From 430f337b495e33459705264ba83b7df627d13963 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 10 Jan 2022 11:55:46 +0100 Subject: [PATCH 01/46] Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 16 +++++ library/ssl_tls.c | 145 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 161 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ad358b369..fb7533a08 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1274,6 +1274,22 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( return( MBEDTLS_SVC_KEY_ID_INIT ); } + +/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL */ +#define MBEDTLS_SSL_NULL_CIPHER 0x04000000 + +/** + * Translate mbedtls cipher type/mode pair to psa: algorithm, key type and + * key size. + * + * Return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if + * conversion is not supported. + */ +psa_status_t mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, + size_t taglen, + psa_algorithm_t *alg, + psa_key_type_t *key_type, + size_t *key_size ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f261a6a89..61b8c6cbd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4006,6 +4006,151 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, return( ret ); } +psa_status_t mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, + size_t taglen, + psa_algorithm_t *alg, + psa_key_type_t *key_type, + size_t *key_size ) +{ + switch ( mbedtls_cipher_type ) + { + case MBEDTLS_CIPHER_AES_128_CBC: + *alg = PSA_ALG_CBC_NO_PADDING; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 128; + break; + case MBEDTLS_CIPHER_AES_128_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 128; + break; + case MBEDTLS_CIPHER_AES_128_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 128; + break; + case MBEDTLS_CIPHER_AES_192_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 192; + break; + case MBEDTLS_CIPHER_AES_192_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 192; + break; + case MBEDTLS_CIPHER_AES_256_CBC: + *alg = PSA_ALG_CBC_NO_PADDING; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 256; + break; + case MBEDTLS_CIPHER_AES_256_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 256; + break; + case MBEDTLS_CIPHER_AES_256_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_AES; + *key_size = 256; + break; + case MBEDTLS_CIPHER_ARIA_128_CBC: + *alg = PSA_ALG_CBC_NO_PADDING; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 128; + break; + case MBEDTLS_CIPHER_ARIA_128_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 128; + break; + case MBEDTLS_CIPHER_ARIA_128_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 128; + break; + case MBEDTLS_CIPHER_ARIA_192_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 192; + break; + case MBEDTLS_CIPHER_ARIA_192_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 192; + break; + case MBEDTLS_CIPHER_ARIA_256_CBC: + *alg = PSA_ALG_CBC_NO_PADDING; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 256; + break; + case MBEDTLS_CIPHER_ARIA_256_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 256; + break; + case MBEDTLS_CIPHER_ARIA_256_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_ARIA; + *key_size = 256; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_CBC: + *alg = PSA_ALG_CBC_NO_PADDING; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 128; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 128; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 128; + break; + case MBEDTLS_CIPHER_CAMELLIA_192_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 192; + break; + case MBEDTLS_CIPHER_CAMELLIA_192_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 192; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_CBC: + *alg = PSA_ALG_CBC_NO_PADDING; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 256; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_CCM: + *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 256; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_GCM: + *alg = PSA_ALG_GCM; + *key_type = PSA_KEY_TYPE_CAMELLIA; + *key_size = 256; + break; + case MBEDTLS_CIPHER_CHACHA20_POLY1305: + *alg = PSA_ALG_CHACHA20_POLY1305; + *key_type = PSA_KEY_TYPE_CHACHA20; + *key_size = 256; + break; + case MBEDTLS_CIPHER_NULL: + *alg = MBEDTLS_SSL_NULL_CIPHER; + *key_type = 0; + *key_size = 0; + break; + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} + int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, mbedtls_svc_key_id_t psk ) { From 44187d7a3ecc2f5657042de1876248fb45d3103f Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 11 Jan 2022 08:25:29 +0100 Subject: [PATCH 02/46] Extend mbedtls_ssl_transform struct for psa keys and alg Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index fb7533a08..333b1c176 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -941,6 +941,12 @@ struct mbedtls_ssl_transform mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ int minor_ver; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ + mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */ + psa_algorithm_t psa_alg; /*!< psa algorithm */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t in_cid_len; uint8_t out_cid_len; From 8f80fb9b1d5e8d96b14f2077f6151631b63ff0ec Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 11 Jan 2022 08:28:13 +0100 Subject: [PATCH 03/46] Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 5 +++++ library/ssl_tls.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 51eb4619c..1f946b68f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5404,6 +5404,11 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_cipher_free( &transform->cipher_ctx_enc ); mbedtls_cipher_free( &transform->cipher_ctx_dec ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key( &transform->psa_key_enc ); + psa_destroy_key( &transform->psa_key_dec ); +#endif + #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 61b8c6cbd..ff56dcb3b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3025,6 +3025,11 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) mbedtls_cipher_init( &transform->cipher_ctx_enc ); mbedtls_cipher_init( &transform->cipher_ctx_dec ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; + transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; +#endif + #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_md_init( &transform->md_ctx_enc ); mbedtls_md_init( &transform->md_ctx_dec ); From ce37d11c67ec0e9159109956bdde4b823cba1ef5 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 13 Jan 2022 14:53:52 +0100 Subject: [PATCH 04/46] mbedtls_ssl_transform_free(): fix destruction of psa keys Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1f946b68f..46b9f0c00 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5405,8 +5405,8 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_cipher_free( &transform->cipher_ctx_dec ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key( &transform->psa_key_enc ); - psa_destroy_key( &transform->psa_key_dec ); + psa_destroy_key( transform->psa_key_enc ); + psa_destroy_key( transform->psa_key_dec ); #endif #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) From ffccda45df54974420f74a5b2b1e541445d51974 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 11 Jan 2022 14:44:01 +0100 Subject: [PATCH 05/46] ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ff56dcb3b..44b9c85af 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -56,6 +56,9 @@ #include "mbedtls/oid.h" #endif +/* Convert key bits to byte size */ +#define KEY_BYTES( bits ) ( ( (size_t) bits + 7 ) / 8 ) + #if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -720,6 +723,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, const mbedtls_cipher_info_t *cipher_info; const mbedtls_md_info_t *md_info; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + size_t key_bits; + psa_status_t status; +#endif + #if !defined(MBEDTLS_DEBUG_C) && \ !