Lines Matching refs:transform
739 mbedtls_ssl_transform const *transform) in ssl_transform_aead_dynamic_iv_is_explicit() argument
741 return transform->ivlen != transform->fixed_ivlen; in ssl_transform_aead_dynamic_iv_is_explicit()
784 mbedtls_ssl_transform *transform, in mbedtls_ssl_encrypt_buf() argument
809 if (transform == NULL) { in mbedtls_ssl_encrypt_buf()
825 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_encrypt_buf()
853 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_encrypt_buf()
873 rec->cid_len = transform->out_cid_len; in mbedtls_ssl_encrypt_buf()
874 memcpy(rec->cid, transform->out_cid, transform->out_cid_len); in mbedtls_ssl_encrypt_buf()
908 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
920 transform->tls_version, in mbedtls_ssl_encrypt_buf()
921 transform->taglen); in mbedtls_ssl_encrypt_buf()
923 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
924 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
945 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
949 transform->maclen); in mbedtls_ssl_encrypt_buf()
951 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
952 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
956 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
989 ssl_transform_aead_dynamic_iv_is_explicit(transform); in mbedtls_ssl_encrypt_buf()
994 if (post_avail < transform->taglen) { in mbedtls_ssl_encrypt_buf()
1015 transform->iv_enc, in mbedtls_ssl_encrypt_buf()
1016 transform->fixed_ivlen, in mbedtls_ssl_encrypt_buf()
1025 transform->tls_version, in mbedtls_ssl_encrypt_buf()
1026 transform->taglen); in mbedtls_ssl_encrypt_buf()
1029 iv, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1042 status = psa_aead_encrypt(transform->psa_key_enc, in mbedtls_ssl_encrypt_buf()
1043 transform->psa_alg, in mbedtls_ssl_encrypt_buf()
1044 iv, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1057 data + rec->data_len - transform->taglen, in mbedtls_ssl_encrypt_buf()
1058 transform->taglen); in mbedtls_ssl_encrypt_buf()
1060 post_avail -= transform->taglen; in mbedtls_ssl_encrypt_buf()
1091 padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; in mbedtls_ssl_encrypt_buf()
1092 if (padlen == transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1115 if (rec->data_offset < transform->ivlen) { in mbedtls_ssl_encrypt_buf()
1123 ret = psa_generate_random(transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1128 memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1135 rec->data_len, transform->ivlen, in mbedtls_ssl_encrypt_buf()
1139 transform->psa_key_enc, transform->psa_alg); in mbedtls_ssl_encrypt_buf()
1147 status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); in mbedtls_ssl_encrypt_buf()
1185 data -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1186 rec->data_offset -= transform->ivlen; in mbedtls_ssl_encrypt_buf()
1187 rec->data_len += transform->ivlen; in mbedtls_ssl_encrypt_buf()
1198 if (post_avail < transform->maclen) { in mbedtls_ssl_encrypt_buf()
1204 rec, transform->tls_version, in mbedtls_ssl_encrypt_buf()
1205 transform->taglen); in mbedtls_ssl_encrypt_buf()
1210 status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, in mbedtls_ssl_encrypt_buf()
1211 transform->psa_mac_alg); in mbedtls_ssl_encrypt_buf()
1232 memcpy(data + rec->data_len, mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1234 rec->data_len += transform->maclen; in mbedtls_ssl_encrypt_buf()
1235 post_avail -= transform->maclen; in mbedtls_ssl_encrypt_buf()
1239 mbedtls_platform_zeroize(mac, transform->maclen); in mbedtls_ssl_encrypt_buf()
1270 mbedtls_ssl_transform *transform, in mbedtls_ssl_decrypt_buf() argument
1310 ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); in mbedtls_ssl_decrypt_buf()
1316 if (rec->cid_len != transform->in_cid_len || in mbedtls_ssl_decrypt_buf()
1317 memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { in mbedtls_ssl_decrypt_buf()
1324 if (rec->data_len < transform->maclen) { in mbedtls_ssl_decrypt_buf()
1328 rec->data_len, transform->maclen)); in mbedtls_ssl_decrypt_buf()
1352 if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { in mbedtls_ssl_decrypt_buf()
1370 if (rec->data_len < transform->taglen) { in mbedtls_ssl_decrypt_buf()
1374 transform->taglen)); in mbedtls_ssl_decrypt_buf()
1377 rec->data_len -= transform->taglen; in mbedtls_ssl_decrypt_buf()
1383 transform->iv_dec, in mbedtls_ssl_decrypt_buf()
1384 transform->fixed_ivlen, in mbedtls_ssl_decrypt_buf()
1393 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1394 transform->taglen); in mbedtls_ssl_decrypt_buf()
1404 MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1406 transform->taglen); in mbedtls_ssl_decrypt_buf()
1411 status = psa_aead_decrypt(transform->psa_key_dec, in mbedtls_ssl_decrypt_buf()
1412 transform->psa_alg, in mbedtls_ssl_decrypt_buf()
1413 iv, transform->ivlen, in mbedtls_ssl_decrypt_buf()
1415 data, rec->data_len + transform->taglen, in mbedtls_ssl_decrypt_buf()
