Lines Matching refs:transform
637 mbedtls_ssl_transform const *transform) in ssl_transform_aead_dynamic_iv_is_explicit() argument
639 return transform->ivlen != transform->fixed_ivlen; in ssl_transform_aead_dynamic_iv_is_explicit()
682 mbedtls_ssl_transform *transform, in mbedtls_ssl_encrypt_buf() argument
717 if (transform == NULL) { in mbedtls_ssl_encrypt_buf()
733 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_encrypt_buf()
761 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_encrypt_buf()
781 rec->cid_len = transform->out_cid_len; in mbedtls_ssl_encrypt_buf()
782 memcpy(rec->cid, transform->out_cid, transform->out_cid_len); in mbedtls_ssl_encrypt_buf()
816 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
830 transform->tls_version, in mbedtls_ssl_encrypt_buf()
831 transform->taglen); in mbedtls_ssl_encrypt_buf()
834 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
835 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
856 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, in mbedtls_ssl_encrypt_buf()
861 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len); in mbedtls_ssl_encrypt_buf()
865 ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); in mbedtls_ssl_encrypt_buf()
869 ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); in mbedtls_ssl_encrypt_buf()
875 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
879 transform->maclen); in mbedtls_ssl_encrypt_buf()
881 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
882 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
886 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
923 ssl_transform_aead_dynamic_iv_is_explicit(transform); in mbedtls_ssl_encrypt_buf()
930 if (post_avail < transform->taglen) { in mbedtls_ssl_encrypt_buf()
951 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
952 transform->fixed_ivlen, in mbedtls_ssl_encrypt_buf()
961 transform->tls_version, in mbedtls_ssl_encrypt_buf()
962 transform->taglen); in mbedtls_ssl_encrypt_buf()
965 iv, transform->ivlen); in mbedtls_ssl_encrypt_buf()
979 status = psa_aead_encrypt(transform->psa_key_enc, in mbedtls_ssl_encrypt_buf()
980 transform->psa_alg, in mbedtls_ssl_encrypt_buf()
981 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
993 if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, in mbedtls_ssl_encrypt_buf()
994 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
999 transform->taglen)) != 0) { in mbedtls_ssl_encrypt_buf()
1006 data + rec->data_len - transform->taglen, in mbedtls_ssl_encrypt_buf()
1007 transform->taglen); in mbedtls_ssl_encrypt_buf()
1009 post_avail -= transform->taglen; in mbedtls_ssl_encrypt_buf()
1042 padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; in mbedtls_ssl_encrypt_buf()
1043 if (padlen == transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1070 if (rec->data_offset < transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1078 ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1083 memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1090 rec->data_len, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1095 transform->psa_key_enc, transform->psa_alg); in mbedtls_ssl_encrypt_buf()
1103 status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1136 if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, in mbedtls_ssl_encrypt_buf()
1137 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
1138 transform->ivlen, in mbedtls_ssl_encrypt_buf()
1151 data -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1152 rec->data_offset -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1153 rec->data_len += transform->ivlen; in mbedtls_ssl_encrypt_buf()
1166 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
1172 rec, transform->tls_version, in mbedtls_ssl_encrypt_buf()
1173 transform->taglen); in mbedtls_ssl_encrypt_buf()
1179 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
1180 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
1202 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, in mbedtls_ssl_encrypt_buf()
1207 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, in mbedtls_ssl_encrypt_buf()
1212 ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); in mbedtls_ssl_encrypt_buf()
1216 ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); in mbedtls_ssl_encrypt_buf()
1222 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1224 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
1225 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
1229 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1262 mbedtls_ssl_transform *transform, in mbedtls_ssl_decrypt_buf() argument
1301 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_decrypt_buf()
1307 if (rec->cid_len != transform->in_cid_len || in mbedtls_ssl_decrypt_buf()
1308 memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { in mbedtls_ssl_decrypt_buf()
1315 if (rec->data_len < transform->maclen) { in mbedtls_ssl_decrypt_buf()
1319 rec->data_len, transform->maclen)); in mbedtls_ssl_decrypt_buf()
1347 if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { in mbedtls_ssl_decrypt_buf()
1365 if (rec->data_len < transform->taglen) { in mbedtls_ssl_decrypt_buf()
1369 transform->taglen)); in mbedtls_ssl_decrypt_buf()
1372 rec->data_len -= transform->taglen; in mbedtls_ssl_decrypt_buf()
1378 transform->iv_dec, in mbedtls_ssl_decrypt_buf()
1379 transform->fixed_ivlen, in mbedtls_ssl_decrypt_buf()
1388 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1389 transform->taglen); in mbedtls_ssl_decrypt_buf()
1399 MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1401 transform->taglen); in mbedtls_ssl_decrypt_buf()
1407 status = psa_aead_decrypt(transform->psa_key_dec, in mbedtls_ssl_decrypt_buf()
1408 transform->psa_alg, in mbedtls_ssl_decrypt_buf()
1409 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1411 data, rec->data_len + transform->taglen, in mbedtls_ssl_decrypt_buf()
1421 if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec, in mbedtls_ssl_decrypt_buf()
1422 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1424 … data, rec->data_len + transform->taglen, /* src */ in mbedtls_ssl_decrypt_buf()
1426 transform->taglen)) != 0) { in mbedtls_ssl_decrypt_buf()
