Rename and document mac_or_tag_lengths -> permitted_truncations

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-04-12 18:51:01 +02:00
parent b8bd61a6ed
commit ce78c9600f

View file

@ -456,8 +456,14 @@ class Algorithm:
} }
HMAC_RE = re.compile(r'PSA_ALG_HMAC\((.*)\)\Z') HMAC_RE = re.compile(r'PSA_ALG_HMAC\((.*)\)\Z')
@classmethod @classmethod
def mac_or_tag_lengths(cls, base: str) -> FrozenSet[int]: def permitted_truncations(cls, base: str) -> FrozenSet[int]:
"""Return the set of permitted lengths for the given MAC or AEAD tag.""" """Permitted output lengths for the given MAC or AEAD base algorithm.
For a MAC algorithm, this is the set of truncation lengths that
Mbed TLS supports.
For an AEAD algorithm, this is the set of truncation lengths that
are permitted by the algorithm specification.
"""
if base in cls.PERMITTED_TAG_LENGTHS: if base in cls.PERMITTED_TAG_LENGTHS:
return cls.PERMITTED_TAG_LENGTHS[base] return cls.PERMITTED_TAG_LENGTHS[base]
max_length = cls.MAC_LENGTH.get(base, None) max_length = cls.MAC_LENGTH.get(base, None)
@ -484,7 +490,7 @@ class Algorithm:
if m: if m:
base = m.group('base') base = m.group('base')
to_length = int(m.group('length'), 0) to_length = int(m.group('length'), 0)
permitted_lengths = self.mac_or_tag_lengths(base) permitted_lengths = self.permitted_truncations(base)
if to_length not in permitted_lengths: if to_length not in permitted_lengths:
return True return True
return False return False