1/* BEGIN_HEADER */ 2 3#include <mbedtls/constant_time.h> 4#include <mbedtls/md.h> 5#include <constant_time_internal.h> 6#include "mbedtls/psa_util.h" 7#include <ssl_misc.h> 8 9#include <test/constant_flow.h> 10/* END_HEADER */ 11 12/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ 13void ssl_cf_hmac(int hash) 14{ 15 /* 16 * Test the function mbedtls_ct_hmac() against a reference 17 * implementation. 18 */ 19 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 20 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 21 psa_algorithm_t alg; 22 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 23 size_t out_len, block_size; 24 size_t min_in_len, in_len, max_in_len, i; 25 /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ 26 unsigned char add_data[13]; 27 unsigned char ref_out[MBEDTLS_MD_MAX_SIZE]; 28 unsigned char *data = NULL; 29 unsigned char *out = NULL; 30 unsigned char rec_num = 0; 31 32 USE_PSA_INIT(); 33 34 alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); 35 36 out_len = PSA_HASH_LENGTH(alg); 37 block_size = PSA_HASH_BLOCK_LENGTH(alg); 38 39 /* mbedtls_ct_hmac() requires the key to be exportable */ 40 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | 41 PSA_KEY_USAGE_VERIFY_HASH); 42 psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); 43 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); 44 45 /* Use allocated out buffer to catch overwrites */ 46 TEST_CALLOC(out, out_len); 47 48 /* Set up dummy key */ 49 memset(ref_out, 42, sizeof(ref_out)); 50 TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, 51 ref_out, out_len, 52 &key)); 53 /* 54 * Test all possible lengths up to a point. The difference between 55 * max_in_len and min_in_len is at most 255, and make sure they both vary 56 * by at least one block size. 57 */ 58 for (max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++) { 59 mbedtls_test_set_step(max_in_len * 10000); 60 61 /* Use allocated in buffer to catch overreads */ 62 TEST_CALLOC(data, max_in_len); 63 64 min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; 65 for (in_len = min_in_len; in_len <= max_in_len; in_len++) { 66 mbedtls_test_set_step(max_in_len * 10000 + in_len); 67 68 /* Set up dummy data and add_data */ 69 rec_num++; 70 memset(add_data, rec_num, sizeof(add_data)); 71 for (i = 0; i < in_len; i++) { 72 data[i] = (i & 0xff) ^ rec_num; 73 } 74 75 /* Get the function's result */ 76 TEST_CF_SECRET(&in_len, sizeof(in_len)); 77 TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg), 78 add_data, sizeof(add_data), 79 data, in_len, 80 min_in_len, max_in_len, 81 out)); 82 TEST_CF_PUBLIC(&in_len, sizeof(in_len)); 83 TEST_CF_PUBLIC(out, out_len); 84 85 TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation, 86 key, alg)); 87 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 88 sizeof(add_data))); 89 TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, 90 data, in_len)); 91 TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation, 92 out, out_len)); 93 } 94 95 mbedtls_free(data); 96 data = NULL; 97 } 98 99exit: 100 psa_mac_abort(&operation); 101 psa_destroy_key(key); 102 103 mbedtls_free(data); 104 mbedtls_free(out); 105 106 USE_PSA_DONE(); 107} 108/* END_CASE */ 109