From dec64735e2924ff581b0341cf24d350e9fbdcfaf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Nov 2018 15:48:57 +0000 Subject: [PATCH] Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode() In case of AEAD ciphers, the cipher mode (and not even the entire content of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t because it doesn't specify the AEAD tag length, which however is included in psa_algorithm_t identifiers. This commit adds a tag length value to mbedtls_psa_translate_cipher_mode() to account for that ambiguity. --- include/mbedtls/psa_util.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index d9f1be49d..f66635cc4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -93,16 +93,18 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type( } static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( - mbedtls_cipher_mode_t mode ) + mbedtls_cipher_mode_t mode, size_t taglen ) { switch( mode ) { case MBEDTLS_MODE_GCM: - return( PSA_ALG_GCM ); + return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: - return( PSA_ALG_CCM ); + return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) ); case MBEDTLS_MODE_CBC: - return( PSA_ALG_CBC_NO_PADDING ); + if( taglen == 0 ) + return( PSA_ALG_CBC_NO_PADDING ); + /* Intentional fallthrough for taglen != 0 */ default: return( 0 ); }