Fix cipher info key length sanity checks

Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the exceptions explicitly. This commit fixes a test failure with the null cipher and an incorrect comment that omitted several key lengths. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 08:31:49 +02:00 · 2021-09-01 08:31:49 +02:00 · 6ac8f94a72
commit 6ac8f94a72
parent ca939959e4
1 changed files with 26 additions and 5 deletions
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@ -33,11 +33,32 @@ static int check_cipher_info( mbedtls_cipher_type_t type,
    TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );

    key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
-    TEST_ASSERT( key_bitlen % 8 == 0 );
-    /* All current and plausible supported ciphers use a 64-bit, 128-bit
-     * or 256-bit key, except XTS which uses a double AES key. */
-    TEST_ASSERT( key_bitlen >= 64 );
-    TEST_ASSERT( key_bitlen <= 512 );
+    if( info->type == MBEDTLS_CIPHER_NULL )
+        TEST_ASSERT( key_bitlen == 0 );
+    else if( info->mode == MBEDTLS_MODE_XTS )
+    {
+        TEST_ASSERT( key_bitlen == 256 ||
+                     key_bitlen == 384 ||
+                     key_bitlen == 512 );
+    }
+    else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
+    {
+        TEST_ASSERT( key_bitlen == 192 );
+    }
+    else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
+    {
+        TEST_ASSERT( key_bitlen == 128 );
+    }
+    else if( ! strncmp( info->name, "DES-", 4 ) )
+    {
+        TEST_ASSERT( key_bitlen == 64 );
+    }
+    else
+    {
+        TEST_ASSERT( key_bitlen == 128 ||
+                     key_bitlen == 192 ||
+                     key_bitlen == 256 );
+    }

    return( 1 );