Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt

Allow CMAC self-test to skip tests for unsupported primitives (2)
2021-04-29 16:04:39 +02:00 · 2021-04-29 16:04:39 +02:00 · 1a85d3b122
commit 1a85d3b122
parent 85f023b007 c338cef74b
4 changed files with 30 additions and 3 deletions
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@ -74,6 +74,12 @@ struct mbedtls_cmac_context_t
 *                      the input data.
 *                      Must be called with an initialized cipher context.
 *
+ * \note                When the CMAC implementation is supplied by an alternate
+ *                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+ *                      may not be supported by that implementation, and thus
+ *                      return an error. Alternate implementations must support
+ *                      AES-128 and AES-256, and may support AES-192 and 3DES.
+ *
 * \param ctx           The cipher context used for the CMAC operation, initialized
 *                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
 *                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
@ -151,6 +157,11 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
 *                      The CMAC result is calculated as
 *                      output = generic CMAC(cmac key, input buffer).
 *
+ * \note                When the CMAC implementation is supplied by an alternate
+ *                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+ *                      may not be supported by that implementation, and thus
+ *                      return an error. Alternate implementations must support
+ *                      AES-128 and AES-256, and may support AES-192 and 3DES.
 *
 * \param cipher_info   The cipher information.
 * \param key           The CMAC key.
@ -195,6 +206,13 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
 /**
 * \brief          The CMAC checkup routine.
 *
+ * \note           In case the CMAC routines are provided by an alternative
+ *                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+ *                 checkup routine will succeed even if the implementation does
+ *                 not support the less widely used AES-192 or 3DES primitives.
+ *                 The self-test requires at least AES-128 and AES-256 to be
+ *                 supported by the underlying implementation.
+ *
 * \return         \c 0 on success.
 * \return         \c 1 on failure.
 */