Add AEAD tag length to new mbedtls_cipher_setup_psa()

For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
This commit is contained in:
Hanno Becker 2018-11-12 16:26:27 +00:00
parent a395d8f1e9
commit 20120b373e
2 changed files with 11 additions and 3 deletions

View file

@ -434,6 +434,12 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
*
* \param ctx The context to initialize. May not be \c NULL.
* \param cipher_info The cipher to use.
* \param taglen For AEAD ciphers, the length in bytes of the
* authentication tag to use. Subsequent uses of
* mbedtls_cipher_auth_encrypt() or
* mbedtls_cipher_auth_decrypt() must provide
* the same tag length.
* For non-AEAD ciphers, the value must be \c 0.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@ -442,7 +448,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
* cipher-specific context fails.
*/
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info );
const mbedtls_cipher_info_t *cipher_info,
size_t taglen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**

View file

@ -234,7 +234,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
const mbedtls_cipher_info_t *cipher_info,
size_t taglen )
{
psa_algorithm_t alg;
mbedtls_cipher_context_psa *cipher_psa;
@ -242,7 +243,7 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
if( NULL == cipher_info || NULL == ctx )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode );
alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
if( alg == 0)
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );