AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5434 from mprse/tls_use_psa

Browse Source 
TLS Cipher: use PSA crypto
This commit is contained in:
Manuel Pégourié-Gonnard 2022-02-08 10:27:25 +01:00 committed by GitHub
commit 45c5768a74
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 730 additions and 1658 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
library/ssl_misc.h
View File

@ -937,9 +937,16 @@ struct mbedtls_ssl_transform
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
int minor_ver;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */
mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */
psa_algorithm_t psa_alg; /*!< psa algorithm */
#else
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
int minor_ver;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
@ -1274,6 +1281,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
return( MBEDTLS_SVC_KEY_ID_INIT );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@ -2011,5 +2019,60 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
*/
#define MBEDTLS_SSL_NULL_CIPHER 0x04000000
/**
* \brief Translate mbedtls cipher type/taglen pair to psa:
* algorithm, key type and key size.
*
* \param mbedtls_cipher_type [in] given mbedtls cipher type
* \param taglen [in] given tag length
* 0 - default tag length
* \param alg [out] corresponding PSA alg
* There is no corresponding PSA
* alg for MBEDTLS_CIPHER_NULL, so
* in this case MBEDTLS_SSL_NULL_CIPHER
* is returned via this parameter
* \param key_type [out] corresponding PSA key type
* \param key_size [out] corresponding PSA key size
*
* \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if
* conversion is not supported.
*/
psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
size_t taglen,
psa_algorithm_t *alg,
psa_key_type_t *key_type,
size_t *key_size );
/**
* \brief Convert given PSA status to mbedtls error code.
*
* \param status [in] given PSA status
*
* \return corresponding mbedtls error code
*/
static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
{
switch( status )
{
case PSA_SUCCESS:
return( 0 );
case PSA_ERROR_INSUFFICIENT_MEMORY:
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
case PSA_ERROR_NOT_SUPPORTED:
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
case PSA_ERROR_INVALID_SIGNATURE:
return( MBEDTLS_ERR_SSL_INVALID_MAC );
default:
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* ssl_misc.h */

274
library/ssl_msg.c
View File

@ -522,7 +522,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_cipher_mode_t mode;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int auth_done = 0;
unsigned char * data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
@ -568,7 +570,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
@ -649,8 +653,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* Add MAC before if needed
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ||
( transform->psa_alg == PSA_ALG_CBC_NO_PADDING
#else
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
&& transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
@ -707,28 +716,18 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* Encrypt
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
#else
if( mode == MBEDTLS_MODE_STREAM )
#endif
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %d bytes of padding",
rec->data_len, 0 ) );
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* The only supported stream cipher is "NULL",
* so there's nothing to do here.*/
}
else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
@ -736,16 +735,23 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
#else
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
int dynamic_iv_is_explicit =
ssl_transform_aead_dynamic_iv_is_explicit( transform );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Check that there's space for the authentication tag. */
if( post_avail < transform->taglen )
@ -797,7 +803,22 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
/*
* Encrypt and authenticate
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_aead_encrypt( transform->psa_key_enc,
transform->psa_alg,
iv, transform->ivlen,
add_data, add_data_len,
data, rec->data_len,
data, rec->buf_len - (data - rec->buf),
&rec->data_len );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, add_data_len,
@ -809,6 +830,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt_ext", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len - transform->taglen,
transform->taglen );
@ -836,11 +859,20 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
#else
if( mode == MBEDTLS_MODE_CBC )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
size_t olen;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t part_len;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Currently we're always using minimal padding
* (up to 255 bytes would be allowed). */
@ -894,6 +926,53 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
rec->data_len, transform->ivlen,
padlen + 1 ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_cipher_encrypt_setup( &cipher_op,
transform->psa_key_enc, transform->psa_alg );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_encrypt_setup", ret );
return( ret );
}
status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret );
return( ret );
}
status = psa_cipher_update( &cipher_op,
data, rec->data_len,
data, rec->data_len, &olen );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret );
return( ret );
}
status = psa_cipher_finish( &cipher_op,
data + olen, rec->data_len - olen,
&part_len );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret );
return( ret );
}
olen += part_len;
#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc,
transform->ivlen,
@ -903,6 +982,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( rec->data_len != olen )
{
@ -997,8 +1077,15 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
mbedtls_record *rec )
{
size_t olen;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
#else
mbedtls_cipher_mode_t mode;
int ret, auth_done = 0;
int ret;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1;
#endif
@ -1022,7 +1109,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
}
data = rec->buf + rec->data_offset;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
@ -1036,37 +1125,34 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
#else
if( mode == MBEDTLS_MODE_STREAM )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
padlen = 0;
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec,
transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* The only supported stream cipher is "NULL",
* so there's nothing to do here.*/
}
else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
#else
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Extract dynamic part of nonce for AEAD decryption.
@ -1141,6 +1227,22 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
/*
* Decrypt and authenticate
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_aead_decrypt( transform->psa_key_dec,
transform->psa_alg,
iv, transform->ivlen,
add_data, add_data_len,
data, rec->data_len + transform->taglen,
data, rec->buf_len - (data - rec->buf),
&olen );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_decrypt", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec,
iv, transform->ivlen,
add_data, add_data_len,
@ -1155,6 +1257,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
auth_done++;
/* Double-check that AEAD decryption doesn't change content length. */
@ -1167,9 +1271,18 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
#else
if( mode == MBEDTLS_MODE_CBC )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
size_t minlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t part_len;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Check immediate ciphertext sanity
@ -1310,6 +1423,51 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_cipher_decrypt_setup( &cipher_op,
transform->psa_key_dec, transform->psa_alg );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_decrypt_setup", ret );
return( ret );
}
status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret );
return( ret );
}
status = psa_cipher_update( &cipher_op,
data, rec->data_len,
data, rec->data_len, &olen );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret );
return( ret );
}
status = psa_cipher_finish( &cipher_op,
data + olen, rec->data_len - olen,
&part_len );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret );
return( ret );
}
olen += part_len;
#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec, transform->ivlen,
data, rec->data_len, data, &olen ) ) != 0 )
@ -1317,6 +1475,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Double-check that length hasn't changed during decryption. */
if( rec->data_len != olen )
@ -4857,12 +5016,53 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
if( transform == NULL )
return( (int) out_hdr_len );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ( transform->psa_alg == PSA_ALG_GCM ||
transform->psa_alg == PSA_ALG_CCM ||
transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) ||
transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ||
transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
{
transform_expansion = transform->minlen;
}
else if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
{
(void) psa_get_key_attributes( transform->psa_key_enc, &attr );
key_type = psa_get_key_type( &attr );
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
/* Expansion due to the addition of the MAC. */
transform_expansion += transform->maclen;
/* Expansion due to the addition of CBC padding;
* Theoretically up to 256 bytes, but we never use
* more than the block size of the underlying cipher. */
transform_expansion += block_size;
/* For TLS 1.2 or higher, an explicit IV is added
* after the record header. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
transform_expansion += block_size;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#else
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
{
case MBEDTLS_MODE_GCM:
@ -4897,6 +5097,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( transform->out_cid_len != 0 )
@ -5401,8 +5602,13 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
if( transform == NULL )
return;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key( transform->psa_key_enc );
psa_destroy_key( transform->psa_key_dec );
#else
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc );

12
library/ssl_srv.c
View File

@ -2035,7 +2035,13 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
{
unsigned char *p = buf;
const mbedtls_ssl_ciphersuite_t *suite = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_algorithm_t alg;
size_t key_bits;
#else
const mbedtls_cipher_info_t *cipher = NULL;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
{
@ -2051,8 +2057,14 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
*/
if( ( suite = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite ) ) == NULL ||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg,
&key_type, &key_bits ) != PSA_SUCCESS ) ||
alg != PSA_ALG_CBC_NO_PADDING )
#else
( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
cipher->mode != MBEDTLS_MODE_CBC )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
*olen = 0;
return;

