mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-26 21:35:35 +00:00
Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info is not enough to deduce a PSA algorithm value of type psa_algorithm_t. This is because mbedtls_cipher_info doesn't contain the AEAD tag length, while values of type psa_algorithm_t do. This commit adds the AEAD tag length as a separate parameter to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value must be 0. This approach is preferred over passing psa_algorithm_t directly in order to keep the changes in existing code using the cipher layer small.
This commit is contained in:
parent
884f6af590
commit
f133640475
@ -434,6 +434,12 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
|
|||||||
*
|
*
|
||||||
* \param ctx The context to initialize. May not be \c NULL.
|
* \param ctx The context to initialize. May not be \c NULL.
|
||||||
* \param cipher_info The cipher to use.
|
* \param cipher_info The cipher to use.
|
||||||
|
* \param taglen For AEAD ciphers, the length in bytes of the
|
||||||
|
* authentication tag to use. Subsequent uses of
|
||||||
|
* mbedtls_cipher_auth_encrypt() or
|
||||||
|
* mbedtls_cipher_auth_decrypt() must provide
|
||||||
|
* the same tag length.
|
||||||
|
* For non-AEAD ciphers, the value must be \c 0.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||||
@ -442,7 +448,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
|
|||||||
* cipher-specific context fails.
|
* cipher-specific context fails.
|
||||||
*/
|
*/
|
||||||
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
|
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
|
||||||
const mbedtls_cipher_info_t *cipher_info );
|
const mbedtls_cipher_info_t *cipher_info,
|
||||||
|
size_t taglen );
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -234,7 +234,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
|
|||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
|
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
|
||||||
const mbedtls_cipher_info_t *cipher_info )
|
const mbedtls_cipher_info_t *cipher_info,
|
||||||
|
size_t taglen )
|
||||||
{
|
{
|
||||||
psa_algorithm_t alg;
|
psa_algorithm_t alg;
|
||||||
mbedtls_cipher_context_psa *cipher_psa;
|
mbedtls_cipher_context_psa *cipher_psa;
|
||||||
@ -242,7 +243,7 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
|
|||||||
if( NULL == cipher_info || NULL == ctx )
|
if( NULL == cipher_info || NULL == ctx )
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode );
|
alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
|
||||||
if( alg == 0)
|
if( alg == 0)
|
||||||
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user