In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 15:34:39 +02:00 · 2022-05-05 15:34:39 +02:00 · 4f4f271850
commit 4f4f271850
parent a8093f5c48
1 changed files with 62 additions and 0 deletions
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -1203,7 +1203,15 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
    size_t transcript_len;

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_type_t key_type;
+    psa_algorithm_t alg;
+    size_t key_bits;
+    size_t taglen;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#else
    mbedtls_cipher_info_t const *cipher_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    size_t key_len, iv_len;

    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@ -1212,9 +1220,32 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG )
+        taglen = 8;
+    else
+        taglen = 16;
+
+    status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher, taglen,
+                                        &alg, &key_type, &key_bits );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
+        return ret;
+    }
+
+    key_len = PSA_BITS_TO_BYTES(key_bits);
+
+    if( PSA_ALG_IS_AEAD( alg ) )
+        iv_len = 12;
+    else
+        iv_len = PSA_CIPHER_IV_LENGTH( key_type, alg );
+#else
    cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
    key_len = cipher_info->key_bitlen >> 3;
    iv_len = cipher_info->iv_size;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */

    md_type = ciphersuite_info->mac;

@ -1408,17 +1439,48 @@ int mbedtls_ssl_tls13_generate_application_keys(
    size_t hash_len;

    /* Variables relating to the cipher for the chosen ciphersuite. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_type_t key_type;
+    psa_algorithm_t alg;
+    size_t key_bits;
+    size_t taglen;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#else
    mbedtls_cipher_info_t const *cipher_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    size_t key_len, iv_len;

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );

    /* Extract basic information about hash and ciphersuite */

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( handshake->ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG )
+        taglen = 8;
+    else
+        taglen = 16;
+
+    status = mbedtls_ssl_cipher_to_psa( handshake->ciphersuite_info->cipher,
+                                        taglen, &alg, &key_type, &key_bits );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
+        goto cleanup;
+    }
+
+    key_len = PSA_BITS_TO_BYTES(key_bits);
+
+    if( PSA_ALG_IS_AEAD( alg ) )
+        iv_len = 12;
+    else
+        iv_len = PSA_CIPHER_IV_LENGTH( key_type, alg );
+#else
    cipher_info = mbedtls_cipher_info_from_type(
                                  handshake->ciphersuite_info->cipher );
    key_len = cipher_info->key_bitlen / 8;
    iv_len = cipher_info->iv_size;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */

    md_type = handshake->ciphersuite_info->mac;