Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt
Allow CMAC self-test to skip tests for unsupported primitives (2)
diff --git a/ChangeLog.d/allow_alt_cmac_without_des.txt b/ChangeLog.d/allow_alt_cmac_without_des.txt
new file mode 100644
index 0000000..5193a9e
--- /dev/null
+++ b/ChangeLog.d/allow_alt_cmac_without_des.txt
@@ -0,0 +1,3 @@
+Changes
+ * Alternative implementations of CMAC may now opt to not support 3DES as a
+ CMAC block cipher, and still pass the CMAC self test.
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 702175f..a0563b1 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -74,6 +74,12 @@
* the input data.
* Must be called with an initialized cipher context.
*
+ * \note When the CMAC implementation is supplied by an alternate
+ * implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+ * may not be supported by that implementation, and thus
+ * return an error. Alternate implementations must support
+ * AES-128 and AES-256, and may support AES-192 and 3DES.
+ *
* \param ctx The cipher context used for the CMAC operation, initialized
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
@@ -151,6 +157,11 @@
* The CMAC result is calculated as
* output = generic CMAC(cmac key, input buffer).
*
+ * \note When the CMAC implementation is supplied by an alternate
+ * implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+ * may not be supported by that implementation, and thus
+ * return an error. Alternate implementations must support
+ * AES-128 and AES-256, and may support AES-192 and 3DES.
*
* \param cipher_info The cipher information.
* \param key The CMAC key.
@@ -195,6 +206,13 @@
/**
* \brief The CMAC checkup routine.
*
+ * \note In case the CMAC routines are provided by an alternative
+ * implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+ * checkup routine will succeed even if the implementation does
+ * not support the less widely used AES-192 or 3DES primitives.
+ * The self-test requires at least AES-128 and AES-256 to be
+ * supported by the underlying implementation.
+ *
* \return \c 0 on success.
* \return \c 1 on failure.
*/
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0a386db..466296c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2504,6 +2504,11 @@
* Enable the CMAC (Cipher-based Message Authentication Code) mode for block
* ciphers.
*
+ * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
+ * implementation of the CMAC algorithm is provided by an alternate
+ * implementation, that alternate implementation may opt to not support
+ * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
+ *
* Module: library/cmac.c
*
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
diff --git a/library/cmac.c b/library/cmac.c
index 06f8eec..3cc49d1 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -867,11 +867,12 @@
{
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
- * AES-192 may be unavailable. This should not cause the selftest
- * function to fail. */
+ * AES-192 and/or 3DES may be unavailable. This should not cause
+ * the selftest function to fail. */
if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
- cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) {
+ ( cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
+ cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB ) ) {
if( verbose != 0 )
mbedtls_printf( "skipped\n" );
continue;