Lines Matching refs:transform
857 mbedtls_ssl_transform const *transform) in ssl_transform_aead_dynamic_iv_is_explicit() argument
859 return transform->ivlen != transform->fixed_ivlen; in ssl_transform_aead_dynamic_iv_is_explicit()
902 mbedtls_ssl_transform *transform, in mbedtls_ssl_encrypt_buf() argument
937 if (transform == NULL) { in mbedtls_ssl_encrypt_buf()
953 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_encrypt_buf()
981 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_encrypt_buf()
1001 rec->cid_len = transform->out_cid_len; in mbedtls_ssl_encrypt_buf()
1002 memcpy(rec->cid, transform->out_cid, transform->out_cid_len); in mbedtls_ssl_encrypt_buf()
1036 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
1050 transform->tls_version, in mbedtls_ssl_encrypt_buf()
1051 transform->taglen); in mbedtls_ssl_encrypt_buf()
1054 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
1055 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
1076 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, in mbedtls_ssl_encrypt_buf()
1081 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len); in mbedtls_ssl_encrypt_buf()
1085 ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); in mbedtls_ssl_encrypt_buf()
1089 ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); in mbedtls_ssl_encrypt_buf()
1095 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1099 transform->maclen); in mbedtls_ssl_encrypt_buf()
1101 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
1102 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
1106 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1141 ssl_transform_aead_dynamic_iv_is_explicit(transform); in mbedtls_ssl_encrypt_buf()
1148 if (post_avail < transform->taglen) { in mbedtls_ssl_encrypt_buf()
1169 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
1170 transform->fixed_ivlen, in mbedtls_ssl_encrypt_buf()
1179 transform->tls_version, in mbedtls_ssl_encrypt_buf()
1180 transform->taglen); in mbedtls_ssl_encrypt_buf()
1183 iv, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1197 status = psa_aead_encrypt(transform->psa_key_enc, in mbedtls_ssl_encrypt_buf()
1198 transform->psa_alg, in mbedtls_ssl_encrypt_buf()
1199 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1211 if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, in mbedtls_ssl_encrypt_buf()
1212 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1217 transform->taglen)) != 0) { in mbedtls_ssl_encrypt_buf()
1224 data + rec->data_len - transform->taglen, in mbedtls_ssl_encrypt_buf()
1225 transform->taglen); in mbedtls_ssl_encrypt_buf()
1227 post_avail -= transform->taglen; in mbedtls_ssl_encrypt_buf()
1260 padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; in mbedtls_ssl_encrypt_buf()
1261 if (padlen == transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1288 if (rec->data_offset < transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1296 ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1301 memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1308 rec->data_len, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1313 transform->psa_key_enc, transform->psa_alg); in mbedtls_ssl_encrypt_buf()
1321 status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1354 if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, in mbedtls_ssl_encrypt_buf()
1355 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
1356 transform->ivlen, in mbedtls_ssl_encrypt_buf()
1369 data -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1370 rec->data_offset -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1371 rec->data_len += transform->ivlen; in mbedtls_ssl_encrypt_buf()
1384 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
1390 rec, transform->tls_version, in mbedtls_ssl_encrypt_buf()
1391 transform->taglen); in mbedtls_ssl_encrypt_buf()
1397 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
1398 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
1420 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, in mbedtls_ssl_encrypt_buf()
1425 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, in mbedtls_ssl_encrypt_buf()
1430 ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); in mbedtls_ssl_encrypt_buf()
1434 ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); in mbedtls_ssl_encrypt_buf()
1440 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1442 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
1443 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
1447 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1480 mbedtls_ssl_transform *transform, in mbedtls_ssl_decrypt_buf() argument
1520 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_decrypt_buf()
1526 if (rec->cid_len != transform->in_cid_len || in mbedtls_ssl_decrypt_buf()
1527 memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { in mbedtls_ssl_decrypt_buf()
1534 if (rec->data_len < transform->maclen) { in mbedtls_ssl_decrypt_buf()
1538 rec->data_len, transform->maclen)); in mbedtls_ssl_decrypt_buf()
1564 if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { in mbedtls_ssl_decrypt_buf()
1582 if (rec->data_len < transform->taglen) { in mbedtls_ssl_decrypt_buf()
1586 transform->taglen)); in mbedtls_ssl_decrypt_buf()
1589 rec->data_len -= transform->taglen; in mbedtls_ssl_decrypt_buf()
1595 transform->iv_dec, in mbedtls_ssl_decrypt_buf()
1596 transform->fixed_ivlen, in mbedtls_ssl_decrypt_buf()
1605 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1606 transform->taglen); in mbedtls_ssl_decrypt_buf()
1616 MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1618 transform->taglen); in mbedtls_ssl_decrypt_buf()
1624 status = psa_aead_decrypt(transform->psa_key_dec, in mbedtls_ssl_decrypt_buf()
1625 transform->psa_alg, in mbedtls_ssl_decrypt_buf()
1626 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1628 data, rec->data_len + transform->taglen, in mbedtls_ssl_decrypt_buf()
1639 (&transform->cipher_ctx_dec, in mbedtls_ssl_decrypt_buf()
1640 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1642 data, rec->data_len + transform->taglen, /* src */ in mbedtls_ssl_decrypt_buf()
1644 transform->taglen)) != 0) { in mbedtls_ssl_decrypt_buf()
