mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace PSA/Cipher logic with mbedtls_get_mode_from_transform()

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-03-30 10:58:01 +02:00
parent 8a0f3e8cf0
commit 136f8409df
1 changed files with 16 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
library/ssl_msg.c
View File

@ -523,9 +523,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
#if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_ssl_mode_t ssl_mode;
mbedtls_cipher_mode_t mode;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int auth_done = 0; int auth_done = 0;
unsigned char * data; unsigned char * data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
@ -566,15 +564,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
ssl_mode = mbedtls_get_mode_from_transform( transform );
data = rec->buf + rec->data_offset; data = rec->buf + rec->data_offset;
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len ); data, rec->data_len );
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
@ -654,17 +650,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* Add MAC before if needed * Add MAC before if needed
*/ */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER || ssl_mode == MBEDTLS_SSL_MODE_CBC )
( transform->psa_alg == PSA_ALG_CBC_NO_PADDING
#else
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
&& transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
) )
{ {
if( post_avail < transform->maclen ) if( post_avail < transform->maclen )
{ {
@ -748,11 +735,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* Encrypt * Encrypt
*/ */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
#else
if( mode == MBEDTLS_MODE_STREAM )
#endif
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %d bytes of padding", "including %d bytes of padding",
@ -767,13 +750,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_GCM_C) || \ #if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C) defined(MBEDTLS_CHACHAPOLY_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
#else
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{ {
unsigned char iv[12]; unsigned char iv[12];
unsigned char *dynamic_iv; unsigned char *dynamic_iv;
@ -891,11 +868,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
else else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
#else
if( mode == MBEDTLS_MODE_CBC )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i; size_t padlen, i;
@ -1139,14 +1113,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
mbedtls_record *rec ) mbedtls_record *rec )
{ {
size_t olen; size_t olen;
#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_ssl_mode_t ssl_mode;
int ret; int ret;
#else
mbedtls_cipher_mode_t mode;
int ret;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int auth_done = 0; int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1; size_t padlen = 0, correct = 1;
@ -1171,9 +1140,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
} }
data = rec->buf + rec->data_offset; data = rec->buf + rec->data_offset;
#if !defined(MBEDTLS_USE_PSA_CRYPTO) ssl_mode = mbedtls_get_mode_from_transform( transform );
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* /*
@ -1187,11 +1154,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
#else
if( mode == MBEDTLS_MODE_STREAM )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{ {
/* The only supported stream cipher is "NULL", /* The only supported stream cipher is "NULL",
* so there's nothing to do here.*/ * so there's nothing to do here.*/
@ -1201,13 +1164,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
#if defined(MBEDTLS_GCM_C) || \ #if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C) defined(MBEDTLS_CHACHAPOLY_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
#else
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{ {
unsigned char iv[12]; unsigned char iv[12];
unsigned char *dynamic_iv; unsigned char *dynamic_iv;
@ -1333,11 +1290,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
else else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
#else
if( mode == MBEDTLS_MODE_CBC )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{ {
size_t minlen = 0; size_t minlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1391,7 +1345,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* Authenticate before decrypt if enabled * Authenticate before decrypt if enabled
*/ */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;