lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup

Browse Source 
Cipher cleanup: abstract TLS mode
This commit is contained in:
Gilles Peskine
2022-04-28 12:33:38 +02:00
committed by GitHub
parent ad47487e25 2230e6c06d
commit 8855e36030
5 changed files with 244 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
library/ssl_tls.c
View File

@ -383,11 +383,9 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite,
const unsigned char master[48],
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
mbedtls_ssl_protocol_version tls_version,
@ -1715,6 +1713,109 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
psa_algorithm_t alg )
{
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( alg == PSA_ALG_CBC_NO_PADDING )
return( MBEDTLS_SSL_MODE_CBC );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
if( PSA_ALG_IS_AEAD( alg ) )
return( MBEDTLS_SSL_MODE_AEAD );
return( MBEDTLS_SSL_MODE_STREAM );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
mbedtls_cipher_mode_t mode )
{
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( mode == MBEDTLS_MODE_CBC )
return( MBEDTLS_SSL_MODE_CBC );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
return( MBEDTLS_SSL_MODE_AEAD );
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
return( MBEDTLS_SSL_MODE_STREAM );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode(
mbedtls_ssl_mode_t base_mode,
int encrypt_then_mac )
{
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
base_mode == MBEDTLS_SSL_MODE_CBC )
{
return( MBEDTLS_SSL_MODE_CBC_ETM );
}
#else
(void) encrypt_then_mac;
#endif
return( base_mode );
}
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
const mbedtls_ssl_transform *transform )
{
mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_alg
#else
mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc )
#endif
);
int encrypt_then_mac = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
encrypt_then_mac = transform->encrypt_then_mac;
#endif
return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
}
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac,
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
const mbedtls_ssl_ciphersuite_t *suite )
{
mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_algorithm_t alg;
psa_key_type_t type;
size_t size;
status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size );
if( status == PSA_SUCCESS )
base_mode = mbedtls_ssl_get_base_mode( alg );
#else
const mbedtls_cipher_info_t *cipher =
mbedtls_cipher_info_from_type( suite->cipher );
if( cipher != NULL )
{
base_mode =
mbedtls_ssl_get_base_mode(
mbedtls_cipher_info_get_mode( cipher ) );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac = 0;
#endif
return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
size_t taglen,
@ -3615,11 +3716,9 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
ret = ssl_tls12_populate_transform( ssl->transform,
ssl->session->ciphersuite,
ssl->session->master,
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
ssl->session->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
@ -5193,11 +5292,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
ssl->session_negotiate->ciphersuite,
ssl->session_negotiate->master,
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
ssl->session_negotiate->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
ssl->tls_version,
@ -6789,11 +6886,9 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite,
const unsigned char master[48],
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
mbedtls_ssl_protocol_version tls_version,
@ -6810,8 +6905,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
size_t iv_copy_len;
size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_ssl_mode_t ssl_mode;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
@ -6836,10 +6932,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
/*
* Some data just needs copying into the structure
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
transform->encrypt_then_mac = encrypt_then_mac;
#endif
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
transform->tls_version = tls_version;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@ -6866,6 +6961,28 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
encrypt_then_mac,
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ciphersuite_info );
if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
transform->taglen =
ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher,
transform->taglen,
&alg,
&key_type,
&key_bits ) ) != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
goto end;
}
#else
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
@ -6873,6 +6990,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
@ -6932,21 +7050,21 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* Determine the appropriate key, IV and MAC length.
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
keylen = PSA_BITS_TO_BYTES(key_bits);
#else
keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
#endif
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
{
size_t explicit_ivlen;
transform->maclen = 0;
mac_key_len = 0;
transform->taglen =
ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
/* All modes haves 96-bit IVs, but the length of the static parts vary
* with mode and version:
@ -6957,7 +7075,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* sequence number).
*/
transform->ivlen = 12;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( key_type == PSA_KEY_TYPE_CHACHA20 )
#else
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
transform->fixed_ivlen = 12;
else
transform->fixed_ivlen = 4;
@ -6969,9 +7091,16 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
#else
size_t block_size = cipher_info->block_size;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Get MAC length */
mac_key_len = PSA_HASH_LENGTH(mac_alg);
@ -6990,10 +7119,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
transform->maclen = mac_key_len;
/* IV length */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->ivlen = PSA_CIPHER_IV_LENGTH( key_type, alg );
#else
transform->ivlen = cipher_info->iv_size;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Minimum length */
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
transform->minlen = transform->maclen;
else
{
@ -7004,17 +7137,17 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* 2. IV
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
transform->minlen = transform->maclen
+ cipher_info->block_size;
+ block_size;
}
else
#endif
{
transform->minlen = transform->maclen
+ cipher_info->block_size
- transform->maclen % cipher_info->block_size;
+ block_size
- transform->maclen % block_size;
}
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
@ -7096,17 +7229,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
transform->taglen,
&alg,
&key_type,
&key_bits ) ) != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
goto end;
}
transform->psa_alg = alg;
if ( alg != MBEDTLS_SSL_NULL_CIPHER )