1679 minlen += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1703 if (rec->data_len < minlen + transform->ivlen || in mbedtls_ssl_decrypt_buf()
1704 rec->data_len < minlen + transform->maclen + 1) { in mbedtls_ssl_decrypt_buf()
1710 transform->ivlen, in mbedtls_ssl_decrypt_buf()
1711 transform->maclen)); in mbedtls_ssl_decrypt_buf()
1738 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
1740 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1741 transform->taglen); in mbedtls_ssl_decrypt_buf()
1747 status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
1748 transform->psa_mac_alg); in mbedtls_ssl_decrypt_buf()
1765 transform->maclen); in mbedtls_ssl_decrypt_buf()
1770 ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, in mbedtls_ssl_decrypt_buf()
1775 ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, in mbedtls_ssl_decrypt_buf()
1780 ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); in mbedtls_ssl_decrypt_buf()
1784 ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec); in mbedtls_ssl_decrypt_buf()
1790 transform->maclen); in mbedtls_ssl_decrypt_buf()
1792 transform->maclen); in mbedtls_ssl_decrypt_buf()
1796 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
1812 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1830 if (rec->data_len % transform->ivlen != 0) { in mbedtls_ssl_decrypt_buf()
1833 rec->data_len, transform->ivlen)); in mbedtls_ssl_decrypt_buf()
1842 memcpy(transform->iv_dec, data, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1844 data += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1845 rec->data_offset += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1846 rec->data_len -= transform->ivlen; in mbedtls_ssl_decrypt_buf()
1853 transform->psa_key_dec, transform->psa_alg); in mbedtls_ssl_decrypt_buf()
1861 status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1892 if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, in mbedtls_ssl_decrypt_buf()
1893 transform->iv_dec, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1920 if (rec->data_len < transform->maclen + padlen + 1) { in mbedtls_ssl_decrypt_buf()
1925 transform->maclen, in mbedtls_ssl_decrypt_buf()
1931 transform->maclen + padlen + 1); in mbedtls_ssl_decrypt_buf()
2021 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
2023 transform->tls_version, in mbedtls_ssl_decrypt_buf()
2024 transform->taglen); in mbedtls_ssl_decrypt_buf()
2041 ret = mbedtls_ct_hmac(transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
2042 transform->psa_mac_alg, in mbedtls_ssl_decrypt_buf()
2047 ret = mbedtls_ct_hmac(&transform->md_ctx_dec, in mbedtls_ssl_decrypt_buf()
2060 transform->maclen); in mbedtls_ssl_decrypt_buf()
2064 MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
2065 MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
2069 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
2078 mbedtls_platform_zeroize(mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
2079 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
2100 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_decrypt_buf()
5273 mbedtls_ssl_transform const *transform) in ssl_transform_get_explicit_iv_len() argument
5275 return transform->ivlen - transform->fixed_ivlen; in ssl_transform_get_explicit_iv_len()
5279 mbedtls_ssl_transform *transform) in mbedtls_ssl_update_out_pointers() argument
5287 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5288 ssl->out_len += transform->out_cid_len; in mbedtls_ssl_update_out_pointers()
5306 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5307 ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); in mbedtls_ssl_update_out_pointers()
5448 const mbedtls_ssl_transform *transform = ssl->transform_out; in mbedtls_ssl_get_record_expansion() local
5457 if (transform == NULL) { in mbedtls_ssl_get_record_expansion()
5463 if (transform->psa_alg == PSA_ALG_GCM || in mbedtls_ssl_get_record_expansion()
5464 transform->psa_alg == PSA_ALG_CCM || in mbedtls_ssl_get_record_expansion()
5465 transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || in mbedtls_ssl_get_record_expansion()
5466 transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || in mbedtls_ssl_get_record_expansion()
5467 transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) { in mbedtls_ssl_get_record_expansion()
5468 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5469 } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) { in mbedtls_ssl_get_record_expansion()
5470 (void) psa_get_key_attributes(transform->psa_key_enc, &attr); in mbedtls_ssl_get_record_expansion()
5476 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5494 switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { in mbedtls_ssl_get_record_expansion()
5499 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5505 &transform->cipher_ctx_enc); in mbedtls_ssl_get_record_expansion()
5508 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5530 if (transform->out_cid_len != 0) { in mbedtls_ssl_get_record_expansion()
6212 void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) in mbedtls_ssl_transform_free() argument
6214 if (transform == NULL) { in mbedtls_ssl_transform_free()
6219 psa_destroy_key(transform->psa_key_enc); in mbedtls_ssl_transform_free()
6220 psa_destroy_key(transform->psa_key_dec); in mbedtls_ssl_transform_free()
6222 mbedtls_cipher_free(&transform->cipher_ctx_enc); in mbedtls_ssl_transform_free()
6223 mbedtls_cipher_free(&transform->cipher_ctx_dec); in mbedtls_ssl_transform_free()
6228 psa_destroy_key(transform->psa_mac_enc); in mbedtls_ssl_transform_free()
6229 psa_destroy_key(transform->psa_mac_dec); in mbedtls_ssl_transform_free()
6231 mbedtls_md_free(&transform->md_ctx_enc); in mbedtls_ssl_transform_free()
6232 mbedtls_md_free(&transform->md_ctx_dec); in mbedtls_ssl_transform_free()
6236 mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); in mbedtls_ssl_transform_free()
6240 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_inbound_transform() argument
6242 ssl->transform_in = transform; in mbedtls_ssl_set_inbound_transform()
6247 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_outbound_transform() argument
6249 ssl->transform_out = transform; in mbedtls_ssl_set_outbound_transform()