From 830d5af2f37c3f986ef22b2684030bfb5a864b52 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 8 Jan 2021 18:01:46 +0100 Subject: [PATCH 1/5] Allow CMAC self test to skip tests for unsupported primitives Same type of skipping as in AES and GCM self test routines. Signed-off-by: Steven Cooreman --- library/cmac.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/library/cmac.c b/library/cmac.c index 59ece155ee..9501461acb 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -793,6 +793,17 @@ static int cmac_test_subkeys( int verbose, if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, MBEDTLS_ENCRYPT ) ) != 0 ) { + /* When CMAC is implemented by an alternative implementation, or + * the underlying primitive itself is implemented alternatively, + * certain features (e.g. AES-192) may be unavailable. This should + * not cause the selftest function to fail. */ + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { + if( verbose != 0 ) + mbedtls_printf( "skipped\n" ); + goto next_test; + } + if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); @@ -820,6 +831,7 @@ static int cmac_test_subkeys( int verbose, if( verbose != 0 ) mbedtls_printf( "passed\n" ); +next_test: mbedtls_cipher_free( &ctx ); } @@ -864,6 +876,17 @@ static int cmac_test_wth_cipher( int verbose, if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, message_lengths[i], output ) ) != 0 ) { + /* When CMAC is implemented by an alternative implementation, or + * the underlying primitive itself is implemented alternatively, + * certain features (e.g. AES-192) may be unavailable. This should + * not cause the selftest function to fail. */ + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { + if( verbose != 0 ) + mbedtls_printf( "skipped\n" ); + continue; + } + if( verbose != 0 ) mbedtls_printf( "failed\n" ); goto exit; From 655b012b6c475d4f7d14dca2f3d3f196d5e0c9ab Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 11 Jan 2021 14:34:51 +0100 Subject: [PATCH 2/5] Unconditionally include platform.h in CMAC As is the case for aes.c et al Signed-off-by: Steven Cooreman --- library/cmac.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 9501461acb..b8e7ca3c88 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -45,22 +45,10 @@ #include "mbedtls/cmac.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/platform.h" #include - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#if defined(MBEDTLS_SELF_TEST) -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_SELF_TEST */ -#endif /* MBEDTLS_PLATFORM_C */ - #if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) /* From b2f3e6ca351c5e85b07d246ddb4c6d704145d421 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 15 Jan 2021 16:49:55 +0100 Subject: [PATCH 3/5] Restrict test skipping to AES-192 specifically Signed-off-by: Steven Cooreman --- library/cmac.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index b8e7ca3c88..cdb5ed0b1f 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -785,8 +785,9 @@ static int cmac_test_subkeys( int verbose, * the underlying primitive itself is implemented alternatively, * certain features (e.g. AES-192) may be unavailable. This should * not cause the selftest function to fail. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || - ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { + if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED + || ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + && cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { if( verbose != 0 ) mbedtls_printf( "skipped\n" ); goto next_test; @@ -868,8 +869,9 @@ static int cmac_test_wth_cipher( int verbose, * the underlying primitive itself is implemented alternatively, * certain features (e.g. AES-192) may be unavailable. This should * not cause the selftest function to fail. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || - ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { + if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED + || ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + && cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { if( verbose != 0 ) mbedtls_printf( "skipped\n" ); continue; From 03f40849c5317294f356e463ce795ac478194a67 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 19 Jan 2021 13:30:48 +0100 Subject: [PATCH 4/5] Apply suggestions from code review Code style changes. Signed-off-by: Steven Cooreman Co-authored-by: Chris Jones <70633990+chris-jones-arm@users.noreply.github.com> --- library/cmac.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index cdb5ed0b1f..35cca16727 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -785,9 +785,9 @@ static int cmac_test_subkeys( int verbose, * the underlying primitive itself is implemented alternatively, * certain features (e.g. AES-192) may be unavailable. This should * not cause the selftest function to fail. */ - if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED - || ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - && cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { + if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && + cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { if( verbose != 0 ) mbedtls_printf( "skipped\n" ); goto next_test; @@ -869,9 +869,9 @@ static int cmac_test_wth_cipher( int verbose, * the underlying primitive itself is implemented alternatively, * certain features (e.g. AES-192) may be unavailable. This should * not cause the selftest function to fail. */ - if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED - || ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - && cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { + if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && + cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { if( verbose != 0 ) mbedtls_printf( "skipped\n" ); continue; From c7da6a48dd799004629961d55d640e957124c64e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 29 Jan 2021 11:09:50 +0100 Subject: [PATCH 5/5] Update comment to only apply to AES-192 Signed-off-by: Steven Cooreman --- library/cmac.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 35cca16727..06f8eec0d9 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -783,8 +783,8 @@ static int cmac_test_subkeys( int verbose, { /* When CMAC is implemented by an alternative implementation, or * the underlying primitive itself is implemented alternatively, - * certain features (e.g. AES-192) may be unavailable. This should - * not cause the selftest function to fail. */ + * AES-192 may be unavailable. This should not cause the selftest + * function to fail. */ if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { @@ -867,8 +867,8 @@ static int cmac_test_wth_cipher( int verbose, { /* When CMAC is implemented by an alternative implementation, or * the underlying primitive itself is implemented alternatively, - * certain features (e.g. AES-192) may be unavailable. This should - * not cause the selftest function to fail. */ + * AES-192 may be unavailable. This should not cause the selftest + * function to fail. */ if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) {