From 6ac8f94a72cb75071c79797908c4927b37e2f85a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 1 Sep 2021 08:31:49 +0200 Subject: [PATCH] Fix cipher info key length sanity checks Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the exceptions explicitly. This commit fixes a test failure with the null cipher and an incorrect comment that omitted several key lengths. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_cipher.function | 31 +++++++++++++++++++++---- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 94ea88f79..c809d9a28 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -33,11 +33,32 @@ static int check_cipher_info( mbedtls_cipher_type_t type, TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info ); key_bitlen = mbedtls_cipher_info_get_key_bitlen( info ); - TEST_ASSERT( key_bitlen % 8 == 0 ); - /* All current and plausible supported ciphers use a 64-bit, 128-bit - * or 256-bit key, except XTS which uses a double AES key. */ - TEST_ASSERT( key_bitlen >= 64 ); - TEST_ASSERT( key_bitlen <= 512 ); + if( info->type == MBEDTLS_CIPHER_NULL ) + TEST_ASSERT( key_bitlen == 0 ); + else if( info->mode == MBEDTLS_MODE_XTS ) + { + TEST_ASSERT( key_bitlen == 256 || + key_bitlen == 384 || + key_bitlen == 512 ); + } + else if( ! strncmp( info->name, "DES-EDE3-", 9 ) ) + { + TEST_ASSERT( key_bitlen == 192 ); + } + else if( ! strncmp( info->name, "DES-EDE-", 8 ) ) + { + TEST_ASSERT( key_bitlen == 128 ); + } + else if( ! strncmp( info->name, "DES-", 4 ) ) + { + TEST_ASSERT( key_bitlen == 64 ); + } + else + { + TEST_ASSERT( key_bitlen == 128 || + key_bitlen == 192 || + key_bitlen == 256 ); + } return( 1 );