Reject block cipher modes that are not implemented in Mbed TLS

Mbed TLS doesn't support certain block cipher mode combinations. This limitation should probably be lifted, but for now, test them as unsupported. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-19 10:49:43 +01:00 · 2022-03-19 10:49:43 +01:00 · 7095d47749
commit 7095d47749
parent e3a0890e4f
1 changed files with 3 additions and 0 deletions
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@ -230,6 +230,9 @@ class KeyType:
           alg.head in frozenset.union(BLOCK_MAC_MODES,
                                       BLOCK_CIPHER_MODES,
                                       BLOCK_AEAD_MODES):
+            if alg.head in ['CMAC', 'OFB'] and \
+               self.head in ['ARIA', 'CAMELLIA']:
+                return False # not implemented in Mbed TLS
            return True
        if self.head == 'CHACHA20' and alg.head == 'CHACHA20_POLY1305':
            return True