From 8a0f3e8cf0f8d8ed9a3990e8110fdf4ff2bcd4fe Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 30 Mar 2022 10:57:37 +0200 Subject: [PATCH 01/17] Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 13 ++++++++++++ library/ssl_tls.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 46d85d94fa..8092450902 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2210,6 +2210,19 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) } #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ +/** + * \brief TLS record protection modes + */ +typedef enum { + MBEDTLS_SSL_MODE_STREAM = 0, + MBEDTLS_SSL_MODE_CBC, + MBEDTLS_SSL_MODE_CBC_ETM, + MBEDTLS_SSL_MODE_AEAD +} mbedtls_ssl_mode_t; + +mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( + const mbedtls_ssl_transform *transform ); + #if defined(MBEDTLS_ECDH_C) int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 57f4e46e65..04f9af05df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1715,6 +1715,56 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + +mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( + const mbedtls_ssl_transform *transform ) +{ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_cipher_mode_t mode = + mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) + { +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + return( MBEDTLS_SSL_MODE_CBC_ETM ); +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + + return( MBEDTLS_SSL_MODE_CBC ); + } +#else + if( mode == MBEDTLS_MODE_CBC ) + { +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + return( MBEDTLS_SSL_MODE_CBC_ETM ); +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + + return( MBEDTLS_SSL_MODE_CBC ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( PSA_ALG_IS_AEAD( transform->psa_alg ) ) + return( MBEDTLS_SSL_MODE_AEAD ); +#else +#if defined(MBEDTLS_GCM_C) || \ + defined(MBEDTLS_CCM_C) || \ + defined(MBEDTLS_CHACHAPOLY_C) + if( mode == MBEDTLS_MODE_GCM || + mode == MBEDTLS_MODE_CCM || + mode == MBEDTLS_MODE_CHACHAPOLY ) + return( MBEDTLS_SSL_MODE_AEAD ); +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + return( MBEDTLS_SSL_MODE_STREAM ); +} + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, From 136f8409df6fd508d03252b73b481f6a8d3dee9a Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 30 Mar 2022 10:58:01 +0200 Subject: [PATCH 02/17] Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() Signed-off-by: Neil Armstrong --- library/ssl_msg.c | 78 ++++++++++------------------------------------- 1 file changed, 16 insertions(+), 62 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c55c60f825..0bfe4c9ada 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -523,9 +523,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_cipher_mode_t mode; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ssl_mode_t ssl_mode; int auth_done = 0; unsigned char * data; unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ]; @@ -566,15 +564,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } + ssl_mode = mbedtls_get_mode_from_transform( transform ); + data = rec->buf + rec->data_offset; post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", data, rec->data_len ); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET @@ -654,17 +650,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Add MAC before if needed */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER || - ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING -#else - if( mode == MBEDTLS_MODE_STREAM || - ( mode == MBEDTLS_MODE_CBC -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED -#endif - ) ) + if( ssl_mode == MBEDTLS_SSL_MODE_STREAM || + ssl_mode == MBEDTLS_SSL_MODE_CBC ) { if( post_avail < transform->maclen ) { @@ -748,11 +735,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Encrypt */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) -#else - if( mode == MBEDTLS_MODE_STREAM ) -#endif + if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", @@ -767,13 +750,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( PSA_ALG_IS_AEAD( transform->psa_alg ) ) -#else - if( mode == MBEDTLS_MODE_GCM || - mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -891,11 +868,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) -#else - if( mode == MBEDTLS_MODE_CBC ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( ssl_mode == MBEDTLS_SSL_MODE_CBC || + ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t padlen, i; @@ -1139,14 +1113,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_record *rec ) { size_t olen; -#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_ssl_mode_t ssl_mode; int ret; -#else - mbedtls_cipher_mode_t mode; - int ret; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - int auth_done = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t padlen = 0, correct = 1; @@ -1171,9 +1140,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } data = rec->buf + rec->data_offset; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ssl_mode = mbedtls_get_mode_from_transform( transform ); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* @@ -1187,11 +1154,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) -#else - if( mode == MBEDTLS_MODE_STREAM ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) { /* The only supported stream cipher is "NULL", * so there's nothing to do here.