| /* BEGIN_HEADER */ |
| |
| #include <mbedtls/constant_time.h> |
| #include <mbedtls/legacy_or_psa.h> |
| #include <mbedtls/md.h> |
| #include <constant_time_internal.h> |
| #include <hash_info.h> |
| |
| #include <test/constant_flow.h> |
| /* END_HEADER */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ |
| void ssl_cf_hmac( int hash ) |
| { |
| /* |
| * Test the function mbedtls_ct_hmac() against a reference |
| * implementation. |
| */ |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_algorithm_t alg; |
| psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; |
| #else |
| mbedtls_md_context_t ctx, ref_ctx; |
| const mbedtls_md_info_t *md_info; |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| size_t out_len, block_size; |
| size_t min_in_len, in_len, max_in_len, i; |
| /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ |
| unsigned char add_data[13]; |
| unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE]; |
| unsigned char *data = NULL; |
| unsigned char *out = NULL; |
| unsigned char rec_num = 0; |
| |
| USE_PSA_INIT( ); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| alg = PSA_ALG_HMAC( mbedtls_hash_info_psa_from_md( hash ) ); |
| |
| out_len = PSA_HASH_LENGTH( alg ); |
| block_size = PSA_HASH_BLOCK_LENGTH( alg ); |
| |
| /* mbedtls_ct_hmac() requires the key to be exportable */ |
| psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT | |
| PSA_KEY_USAGE_VERIFY_HASH ); |
| psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) ); |
| psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); |
| #else |
| mbedtls_md_init( &ctx ); |
| mbedtls_md_init( &ref_ctx ); |
| |
| md_info = mbedtls_md_info_from_type( hash ); |
| TEST_ASSERT( md_info != NULL ); |
| out_len = mbedtls_md_get_size( md_info ); |
| TEST_ASSERT( out_len != 0 ); |
| block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64; |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| |
| /* Use allocated out buffer to catch overwrites */ |
| ASSERT_ALLOC( out, out_len ); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| /* Set up dummy key */ |
| memset( ref_out, 42, sizeof( ref_out ) ); |
| TEST_EQUAL( PSA_SUCCESS, psa_import_key( &attributes, |
| ref_out, out_len, |
| &key ) ); |
| #else |
| /* Set up contexts with the given hash and a dummy key */ |
| TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) ); |
| TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) ); |
| memset( ref_out, 42, sizeof( ref_out ) ); |
| TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) ); |
| TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) ); |
| memset( ref_out, 0, sizeof( ref_out ) ); |
| #endif |
| |
| /* |
| * Test all possible lengths up to a point. The difference between |
| * max_in_len and min_in_len is at most 255, and make sure they both vary |
| * by at least one block size. |
| */ |
| for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ ) |
| { |
| mbedtls_test_set_step( max_in_len * 10000 ); |
| |
| /* Use allocated in buffer to catch overreads */ |
| ASSERT_ALLOC( data, max_in_len ); |
| |
| min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; |
| for( in_len = min_in_len; in_len <= max_in_len; in_len++ ) |
| { |
| mbedtls_test_set_step( max_in_len * 10000 + in_len ); |
| |
| /* Set up dummy data and add_data */ |
| rec_num++; |
| memset( add_data, rec_num, sizeof( add_data ) ); |
| for( i = 0; i < in_len; i++ ) |
| data[i] = ( i & 0xff ) ^ rec_num; |
| |
| /* Get the function's result */ |
| TEST_CF_SECRET( &in_len, sizeof( in_len ) ); |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| TEST_EQUAL( 0, mbedtls_ct_hmac( key, PSA_ALG_HMAC( alg ), |
| add_data, sizeof( add_data ), |
| data, in_len, |
| min_in_len, max_in_len, |
| out ) ); |
| #else |
| TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ), |
| data, in_len, |
| min_in_len, max_in_len, |
| out ) ); |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| TEST_CF_PUBLIC( &in_len, sizeof( in_len ) ); |
| TEST_CF_PUBLIC( out, out_len ); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_setup( &operation, |
| key, alg ) ); |
| TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, add_data, |
| sizeof( add_data ) ) ); |
| TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, |
| data, in_len ) ); |
| TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_finish( &operation, |
| out, out_len ) ); |
| #else |
| /* Compute the reference result */ |
| TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data, |
| sizeof( add_data ) ) ); |
| TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) ); |
| TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) ); |
| TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) ); |
| |
| /* Compare */ |
| ASSERT_COMPARE( out, out_len, ref_out, out_len ); |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| } |
| |
| mbedtls_free( data ); |
| data = NULL; |
| } |
| |
| exit: |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| psa_mac_abort( &operation ); |
| psa_destroy_key( key ); |
| #else |
| mbedtls_md_free( &ref_ctx ); |
| mbedtls_md_free( &ctx ); |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| |
| mbedtls_free( data ); |
| mbedtls_free( out ); |
| |
| USE_PSA_DONE( ); |
| } |
| /* END_CASE */ |