yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 23:35:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add AEAD tag length to new mbedtls_cipher_setup_psa()

Browse Source 
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
This commit is contained in:
Hanno Becker 2018-11-12 16:26:27 +00:00
parent 884f6af590
commit f133640475
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/mbedtls/cipher.h
View File

@ -434,6 +434,12 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
* *
* \param ctx The context to initialize. May not be \c NULL. * \param ctx The context to initialize. May not be \c NULL.
* \param cipher_info The cipher to use. * \param cipher_info The cipher to use.
* \param taglen For AEAD ciphers, the length in bytes of the
* authentication tag to use. Subsequent uses of
* mbedtls_cipher_auth_encrypt() or
* mbedtls_cipher_auth_decrypt() must provide
* the same tag length.
* For non-AEAD ciphers, the value must be \c 0.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@ -442,7 +448,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
* cipher-specific context fails. * cipher-specific context fails.
*/ */
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info ); const mbedtls_cipher_info_t *cipher_info,
size_t taglen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
/** /**

5
library/cipher.c
View File

@ -234,7 +234,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info ) const mbedtls_cipher_info_t *cipher_info,
size_t taglen )
{ {
psa_algorithm_t alg; psa_algorithm_t alg;
mbedtls_cipher_context_psa *cipher_psa; mbedtls_cipher_context_psa *cipher_psa;
@ -242,7 +243,7 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
if( NULL == cipher_info || NULL == ctx ) if( NULL == cipher_info || NULL == ctx )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode ); alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
if( alg == 0) if( alg == 0)
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );