Test truncated MAC and AEAD algorithms

For MAC and AEAD algorithms, test the algorithm truncated to certain lengths (1 and 63 bytes).
2018-10-19 11:30:26 +02:00 · 2018-10-19 11:30:26 +02:00 · 434899fccd
commit 434899fccd
parent f96ed6615c
2 changed files with 37 additions and 23 deletions
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@ -766,7 +766,7 @@
 *          algorithm is considered identical to the untruncated algorithm
 *          for policy comparison purposes.
 *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
 *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
 *                      is true). This may be a truncated or untruncated
 *                      MAC algorithm.
@ -782,14 +782,14 @@
 *                      MAC algorithm or if \p mac_length is too small or
 *                      too large for the specified MAC algorithm.
 */
-#define PSA_ALG_TRUNCATED_MAC(alg, mac_length)                          \
-    (((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) |                           \
+#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length)                      \
+    (((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) |                       \
     ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))

 /** Macro to build the base MAC algorithm corresponding to a truncated
 * MAC algorithm.
 *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
 *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
 *                      is true). This may be a truncated or untruncated
 *                      MAC algorithm.
@ -798,12 +798,12 @@
 * \return              Unspecified if \p alg is not a supported
 *                      MAC algorithm.
 */
-#define PSA_ALG_FULL_LENGTH_MAC(alg)            \
-    ((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
+#define PSA_ALG_FULL_LENGTH_MAC(mac_alg)        \
+    ((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)

 /** Length to which a MAC algorithm is truncated.
 *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
 *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
 *                      is true).
 *
@ -812,8 +812,8 @@
 * \return              Unspecified if \p alg is not a supported
 *                      MAC algorithm.
 */
-#define PSA_MAC_TRUNCATED_LENGTH(alg)           \
-    (((alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
+#define PSA_MAC_TRUNCATED_LENGTH(mac_alg)                               \
+    (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)

 #define PSA_ALG_CIPHER_MAC_BASE                 ((psa_algorithm_t)0x02c00000)
 #define PSA_ALG_CBC_MAC                         ((psa_algorithm_t)0x02c00001)
@ -910,7 +910,7 @@
 * Depending on the algorithm, the tag length may affect the calculation
 * of the ciphertext.
 *
- * \param alg           A AEAD algorithm identifier (value of type
+ * \param aead_alg      An AEAD algorithm identifier (value of type
 *                      #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
 *                      is true).
 * \param tag_length    Desired length of the authentication tag in bytes.
@ -921,26 +921,26 @@
 *                      AEAD algorithm or if \p tag_length is not valid
 *                      for the specified AEAD algorithm.
 */
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length)                   \
-    (((alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                          \
+#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length)              \
+    (((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                     \
     ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET &                      \
      PSA_ALG_AEAD_TAG_LENGTH_MASK))

 /** Calculate the corresponding AEAD algorithm with the default tag length.
 *
- * \param alg   An AEAD algorithm (\c PSA_ALG_XXX value such that
- *              #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param aead_alg      An AEAD algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_AEAD(\p alg) is true).
 *
- * \return      The corresponding AEAD algorithm with the default tag length
- *              for that algorithm.
+ * \return              The corresponding AEAD algorithm with the default
+ *                      tag length for that algorithm.
 */
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg)                       \
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg)                  \
    (                                                                   \
-        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM)   \
-        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM)   \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \
        0)
-#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \
-    PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \
+#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref)      \
+    PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) ==                        \
    PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ?  \
    ref :

--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@ -60,8 +60,13 @@ when applicable.'''
        self.ecc_curves = set(['0xffff'])
        self.key_types = set(['0xffffffff'])
        self.key_usage_flags = set(['0x80000000'])
-        # Hard-coded value for an unknown hash algorithm
+        # Hard-coded value for unknown algorithms
        self.hash_algorithms = set(['0x010000ff'])
+        self.mac_algorithms = set(['0x02ff00ff'])
+        # For AEAD algorithms, the only variability is over the tag length,
+        # and this only applies to known algorithms, so don't test an
+        # unknown algorithm.
+        self.aead_algorithms = set()
        # Identifier prefixes
        self.table_by_prefix = {
            'ERROR': self.statuses,
@ -73,12 +78,17 @@ when applicable.'''
        # macro name -> list of argument names
        self.argspecs = {}
        # argument name -> list of values
-        self.arguments_for = {}
+        self.arguments_for = {
+            'mac_length': ['1', '63'],
+            'tag_length': ['1', '63'],
+        }

    def gather_arguments(self):
        '''Populate the list of values for macro arguments.
 Call this after parsing all the inputs.'''
        self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
+        self.arguments_for['mac_alg'] = sorted(self.mac_algorithms)
+        self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
        self.arguments_for['curve'] = sorted(self.ecc_curves)

    def format_arguments(self, name, arguments):
@ -145,6 +155,10 @@ where each argument takes each possible value at least once.'''
            self.algorithms.add(argument)
            if function == 'hash_algorithm':
                self.hash_algorithms.add(argument)
+            elif function in ['mac_algorithm', 'hmac_algorithm']:
+                self.mac_algorithms.add(argument)
+            elif function == 'aead_algorithm':
+                self.aead_algorithms.add(argument)
        elif function == 'key_type':
            self.key_types.add(argument)
        elif function == 'ecc_key_types':