Remove key length field from ssl_transform
The `ssl_transform` security parameter structure contains opaque cipher contexts for use by the record encryption/decryption functions `ssl_decrypt_buf`/`ssl_encrypt_buf`, while the underlying key material is configured once in `ssl_derive_keys` and is not explicitly dealt with anymore afterwards. In particular, the key length is not needed explicitly by the encryption/decryption functions but is nonetheless stored in an explicit yet superfluous `keylen` field in `ssl_transform`. This commit removes this field.
This commit is contained in:
parent
f790a6cbee
commit
88aaf652b1
2 changed files with 15 additions and 13 deletions
|
@ -465,7 +465,6 @@ struct mbedtls_ssl_transform
|
|||
*/
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
/*!< Chosen cipersuite_info */
|
||||
unsigned int keylen; /*!< symmetric key length (bytes) */
|
||||
size_t minlen; /*!< min. ciphertext length */
|
||||
size_t ivlen; /*!< IV length */
|
||||
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
|
||||
|
|
|
@ -739,6 +739,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
size_t mac_key_len;
|
||||
size_t iv_copy_len;
|
||||
size_t taglen = 0;
|
||||
unsigned keylen;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
|
@ -992,7 +993,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
* Determine the appropriate key, IV and MAC length.
|
||||
*/
|
||||
|
||||
transform->keylen = cipher_info->key_bitlen / 8;
|
||||
keylen = cipher_info->key_bitlen / 8;
|
||||
|
||||
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
|
||||
cipher_info->mode == MBEDTLS_MODE_CCM ||
|
||||
|
@ -1104,9 +1105,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
|
||||
transform->keylen, transform->minlen, transform->ivlen,
|
||||
transform->maclen ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
|
||||
(unsigned) keylen,
|
||||
(unsigned) transform->minlen,
|
||||
(unsigned) transform->ivlen,
|
||||
(unsigned) transform->maclen ) );
|
||||
|
||||
/*
|
||||
* Finally setup the cipher contexts, IVs and MAC secrets.
|
||||
|
@ -1115,7 +1118,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
key1 = keyblk + mac_key_len * 2;
|
||||
key2 = keyblk + mac_key_len * 2 + transform->keylen;
|
||||
key2 = keyblk + mac_key_len * 2 + keylen;
|
||||
|
||||
mac_enc = keyblk;
|
||||
mac_dec = keyblk + mac_key_len;
|
||||
|
@ -1125,8 +1128,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
iv_copy_len = ( transform->fixed_ivlen ) ?
|
||||
transform->fixed_ivlen : transform->ivlen;
|
||||
memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
|
||||
memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
|
||||
memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
|
||||
memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
|
||||
iv_copy_len );
|
||||
}
|
||||
else
|
||||
|
@ -1134,7 +1137,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
key1 = keyblk + mac_key_len * 2 + transform->keylen;
|
||||
key1 = keyblk + mac_key_len * 2 + keylen;
|
||||
key2 = keyblk + mac_key_len * 2;
|
||||
|
||||
mac_enc = keyblk + mac_key_len;
|
||||
|
@ -1145,8 +1148,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
iv_copy_len = ( transform->fixed_ivlen ) ?
|
||||
transform->fixed_ivlen : transform->ivlen;
|
||||
memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
|
||||
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
|
||||
memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
|
||||
memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
|
||||
iv_copy_len );
|
||||
}
|
||||
else
|
||||
|
@ -1196,7 +1199,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
|
||||
|
||||
if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
|
||||
if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen,
|
||||
transform->iv_enc, transform->iv_dec,
|
||||
iv_copy_len,
|
||||
mac_enc, mac_dec,
|
||||
|
@ -1213,7 +1216,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
|
||||
session->master, keyblk,
|
||||
mac_key_len, transform->keylen,
|
||||
mac_key_len, keylen,
|
||||
iv_copy_len );
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue