Fix cipher info key length sanity checks
Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.
This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 94ea88f..c809d9a 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -33,11 +33,32 @@
TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );
key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
- TEST_ASSERT( key_bitlen % 8 == 0 );
- /* All current and plausible supported ciphers use a 64-bit, 128-bit
- * or 256-bit key, except XTS which uses a double AES key. */
- TEST_ASSERT( key_bitlen >= 64 );
- TEST_ASSERT( key_bitlen <= 512 );
+ if( info->type == MBEDTLS_CIPHER_NULL )
+ TEST_ASSERT( key_bitlen == 0 );
+ else if( info->mode == MBEDTLS_MODE_XTS )
+ {
+ TEST_ASSERT( key_bitlen == 256 ||
+ key_bitlen == 384 ||
+ key_bitlen == 512 );
+ }
+ else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
+ {
+ TEST_ASSERT( key_bitlen == 192 );
+ }
+ else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
+ {
+ TEST_ASSERT( key_bitlen == 128 );
+ }
+ else if( ! strncmp( info->name, "DES-", 4 ) )
+ {
+ TEST_ASSERT( key_bitlen == 64 );
+ }
+ else
+ {
+ TEST_ASSERT( key_bitlen == 128 ||
+ key_bitlen == 192 ||
+ key_bitlen == 256 );
+ }
return( 1 );