*/ @@ -1201,13 +1164,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( PSA_ALG_IS_AEAD( transform->psa_alg ) ) -#else - if( mode == MBEDTLS_MODE_GCM || - mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1333,11 +1290,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) -#else - if( mode == MBEDTLS_MODE_CBC ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( ssl_mode == MBEDTLS_SSL_MODE_CBC || + ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { size_t minlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1391,7 +1345,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Authenticate before decrypt if enabled */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; From 4bf4c8675fee0c6219c585182af7647128d3aabd Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 1 Apr 2022 10:35:48 +0200 Subject: [PATCH 03/17] Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 9 ++++++ library/ssl_tls.c | 81 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 78 insertions(+), 12 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8092450902..02fad93d12 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2223,6 +2223,15 @@ typedef enum { mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( const mbedtls_ssl_transform *transform ); +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +mbedtls_ssl_mode_t mbedtls_get_mode_from_ciphersuite( + int encrypt_then_mac, + const mbedtls_ssl_ciphersuite_t *suite ); +#else +mbedtls_ssl_mode_t mbedtls_get_mode_from_ciphersuite( + const mbedtls_ssl_ciphersuite_t *suite ); +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + #if defined(MBEDTLS_ECDH_C) int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 04f9af05df..78fac7e603 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1715,21 +1715,23 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( - const mbedtls_ssl_transform *transform ) +static inline mbedtls_ssl_mode_t mbedtls_get_mode( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + int encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_algorithm_t alg +#else + mbedtls_cipher_mode_t mode +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_cipher_mode_t mode = - mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) + if( alg == PSA_ALG_CBC_NO_PADDING ) { #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) return( MBEDTLS_SSL_MODE_CBC_ETM ); #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1739,7 +1741,7 @@ mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( if( mode == MBEDTLS_MODE_CBC ) { #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) return( MBEDTLS_SSL_MODE_CBC_ETM ); #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1749,7 +1751,7 @@ mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( PSA_ALG_IS_AEAD( transform->psa_alg ) ) + if( PSA_ALG_IS_AEAD( alg ) ) return( MBEDTLS_SSL_MODE_AEAD ); #else #if defined(MBEDTLS_GCM_C) || \ @@ -1765,6 +1767,61 @@ mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( return( MBEDTLS_SSL_MODE_STREAM ); } +mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( + const mbedtls_ssl_transform *transform ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + return mbedtls_get_mode( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + transform->encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + transform->psa_alg ); +#else + mbedtls_cipher_mode_t mode = + mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); + + return mbedtls_get_mode( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + transform->encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + mode ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +} + +mbedtls_ssl_mode_t mbedtls_get_mode_from_ciphersuite( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + int encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + const mbedtls_ssl_ciphersuite_t *suite ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + psa_algorithm_t alg; + psa_key_type_t type; + size_t size; + + status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); + if( status == PSA_SUCCESS ) + return mbedtls_get_mode( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + alg ); +#else + const mbedtls_cipher_info_t *cipher = + mbedtls_cipher_info_from_type( suite->cipher ); + + if( cipher != NULL ) + return mbedtls_get_mode( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + mbedtls_cipher_info_get_mode( cipher ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + return( MBEDTLS_SSL_MODE_STREAM ); +} + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, From fe635e42c9888eeeb177ba0fb56d501263d4059f Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 1 Apr 2022 10:36:09 +0200 Subject: [PATCH 04/17] Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() Signed-off-by: Neil Armstrong --- library/ssl_tls12_server.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3b2c2f75b2..d5282d7b80 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1978,13 +1978,6 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; const mbedtls_ssl_ciphersuite_t *suite = NULL; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_algorithm_t alg; - size_t key_bits; -#else - const mbedtls_cipher_info_t *cipher = NULL; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension @@ -1992,18 +1985,19 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, * with Associated Data (AEAD) ciphersuite, it MUST NOT send an * encrypt-then-MAC response extension back to the client." */ - if( ( suite = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ) ) == NULL || -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, - &key_type, &key_bits ) != PSA_SUCCESS ) || - alg != PSA_ALG_CBC_NO_PADDING ) -#else - ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || - cipher->mode != MBEDTLS_MODE_CBC ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { + suite = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite ); + if( suite == NULL ) ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + else + { + mbedtls_ssl_mode_t ssl_mode = + mbedtls_get_mode_from_ciphersuite( + ssl->session_negotiate->encrypt_then_mac, + suite ); + + if( ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM ) + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; } if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) From 7fea33ea4dd0c305a4d540edabd30883ded7f3f0 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 1 Apr 2022 15:40:25 +0200 Subject: [PATCH 05/17] Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong --- library/ssl_tls.