mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-10 04:13:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1031 from gilles-peskine-arm/cmac-blksize_max

Browse Source
This commit is contained in:
Dave Rodgman 2023-07-13 19:33:09 +01:00 committed by GitHub
commit caa6a1fd0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 81 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt Normal file
View File

@ -0,0 +1,13 @@
New deprecations
* MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
maximum size of any supported block cipher) or the new name
MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
maximum size of a block cipher supported by the CMAC module).
Security
* In configurations with ARIA or Camellia but not AES, the value of
MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
suggest. This did not affect any library code, because this macro was
only used in relation with CMAC which does not support these ciphers.
This may affect application code that uses this macro.

27
include/mbedtls/cmac.h
View File

@ -5,6 +5,7 @@
*
* The Cipher-based Message Authentication Code (CMAC) Mode for
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
* It is supported with AES and DES.
*/
/*
* Copyright The Mbed TLS Contributors
@ -38,12 +39,30 @@ extern "C" {
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8
/* We don't support Camellia or ARIA in this module */
#if defined(MBEDTLS_AES_C)
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 16 /**< The longest block used by CMAC is that of AES. */
#else
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 8 /**< The longest block used by CMAC is that of 3DES. */
#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/** The longest block supported by the cipher module.
*
* \deprecated
* For the maximum block size of a cipher supported by the CMAC module,
* use #MBEDTLS_CMAC_MAX_BLOCK_SIZE.
* For the maximum block size of a cipher supported by the cipher module,
* use #MBEDTLS_MAX_BLOCK_LENGTH.
*/
/* Before Mbed TLS 3.5, this was the maximum block size supported by the CMAC
* module, so it didn't take Camellia or ARIA into account. Since the name
* of the macro doesn't even convey "CMAC", this was misleading. Now the size
* is sufficient for any cipher, but the name is defined in cmac.h for
* backward compatibility. */
#define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if !defined(MBEDTLS_CMAC_ALT)
/**
@ -51,11 +70,11 @@ extern "C" {
*/
struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/** The length of data pending processing. */
size_t MBEDTLS_PRIVATE(unprocessed_len);

18
library/cmac.c
View File

@ -114,7 +114,7 @@ static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx,
unsigned char *K1, unsigned char *K2)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char L[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
size_t olen, block_size;
mbedtls_platform_zeroize(L, sizeof(L));
@ -152,7 +152,7 @@ exit:
* We can't use the padding option from the cipher layer, as it only works for
* CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
*/
static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
static void cmac_pad(unsigned char padded_block[MBEDTLS_CMAC_MAX_BLOCK_SIZE],
size_t padded_block_len,
const unsigned char *last_block,
size_t last_block_len)
@ -283,9 +283,9 @@ int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
{
mbedtls_cmac_context_t *cmac_ctx;
unsigned char *state, *last_block;
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K1[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char K2[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char M_last[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen, block_size;
@ -332,7 +332,7 @@ exit:
mbedtls_platform_zeroize(cmac_ctx->unprocessed_block,
sizeof(cmac_ctx->unprocessed_block));
mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
mbedtls_platform_zeroize(state, MBEDTLS_CMAC_MAX_BLOCK_SIZE);
return ret;
}
@ -746,8 +746,8 @@ static int cmac_test_subkeys(int verbose,
int i, ret = 0;
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K1[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char K2[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if (cipher_info == NULL) {
@ -841,7 +841,7 @@ static int cmac_test_wth_cipher(int verbose,
{
const mbedtls_cipher_info_t *cipher_info;
int i, ret = 0;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if (cipher_info == NULL) {

3
tests/suites/test_suite_cipher.function
View File

@ -63,6 +63,9 @@ static int check_cipher_info(mbedtls_cipher_type_t type,
key_bitlen == 192 ||
key_bitlen == 256);
}
TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8);
TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH);
TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH);
if (strstr(info->name, "-ECB") != NULL) {
TEST_ASSERT(iv_size == 0);

24
tests/suites/test_suite_cmac.data
View File

@ -29,9 +29,29 @@ CMAC init #6 AES-0: bad key size
depends_on:MBEDTLS_AES_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init #7 Camellia: wrong cipher
CMAC init Camellia-128: wrong cipher
depends_on:MBEDTLS_CAMELLIA_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_128_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init Camellia-192: wrong cipher
depends_on:MBEDTLS_CAMELLIA_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:192:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init Camellia-256: wrong cipher
depends_on:MBEDTLS_CAMELLIA_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init #8 ARIA-128: wrong cipher
depends_on:MBEDTLS_ARIA_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_128_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init #8 ARIA-192: wrong cipher
depends_on:MBEDTLS_ARIA_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_192_ECB:192:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init #8 ARIA-256: wrong cipher
depends_on:MBEDTLS_ARIA_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC Single Blocks #1 - Empty block, no updates
depends_on:MBEDTLS_AES_C

16
tests/suites/test_suite_cmac.function
View File

@ -20,9 +20,9 @@ void mbedtls_cmac_null_args()
{
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
unsigned char test_key[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char test_data[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char test_output[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char test_key[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char test_data[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char test_output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
mbedtls_cipher_init(&ctx);
@ -111,6 +111,12 @@ void mbedtls_cmac_setkey(int cipher_type, int key_size, int result)
TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
!= NULL);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info),
MBEDTLS_CIPHER_BLKSIZE_MAX);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info),
MBEDTLS_CMAC_MAX_BLOCK_SIZE);
memset(buf, 0x2A, sizeof(buf));
TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size,
@ -129,7 +135,7 @@ void mbedtls_cmac_multiple_blocks(int cipher_type, data_t *key,
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/* Convert the test parameters to binary data */
@ -208,7 +214,7 @@ void mbedtls_cmac_multiple_operations_same_key(int cipher_type,
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/* Convert the test parameters to binary data */