From 434899fccde3f24fad0e17b0c4f0d3c71e6e3fe7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 19 Oct 2018 11:30:26 +0200
Subject: [PATCH] Test truncated MAC and AEAD algorithms

For MAC and AEAD algorithms, test the algorithm truncated to certain
lengths (1 and 63 bytes).
---
 include/psa/crypto_values.h              | 42 ++++++++++++------------
 tests/scripts/test_psa_constant_names.py | 18 ++++++++--
 2 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index acf856dd1..2ae72e063 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -766,7 +766,7 @@
  *          algorithm is considered identical to the untruncated algorithm
  *          for policy comparison purposes.
  *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
  *                      is true). This may be a truncated or untruncated
  *                      MAC algorithm.
@@ -782,14 +782,14 @@
  *                      MAC algorithm or if \p mac_length is too small or
  *                      too large for the specified MAC algorithm.
  */
-#define PSA_ALG_TRUNCATED_MAC(alg, mac_length)                          \
-    (((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) |                           \
+#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length)                      \
+    (((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) |                       \
      ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
 
 /** Macro to build the base MAC algorithm corresponding to a truncated
  * MAC algorithm.
  *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
  *                      is true). This may be a truncated or untruncated
  *                      MAC algorithm.
@@ -798,12 +798,12 @@
  * \return              Unspecified if \p alg is not a supported
  *                      MAC algorithm.
  */
-#define PSA_ALG_FULL_LENGTH_MAC(alg)            \
-    ((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
+#define PSA_ALG_FULL_LENGTH_MAC(mac_alg)        \
+    ((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
 
 /** Length to which a MAC algorithm is truncated.
  *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
  *                      is true).
  *
@@ -812,8 +812,8 @@
  * \return              Unspecified if \p alg is not a supported
  *                      MAC algorithm.
  */
-#define PSA_MAC_TRUNCATED_LENGTH(alg)           \
-    (((alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
+#define PSA_MAC_TRUNCATED_LENGTH(mac_alg)                               \
+    (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
 
 #define PSA_ALG_CIPHER_MAC_BASE                 ((psa_algorithm_t)0x02c00000)
 #define PSA_ALG_CBC_MAC                         ((psa_algorithm_t)0x02c00001)
@@ -910,7 +910,7 @@
  * Depending on the algorithm, the tag length may affect the calculation
  * of the ciphertext.
  *
- * \param alg           A AEAD algorithm identifier (value of type
+ * \param aead_alg      An AEAD algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
  *                      is true).
  * \param tag_length    Desired length of the authentication tag in bytes.
@@ -921,26 +921,26 @@
  *                      AEAD algorithm or if \p tag_length is not valid
  *                      for the specified AEAD algorithm.
  */
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length)                   \
-    (((alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                          \
+#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length)              \
+    (((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                     \
      ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET &                      \
       PSA_ALG_AEAD_TAG_LENGTH_MASK))
 
 /** Calculate the corresponding AEAD algorithm with the default tag length.
  *
- * \param alg   An AEAD algorithm (\c PSA_ALG_XXX value such that
- *              #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param aead_alg      An AEAD algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_AEAD(\p alg) is true).
  *
- * \return      The corresponding AEAD algorithm with the default tag length
- *              for that algorithm.
+ * \return              The corresponding AEAD algorithm with the default
+ *                      tag length for that algorithm.
  */
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg)                       \
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg)                  \
     (                                                                   \
-        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM)   \
-        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM)   \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \
         0)
-#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \
-    PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \
+#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref)      \
+    PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) ==                        \
     PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ?  \
     ref :
 
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index 9c674e5da..15884f6fe 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -60,8 +60,13 @@ when applicable.'''
         self.ecc_curves = set(['0xffff'])
         self.key_types = set(['0xffffffff'])
         self.key_usage_flags = set(['0x80000000'])
-        # Hard-coded value for an unknown hash algorithm
+        # Hard-coded value for unknown algorithms
         self.hash_algorithms = set(['0x010000ff'])
+        self.mac_algorithms = set(['0x02ff00ff'])
+        # For AEAD algorithms, the only variability is over the tag length,
+        # and this only applies to known algorithms, so don't test an
+        # unknown algorithm.
+        self.aead_algorithms = set()
         # Identifier prefixes
         self.table_by_prefix = {
             'ERROR': self.statuses,
@@ -73,12 +78,17 @@ when applicable.'''
         # macro name -> list of argument names
         self.argspecs = {}
         # argument name -> list of values
-        self.arguments_for = {}
+        self.arguments_for = {
+            'mac_length': ['1', '63'],
+            'tag_length': ['1', '63'],
+        }
 
     def gather_arguments(self):
         '''Populate the list of values for macro arguments.
 Call this after parsing all the inputs.'''
         self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
+        self.arguments_for['mac_alg'] = sorted(self.mac_algorithms)
+        self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
         self.arguments_for['curve'] = sorted(self.ecc_curves)
 
     def format_arguments(self, name, arguments):
@@ -145,6 +155,10 @@ where each argument takes each possible value at least once.'''
             self.algorithms.add(argument)
             if function == 'hash_algorithm':
                 self.hash_algorithms.add(argument)
+            elif function in ['mac_algorithm', 'hmac_algorithm']:
+                self.mac_algorithms.add(argument)
+            elif function == 'aead_algorithm':
+                self.aead_algorithms.add(argument)
         elif function == 'key_type':
             self.key_types.add(argument)
         elif function == 'ecc_key_types':