Lines Matching refs:transform
858 mbedtls_ssl_transform const *transform) in ssl_transform_aead_dynamic_iv_is_explicit() argument
860 return transform->ivlen != transform->fixed_ivlen; in ssl_transform_aead_dynamic_iv_is_explicit()
903 mbedtls_ssl_transform *transform, in mbedtls_ssl_encrypt_buf() argument
938 if (transform == NULL) { in mbedtls_ssl_encrypt_buf()
954 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_encrypt_buf()
982 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_encrypt_buf()
1002 rec->cid_len = transform->out_cid_len; in mbedtls_ssl_encrypt_buf()
1003 memcpy(rec->cid, transform->out_cid, transform->out_cid_len); in mbedtls_ssl_encrypt_buf()
1037 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
1051 transform->tls_version, in mbedtls_ssl_encrypt_buf()
1052 transform->taglen); in mbedtls_ssl_encrypt_buf()
1055 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
1056 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
1077 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, in mbedtls_ssl_encrypt_buf()
1082 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len); in mbedtls_ssl_encrypt_buf()
1086 ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); in mbedtls_ssl_encrypt_buf()
1090 ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); in mbedtls_ssl_encrypt_buf()
1096 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1100 transform->maclen); in mbedtls_ssl_encrypt_buf()
1102 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
1103 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
1107 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1142 ssl_transform_aead_dynamic_iv_is_explicit(transform); in mbedtls_ssl_encrypt_buf()
1149 if (post_avail < transform->taglen) { in mbedtls_ssl_encrypt_buf()
1170 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
1171 transform->fixed_ivlen, in mbedtls_ssl_encrypt_buf()
1180 transform->tls_version, in mbedtls_ssl_encrypt_buf()
1181 transform->taglen); in mbedtls_ssl_encrypt_buf()
1184 iv, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1198 status = psa_aead_encrypt(transform->psa_key_enc, in mbedtls_ssl_encrypt_buf()
1199 transform->psa_alg, in mbedtls_ssl_encrypt_buf()
1200 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1212 if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, in mbedtls_ssl_encrypt_buf()
1213 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1218 transform->taglen)) != 0) { in mbedtls_ssl_encrypt_buf()
1225 data + rec->data_len - transform->taglen, in mbedtls_ssl_encrypt_buf()
1226 transform->taglen); in mbedtls_ssl_encrypt_buf()
1228 post_avail -= transform->taglen; in mbedtls_ssl_encrypt_buf()
1261 padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; in mbedtls_ssl_encrypt_buf()
1262 if (padlen == transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1289 if (rec->data_offset < transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1297 ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1302 memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1309 rec->data_len, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1314 transform->psa_key_enc, transform->psa_alg); in mbedtls_ssl_encrypt_buf()
1322 status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1355 if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, in mbedtls_ssl_encrypt_buf()
1356 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
1357 transform->ivlen, in mbedtls_ssl_encrypt_buf()
1370 data -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1371 rec->data_offset -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1372 rec->data_len += transform->ivlen; in mbedtls_ssl_encrypt_buf()
1385 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
1391 rec, transform->tls_version, in mbedtls_ssl_encrypt_buf()
1392 transform->taglen); in mbedtls_ssl_encrypt_buf()
1398 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
1399 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
1421 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, in mbedtls_ssl_encrypt_buf()
1426 ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, in mbedtls_ssl_encrypt_buf()
1431 ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); in mbedtls_ssl_encrypt_buf()
1435 ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); in mbedtls_ssl_encrypt_buf()
1441 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1443 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
1444 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
1448 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1481 mbedtls_ssl_transform *transform, in mbedtls_ssl_decrypt_buf() argument
1521 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_decrypt_buf()
1527 if (rec->cid_len != transform->in_cid_len || in mbedtls_ssl_decrypt_buf()
1528 memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { in mbedtls_ssl_decrypt_buf()
1535 if (rec->data_len < transform->maclen) { in mbedtls_ssl_decrypt_buf()
1539 rec->data_len, transform->maclen)); in mbedtls_ssl_decrypt_buf()
1565 if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { in mbedtls_ssl_decrypt_buf()
1583 if (rec->data_len < transform->taglen) { in mbedtls_ssl_decrypt_buf()
1587 transform->taglen)); in mbedtls_ssl_decrypt_buf()
1590 rec->data_len -= transform->taglen; in mbedtls_ssl_decrypt_buf()
1596 transform->iv_dec, in mbedtls_ssl_decrypt_buf()
1597 transform->fixed_ivlen, in mbedtls_ssl_decrypt_buf()
1606 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1607 transform->taglen); in mbedtls_ssl_decrypt_buf()
1617 MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1619 transform->taglen); in mbedtls_ssl_decrypt_buf()
1625 status = psa_aead_decrypt(transform->psa_key_dec, in mbedtls_ssl_decrypt_buf()
1626 transform->psa_alg, in mbedtls_ssl_decrypt_buf()
1627 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1629 data, rec->data_len + transform->taglen, in mbedtls_ssl_decrypt_buf()
1640 (&transform->cipher_ctx_dec, in mbedtls_ssl_decrypt_buf()
1641 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1643 data, rec->data_len + transform->taglen, /* src */ in mbedtls_ssl_decrypt_buf()
1645 transform->taglen)) != 0) { in mbedtls_ssl_decrypt_buf()