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 78fac7e603..2e1edea93d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6912,6 +6912,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, size_t keylen; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_cipher_info_t *cipher_info; + mbedtls_ssl_mode_t ssl_mode; #if !defined(MBEDTLS_USE_PSA_CRYPTO) const mbedtls_md_info_t *md_info; #endif /* !MBEDTLS_USE_PSA_CRYPTO */ @@ -6967,6 +6968,12 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } + ssl_mode = mbedtls_get_mode_from_ciphersuite( +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + ciphersuite_info ); + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); if( cipher_info == NULL ) { @@ -7038,9 +7045,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM || - mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM || - mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) + if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) { size_t explicit_ivlen; @@ -7070,8 +7075,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM || - mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) + if( ssl_mode == MBEDTLS_SSL_MODE_STREAM || + ssl_mode == MBEDTLS_SSL_MODE_CBC || + ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Get MAC length */ @@ -7094,7 +7100,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, transform->ivlen = cipher_info->iv_size; /* Minimum length */ - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ) + if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) transform->minlen = transform->maclen; else { @@ -7105,7 +7111,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, * 2. IV */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { transform->minlen = transform->maclen + cipher_info->block_size; From a0eeb7f470550d98adea4e54020ab9eeceaf3ba5 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 1 Apr 2022 17:36:10 +0200 Subject: [PATCH 06/17] Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong --- library/ssl_tls.c | 59 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 17 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2e1edea93d..dfcc085a08 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6911,9 +6911,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, size_t iv_copy_len; size_t keylen; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - const mbedtls_cipher_info_t *cipher_info; mbedtls_ssl_mode_t ssl_mode; #if !defined(MBEDTLS_USE_PSA_CRYPTO) + const mbedtls_cipher_info_t *cipher_info; const mbedtls_md_info_t *md_info; #endif /* !MBEDTLS_USE_PSA_CRYPTO */ @@ -6974,6 +6974,22 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ ciphersuite_info ); + if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) + transform->taglen = + ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ( status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher, + transform->taglen, + &alg, + &key_type, + &key_bits ) ) != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); + goto end; + } +#else cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); if( cipher_info == NULL ) { @@ -6981,6 +6997,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, ciphersuite_info->cipher ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); @@ -7040,7 +7057,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, * Determine the appropriate key, IV and MAC length. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + keylen = PSA_BITS_TO_BYTES(key_bits); +#else keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8; +#endif #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ @@ -7051,8 +7072,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, transform->maclen = 0; mac_key_len = 0; - transform->taglen = - ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; /* All modes haves 96-bit IVs, but the length of the static parts vary * with mode and version: @@ -7063,7 +7082,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, * sequence number). */ transform->ivlen = 12; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( key_type == PSA_KEY_TYPE_CHACHA20 ) +#else if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ transform->fixed_ivlen = 12; else transform->fixed_ivlen = 4; @@ -7079,6 +7102,12 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t block_size = PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; +#else + size_t block_size = cipher_info->block_size; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Get MAC length */ mac_key_len = PSA_HASH_LENGTH(mac_alg); @@ -7097,7 +7126,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, transform->maclen = mac_key_len; /* IV length */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) + transform->ivlen = 0; + else + transform->ivlen = PSA_CIPHER_IV_LENGTH( key_type, alg ); +#else transform->ivlen = cipher_info->iv_size; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Minimum length */ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) @@ -7114,14 +7150,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { transform->minlen = transform->maclen - + cipher_info->block_size; + + block_size; } else #endif { transform->minlen = transform->maclen - + cipher_info->block_size - - transform->maclen % cipher_info->block_size; + + block_size + - transform->maclen % block_size; } if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) @@ -7203,17 +7239,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type, - transform->taglen, - &alg, - &key_type, - &key_bits ) ) != PSA_SUCCESS ) - { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); - goto end; - } - transform->psa_alg = alg; if ( alg != MBEDTLS_SSL_NULL_CIPHER ) From 858581e81a2bbe66691a5291e8d8a7936e7b2c6a Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 1 Apr 2022 18:03:15 +0200 Subject: [PATCH 07/17] Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong --- library/ssl_ticket.