yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

write the tag directly on the ciphertext buffer.

Browse source
This commit is contained in:
mohammad1603 2018-06-03 17:19:55 +03:00 committed by itayzafrir
parent 4fc744f8af
commit 15223a8b89
1 changed files with 32 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
library/psa_crypto.c
View file

@ -1489,15 +1489,13 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
key_slot_t *slot; key_slot_t *slot;
psa_key_type_t key_type; psa_key_type_t key_type;
size_t key_bits; size_t key_bits;
unsigned char tag[16]; uint8_t *tag;
size_t tag_length;
mbedtls_cipher_id_t cipher_id; mbedtls_cipher_id_t cipher_id;
const mbedtls_cipher_info_t *cipher_info = NULL; const mbedtls_cipher_info_t *cipher_info = NULL;
*ciphertext_length = 0; *ciphertext_length = 0;
if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_information( key, &key_type, &key_bits ); status = psa_get_key_information( key, &key_type, &key_bits );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
@ -1516,6 +1514,15 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
if( alg == PSA_ALG_GCM ) if( alg == PSA_ALG_GCM )
{ {
mbedtls_gcm_context gcm; mbedtls_gcm_context gcm;
tag_length = 16;
//make sure we have place to hold the tag in the ciphertext buffer
if( ciphertext_size < ( plaintext_length + tag_length ) )
return( PSA_ERROR_INVALID_ARGUMENT );
//update the tag pointer to point to the end of the ciphertext_length
tag = ciphertext + plaintext_length;
mbedtls_gcm_init( &gcm ); mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_id, ret = mbedtls_gcm_setkey( &gcm, cipher_id,
slot->data.raw.data, slot->data.raw.data,
@ -1529,22 +1536,26 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
plaintext_length, nonce, plaintext_length, nonce,
nonce_length, additional_data, nonce_length, additional_data,
additional_data_length, plaintext, additional_data_length, plaintext,
ciphertext, sizeof( tag ), tag ); ciphertext, tag_length, tag );
if( ret != 0 )
{
mbedtls_gcm_free( &gcm );
mbedtls_zeroize( ciphertext, plaintext_length );
return( mbedtls_to_psa_error( ret ) );
}
mbedtls_gcm_free( &gcm ); mbedtls_gcm_free( &gcm );
} }
else if( alg == PSA_ALG_CCM ) else if( alg == PSA_ALG_CCM )
{ {
mbedtls_ccm_context ccm; mbedtls_ccm_context ccm;
tag_length = 16;
if( nonce_length < 7 || nonce_length > 13 ) if( nonce_length < 7 || nonce_length > 13 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
//make sure we have place to hold the tag in the ciphertext buffer
if( ciphertext_size < ( plaintext_length + tag_length ) )
return( PSA_ERROR_INVALID_ARGUMENT );
//update the tag pointer to point to the end of the ciphertext_length
tag = ciphertext + plaintext_length;
mbedtls_ccm_init( &ccm ); mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_id, ret = mbedtls_ccm_setkey( &ccm, cipher_id,
slot->data.raw.data, key_bits ); slot->data.raw.data, key_bits );
@ -1557,22 +1568,21 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
nonce, nonce_length, additional_data, nonce, nonce_length, additional_data,
additional_data_length, additional_data_length,
plaintext, ciphertext, plaintext, ciphertext,
tag, sizeof( tag ) ); tag, tag_length );
if( ret != 0 )
{
mbedtls_ccm_free( &ccm );
memset( ciphertext, 0, plaintext_length );
return( mbedtls_to_psa_error( ret ) );
}
mbedtls_ccm_free( &ccm ); mbedtls_ccm_free( &ccm );
} }
else else
{ {
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
} }
memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) );
*ciphertext_length = plaintext_length + sizeof( tag ); if( ret != 0 )
{
memset( ciphertext, 0, ciphertext_size );
return( mbedtls_to_psa_error( ret ) );
}
*ciphertext_length = plaintext_length + tag_length;
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }