Remove key length field from ssl_transform

The `ssl_transform` security parameter structure contains opaque
cipher contexts for use by the record encryption/decryption functions
`ssl_decrypt_buf`/`ssl_encrypt_buf`, while the underlying key material
is configured once in `ssl_derive_keys` and is not explicitly dealt with
anymore afterwards. In particular, the key length is not needed
explicitly by the encryption/decryption functions but is nonetheless
stored in an explicit yet superfluous `keylen` field in `ssl_transform`.
This commit removes this field.
This commit is contained in:
Hanno Becker 2017-12-27 08:17:40 +00:00
parent f790a6cbee
commit 88aaf652b1
2 changed files with 15 additions and 13 deletions

View file

@ -465,7 +465,6 @@ struct mbedtls_ssl_transform
*/
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
/*!< Chosen cipersuite_info */
unsigned int keylen; /*!< symmetric key length (bytes) */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */

View file

@ -739,6 +739,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
size_t mac_key_len;
size_t iv_copy_len;
size_t taglen = 0;
unsigned keylen;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
@ -992,7 +993,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
* Determine the appropriate key, IV and MAC length.
*/
transform->keylen = cipher_info->key_bitlen / 8;
keylen = cipher_info->key_bitlen / 8;
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
cipher_info->mode == MBEDTLS_MODE_CCM ||
@ -1104,9 +1105,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
}
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
transform->keylen, transform->minlen, transform->ivlen,
transform->maclen ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
(unsigned) keylen,
(unsigned) transform->minlen,
(unsigned) transform->ivlen,
(unsigned) transform->maclen ) );
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
@ -1115,7 +1118,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
key1 = keyblk + mac_key_len * 2;
key2 = keyblk + mac_key_len * 2 + transform->keylen;
key2 = keyblk + mac_key_len * 2 + keylen;
mac_enc = keyblk;
mac_dec = keyblk + mac_key_len;
@ -1125,8 +1128,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
iv_copy_len );
}
else
@ -1134,7 +1137,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
key1 = keyblk + mac_key_len * 2 + transform->keylen;
key1 = keyblk + mac_key_len * 2 + keylen;
key2 = keyblk + mac_key_len * 2;
mac_enc = keyblk + mac_key_len;
@ -1145,8 +1148,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
iv_copy_len );
}
else
@ -1196,7 +1199,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen,
transform->iv_enc, transform->iv_dec,
iv_copy_len,
mac_enc, mac_dec,
@ -1213,7 +1216,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
{
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
session->master, keyblk,
mac_key_len, transform->keylen,
mac_key_len, keylen,
iv_copy_len );
}
#endif