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 7f658497ef..39f120995d 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -216,19 +216,39 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, uint32_t lifetime ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_cipher_info_t *cipher_info; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg; psa_key_type_t key_type; size_t key_bits; -#endif +#else + const mbedtls_cipher_info_t *cipher_info; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ctx->f_rng = f_rng; ctx->p_rng = p_rng; ctx->ticket_lifetime = lifetime; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( mbedtls_ssl_cipher_to_psa( cipher, TICKET_AUTH_TAG_BYTES, + &alg, &key_type, &key_bits ) != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + if( PSA_ALG_IS_AEAD( alg ) == 0 ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + if( key_bits > PSA_BYTES_TO_BITS( MAX_KEY_BYTES ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + ctx->keys[0].alg = alg; + ctx->keys[0].key_type = key_type; + ctx->keys[0].key_bits = key_bits; + + ctx->keys[1].alg = alg; + ctx->keys[1].key_type = key_type; + ctx->keys[1].key_bits = key_bits; +#else cipher_info = mbedtls_cipher_info_from_type( cipher ); if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM && @@ -241,19 +261,6 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( mbedtls_ssl_cipher_to_psa( cipher_info->type, TICKET_AUTH_TAG_BYTES, - &alg, &key_type, &key_bits ) != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ctx->keys[0].alg = alg; - ctx->keys[0].key_type = key_type; - ctx->keys[0].key_bits = key_bits; - - ctx->keys[1].alg = alg; - ctx->keys[1].key_type = key_type; - ctx->keys[1].key_bits = key_bits; -#else if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ) return( ret ); From ab555e0a6c91bb98faccd54f2b724a3a56c473b2 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 4 Apr 2022 11:07:59 +0200 Subject: [PATCH 08/17] Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 6 +++--- library/ssl_msg.c | 4 ++-- library/ssl_tls.c | 6 +++--- library/ssl_tls12_server.c | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 02fad93d12..16c11cb6bf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2220,15 +2220,15 @@ typedef enum { MBEDTLS_SSL_MODE_AEAD } mbedtls_ssl_mode_t; -mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( +mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform ); #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -mbedtls_ssl_mode_t mbedtls_get_mode_from_ciphersuite( +mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( int encrypt_then_mac, const mbedtls_ssl_ciphersuite_t *suite ); #else -mbedtls_ssl_mode_t mbedtls_get_mode_from_ciphersuite( +mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( const mbedtls_ssl_ciphersuite_t *suite ); #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0bfe4c9ada..083c8d2e68 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -564,7 +564,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - ssl_mode = mbedtls_get_mode_from_transform( transform ); + ssl_mode = mbedtls_ssl_get_mode_from_transform( transform ); data = rec->buf + rec->data_offset; post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); @@ -1140,7 +1140,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } data = rec->buf + rec->data_offset; - ssl_mode = mbedtls_get_mode_from_transform( transform ); + ssl_mode = mbedtls_ssl_get_mode_from_transform( transform ); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dfcc085a08..9d2769c85b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1767,7 +1767,7 @@ static inline mbedtls_ssl_mode_t mbedtls_get_mode( return( MBEDTLS_SSL_MODE_STREAM ); } -mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( +mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1788,7 +1788,7 @@ mbedtls_ssl_mode_t mbedtls_get_mode_from_transform( #endif /* MBEDTLS_USE_PSA_CRYPTO */ } -mbedtls_ssl_mode_t mbedtls_get_mode_from_ciphersuite( +mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -6968,7 +6968,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - ssl_mode = mbedtls_get_mode_from_ciphersuite( + ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d5282d7b80..facf09b7bf 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1992,7 +1992,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, else { mbedtls_ssl_mode_t ssl_mode = - mbedtls_get_mode_from_ciphersuite( + mbedtls_ssl_get_mode_from_ciphersuite( ssl->session_negotiate->encrypt_then_mac, suite ); From 6b27c97a91d60f55b5ff47289409959ec3befac7 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 4 Apr 2022 11:09:51 +0200 Subject: [PATCH 09/17] Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() Signed-off-by: Neil Armstrong --- library/ssl_tls.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9d2769c85b..de8949e2dd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1715,7 +1715,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -static inline mbedtls_ssl_mode_t mbedtls_get_mode( +static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1771,7 +1771,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return mbedtls_get_mode( + return mbedtls_ssl_get_mode( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) transform->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1780,7 +1780,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); - return mbedtls_get_mode( + return mbedtls_ssl_get_mode( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) transform->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1802,7 +1802,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); if( status == PSA_SUCCESS ) - return mbedtls_get_mode( + return mbedtls_ssl_get_mode( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1812,7 +1812,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( mbedtls_cipher_info_from_type( suite->cipher ); if( cipher != NULL ) - return mbedtls_get_mode( + return mbedtls_ssl_get_mode( #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ From d1be7674a424cfa4bb8108d82920017d834442d4 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 4 Apr 2022 11:21:41 +0200 Subject: [PATCH 10/17] Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index de8949e2dd..af8cbb2700 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7103,7 +7103,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t block_size = PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; + size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); #else size_t block_size = cipher_info->block_size; #endif /* MBEDTLS_USE_PSA_CRYPTO */ From ccc074e44db6eeff9b1bb7974267cf211ca8edff Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 5 Apr 2022 11:01:47 +0200 Subject: [PATCH 11/17] Use correct condition to use encrypt_then_mac in ssl_tls.c Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 6 ++++-- library/ssl_tls.c | 42 ++++++++++++++++++++++++++++-------------- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 16c11cb6bf..3332c3f2b2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2223,14 +2223,16 @@ typedef enum { mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform ); -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( int encrypt_then_mac, const mbedtls_ssl_ciphersuite_t *suite ); #else mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( const mbedtls_ssl_ciphersuite_t *suite ); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_ECDH_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index af8cbb2700..4bc3c49e21 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1716,9 +1716,11 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg #else @@ -1772,26 +1774,32 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( { #if defined(MBEDTLS_USE_PSA_CRYPTO) return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) transform->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ transform->psa_alg ); #else mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) transform->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ mode ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ const mbedtls_ssl_ciphersuite_t *suite ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1803,9 +1811,11 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); if( status == PSA_SUCCESS ) return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ alg ); #else const mbedtls_cipher_info_t *cipher = @@ -1813,9 +1823,11 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( if( cipher != NULL ) return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ mbedtls_cipher_info_get_mode( cipher ) ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -6969,9 +6981,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ciphersuite_info ); if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) From f2c82f0a3b955e0a88e84f73ab1cdd9b3c7d6fb4 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 5 Apr 2022 11:16:53 +0200 Subject: [PATCH 12/17] Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 12 +++++--- library/ssl_tls.c | 71 ++++++++++++++++------------------------------ 2 files changed, 32 insertions(+), 51 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 3332c3f2b2..99257b0eb2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -173,6 +173,12 @@ #define MBEDTLS_SSL_SOME_SUITES_USE_MAC #endif +/* This macro determines whether a ciphersuite uses Encrypt-then-MAC with CBC */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#define MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM +#endif + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) @@ -2223,16 +2229,14 @@ typedef enum { mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform ); -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( int encrypt_then_mac, const mbedtls_ssl_ciphersuite_t *suite ); #else mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( const mbedtls_ssl_ciphersuite_t *suite ); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ #if defined(MBEDTLS_ECDH_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4bc3c49e21..cb72f162e6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -383,11 +383,9 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, int ciphersuite, const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], mbedtls_ssl_protocol_version tls_version, @@ -1716,11 +1714,9 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg #else @@ -1774,32 +1770,26 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( { #if defined(MBEDTLS_USE_PSA_CRYPTO) return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) transform->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->psa_alg ); #else mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) transform->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ mode ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ const mbedtls_ssl_ciphersuite_t *suite ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1811,11 +1801,9 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); if( status == PSA_SUCCESS ) return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ alg ); #else const mbedtls_cipher_info_t *cipher = @@ -1823,11 +1811,9 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( if( cipher != NULL ) return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ mbedtls_cipher_info_get_mode( cipher ) ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -3734,11 +3720,9 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ret = ssl_tls12_populate_transform( ssl->transform, ssl->session->ciphersuite, ssl->session->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) ssl->session->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ ssl_tls12prf_from_cs( ssl->session->ciphersuite ), p, /* currently pointing to randbytes */ MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */ @@ -5312,11 +5296,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ret = ssl_tls12_populate_transform( ssl->transform_negotiate, ssl->session_negotiate->ciphersuite, ssl->session_negotiate->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) ssl->session_negotiate->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ ssl->handshake->tls_prf, ssl->handshake->randbytes, ssl->tls_version, @@ -6902,11 +6884,9 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, int ciphersuite, const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], mbedtls_ssl_protocol_version tls_version, @@ -6950,10 +6930,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, /* * Some data just needs copying into the structure */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) transform->encrypt_then_mac = encrypt_then_mac; -#endif +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -6981,11 +6960,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ ciphersuite_info ); if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) From 76b7407bd7bfa537c72feeaf11e12cde15229911 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 6 Apr 2022 13:43:54 +0200 Subject: [PATCH 13/17] Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() Signed-off-by: Neil Armstrong --- library/ssl_tls12_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index facf09b7bf..0bc668fe80 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1971,7 +1971,7 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) @@ -2016,7 +2016,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, *olen = 4; } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, @@ -2585,7 +2585,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif From e108d987eaf93684e5f58054b11cae0b127841ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Apr 2022 16:50:40 +0200 Subject: [PATCH 14/17] Simplify mbedtls_ssl_get_mode Reduce the imbrications between preprocessor directives and C instructions. Handle encrypt-then-mac separately. No behavior change. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 81 ++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 43 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cb72f162e6..bbdd5e629d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1713,10 +1713,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ +static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg #else @@ -1727,24 +1724,10 @@ static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( alg == PSA_ALG_CBC_NO_PADDING ) - { -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - return( MBEDTLS_SSL_MODE_CBC_ETM ); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - return( MBEDTLS_SSL_MODE_CBC ); - } #else if( mode == MBEDTLS_MODE_CBC ) - { -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - return( MBEDTLS_SSL_MODE_CBC_ETM ); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - return( MBEDTLS_SSL_MODE_CBC ); - } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ @@ -1765,25 +1748,38 @@ static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( return( MBEDTLS_SSL_MODE_STREAM ); } +static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode( + mbedtls_ssl_mode_t base_mode, + int encrypt_then_mac ) +{ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) + if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && + base_mode == MBEDTLS_SSL_MODE_CBC ) + { + return( MBEDTLS_SSL_MODE_CBC_ETM ); + } +#else + (void) encrypt_then_mac; +#endif + return( base_mode ); +} + mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform ) { + mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode( #if defined(MBEDTLS_USE_PSA_CRYPTO) - return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - transform->encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - transform->psa_alg ); + transform->psa_alg #else - mbedtls_cipher_mode_t mode = - mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); + mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) +#endif + ); - return mbedtls_ssl_get_mode( + int encrypt_then_mac = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - transform->encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - mode ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + encrypt_then_mac = transform->encrypt_then_mac; +#endif + return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) ); } mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( @@ -1792,32 +1788,31 