From 4f4f271850b03dd4f9932a29c4bb7aba8ed76e5e Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 5 May 2022 15:34:39 +0200 Subject: [PATCH] In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() Signed-off-by: Neil Armstrong --- library/ssl_tls13_keys.c | 62 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index c79d4c92a..714c21ac4 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1203,7 +1203,15 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_algorithm_t alg; + size_t key_bits; + size_t taglen; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#else mbedtls_cipher_info_t const *cipher_info; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t key_len, iv_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1212,9 +1220,32 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) + taglen = 8; + else + taglen = 16; + + status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher, taglen, + &alg, &key_type, &key_bits ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); + return ret; + } + + key_len = PSA_BITS_TO_BYTES(key_bits); + + if( PSA_ALG_IS_AEAD( alg ) ) + iv_len = 12; + else + iv_len = PSA_CIPHER_IV_LENGTH( key_type, alg ); +#else cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); key_len = cipher_info->key_bitlen >> 3; iv_len = cipher_info->iv_size; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ md_type = ciphersuite_info->mac; @@ -1408,17 +1439,48 @@ int mbedtls_ssl_tls13_generate_application_keys( size_t hash_len; /* Variables relating to the cipher for the chosen ciphersuite. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_algorithm_t alg; + size_t key_bits; + size_t taglen; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#else mbedtls_cipher_info_t const *cipher_info; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t key_len, iv_len; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) ); /* Extract basic information about hash and ciphersuite */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( handshake->ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) + taglen = 8; + else + taglen = 16; + + status = mbedtls_ssl_cipher_to_psa( handshake->ciphersuite_info->cipher, + taglen, &alg, &key_type, &key_bits ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); + goto cleanup; + } + + key_len = PSA_BITS_TO_BYTES(key_bits); + + if( PSA_ALG_IS_AEAD( alg ) ) + iv_len = 12; + else + iv_len = PSA_CIPHER_IV_LENGTH( key_type, alg ); +#else cipher_info = mbedtls_cipher_info_from_type( handshake->ciphersuite_info->cipher ); key_len = cipher_info->key_bitlen / 8; iv_len = cipher_info->iv_size; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ md_type = handshake->ciphersuite_info->mac;