Merge enc/dec cipher contexts in ssl transforms

Store the raw encryption and decryption keys in transforms
to set them before each cipher operation. Add a config option
for this - MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-09-17 07:12:06 -04:00
parent 6f3a987ae3
commit 1175044156
No known key found for this signature in database
GPG key ID: 89A90840DC388527
9 changed files with 262 additions and 18 deletions

View file

@ -86,6 +86,7 @@
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#define MBEDTLS_SSL_DTLS_CONNECTION_ID
#define MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
/* Compile-time fixed parts of the SSL configuration */
#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED

View file

@ -672,6 +672,11 @@
#error "MBEDTLS_SSL_TLS_C defined, but neither TLS or DTLS is active"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) && \
defined(MBEDTLS_ARC4_C)
#error "MBEDTLS_ARC4_C cannot be defined with MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS on"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
#error "Illegal protocol selection"

View file

@ -3284,6 +3284,20 @@
*/
#define MBEDTLS_SSL_TLS_C
/**
* \def MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
* Use one cipher context for both decryption and encryption in ssl transforms.
*
* This change saves some RAM, but makes the operations last longer:
* before every encryption and decryption a key is set on the context.
*
* This change will not work with MBEDTLS_ARC4_C, since it requires an
* additional table and offsets to be saved between cipher calls, and this
* contradicts key resetting before each use.
*
*/
//#define MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
/**
* \def MBEDTLS_THREADING_C
*

View file

@ -756,9 +756,15 @@ struct mbedtls_ssl_transform
z_stream ctx_inflate; /*!< decompression context */
#endif
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
unsigned char *key_enc;
unsigned char *key_dec;
unsigned int key_bitlen;
mbedtls_cipher_context_t cipher_ctx; /*!< encryption/decryption context */
#else
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
/* We need the Hello random bytes in order to re-derive keys from the
* Master Secret and other session info, see ssl_populate_transform() */

View file

@ -1563,7 +1563,21 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
iv_copy_len );
}
#endif
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
return( ret );
}
transform->key_enc = mbedtls_calloc( 1, cipher_info->key_bitlen >> 3 );
transform->key_dec = mbedtls_calloc( 1, cipher_info->key_bitlen >> 3 );
memcpy( transform->key_enc, key1, cipher_info->key_bitlen >> 3 );
memcpy( transform->key_dec, key2, cipher_info->key_bitlen >> 3 );
transform->key_bitlen = cipher_info->key_bitlen;
#else
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
@ -1593,10 +1607,18 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( cipher_info->mode == MBEDTLS_MODE_CBC )
{
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx,
MBEDTLS_PADDING_NONE ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
MBEDTLS_PADDING_NONE ) ) != 0 )
{
@ -1610,6 +1632,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
return( ret );
}
#endif
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -2554,9 +2577,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx );
#else
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
#endif
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
@ -2671,7 +2696,25 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of padding",
rec->data_len, 0 ) );
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx,
transform->key_enc,
transform->key_bitlen,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
@ -2680,7 +2723,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#endif
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@ -2754,7 +2797,27 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
/*
* Encrypt and authenticate
*/
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx,
transform->key_enc,
transform->key_bitlen,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
data, &rec->data_len, /* destination */
data + rec->data_len, transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
@ -2765,7 +2828,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
return( ret );
}
#endif
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len, transform->taglen );
@ -2841,7 +2904,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
"including %d bytes of IV and %d bytes of padding",
rec->data_len, transform->ivlen,
padlen + 1 ) );
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx,
transform->key_enc,
transform->key_bitlen,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc,
transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc,
transform->ivlen,
@ -2851,7 +2933,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#endif
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@ -2866,8 +2948,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
/*
* Save IV in SSL3 and TLS1
*/
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mbedtls_platform_memcpy( transform->iv_enc, transform->cipher_ctx.iv,
transform->ivlen );
#else
mbedtls_platform_memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
transform->ivlen );
#endif
}
else
#endif
@ -2968,8 +3055,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
}
data = rec->buf + rec->data_offset;
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx );
#else
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
* Match record's CID with incoming CID.
@ -2985,6 +3075,25 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
if( mode == MBEDTLS_MODE_STREAM )
{
padlen = 0;
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx,
transform->key_dec,
transform->key_bitlen,
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_dec,
transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec,
transform->ivlen,
@ -2994,7 +3103,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#endif
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@ -3082,6 +3191,31 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
/*
* Decrypt and authenticate
*/
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx,
transform->key_dec,
transform->key_bitlen,
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx,
iv, transform->ivlen,
add_data, add_data_len,
data, rec->data_len,
data, &olen,
data + rec->data_len,
transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
return( MBEDTLS_ERR_SSL_INVALID_MAC );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
iv, transform->ivlen,
add_data, add_data_len,
@ -3097,6 +3231,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
return( ret );
}
#endif
auth_done++;
/* Double-check that AEAD decryption doesn't change content length. */
@ -3239,7 +3375,23 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx,
transform->key_dec,
transform->key_bitlen,
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_dec, transform->ivlen,
data, rec->data_len, data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec, transform->ivlen,
data, rec->data_len, data, &olen ) ) != 0 )
@ -3247,7 +3399,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
#endif
/* Double-check that length hasn't changed during decryption. */
if( rec->data_len != olen )
{
@ -3266,8 +3418,13 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* of the records; in other words, IVs are maintained across
* record decryptions.
*/
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mbedtls_platform_memcpy( transform->iv_dec, transform->cipher_ctx.iv,
transform->ivlen );
#else
mbedtls_platform_memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
transform->ivlen );
#endif
}
#endif
@ -8495,9 +8652,12 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
{
memset( transform, 0, sizeof(mbedtls_ssl_transform) );
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mbedtls_cipher_init( &transform->cipher_ctx );
#else
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
#endif
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc );
@ -9866,8 +10026,11 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx ) )
#else
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
#endif
{
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
@ -9898,10 +10061,13 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
case MBEDTLS_MODE_CBC:
{
size_t block_size;
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
block_size = mbedtls_cipher_get_block_size(
&transform->cipher_ctx );
#else
block_size = mbedtls_cipher_get_block_size(
&transform->cipher_ctx_enc );
#endif
/* Expansion due to the addition of the MAC. */
transform_expansion += transform->maclen;
@ -11371,8 +11537,13 @@ static int ssl_write_split( mbedtls_ssl_context *ssl,
mbedtls_ssl_ver_gt(
mbedtls_ssl_get_minor_ver( ssl ),
MBEDTLS_SSL_MINOR_VERSION_1 ) ||
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx )
!= MBEDTLS_MODE_CBC )
#else
mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
!= MBEDTLS_MODE_CBC )
#endif
{
return( ssl_write_real( ssl, buf, len ) );
}
@ -11486,10 +11657,16 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
deflateEnd( &transform->ctx_deflate );
inflateEnd( &transform->ctx_inflate );
#endif
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
mbedtls_cipher_free( &transform->cipher_ctx );
if( transform->key_dec != NULL )
mbedtls_free( transform->key_dec );
if( transform->key_enc != NULL )
mbedtls_free( transform->key_enc );
#else
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
#endif
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );