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ const mbedtls_ssl_ciphersuite_t *suite ) { + mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM; + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; psa_algorithm_t alg; psa_key_type_t type; size_t size; - status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); if( status == PSA_SUCCESS ) - return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - alg ); + base_mode = mbedtls_ssl_get_base_mode( alg ); #else const mbedtls_cipher_info_t *cipher = mbedtls_cipher_info_from_type( suite->cipher ); - if( cipher != NULL ) - return mbedtls_ssl_get_mode( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - mbedtls_cipher_info_get_mode( cipher ) ); + { + base_mode = + mbedtls_ssl_get_base_mode( + mbedtls_cipher_info_get_mode( cipher ) ); + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( MBEDTLS_SSL_MODE_STREAM ); +#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) + int encrypt_then_mac = 0; +#endif + return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) ); } #if defined(MBEDTLS_USE_PSA_CRYPTO) From 301711e96ee71bef96163f51ba877f8b3fa92301 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Apr 2022 16:57:05 +0200 Subject: [PATCH 15/17] Simplify mbedtls_ssl_get_base_mode Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and non-USE_PSA_CRYPTO definitions independent. No behavior change. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bbdd5e629d..2175734532 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1713,28 +1713,29 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t alg -#else - mbedtls_cipher_mode_t mode -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ) +static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( + psa_algorithm_t alg ) { #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if( alg == PSA_ALG_CBC_NO_PADDING ) return( MBEDTLS_SSL_MODE_CBC ); -#else - if( mode == MBEDTLS_MODE_CBC ) - return( MBEDTLS_SSL_MODE_CBC ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) if( PSA_ALG_IS_AEAD( alg ) ) return( MBEDTLS_SSL_MODE_AEAD ); -#else + return( MBEDTLS_SSL_MODE_STREAM ); +} + +#else /* MBEDTLS_USE_PSA_CRYPTO */ + +static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( + mbedtls_cipher_mode_t mode ) +{ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + if( mode == MBEDTLS_MODE_CBC ) + return( MBEDTLS_SSL_MODE_CBC ); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) @@ -1743,10 +1744,10 @@ static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( mode == MBEDTLS_MODE_CHACHAPOLY ) return( MBEDTLS_SSL_MODE_AEAD ); #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return( MBEDTLS_SSL_MODE_STREAM ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode( mbedtls_ssl_mode_t base_mode, From 3bf040ed70b95489eb504b023e1c5510350ec17f Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 27 Apr 2022 10:35:24 +0200 Subject: [PATCH 16/17] Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() Signed-off-by: Neil Armstrong --- library/ssl_ticket.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 39f120995d..1c05001a86 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -216,20 +216,15 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, uint32_t lifetime ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t key_bits; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg; psa_key_type_t key_type; - size_t key_bits; #else const mbedtls_cipher_info_t *cipher_info; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - ctx->f_rng = f_rng; - ctx->p_rng = p_rng; - - ctx->ticket_lifetime = lifetime; - #if defined(MBEDTLS_USE_PSA_CRYPTO) if( mbedtls_ssl_cipher_to_psa( cipher, TICKET_AUTH_TAG_BYTES, &alg, &key_type, &key_bits ) != PSA_SUCCESS ) @@ -237,17 +232,6 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, if( PSA_ALG_IS_AEAD( alg ) == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - if( key_bits > PSA_BYTES_TO_BITS( MAX_KEY_BYTES ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ctx->keys[0].alg = alg; - ctx->keys[0].key_type = key_type; - ctx->keys[0].key_bits = key_bits; - - ctx->keys[1].alg = alg; - ctx->keys[1].key_type = key_type; - ctx->keys[1].key_bits = key_bits; #else cipher_info = mbedtls_cipher_info_from_type( cipher ); @@ -258,9 +242,26 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES ) + key_bits = mbedtls_cipher_info_get_key_bitlen( cipher_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if( key_bits > 8 * MAX_KEY_BYTES ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ctx->f_rng = f_rng; + ctx->p_rng = p_rng; + + ctx->ticket_lifetime = lifetime; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + ctx->keys[0].alg = alg; + ctx->keys[0].key_type = key_type; + ctx->keys[0].key_bits = key_bits; + + ctx->keys[1].alg = alg; + ctx->keys[1].key_type = key_type; + ctx->keys[1].key_bits = key_bits; +#else if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ) return( ret ); From 2230e6c06df0643b9b45cf5dd0c096d5769408b1 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 27 Apr 2022 10:36:14 +0200 Subject: [PATCH 17/17] Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong --- library/ssl_tls.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2175734532..ab1d9e4a20 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7114,10 +7114,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, /* IV length */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) - transform->ivlen = 0; - else - transform->ivlen = PSA_CIPHER_IV_LENGTH( key_type, alg ); + transform->ivlen = PSA_CIPHER_IV_LENGTH( key_type, alg ); #else transform->ivlen = cipher_info->iv_size; #endif /* MBEDTLS_USE_PSA_CRYPTO */