yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 22:45:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document and check the consistency of truncated MAC encodings

Browse source 
Add comments noting that the maximum length of a MAC must fit in
PSA_ALG_MAC_TRUNCATION_MASK. Add a unit test that verifies that the
maximum MAC size fits.
This commit is contained in:
Gilles Peskine 2018-08-21 14:54:54 +02:00
parent 3111981d94
commit e1f2d7d1ac
4 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/psa/crypto.h
View file

@ -756,6 +756,13 @@ typedef uint32_t psa_algorithm_t;
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
PSA_ALG_HMAC_BASE) PSA_ALG_HMAC_BASE)
/* In the encoding of a MAC algorithm, the bits corresponding to
* PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
* truncated. As an exception, the value 0 means the untruncated algorithm,
* whatever its length is. The length is encoded in 6 bits, so it can
* reach up to 63; the largest MAC is 64 bytes so its trivial truncation
* to full length is correctly encoded as 0 and any non-trivial truncation
* is correctly encoded as a value between 1 and 63. */
#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x00003f00) #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x00003f00)
#define PSA_MAC_TRUNCATION_OFFSET 8 #define PSA_MAC_TRUNCATION_OFFSET 8
@ -887,6 +894,10 @@ typedef uint32_t psa_algorithm_t;
#define PSA_ALG_CCM ((psa_algorithm_t)0x06001001) #define PSA_ALG_CCM ((psa_algorithm_t)0x06001001)
#define PSA_ALG_GCM ((psa_algorithm_t)0x06001002) #define PSA_ALG_GCM ((psa_algorithm_t)0x06001002)
/* In the encoding of a AEAD algorithm, the bits corresponding to
* PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
* The constants for default lengths follow this encoding.
*/
#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x00003f00) #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x00003f00)
#define PSA_AEAD_TAG_LENGTH_OFFSET 8 #define PSA_AEAD_TAG_LENGTH_OFFSET 8

3
include/psa/crypto_sizes.h
View file

@ -79,6 +79,9 @@
*/ */
/* All non-HMAC MACs have a maximum size that's smaller than the /* All non-HMAC MACs have a maximum size that's smaller than the
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */ * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
/* Note that the encoding of truncated MAC algorithms limits this value
* to 64 bytes.
*/
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
/* The maximum size of an RSA key on this implementation, in bits. /* The maximum size of an RSA key on this implementation, in bits.

3
tests/suites/test_suite_psa_crypto.data
View file

@ -1,3 +1,6 @@
PSA compile-time sanity checks
static_checks:
PSA init/deinit PSA init/deinit
init_deinit: init_deinit:

13
tests/suites/test_suite_psa_crypto.function
View file

@ -793,6 +793,19 @@ static int exercise_key( psa_key_slot_t slot,
* END_DEPENDENCIES * END_DEPENDENCIES
*/ */
/* BEGIN_CASE */
void static_checks( )
{
size_t max_truncated_mac_size =
PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
/* Check that the length for a truncated MAC always fits in the algorithm
* encoding. The shifted mask is the maximum truncated value. The
* untruncated algorithm may be one byte larger. */
TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void init_deinit( ) void init_deinit( )
{ {