241
library/ssl_tls.c
View File

@ -705,9 +705,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
const mbedtls_ssl_context *ssl )
{
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int psa_fallthrough;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char keyblk[256];
unsigned char *key1;
unsigned char *key2;
@ -720,6 +717,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif
#if !defined(MBEDTLS_DEBUG_C) && \
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( ssl->f_export_keys == NULL )
@ -1004,27 +1009,49 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
cipher_info, transform->taglen );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
transform->taglen,
&alg,
&key_type,
&key_bits ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
goto end;
}
if( ret == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
psa_fallthrough = 0;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
psa_fallthrough = 1;
}
transform->psa_alg = alg;
if( psa_fallthrough == 1 )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if ( alg != MBEDTLS_SSL_NULL_CIPHER )
{
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
if( ( status = psa_import_key( &attributes,
key1,
PSA_BITS_TO_BYTES( key_bits ),
&transform->psa_key_enc ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status );
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
goto end;
}
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
if( ( status = psa_import_key( &attributes,
key2,
PSA_BITS_TO_BYTES( key_bits ),
&transform->psa_key_dec ) ) != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
goto end;
}
}
#else
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
@ -1032,28 +1059,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
goto end;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
cipher_info, transform->taglen );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
goto end;
}
if( ret == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
psa_fallthrough = 0;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
psa_fallthrough = 1;
}
if( psa_fallthrough == 1 )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
cipher_info ) ) != 0 )
{
@ -1095,7 +1100,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
end:
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
@ -3022,8 +3027,13 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
{
memset( transform, 0, sizeof(mbedtls_ssl_transform) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT;
transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT;
#else
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
#endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc );
@ -4029,6 +4039,153 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
size_t taglen,
psa_algorithm_t *alg,
psa_key_type_t *key_type,
size_t *key_size )
{
switch ( mbedtls_cipher_type )
{
case MBEDTLS_CIPHER_AES_128_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 128;
break;
case MBEDTLS_CIPHER_AES_128_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 128;
break;
case MBEDTLS_CIPHER_AES_128_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 128;
break;
case MBEDTLS_CIPHER_AES_192_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 192;
break;
case MBEDTLS_CIPHER_AES_192_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 192;
break;
case MBEDTLS_CIPHER_AES_256_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 256;
break;
case MBEDTLS_CIPHER_AES_256_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 256;
break;
case MBEDTLS_CIPHER_AES_256_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 256;
break;
case MBEDTLS_CIPHER_ARIA_128_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 128;
break;
case MBEDTLS_CIPHER_ARIA_128_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 128;
break;
case MBEDTLS_CIPHER_ARIA_128_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 128;
break;
case MBEDTLS_CIPHER_ARIA_192_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 192;
break;
case MBEDTLS_CIPHER_ARIA_192_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 192;
break;
case MBEDTLS_CIPHER_ARIA_256_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 256;
break;
case MBEDTLS_CIPHER_ARIA_256_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 256;
break;
case MBEDTLS_CIPHER_ARIA_256_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 256;
break;
case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 128;
break;
case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 128;
break;
case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 128;
break;
case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 192;
break;
case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 192;
break;
case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 256;
break;
case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 256;
break;
case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 256;
break;
case MBEDTLS_CIPHER_CHACHA20_POLY1305:
*alg = PSA_ALG_CHACHA20_POLY1305;
*key_type = PSA_KEY_TYPE_CHACHA20;
*key_size = 256;
break;
case MBEDTLS_CIPHER_NULL:
*alg = MBEDTLS_SSL_NULL_CIPHER;
*key_type = 0;
*key_size = 0;
break;
default:
return PSA_ERROR_NOT_SUPPORTED;
}
return PSA_SUCCESS;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
const unsigned char *dhm_P, size_t P_len,

59
library/ssl_tls13_keys.c
View File

@ -801,7 +801,9 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl /* DEBUG ONLY */ )
{
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_cipher_info_t const *cipher_info;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc;
@ -809,6 +811,14 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
unsigned char const *key_dec;
unsigned char const *iv_dec;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
size_t key_bits;
psa_status_t status = PSA_SUCCESS;
#endif
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
@ -830,10 +840,10 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Setup cipher contexts in target transform
*/
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
@ -847,6 +857,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
if( endpoint == MBEDTLS_SSL_IS_SERVER )
@ -876,6 +887,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len );
memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len );
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc,
key_enc, cipher_info->key_bitlen,
MBEDTLS_ENCRYPT ) ) != 0 )
@ -891,6 +903,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Setup other fields in SSL transform
@ -913,6 +926,50 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
transform->minlen =
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Setup psa keys and alg
*/
if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
transform->taglen,
&alg,
&key_type,
&key_bits ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls( status ) );
return( psa_ssl_status_to_mbedtls( status ) );
}
transform->psa_alg = alg;
if ( alg != MBEDTLS_SSL_NULL_CIPHER )
{
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
if( ( status = psa_import_key( &attributes,
key_enc,
PSA_BITS_TO_BYTES( key_bits ),
&transform->psa_key_enc ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) );
return( psa_ssl_status_to_mbedtls( status ) );
}
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
if( ( status = psa_import_key( &attributes,
key_dec,
PSA_BITS_TO_BYTES( key_bits ),
&transform->psa_key_dec ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) );
return( psa_ssl_status_to_mbedtls( status ) );
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( 0 );
}

8
tests/ssl-opt.sh
View File

@ -1195,12 +1195,8 @@ run_test_psa() {
"$P_SRV debug_level=3 force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
-c "PSA calc verify" \
-c "calc PSA finished" \
-s "Successfully setup PSA-based decryption cipher context" \
-s "Successfully setup PSA-based encryption cipher context" \
-s "PSA calc verify" \
-s "calc PSA finished" \
-C "Failed to setup PSA-based cipher context"\
@ -1218,12 +1214,8 @@ run_test_psa_force_curve() {
"$P_SRV debug_level=4 force_version=tls12 curves=$1" \
"$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
-c "PSA calc verify" \
-c "calc PSA finished" \
-s "Successfully setup PSA-based decryption cipher context" \
-s "Successfully setup PSA-based encryption cipher context" \
-s "PSA calc verify" \
-s "calc PSA finished" \
-C "Failed to setup PSA-based cipher context"\