1447 minlen += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1471 if (rec->data_len < minlen + transform->ivlen || in mbedtls_ssl_decrypt_buf()
1472 rec->data_len < minlen + transform->maclen + 1) { in mbedtls_ssl_decrypt_buf()
1478 transform->ivlen, in mbedtls_ssl_decrypt_buf()
1479 transform->maclen)); in mbedtls_ssl_decrypt_buf()
1502 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
1504 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1505 transform->taglen); in mbedtls_ssl_decrypt_buf()
1510 status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
1511 transform->psa_mac_alg); in mbedtls_ssl_decrypt_buf()
1528 transform->maclen); in mbedtls_ssl_decrypt_buf()
1556 if (rec->data_len % transform->ivlen != 0) { in mbedtls_ssl_decrypt_buf()
1559 rec->data_len, transform->ivlen)); in mbedtls_ssl_decrypt_buf()
1568 memcpy(transform->iv_dec, data, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1570 data += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1571 rec->data_offset += transform->ivlen; in mbedtls_ssl_decrypt_buf()
1572 rec->data_len -= transform->ivlen; in mbedtls_ssl_decrypt_buf()
1578 transform->psa_key_dec, transform->psa_alg); in mbedtls_ssl_decrypt_buf()
1586 status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); in mbedtls_ssl_decrypt_buf()
1636 if (rec->data_len < transform->maclen + padlen + 1) { in mbedtls_ssl_decrypt_buf()
1641 transform->maclen, in mbedtls_ssl_decrypt_buf()
1647 transform->maclen + padlen + 1); in mbedtls_ssl_decrypt_buf()
1737 rec->data_len -= transform->maclen; in mbedtls_ssl_decrypt_buf()
1739 transform->tls_version, in mbedtls_ssl_decrypt_buf()
1740 transform->taglen); in mbedtls_ssl_decrypt_buf()
1756 ret = mbedtls_ct_hmac(transform->psa_mac_dec, in mbedtls_ssl_decrypt_buf()
1757 transform->psa_mac_alg, in mbedtls_ssl_decrypt_buf()
1769 transform->maclen); in mbedtls_ssl_decrypt_buf()
1773 MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1774 MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
1778 transform->maclen) != 0) { in mbedtls_ssl_decrypt_buf()
1787 mbedtls_platform_zeroize(mac_peer, transform->maclen); in mbedtls_ssl_decrypt_buf()
1788 mbedtls_platform_zeroize(mac_expect, transform->maclen); in mbedtls_ssl_decrypt_buf()
1809 if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_decrypt_buf()
5107 mbedtls_ssl_transform const *transform) in ssl_transform_get_explicit_iv_len() argument
5109 return transform->ivlen - transform->fixed_ivlen; in ssl_transform_get_explicit_iv_len()
5113 mbedtls_ssl_transform *transform) in mbedtls_ssl_update_out_pointers() argument
5121 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5122 ssl->out_len += transform->out_cid_len; in mbedtls_ssl_update_out_pointers()
5140 if (transform != NULL) { in mbedtls_ssl_update_out_pointers()
5141 ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); in mbedtls_ssl_update_out_pointers()
5293 const mbedtls_ssl_transform *transform = ssl->transform_out; in mbedtls_ssl_get_record_expansion() local
5300 if (transform == NULL) { in mbedtls_ssl_get_record_expansion()
5305 if (transform->psa_alg == PSA_ALG_GCM || in mbedtls_ssl_get_record_expansion()
5306 transform->psa_alg == PSA_ALG_CCM || in mbedtls_ssl_get_record_expansion()
5307 transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || in mbedtls_ssl_get_record_expansion()
5308 transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || in mbedtls_ssl_get_record_expansion()
5309 transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) { in mbedtls_ssl_get_record_expansion()
5310 transform_expansion = transform->minlen; in mbedtls_ssl_get_record_expansion()
5311 } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) { in mbedtls_ssl_get_record_expansion()
5312 (void) psa_get_key_attributes(transform->psa_key_enc, &attr); in mbedtls_ssl_get_record_expansion()
5318 transform_expansion += transform->maclen; in mbedtls_ssl_get_record_expansion()
5337 if (transform->out_cid_len != 0) { in mbedtls_ssl_get_record_expansion()
6013 void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) in mbedtls_ssl_transform_free() argument
6015 if (transform == NULL) { in mbedtls_ssl_transform_free()
6019 psa_destroy_key(transform->psa_key_enc); in mbedtls_ssl_transform_free()
6020 psa_destroy_key(transform->psa_key_dec); in mbedtls_ssl_transform_free()
6023 psa_destroy_key(transform->psa_mac_enc); in mbedtls_ssl_transform_free()
6024 psa_destroy_key(transform->psa_mac_dec); in mbedtls_ssl_transform_free()
6027 mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); in mbedtls_ssl_transform_free()
6031 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_inbound_transform() argument
6033 ssl->transform_in = transform; in mbedtls_ssl_set_inbound_transform()
6038 mbedtls_ssl_transform *transform) in mbedtls_ssl_set_outbound_transform() argument
6040 ssl->transform_out = transform; in mbedtls_ssl_set_outbound_transform()