Merge pull request #716 from mpg/ct-varlen-hmac

Add constant-flow variable-length HMAC function

tests/suites/test_suite_ssl.function

@@ -7,6 +7,10 @@
 #include <mbedtls/timing.h>
 #include <mbedtls/debug.h>
 
+#include <ssl_invasive.h>
+
+#include <test/constant_flow.h>
+
 typedef struct log_pattern
 {
     const char *pattern;
@@ -4263,3 +4267,97 @@ void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
     goto exit;
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
+void ssl_cf_hmac( int hash )
+{
+    /*
+     * Test the function mbedtls_ssl_cf_hmac() against a reference
+     * implementation.
+     */
+    mbedtls_md_context_t ctx, ref_ctx;
+    const mbedtls_md_info_t *md_info;
+    size_t out_len, block_size;
+    size_t min_in_len, in_len, max_in_len, i;
+    /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
+    unsigned char add_data[13];
+    unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
+    unsigned char *data = NULL;
+    unsigned char *out = NULL;
+    unsigned char rec_num = 0;
+
+    mbedtls_md_init( &ctx );
+    mbedtls_md_init( &ref_ctx );
+
+    md_info = mbedtls_md_info_from_type( hash );
+    TEST_ASSERT( md_info != NULL );
+    out_len = mbedtls_md_get_size( md_info );
+    TEST_ASSERT( out_len != 0 );
+    block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
+
+    /* Use allocated out buffer to catch overwrites */
+    ASSERT_ALLOC( out, out_len );
+
+    /* Set up contexts with the given hash and a dummy key */
+    TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
+    TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
+    memset( ref_out, 42, sizeof( ref_out ) );
+    TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
+    TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
+    memset( ref_out, 0, sizeof( ref_out ) );
+
+    /*
+     * Test all possible lengths up to a point. The difference between
+     * max_in_len and min_in_len is at most 255, and make sure they both vary
+     * by at least one block size.
+     */
+    for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
+    {
+        test_set_step( max_in_len * 10000 );
+
+        /* Use allocated in buffer to catch overreads */
+        ASSERT_ALLOC( data, max_in_len );
+
+        min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
+        for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
+        {
+            test_set_step( max_in_len * 10000 + in_len );
+
+            /* Set up dummy data and add_data */
+            rec_num++;
+            memset( add_data, rec_num, sizeof( add_data ) );
+            for( i = 0; i < in_len; i++ )
+                data[i] = ( i & 0xff ) ^ rec_num;
+
+            /* Get the function's result */
+            TEST_CF_SECRET( &in_len, sizeof( in_len ) );
+            TEST_EQUAL( 0, mbedtls_ssl_cf_hmac( &ctx, add_data, sizeof( add_data ),
+                                                data, in_len,
+                                                min_in_len, max_in_len,
+                                                out ) );
+            TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
+            TEST_CF_PUBLIC( out, out_len );
+
+            /* Compute the reference result */
+            TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
+                                                   sizeof( add_data ) ) );
+            TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
+            TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
+            TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
+
+            /* Compare */
+            ASSERT_COMPARE( out, out_len, ref_out, out_len );
+        }
+
+        mbedtls_free( data );
+        data = NULL;
+    }
+
+exit:
+    mbedtls_md_free( &ref_ctx );
+    mbedtls_md_free( &ctx );
+
+    mbedtls_free( data );
+    mbedtls_free( out );
+}
+/* END_CASE */