xref: /third_party/mbedtls/library/ssl_tls.c

416 static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
1020 void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform)
1022     memset(transform, 0, sizeof(mbedtls_ssl_transform));
1025     transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT;
1026     transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT;
1028     mbedtls_cipher_init(&transform->cipher_ctx_enc);
1029     mbedtls_cipher_init(&transform->cipher_ctx_dec);
1034     transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
1035     transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
1037     mbedtls_md_init(&transform->md_ctx_enc);
1038     mbedtls_md_init(&transform->md_ctx_dec);
1537     if (ssl->transform) {
1538         mbedtls_ssl_transform_free(ssl->transform);
1539         mbedtls_free(ssl->transform);
1540         ssl->transform = NULL;
2416     const mbedtls_ssl_transform *transform)
2420         transform->psa_alg
2422         mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)
2428     encrypt_then_mac = transform->encrypt_then_mac;
5012  *  // transform sub-structure
5029  *  2. pointer to dynamically-allocated memory (eg session, transform)
5062     if (ssl->transform == NULL || ssl->session == NULL) {
5086     if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) {
5134     used += sizeof(ssl->transform->randbytes);
5136         memcpy(p, ssl->transform->randbytes,
5137                sizeof(ssl->transform->randbytes));
5138         p += sizeof(ssl->transform->randbytes);
5142     used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
5144         *p++ = ssl->transform->in_cid_len;
5145         memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len);
5146         p += ssl->transform->in_cid_len;
5148         *p++ = ssl->transform->out_cid_len;
5149         memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len);
5150         p += ssl->transform->out_cid_len;
5323     ssl->transform = ssl->transform_negotiate;
5324     ssl->transform_in = ssl->transform;
5325     ssl->transform_out = ssl->transform;
5336     if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) {
5340     ret = ssl_tls12_populate_transform(ssl->transform,
5355     p += sizeof(ssl->transform->randbytes);
5363     ssl->transform->in_cid_len = *p++;
5365     if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) {
5369     memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len);
5370     p += ssl->transform->in_cid_len;
5372     ssl->transform->out_cid_len = *p++;
5374     if ((size_t) (end - p) < ssl->transform->out_cid_len) {
5378     memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len);
5379     p += ssl->transform->out_cid_len;
5468      * the given transform, accounting for explicit IV and CID. */
5469     mbedtls_ssl_update_out_pointers(ssl, ssl->transform);
5476      * which we don't want - otherwise we'd end up freeing the wrong transform
5545     if (ssl->transform) {
5546         mbedtls_ssl_transform_free(ssl->transform);
5547         mbedtls_free(ssl->transform);
7236     /* Populate transform structure */
8452      * Free the previous transform and switch in the current one
8454     if (ssl->transform) {
8455         mbedtls_ssl_transform_free(ssl->transform);
8456         mbedtls_free(ssl->transform);
8458     ssl->transform = ssl->transform_negotiate;
8514          * we need the handshake and transform structures for that */
8515         MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform"));
8576      * Switch to our negotiated transform and session parameters for outbound
8579     MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data"));
8769  * Populate a transform structure with session keys and all the other
8773  * - [in/out]: transform: structure to populate
8789 static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
8830     transform->encrypt_then_mac = encrypt_then_mac;
8832     transform->tls_version = tls_version;
8835     memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes));
8840         /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
8863         transform->taglen =
8869                                             transform->taglen,
8906         MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform"));
8908         transform->in_cid_len = ssl->own_cid_len;
8909         memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len);
8910         MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid,
8911                               transform->in_cid_len);
8913         transform->out_cid_len = ssl->handshake->peer_cid_len;
8914         memcpy(transform->out_cid, ssl->handshake->peer_cid,
8916         MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid,
8917                               transform->out_cid_len);
8950         transform->maclen = 0;
8961         transform->ivlen = 12;
8972             transform->fixed_ivlen = 12;
8974             transform->fixed_ivlen = 4;
8978         explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
8979         transform->minlen = explicit_ivlen + transform->taglen;
8997         if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 ||
8998             (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) {
9006         transform->maclen = mac_key_len;
9010         transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg);
9012         transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
9017             transform->minlen = transform->maclen;
9027                 transform->minlen = transform->maclen
9032                 transform->minlen = transform->maclen
9034                                     - transform->maclen % block_size;
9038                 transform->minlen += transform->ivlen;
9054                               (unsigned) transform->minlen,
9055                               (unsigned) transform->ivlen,
9056                               (unsigned) transform->maclen));
9069         iv_copy_len = (transform->fixed_ivlen) ?
9070                       transform->fixed_ivlen : transform->ivlen;
9071         memcpy(transform->iv_enc, key2 + keylen,  iv_copy_len);
9072         memcpy(transform->iv_dec, key2 + keylen + iv_copy_len,
9084         iv_copy_len = (transform->fixed_ivlen) ?
9085                       transform->fixed_ivlen : transform->ivlen;
9086         memcpy(transform->iv_dec, key1 + keylen,  iv_copy_len);
9087         memcpy(transform->iv_enc, key1 + keylen + iv_copy_len,
9107     transform->psa_alg = alg;
9117                                      &transform->psa_key_enc)) != PSA_SUCCESS) {
9129                                      &transform->psa_key_dec)) != PSA_SUCCESS) {
9136     if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
9142     if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
9148     if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1,
9155     if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2,
9164         if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc,
9170         if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec,
9184         transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg);
9192                                      &transform->psa_mac_enc)) != PSA_SUCCESS) {
9198         if ((transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) ||
9199             ((transform->psa_alg == PSA_ALG_CBC_NO_PADDING)
9201              && (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED)
9213                                      &transform->psa_mac_dec)) != PSA_SUCCESS) {
9219         ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len);
9223         ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len);

Indexes created Thu Nov 07 10:32:03 CST 2024