits; + const mbedtls_cipher_info_t *cipher_info = NULL; + + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 1; + operation->has_input = 0; + + status = psa_get_key_information( key, &key_type, &key_bits ); + if( status != PSA_SUCCESS ) + return( status ); + slot = &global_data.key_slots[key]; + + if( ! PSA_ALG_IS_HMAC( alg ) ) + { + cipher_info = mbedtls_cipher_info_of_psa( alg, key_type, key_bits ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + operation->mac_size = cipher_info->block_size; + } + switch( alg ) + { +#if defined(MBEDTLS_CMAC_C) + case PSA_ALG_CMAC: + operation->iv_required = 0; + mbedtls_cipher_init( &operation->ctx.cmac ); + ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); + if( ret != 0 ) + break; + ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, + slot->data.raw.data, + key_bits ); + break; +#endif /* MBEDTLS_CMAC_C */ + default: +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HMAC( alg ) ) + { + const mbedtls_md_info_t *md_info = + mbedtls_md_info_of_psa( PSA_ALG_HMAC_HASH( alg ) ); + if( md_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( key_type != PSA_KEY_TYPE_HMAC ) + return( PSA_ERROR_INVALID_ARGUMENT ); + operation->iv_required = 0; + operation->mac_size = mbedtls_md_get_size( md_info ); + mbedtls_md_init( &operation->ctx.hmac ); + ret = mbedtls_md_setup( &operation->ctx.hmac, md_info, 1 ); + if( ret != 0 ) + break; + ret = mbedtls_md_hmac_starts( &operation->ctx.hmac, + slot->data.raw.data, + slot->data.raw.bytes ); + break; + } + else +#endif /* MBEDTLS_MD_C */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* If we reach this point, then the algorithm-specific part of the + * context has at least been initialized, and may contain data that + * needs to be wiped on error. */ + operation->alg = alg; + if( ret != 0 ) + { + psa_mac_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } + operation->key_set = 1; + return( 0 ); +} + +psa_status_t psa_mac_update( psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + int ret; + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + operation->has_input = 1; + + switch( operation->alg ) + { +#if defined(MBEDTLS_CMAC_C) + case PSA_ALG_CMAC: + ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac, + input, input_length ); + break; +#endif /* MBEDTLS_CMAC_C */ + default: +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + ret = mbedtls_md_hmac_update( &operation->ctx.hmac, + input, input_length ); + } + else +#endif /* MBEDTLS_MD_C */ + { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } + break; + } + if( ret != 0 ) + psa_mac_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); +} + +psa_status_t psa_mac_finish( psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + int ret; + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + + /* Fill the output buffer with something that isn't a valid mac + * (barring an attack on the mac and deliberately-crafted input), + * in case the caller doesn't check the return status properly. */ + *mac_length = operation->mac_size; + memset( mac, '!', mac_size ); + + if( mac_size < operation->mac_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + switch( operation->alg ) + { +#if defined(MBEDTLS_CMAC_C) + case PSA_ALG_CMAC: + ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, mac ); + break; +#endif /* MBEDTLS_CMAC_C */ + default: +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + ret = mbedtls_md_hmac_finish( &operation->ctx.hmac, mac ); + } + else +#endif /* MBEDTLS_MD_C */ + { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } + break; + } + + if( ret == 0 ) + { + return( psa_mac_abort( operation ) ); + } + else + { + psa_mac_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } +} + +#define MBEDTLS_PSA_MAC_MAX_SIZE \ + ( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \ + MBEDTLS_MD_MAX_SIZE : \ + MBEDTLS_MAX_BLOCK_LENGTH ) +psa_status_t psa_mac_verify( psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + uint8_t actual_mac[MBEDTLS_PSA_MAC_MAX_SIZE]; + size_t actual_mac_length; + psa_status_t status = psa_mac_finish( operation, + actual_mac, sizeof( actual_mac ), + &actual_mac_length ); + if( status != PSA_SUCCESS ) + return( status ); + if( actual_mac_length != mac_length ) + return( PSA_ERROR_INVALID_SIGNATURE ); + if( safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 ) + return( PSA_ERROR_INVALID_SIGNATURE ); + return( PSA_SUCCESS ); +} + + /****************************************************************/ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f53b1a436..4f4bef14c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -45,6 +45,14 @@ PSA hash verify: SHA-256 depends_on:MBEDTLS_SHA256_C hash_verify:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b" +PSA MAC verify: HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"8bb9a1db9806f20df7f77b82138c7914d174d59e13dc4d0169c9057b133e1d62" + +PSA MAC verify: CMAC-AES-128 +depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C +mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827" + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_RAW:128 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 21802d147..d5305740f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1,5 +1,7 @@ /* BEGIN_HEADER */ #include "psa/crypto.h" + +#include "mbedtls/md.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -200,6 +202,67 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mac_verify( int key_type_arg, char *key_hex, + int alg_arg, char *iv_hex, + char *input_hex, char *mac_hex ) +{ + int key_slot = 1; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *key = NULL; + size_t key_size; + unsigned char *iv = NULL; + size_t iv_size; + unsigned char *input = NULL; + size_t input_size; + unsigned char *expected_mac = NULL; + size_t expected_mac_size; + psa_mac_operation_t operation; + + key_size = strlen( key_hex ) / 2; + key = mbedtls_calloc( 1, key_size ); + TEST_ASSERT( key != NULL ); + key_size = unhexify( key, key_hex ); + iv_size = strlen( iv_hex ) / 2; + if( iv_size != 0 ) + { + iv = mbedtls_calloc( 1, iv_size ); + TEST_ASSERT( iv != NULL ); + iv_size = unhexify( iv, iv_hex ); + } + input_size = strlen( input_hex ) / 2; + input = mbedtls_calloc( 1, input_size ); + TEST_ASSERT( input != NULL ); + input_size = unhexify( input, input_hex ); + expected_mac_size = strlen( mac_hex ) / 2; + expected_mac = mbedtls_calloc( 1, expected_mac_size ); + TEST_ASSERT( expected_mac != NULL ); + expected_mac_size = unhexify( expected_mac, mac_hex ); + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_import_key( key_slot, key_type, + key, key_size ) == PSA_SUCCESS ); + // TODO: support IV + TEST_ASSERT( psa_mac_start( &operation, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_update( &operation, + input, input_size ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_verify( &operation, + expected_mac, + expected_mac_size ) == PSA_SUCCESS ); + +exit: + mbedtls_free( key ); + mbedtls_free( iv ); + mbedtls_free( input ); + mbedtls_free( expected_mac ); + psa_destroy_key( key_slot ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void signature_size( int type_arg, int bits, int alg_arg, int expected_size_arg ) {