mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-29 04:20:12 +00:00
Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac()
No semantic change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
a3237efefb
commit
ac5fabed25
@ -40,13 +40,8 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
|
|||||||
size_t buflen, olen = 0;
|
size_t buflen, olen = 0;
|
||||||
size_t plaintext_len, block_size, i;
|
size_t plaintext_len, block_size, i;
|
||||||
unsigned char padlen; /* excluding the padding_length byte */
|
unsigned char padlen; /* excluding the padding_length byte */
|
||||||
unsigned char add_data[13];
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
||||||
size_t sign_mac_length = 0;
|
|
||||||
unsigned char mac[PSA_HASH_MAX_SIZE];
|
|
||||||
#else
|
|
||||||
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
|
||||||
#endif
|
#endif
|
||||||
int exp_ret;
|
int exp_ret;
|
||||||
int ret;
|
int ret;
|
||||||
@ -111,14 +106,6 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
|
|||||||
rec.data_len = plaintext_len;
|
rec.data_len = plaintext_len;
|
||||||
memset(rec.buf + rec.data_offset, 42, rec.data_len);
|
memset(rec.buf + rec.data_offset, 42, rec.data_len);
|
||||||
|
|
||||||
/* Serialized version of record header for MAC purposes */
|
|
||||||
memcpy(add_data, rec.ctr, 8);
|
|
||||||
add_data[8] = rec.type;
|
|
||||||
add_data[9] = rec.ver[0];
|
|
||||||
add_data[10] = rec.ver[1];
|
|
||||||
add_data[11] = (rec.data_len >> 8) & 0xff;
|
|
||||||
add_data[12] = (rec.data_len >> 0) & 0xff;
|
|
||||||
|
|
||||||
/* Set dummy IV */
|
/* Set dummy IV */
|
||||||
memset(t0.iv_enc, 0x55, t0.ivlen);
|
memset(t0.iv_enc, 0x55, t0.ivlen);
|
||||||
memcpy(rec.buf, t0.iv_enc, t0.ivlen);
|
memcpy(rec.buf, t0.iv_enc, t0.ivlen);
|
||||||
@ -126,29 +113,48 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
|
|||||||
/*
|
/*
|
||||||
* Prepare a pre-encryption record (with MAC and padding), and save it.
|
* Prepare a pre-encryption record (with MAC and padding), and save it.
|
||||||
*/
|
*/
|
||||||
|
mbedtls_ssl_transform *transform_out = &t0;
|
||||||
|
mbedtls_record *record = &rec;
|
||||||
|
|
||||||
|
/* Serialized version of record header for MAC purposes */
|
||||||
|
unsigned char add_data[13];
|
||||||
|
memcpy(add_data, record->ctr, 8);
|
||||||
|
add_data[8] = record->type;
|
||||||
|
add_data[9] = record->ver[0];
|
||||||
|
add_data[10] = record->ver[1];
|
||||||
|
add_data[11] = (record->data_len >> 8) & 0xff;
|
||||||
|
add_data[12] = (record->data_len >> 0) & 0xff;
|
||||||
|
|
||||||
/* MAC with additional data */
|
/* MAC with additional data */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
size_t sign_mac_length = 0;
|
||||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
|
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
|
||||||
t0.psa_mac_enc,
|
transform_out->psa_mac_enc,
|
||||||
t0.psa_mac_alg));
|
transform_out->psa_mac_alg));
|
||||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
|
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
|
||||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
|
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
|
||||||
rec.buf + rec.data_offset,
|
record->buf + record->data_offset,
|
||||||
rec.data_len));
|
record->data_len));
|
||||||
|
/* Use a temporary buffer for the MAC, because with the truncated HMAC
|
||||||
|
* extension, there might not be enough room in the record for the
|
||||||
|
* full-length MAC. */
|
||||||
|
unsigned char mac[PSA_HASH_MAX_SIZE];
|
||||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
|
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
|
||||||
mac, sizeof(mac),
|
mac, sizeof(mac),
|
||||||
&sign_mac_length));
|
&sign_mac_length));
|
||||||
#else
|
#else
|
||||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
|
TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
|
||||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
|
TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
|
||||||
rec.buf + rec.data_offset,
|
record->buf + record->data_offset,
|
||||||
rec.data_len));
|
record->data_len));
|
||||||
TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
|
/* Use a temporary buffer for the MAC, because with the truncated HMAC
|
||||||
|
* extension, there might not be enough room in the record for the
|
||||||
|
* full-length MAC. */
|
||||||
|
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
||||||
|
TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
|
||||||
#endif
|
#endif
|
||||||
|
memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
|
||||||
memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
|
record->data_len += transform_out->maclen;
|
||||||
rec.data_len += t0.maclen;
|
|
||||||
|
|
||||||
/* Pad */
|
/* Pad */
|
||||||
memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
|
memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user