1552
tests/suites/test_suite_ssl.data
View File

File diff suppressed because it is too large Load Diff

177
tests/suites/test_suite_ssl.function
View File

@ -1186,6 +1186,47 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
size_t part_len;
status = psa_cipher_encrypt_setup( &cipher_op,
transform->psa_key_enc, transform->psa_alg );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
status = psa_cipher_update( &cipher_op,
input, ilen, output, ilen, olen );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
status = psa_cipher_finish( &cipher_op,
output + *olen, ilen - *olen, &part_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
*olen += part_len;
return( 0 );
#else
return mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
iv, iv_len, input, ilen, output, olen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id,
@ -1196,6 +1237,14 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_cipher_info_t const *cipher_info;
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif
size_t keylen, maclen, ivlen;
unsigned char *key0 = NULL, *key1 = NULL;
unsigned char *md0 = NULL, *md1 = NULL;
@ -1230,6 +1279,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
memset( key0, 0x1, keylen );
memset( key1, 0x2, keylen );
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* Setup cipher contexts */
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
@ -1258,6 +1308,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
keylen << 3, MBEDTLS_DECRYPT ) == 0 );
#endif
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
@ -1420,6 +1471,76 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
t_out->out_cid_len = cid0_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = mbedtls_ssl_cipher_to_psa( cipher_type,
t_in->taglen,
&alg,
&key_type,
&key_bits );
if ( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto cleanup;
}
t_in->psa_alg = alg;
t_out->psa_alg = alg;
if ( alg != MBEDTLS_SSL_NULL_CIPHER )
{
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
status = psa_import_key( &attributes,
key0,
PSA_BITS_TO_BYTES( key_bits ),
&t_in->psa_key_enc );
if ( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto cleanup;
}
status = psa_import_key( &attributes,
key1,
PSA_BITS_TO_BYTES( key_bits ),
&t_out->psa_key_enc );
if ( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto cleanup;
}
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
status = psa_import_key( &attributes,
key1,
PSA_BITS_TO_BYTES( key_bits ),
&t_in->psa_key_dec );
if ( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto cleanup;
}
status = psa_import_key( &attributes,
key0,
PSA_BITS_TO_BYTES( key_bits ),
&t_out->psa_key_dec );
if ( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto cleanup;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
cleanup:
mbedtls_free( key0 );
@ -3178,13 +3299,17 @@ void ssl_crypt_record( int cipher_type, int hash_id,
size_t const buflen = 512;
mbedtls_record rec, rec_backup;
USE_PSA_INIT( );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_transform_init( &t0 );
mbedtls_ssl_transform_init( &t1 );
TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
etm, tag_mode, ver,
(size_t) cid0_len,
(size_t) cid1_len ) == 0 );
ret = build_transforms( &t0, &t1, cipher_type, hash_id,
etm, tag_mode, ver,
(size_t) cid0_len,
(size_t) cid1_len );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
@ -3288,6 +3413,7 @@ exit:
mbedtls_ssl_transform_free( &t1 );
mbedtls_free( buf );
USE_PSA_DONE( );
}
/* END_CASE */
@ -3334,13 +3460,17 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
int seen_success; /* Indicates if in the current mode we've
* already seen a successful test. */
USE_PSA_INIT( );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_transform_init( &t0 );
mbedtls_ssl_transform_init( &t1 );
TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
ret = build_transforms( &t0, &t1, cipher_type, hash_id,
etm, tag_mode, ver,
(size_t) cid0_len,
(size_t) cid1_len ) == 0 );
(size_t) cid1_len );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
@ -3454,6 +3584,7 @@ exit:
mbedtls_ssl_transform_free( &t1 );
mbedtls_free( buf );
USE_PSA_DONE( );
}
/* END_CASE */
@ -3487,17 +3618,22 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
unsigned char add_data[13];
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
int exp_ret;
int ret;
const unsigned char pad_max_len = 255; /* Per the standard */
USE_PSA_INIT( );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_transform_init( &t0 );
mbedtls_ssl_transform_init( &t1 );
/* Set up transforms with dummy keys */
TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
ret = build_transforms( &t0, &t1, cipher_type, hash_id,
0, trunc_hmac,
MBEDTLS_SSL_MINOR_VERSION_3,
0 , 0 ) == 0 );
0 , 0 );
TEST_ASSERT( ret == 0 );
/* Determine padding/plaintext length */
TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
@ -3585,10 +3721,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
/*
* Encrypt and decrypt the correct record, expecting success
*/
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
t0.iv_enc, t0.ivlen,
rec.buf + rec.data_offset, rec.data_len,
rec.buf + rec.data_offset, &olen ) );
TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
rec.buf + rec.data_offset, rec.data_len,
rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
@ -3611,10 +3746,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
rec.buf[i] ^= 0x01;
/* Encrypt */
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
t0.iv_enc, t0.ivlen,
rec.buf + rec.data_offset, rec.data_len,
rec.buf + rec.data_offset, &olen ) );
TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
rec.buf + rec.data_offset, rec.data_len,
rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
@ -3648,10 +3782,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
memset( buf + buflen - padlen - 1, i, padlen + 1 );
/* Encrypt */
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
t0.iv_enc, t0.ivlen,
rec.buf + rec.data_offset, rec.data_len,
rec.buf + rec.data_offset, &olen ) );
TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
rec.buf + rec.data_offset, rec.data_len,
rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
@ -3666,6 +3799,7 @@ exit:
mbedtls_ssl_transform_free( &t1 );
mbedtls_free( buf );
mbedtls_free( buf_save );
USE_PSA_DONE( );
}
/* END_CASE */
@ -3964,6 +4098,8 @@ void ssl_tls13_record_protection( int ciphersuite,
size_t buf_len;
int other_endpoint;
USE_PSA_INIT( );
TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
endpoint == MBEDTLS_SSL_IS_SERVER );
@ -4039,6 +4175,7 @@ void ssl_tls13_record_protection( int ciphersuite,
mbedtls_free( buf );
mbedtls_ssl_transform_free( &transform_send );
mbedtls_ssl_transform_free( &transform_recv );
USE_PSA_DONE( );
}
/* END_CASE */