1461 minlen += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1485 if (rec->data_len < minlen + transform->ivlen || in mbedtls_ssl_decrypt_buf()
1486 rec->data_len < minlen + transform->maclen + 1) { in mbedtls_ssl_decrypt_buf()
1492 transform->ivlen, in mbedtls_ssl_decrypt_buf()
1493 transform->maclen)); in mbedtls_ssl_decrypt_buf()
1520 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
1522 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1523 transform->taglen); in mbedtls_ssl_decrypt_buf()
1529 status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
1530 transform->psa_mac_alg); in mbedtls_ssl_decrypt_buf()
1547 transform->maclen); in mbedtls_ssl_decrypt_buf()
1552 ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, in mbedtls_ssl_decrypt_buf()
1557 ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, in mbedtls_ssl_decrypt_buf()
1562 ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); in mbedtls_ssl_decrypt_buf()
1566 ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec); in mbedtls_ssl_decrypt_buf()
1572 transform->maclen); in mbedtls_ssl_decrypt_buf()
1574 transform->maclen); in mbedtls_ssl_decrypt_buf()
1578 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
1594 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1612 if (rec->data_len % transform->ivlen != 0) { in mbedtls_ssl_decrypt_buf()
1615 rec->data_len, transform->ivlen)); in mbedtls_ssl_decrypt_buf()
1624 memcpy(transform->iv_dec, data, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1626 data += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1627 rec->data_offset += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1628 rec->data_len -= transform->ivlen; in mbedtls_ssl_decrypt_buf()
1635 transform->psa_key_dec, transform->psa_alg); in mbedtls_ssl_decrypt_buf()
1643 status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1674 if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, in mbedtls_ssl_decrypt_buf()
1675 transform->iv_dec, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1702 if (rec->data_len < transform->maclen + padlen + 1) { in mbedtls_ssl_decrypt_buf()
1707 transform->maclen, in mbedtls_ssl_decrypt_buf()
1714 transform->maclen + padlen + 1); in mbedtls_ssl_decrypt_buf()
1803 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
1805 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1806 transform->taglen); in mbedtls_ssl_decrypt_buf()
1823 ret = mbedtls_ct_hmac(transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
1824 transform->psa_mac_alg, in mbedtls_ssl_decrypt_buf()
1829 ret = mbedtls_ct_hmac(&transform->md_ctx_dec, in mbedtls_ssl_decrypt_buf()
1842 transform->maclen); in mbedtls_ssl_decrypt_buf()
1846 MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1847 MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
1851 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
1860 mbedtls_platform_zeroize(mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
1861 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1882 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_decrypt_buf()
4984 mbedtls_ssl_transform const *transform) in ssl_transform_get_explicit_iv_len() argument
4986 return transform->ivlen - transform->fixed_ivlen; in ssl_transform_get_explicit_iv_len()
4990 mbedtls_ssl_transform *transform) in mbedtls_ssl_update_out_pointers() argument
4998 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
4999 ssl->out_len += transform->out_cid_len; in mbedtls_ssl_update_out_pointers()
5017 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5018 ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); in mbedtls_ssl_update_out_pointers()
5159 const mbedtls_ssl_transform *transform = ssl->transform_out; in mbedtls_ssl_get_record_expansion() local
5168 if (transform == NULL) { in mbedtls_ssl_get_record_expansion()
5174 if (transform->psa_alg == PSA_ALG_GCM || in mbedtls_ssl_get_record_expansion()
5175 transform->psa_alg == PSA_ALG_CCM || in mbedtls_ssl_get_record_expansion()
5176 transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || in mbedtls_ssl_get_record_expansion()
5177 transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || in mbedtls_ssl_get_record_expansion()
5178 transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) { in mbedtls_ssl_get_record_expansion()
5179 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5180 } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) { in mbedtls_ssl_get_record_expansion()
5181 (void) psa_get_key_attributes(transform->psa_key_enc, &attr); in mbedtls_ssl_get_record_expansion()
5187 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5205 switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { in mbedtls_ssl_get_record_expansion()
5210 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5216 &transform->cipher_ctx_enc); in mbedtls_ssl_get_record_expansion()
5219 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5241 if (transform->out_cid_len != 0) { in mbedtls_ssl_get_record_expansion()
5766 void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) in mbedtls_ssl_transform_free() argument
5768 if (transform == NULL) { in mbedtls_ssl_transform_free()
5773 psa_destroy_key(transform->psa_key_enc); in mbedtls_ssl_transform_free()
5774 psa_destroy_key(transform->psa_key_dec); in mbedtls_ssl_transform_free()
5776 mbedtls_cipher_free(&transform->cipher_ctx_enc); in mbedtls_ssl_transform_free()
5777 mbedtls_cipher_free(&transform->cipher_ctx_dec); in mbedtls_ssl_transform_free()
5782 psa_destroy_key(transform->psa_mac_enc); in mbedtls_ssl_transform_free()
5783 psa_destroy_key(transform->psa_mac_dec); in mbedtls_ssl_transform_free()
5785 mbedtls_md_free(&transform->md_ctx_enc); in mbedtls_ssl_transform_free()
5786 mbedtls_md_free(&transform->md_ctx_dec); in mbedtls_ssl_transform_free()
5790 mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); in mbedtls_ssl_transform_free()
5794 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_inbound_transform() argument
5796 ssl->transform_in = transform; in mbedtls_ssl_set_inbound_transform()
5801 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_outbound_transform() argument
5803 ssl->transform_out = transform; in mbedtls_ssl_set_outbound_transform()