From 7282a9e1a076a06d6216a0c41d6faca56689c2d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Jun 2023 17:49:02 +0200 Subject: [PATCH] Replacement for MBEDTLS_CIPHER_BLKSIZE_MAX Prepare to rename this constant by MBEDTLS_CMAC_MAX_BLOCK_SIZE. The old name was misleading since it looked like it covered all cipher support, not just CMAC support, but CMAC doesn't support Camellia or ARIA so the two are different. This commit introduces the new constant. Subsequent commits will replace internal uses of MBEDTLS_CIPHER_BLKSIZE_MAX and deprecate it. Signed-off-by: Gilles Peskine --- include/mbedtls/cmac.h | 19 +++++++++++++++++-- tests/suites/test_suite_cmac.function | 2 ++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index bb020800e2..5f0a7cde84 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -41,11 +41,26 @@ extern "C" { /* We don't support Camellia or ARIA in this module */ #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */ +#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 16 /**< The longest block used by CMAC is that of AES. */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */ +#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 8 /**< The longest block used by CMAC is that of 3DES. */ #endif +/** The longest block supported by the cipher module. + * + * \deprecated + * For the maximum block size of a cipher supported by the CMAC module, + * use #MBEDTLS_CMAC_MAX_BLOCK_SIZE. + * For the maximum block size of a cipher supported by the cipher module, + * use #MBEDTLS_MAX_BLOCK_LENGTH. + */ +/* Before Mbed TLS 3.5, this was the maximum block size supported by the CMAC + * module, so it didn't take Camellia or ARIA into account. Since the name + * of the macro doesn't even convey "CMAC", this was misleading. Now the size + * is sufficient for any cipher, but the name is defined in cmac.h for + * backward compatibility. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH + #if !defined(MBEDTLS_CMAC_ALT) /** diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 4597550502..71b5f00667 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -113,6 +113,8 @@ void mbedtls_cmac_setkey(int cipher_type, int key_size, int result) != NULL); TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info), MBEDTLS_CIPHER_BLKSIZE_MAX); + TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info), + MBEDTLS_CMAC_MAX_BLOCK_SIZE); memset(buf, 0x2A, sizeof(buf)); TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size,