1680 minlen += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1704 if (rec->data_len < minlen + transform->ivlen || in mbedtls_ssl_decrypt_buf()
1705 rec->data_len < minlen + transform->maclen + 1) { in mbedtls_ssl_decrypt_buf()
1711 transform->ivlen, in mbedtls_ssl_decrypt_buf()
1712 transform->maclen)); in mbedtls_ssl_decrypt_buf()
1739 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
1741 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1742 transform->taglen); in mbedtls_ssl_decrypt_buf()
1748 status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
1749 transform->psa_mac_alg); in mbedtls_ssl_decrypt_buf()
1766 transform->maclen); in mbedtls_ssl_decrypt_buf()
1771 ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, in mbedtls_ssl_decrypt_buf()
1776 ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, in mbedtls_ssl_decrypt_buf()
1781 ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); in mbedtls_ssl_decrypt_buf()
1785 ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec); in mbedtls_ssl_decrypt_buf()
1791 transform->maclen); in mbedtls_ssl_decrypt_buf()
1793 transform->maclen); in mbedtls_ssl_decrypt_buf()
1797 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
1813 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1831 if (rec->data_len % transform->ivlen != 0) { in mbedtls_ssl_decrypt_buf()
1834 rec->data_len, transform->ivlen)); in mbedtls_ssl_decrypt_buf()
1843 memcpy(transform->iv_dec, data, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1845 data += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1846 rec->data_offset += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1847 rec->data_len -= transform->ivlen; in mbedtls_ssl_decrypt_buf()
1854 transform->psa_key_dec, transform->psa_alg); in mbedtls_ssl_decrypt_buf()
1862 status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1893 if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, in mbedtls_ssl_decrypt_buf()
1894 transform->iv_dec, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1921 if (rec->data_len < transform->maclen + padlen + 1) { in mbedtls_ssl_decrypt_buf()
1926 transform->maclen, in mbedtls_ssl_decrypt_buf()
1932 transform->maclen + padlen + 1); in mbedtls_ssl_decrypt_buf()
2022 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
2024 transform->tls_version, in mbedtls_ssl_decrypt_buf()
2025 transform->taglen); in mbedtls_ssl_decrypt_buf()
2042 ret = mbedtls_ct_hmac(transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
2043 transform->psa_mac_alg, in mbedtls_ssl_decrypt_buf()
2048 ret = mbedtls_ct_hmac(&transform->md_ctx_dec, in mbedtls_ssl_decrypt_buf()
2061 transform->maclen); in mbedtls_ssl_decrypt_buf()
2065 MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
2066 MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
2070 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
2079 mbedtls_platform_zeroize(mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
2080 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
2101 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_decrypt_buf()
5400 mbedtls_ssl_transform const *transform) in ssl_transform_get_explicit_iv_len() argument
5402 return transform->ivlen - transform->fixed_ivlen; in ssl_transform_get_explicit_iv_len()
5406 mbedtls_ssl_transform *transform) in mbedtls_ssl_update_out_pointers() argument
5414 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5415 ssl->out_len += transform->out_cid_len; in mbedtls_ssl_update_out_pointers()
5433 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5434 ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); in mbedtls_ssl_update_out_pointers()
5586 const mbedtls_ssl_transform *transform = ssl->transform_out; in mbedtls_ssl_get_record_expansion() local
5595 if (transform == NULL) { in mbedtls_ssl_get_record_expansion()
5601 if (transform->psa_alg == PSA_ALG_GCM || in mbedtls_ssl_get_record_expansion()
5602 transform->psa_alg == PSA_ALG_CCM || in mbedtls_ssl_get_record_expansion()
5603 transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || in mbedtls_ssl_get_record_expansion()
5604 transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || in mbedtls_ssl_get_record_expansion()
5605 transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) { in mbedtls_ssl_get_record_expansion()
5606 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5607 } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) { in mbedtls_ssl_get_record_expansion()
5608 (void) psa_get_key_attributes(transform->psa_key_enc, &attr); in mbedtls_ssl_get_record_expansion()
5614 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5632 switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { in mbedtls_ssl_get_record_expansion()
5637 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5643 &transform->cipher_ctx_enc); in mbedtls_ssl_get_record_expansion()
5646 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5668 if (transform->out_cid_len != 0) { in mbedtls_ssl_get_record_expansion()
6350 void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) in mbedtls_ssl_transform_free() argument
6352 if (transform == NULL) { in mbedtls_ssl_transform_free()
6357 psa_destroy_key(transform->psa_key_enc); in mbedtls_ssl_transform_free()
6358 psa_destroy_key(transform->psa_key_dec); in mbedtls_ssl_transform_free()
6360 mbedtls_cipher_free(&transform->cipher_ctx_enc); in mbedtls_ssl_transform_free()
6361 mbedtls_cipher_free(&transform->cipher_ctx_dec); in mbedtls_ssl_transform_free()
6366 psa_destroy_key(transform->psa_mac_enc); in mbedtls_ssl_transform_free()
6367 psa_destroy_key(transform->psa_mac_dec); in mbedtls_ssl_transform_free()
6369 mbedtls_md_free(&transform->md_ctx_enc); in mbedtls_ssl_transform_free()
6370 mbedtls_md_free(&transform->md_ctx_dec); in mbedtls_ssl_transform_free()
6374 mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); in mbedtls_ssl_transform_free()
6378 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_inbound_transform() argument
6380 ssl->transform_in = transform; in mbedtls_ssl_set_inbound_transform()
6385 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_outbound_transform() argument
6387 ssl->transform_out = transform; in mbedtls_ssl_set_outbound_transform()