mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 04:24:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix cipher info key length sanity checks

Browse Source 
Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.

This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-09-01 08:31:49 +02:00
parent ca939959e4
commit 6ac8f94a72
1 changed files with 26 additions and 5 deletions

31
tests/suites/test_suite_cipher.function

@ -33,11 +33,32 @@ static int check_cipher_info( mbedtls_cipher_type_t type,
TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info ); TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );
key_bitlen = mbedtls_cipher_info_get_key_bitlen( info ); key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
TEST_ASSERT( key_bitlen % 8 == 0 ); if( info->type == MBEDTLS_CIPHER_NULL )
/* All current and plausible supported ciphers use a 64-bit, 128-bit TEST_ASSERT( key_bitlen == 0 );
* or 256-bit key, except XTS which uses a double AES key. */ else if( info->mode == MBEDTLS_MODE_XTS )
TEST_ASSERT( key_bitlen >= 64 ); {
TEST_ASSERT( key_bitlen <= 512 ); TEST_ASSERT( key_bitlen == 256 ||
key_bitlen == 384 ||
key_bitlen == 512 );
}
else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
{
TEST_ASSERT( key_bitlen == 192 );
}
else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
{
TEST_ASSERT( key_bitlen == 128 );
}
else if( ! strncmp( info->name, "DES-", 4 ) )
{
TEST_ASSERT( key_bitlen == 64 );
}
else
{
TEST_ASSERT( key_bitlen == 128 ||
key_bitlen == 192 ||
key_bitlen == 256 );
}
return( 1 ); return( 1 );