View file

@ -792,6 +792,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TLS_C)
"MBEDTLS_SSL_TLS_C",
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
"MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS",
#endif /* MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS */
#if defined(MBEDTLS_THREADING_C)
"MBEDTLS_THREADING_C",
#endif /* MBEDTLS_THREADING_C */

View file

@ -2154,6 +2154,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
if( strcmp( "MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS );
return( 0 );
}
#endif /* MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS */
#if defined(MBEDTLS_THREADING_C)
if( strcmp( "MBEDTLS_THREADING_C", config ) == 0 )
{

View file

@ -57,6 +57,7 @@
# MBEDTLS_AES_ONLY_ENCRYPT
# MBEDTLS_AES_SCA_COUNTERMEASURES
# MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
# MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
# and any symbol beginning _ALT
#
# The baremetal configuration excludes options that require a library or
@ -140,6 +141,7 @@ MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
MBEDTLS_AES_ONLY_ENCRYPT
MBEDTLS_AES_SCA_COUNTERMEASURES
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
_ALT\s*$
);

View file

@ -68,15 +68,41 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
memset( key0, 0x1, keylen );
memset( key1, 0x2, keylen );
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
t_in->key_enc = mbedtls_calloc( 1, keylen );
t_in->key_dec = mbedtls_calloc( 1, keylen );
t_out->key_enc = mbedtls_calloc( 1, keylen );
t_out->key_dec = mbedtls_calloc( 1, keylen );
memcpy( t_in->key_enc, key0, keylen);
memcpy( t_in->key_dec, key1, keylen);
t_in->key_bitlen = cipher_info->key_bitlen;
memcpy( t_out->key_enc, key1, keylen);
memcpy( t_out->key_dec, key0, keylen);
t_out->key_bitlen = cipher_info->key_bitlen;
/* Setup cipher contexts */
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx, cipher_info ) == 0 );
CHK( mbedtls_cipher_setup( &t_out->cipher_ctx, cipher_info ) == 0 );
#else
/* Setup cipher contexts */
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( cipher_info->mode == MBEDTLS_MODE_CBC )
{
#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx,
MBEDTLS_PADDING_NONE ) == 0 );
CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx,
MBEDTLS_PADDING_NONE ) == 0 );
#else
CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
MBEDTLS_PADDING_NONE ) == 0 );
CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
@ -85,9 +111,11 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
MBEDTLS_PADDING_NONE ) == 0 );
CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
MBEDTLS_PADDING_NONE ) == 0 );
#endif
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if !defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS)
CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
@ -96,7 +124,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
keylen << 3, MBEDTLS_DECRYPT ) == 0 );
#endif
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( cipher_info->mode == MBEDTLS_MODE_CBC ||