From 37389c768d760c895e7137d7099e1ae8ed3fbf02 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Feb 2021 12:08:41 +0100 Subject: [PATCH] Update validity domain of min_tag_length / min_mac_length Review indicated explicit validity domain should be [1, max_alg_length] Signed-off-by: Steven Cooreman # Conflicts: # include/psa/crypto_values.h --- include/psa/crypto_values.h | 65 ++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 29 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index e804dc4be..f3792c86e 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -941,28 +941,30 @@ /** Macro to build a MAC minimum-MAC-length wildcard algorithm. * - * A mininimum-MAC-length MAC wildcard algorithm contains all MAC algorithms + * A mininimum-MAC-length MAC wildcard algorithm permits all MAC algorithms * sharing the same base algorithm, and where the (potentially truncated) MAC * length of the specific algorithm is equal to or larger then the wildcard * algorithm's minimum MAC length. * - * \param mac_alg A MAC algorithm identifier (value of type - * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg) - * is true). - * \param mac_length Desired minimum length of the message authentication - * code in bytes. This must be at most the full length of - * the MAC and must be at least an implementation-specified - * minimum. The implementation-specified minimum - * shall not be zero. + * \note When setting the minimum required MAC length to less than the + * smallest MAC length allowed by the base algorithm, this effectively + * becomes an 'any-MAC-length-allowed' policy for that base algorithm. * - * \return The corresponding MAC wildcard algorithm with the - * specified minimum length. - * \return Unspecified if \p mac_alg is not a supported MAC - * algorithm or if \p mac_length is too small or too large - * for the specified MAC algorithm. + * \param mac_alg A MAC algorithm identifier (value of type + * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg) + * is true). + * \param min_mac_length Desired minimum length of the message authentication + * code in bytes. This must be at most the untruncated + * length of the MAC and must be at least 1. + * + * \return The corresponding MAC wildcard algorithm with the + * specified minimum length. + * \return Unspecified if \p mac_alg is not a supported MAC + * algorithm or if \p min_mac_length is less than 1 or + * too large for the specified MAC algorithm. */ -#define PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG(mac_alg, mac_length) \ - ( PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) +#define PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG(mac_alg, min_mac_length) \ + ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000) /** The CBC-MAC construction over a block cipher @@ -1190,25 +1192,30 @@ /** Macro to build an AEAD minimum-tag-length wildcard algorithm. * - * A mininimum-tag-length AEAD wildcard algorithm contains all AEAD algorithms + * A mininimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms * sharing the same base algorithm, and where the tag length of the specific * algorithm is equal to or larger then the minimum tag length specified by the * wildcard algorithm. * - * \param aead_alg An AEAD algorithm identifier (value of type - * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg) - * is true). - * \param tag_length Desired minimum length of the authentication tag in - * bytes. + * \note When setting the minimum required tag length to less than the + * smallest tag length allowed by the base algorithm, this effectively + * becomes an 'any-tag-length-allowed' policy for that base algorithm. * - * \return The corresponding AEAD wildcard algorithm with the - * specified minimum length. - * \return Unspecified if \p aead_alg is not a supported - * AEAD algorithm or if \p tag_length is not valid - * for the specified AEAD algorithm. + * \param aead_alg An AEAD algorithm identifier (value of type + * #psa_algorithm_t such that + * #PSA_ALG_IS_AEAD(\p aead_alg) is true). + * \param min_tag_length Desired minimum length of the authentication tag in + * bytes. This must be at least 1 and at most the largest + * allowed tag length of the algorithm. + * + * \return The corresponding AEAD wildcard algorithm with the + * specified minimum length. + * \return Unspecified if \p aead_alg is not a supported + * AEAD algorithm or if \p min_tag_length is less than 1 + * or too large for the specified AEAD algorithm. */ -#define PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG(aead_alg, tag_length) \ - ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) | PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) +#define PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG(aead_alg, min_tag_length) \ + ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200) /** RSA PKCS#1 v1.5 signature with hashing.