2022-11-29 15:42:36 +01:00
|
|
|
/* BEGIN_HEADER */
|
|
|
|
|
|
|
|
#include <mbedtls/constant_time.h>
|
|
|
|
#include <mbedtls/legacy_or_psa.h>
|
|
|
|
#include <mbedtls/md.h>
|
|
|
|
#include <constant_time_internal.h>
|
2022-11-29 21:14:19 +01:00
|
|
|
#include <hash_info.h>
|
2022-11-29 15:42:36 +01:00
|
|
|
|
|
|
|
#include <test/constant_flow.h>
|
|
|
|
/* END_HEADER */
|
|
|
|
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
|
|
|
|
void ssl_cf_hmac( int hash )
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Test the function mbedtls_ct_hmac() against a reference
|
|
|
|
* implementation.
|
|
|
|
*/
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_algorithm_t alg;
|
|
|
|
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
|
|
|
#else
|
|
|
|
mbedtls_md_context_t ctx, ref_ctx;
|
|
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
size_t out_len, block_size;
|
|
|
|
size_t min_in_len, in_len, max_in_len, i;
|
|
|
|
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
|
|
|
|
unsigned char add_data[13];
|
|
|
|
unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
|
|
|
|
unsigned char *data = NULL;
|
|
|
|
unsigned char *out = NULL;
|
|
|
|
unsigned char rec_num = 0;
|
|
|
|
|
|
|
|
USE_PSA_INIT( );
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
alg = PSA_ALG_HMAC( mbedtls_hash_info_psa_from_md( hash ) );
|
|
|
|
|
|
|
|
out_len = PSA_HASH_LENGTH( alg );
|
|
|
|
block_size = PSA_HASH_BLOCK_LENGTH( alg );
|
|
|
|
|
|
|
|
/* mbedtls_ct_hmac() requires the key to be exportable */
|
|
|
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
|
|
|
|
PSA_KEY_USAGE_VERIFY_HASH );
|
|
|
|
psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
|
|
|
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
|
|
|
|
#else
|
|
|
|
mbedtls_md_init( &ctx );
|
|
|
|
mbedtls_md_init( &ref_ctx );
|
|
|
|
|
|
|
|
md_info = mbedtls_md_info_from_type( hash );
|
|
|
|
TEST_ASSERT( md_info != NULL );
|
|
|
|
out_len = mbedtls_md_get_size( md_info );
|
|
|
|
TEST_ASSERT( out_len != 0 );
|
|
|
|
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
|
|
|
|
/* Use allocated out buffer to catch overwrites */
|
|
|
|
ASSERT_ALLOC( out, out_len );
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
/* Set up dummy key */
|
|
|
|
memset( ref_out, 42, sizeof( ref_out ) );
|
|
|
|
TEST_EQUAL( PSA_SUCCESS, psa_import_key( &attributes,
|
|
|
|
ref_out, out_len,
|
|
|
|
&key ) );
|
|
|
|
#else
|
|
|
|
/* Set up contexts with the given hash and a dummy key */
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
|
|
|
|
memset( ref_out, 42, sizeof( ref_out ) );
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
|
|
|
|
memset( ref_out, 0, sizeof( ref_out ) );
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Test all possible lengths up to a point. The difference between
|
|
|
|
* max_in_len and min_in_len is at most 255, and make sure they both vary
|
|
|
|
* by at least one block size.
|
|
|
|
*/
|
|
|
|
for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
|
|
|
|
{
|
|
|
|
mbedtls_test_set_step( max_in_len * 10000 );
|
|
|
|
|
|
|
|
/* Use allocated in buffer to catch overreads */
|
|
|
|
ASSERT_ALLOC( data, max_in_len );
|
|
|
|
|
|
|
|
min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
|
|
|
|
for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
|
|
|
|
{
|
|
|
|
mbedtls_test_set_step( max_in_len * 10000 + in_len );
|
|
|
|
|
|
|
|
/* Set up dummy data and add_data */
|
|
|
|
rec_num++;
|
|
|
|
memset( add_data, rec_num, sizeof( add_data ) );
|
|
|
|
for( i = 0; i < in_len; i++ )
|
|
|
|
data[i] = ( i & 0xff ) ^ rec_num;
|
|
|
|
|
|
|
|
/* Get the function's result */
|
|
|
|
TEST_CF_SECRET( &in_len, sizeof( in_len ) );
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
TEST_EQUAL( 0, mbedtls_ct_hmac( key, PSA_ALG_HMAC( alg ),
|
|
|
|
add_data, sizeof( add_data ),
|
|
|
|
data, in_len,
|
|
|
|
min_in_len, max_in_len,
|
|
|
|
out ) );
|
|
|
|
#else
|
|
|
|
TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
|
|
|
|
data, in_len,
|
|
|
|
min_in_len, max_in_len,
|
|
|
|
out ) );
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
|
|
|
|
TEST_CF_PUBLIC( out, out_len );
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_setup( &operation,
|
|
|
|
key, alg ) );
|
|
|
|
TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, add_data,
|
|
|
|
sizeof( add_data ) ) );
|
|
|
|
TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation,
|
|
|
|
data, in_len ) );
|
|
|
|
TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_finish( &operation,
|
|
|
|
out, out_len ) );
|
|
|
|
#else
|
|
|
|
/* Compute the reference result */
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
|
|
|
|
sizeof( add_data ) ) );
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
|
|
|
|
TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
|
|
|
|
|
|
|
|
/* Compare */
|
|
|
|
ASSERT_COMPARE( out, out_len, ref_out, out_len );
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
}
|
|
|
|
|
|
|
|
mbedtls_free( data );
|
|
|
|
data = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
exit:
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
psa_mac_abort( &operation );
|
|
|
|
psa_destroy_key( key );
|
|
|
|
#else
|
|
|
|
mbedtls_md_free( &ref_ctx );
|
|
|
|
mbedtls_md_free( &ctx );
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
|
|
|
|
mbedtls_free( data );
|
|
|
|
mbedtls_free( out );
|
|
|
|
|
|
|
|
USE_PSA_DONE( );
|
|
|
|
}
|
|
|
|
/* END_CASE */
|