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( ssl->f_export_keys == NULL ) @@ -1077,6 +1088,40 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, goto end; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ( status = mbedtls_cipher_to_psa( cipher_info->type, + transform->taglen, + &alg, + &key_type, + &key_bits ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", status ); + goto end; + } + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + + transform->psa_alg = alg; + + if( ( status = psa_import_key( &attributes, + key1, + KEY_BYTES( key_bits ), + &transform->psa_key_enc ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + goto end; + } + if( ( status = psa_import_key( &attributes, + key2, + KEY_BYTES( key_bits ), + &transform->psa_key_dec ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + goto end; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_CIPHER_MODE_CBC) if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) { From ae77b0ab28ed2b84f41252837de1037e50832845 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 12 Jan 2022 10:29:03 +0100 Subject: [PATCH 06/46] mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls13_keys.c | 61 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index eb84be558..299d8bca4 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -31,6 +31,10 @@ #include "ssl_misc.h" #include "ssl_tls13_keys.h" +/* Convert key bits to byte size */ +#define KEY_BYTES( bits ) ( ( (size_t) bits + 7 ) / 8 ) + + #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, @@ -795,6 +799,21 @@ exit: return( ret ); } +static int psa_status_to_mbedtls( psa_status_t status ) +{ + switch( status ) + { + case PSA_SUCCESS: + return( 0 ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + default: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } +} + int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, int endpoint, int ciphersuite, @@ -809,6 +828,14 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, unsigned char const *key_dec; unsigned char const *iv_dec; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + size_t key_bits; + psa_status_t status = PSA_SUCCESS; +#endif + #if !defined(MBEDTLS_DEBUG_C) ssl = NULL; /* make sure we don't use it except for those cases */ (void) ssl; @@ -892,6 +919,40 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, return( ret ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ( status = mbedtls_cipher_to_psa( cipher_info->type, + transform->taglen, + &alg, + &key_type, + &key_bits ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", status ); + return( psa_status_to_mbedtls( status ) ); + } + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + + transform->psa_alg = alg; + + if( ( status = psa_import_key( &attributes, + key_enc, + KEY_BYTES( key_bits ), + &transform->psa_key_enc ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + return( psa_status_to_mbedtls( status ) ); + } + if( ( status = psa_import_key( &attributes, + key_dec, + KEY_BYTES( key_bits ), + &transform->psa_key_dec ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + return( psa_status_to_mbedtls( status ) ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Setup other fields in SSL transform */ From 11a33e6d90737f188d75421f33defad86dadde4d Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 12 Jan 2022 10:42:58 +0100 Subject: [PATCH 07/46] Use PSA_BITS_TO_BYTES macro to convert key bits to bytes Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls.c | 7 ++----- library/ssl_tls13_keys.c | 8 ++------ 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 44b9c85af..0be6ec646 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -56,9 +56,6 @@ #include "mbedtls/oid.h" #endif -/* Convert key bits to byte size */ -#define KEY_BYTES( bits ) ( ( (size_t) bits + 7 ) / 8 ) - #if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1106,7 +1103,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, if( ( status = psa_import_key( &attributes, key1, - KEY_BYTES( key_bits ), + PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); @@ -1114,7 +1111,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } if( ( status = psa_import_key( &attributes, key2, - KEY_BYTES( key_bits ), + PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 299d8bca4..58ff010b2 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -31,10 +31,6 @@ #include "ssl_misc.h" #include "ssl_tls13_keys.h" -/* Convert key bits to byte size */ -#define KEY_BYTES( bits ) ( ( (size_t) bits + 7 ) / 8 ) - - #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, @@ -937,7 +933,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, if( ( status = psa_import_key( &attributes, key_enc, - KEY_BYTES( key_bits ), + PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); @@ -945,7 +941,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, } if( ( status = psa_import_key( &attributes, key_dec, - KEY_BYTES( key_bits ), + PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); From 76e1583483d127f504dc6edd88503fa986f58c35 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 12 Jan 2022 11:54:49 +0100 Subject: [PATCH 08/46] Convert psa status to mbedtls Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls.c | 24 +++++++++++++++++++++--- library/ssl_tls13_keys.c | 6 +++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0be6ec646..1bd98548d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -669,6 +669,21 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t); +static int psa_status_to_mbedtls( psa_status_t status ) +{ + switch( status ) + { + case PSA_SUCCESS: + return( 0 ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + default: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } +} + /* * Populate a transform structure with session keys and all the other * necessary information. @@ -1092,7 +1107,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", psa_status_to_mbedtls( status ) ); + ret = psa_status_to_mbedtls( status ); goto end; } @@ -1106,7 +1122,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); + ret = psa_status_to_mbedtls( status ); goto end; } if( ( status = psa_import_key( &attributes, @@ -1114,7 +1131,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); + ret = psa_status_to_mbedtls( status ); goto end; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 58ff010b2..99d086086 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -922,7 +922,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", psa_status_to_mbedtls( status ) ); return( psa_status_to_mbedtls( status ) ); } @@ -936,7 +936,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); return( psa_status_to_mbedtls( status ) ); } if( ( status = psa_import_key( &attributes, @@ -944,7 +944,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); return( psa_status_to_mbedtls( status ) ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From b37fae122c4069a6494fd980f2d2cbda77dce902 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 13 Jan 2022 14:28:44 +0100 Subject: [PATCH 09/46] mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 46b9f0c00..896436902 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -711,10 +711,45 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + size_t part_len; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", rec->data_len, 0 ) ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = psa_cipher_encrypt_setup( &cipher_op, + transform->psa_key_enc, transform->psa_alg ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_update( &cipher_op, + data, rec->data_len, + data, rec->data_len, &olen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_finish( &cipher_op, + data + olen, rec->data_len - olen, + &part_len ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + olen += part_len; +#else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, transform->iv_enc, transform->ivlen, data, rec->data_len, @@ -723,6 +758,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( rec->data_len != olen ) { @@ -746,6 +782,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, size_t dynamic_iv_len; int dynamic_iv_is_explicit = ssl_transform_aead_dynamic_iv_is_explicit( transform ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* Check that there's space for the authentication tag. */ if( post_avail < transform->taglen ) @@ -797,7 +838,18 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Encrypt and authenticate */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = psa_aead_encrypt( transform->psa_key_enc, + transform->psa_alg, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len, + data, rec->buf_len - (data - rec->buf), + &rec->data_len ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); +#else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, add_data, add_data_len, @@ -809,6 +861,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt_ext", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", data + rec->data_len - transform->taglen, transform->taglen ); @@ -841,6 +895,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t padlen, i; size_t olen; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + size_t part_len; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Currently we're always using minimal padding * (up to 255 bytes would be allowed). */ @@ -894,6 +953,34 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, rec->data_len, transform->ivlen, padlen + 1 ) ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = psa_cipher_encrypt_setup( &cipher_op, + transform->psa_key_enc, transform->psa_alg ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_update( &cipher_op, + data, rec->data_len, + data, rec->data_len, &olen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_finish( &cipher_op, + data + olen, rec->data_len - olen, + &part_len ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + olen += part_len; +#else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, transform->iv_enc, transform->ivlen, @@ -903,6 +990,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( rec->data_len != olen ) { From 2e9711f7667880720f2aa6bb592823f88a1fd3ff Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 13 Jan 2022 14:50:15 +0100 Subject: [PATCH 10/46] mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 89 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 896436902..fe7d1e5cb 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -784,7 +784,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ssl_transform_aead_dynamic_iv_is_explicit( transform ); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1127,6 +1126,41 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( mode == MBEDTLS_MODE_STREAM ) { padlen = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + size_t part_len; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = psa_cipher_decrypt_setup( &cipher_op, + transform->psa_key_dec, transform->psa_alg ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_update( &cipher_op, + data, rec->data_len, + data, rec->data_len, &olen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_finish( &cipher_op, + data + olen, rec->data_len - olen, + &part_len ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + olen += part_len; +#else + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, transform->iv_dec, transform->ivlen, @@ -1136,12 +1170,14 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } + } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ @@ -1155,6 +1191,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Extract dynamic part of nonce for AEAD decryption. @@ -1229,6 +1268,18 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Decrypt and authenticate */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = psa_aead_decrypt( transform->psa_key_dec, + transform->psa_alg, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len + transform->taglen, + data, rec->buf_len - (data - rec->buf), + &rec->data_len ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); +#else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, add_data, add_data_len, @@ -1243,6 +1294,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + auth_done++; /* Double-check that AEAD decryption doesn't change content length. */ @@ -1258,6 +1311,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( mode == MBEDTLS_MODE_CBC ) { size_t minlen = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + size_t part_len; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Check immediate ciphertext sanity @@ -1398,6 +1456,35 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = psa_cipher_decrypt_setup( &cipher_op, + transform->psa_key_dec, transform->psa_alg ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_update( &cipher_op, + data, rec->data_len, + data, rec->data_len, &olen ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + status = psa_cipher_finish( &cipher_op, + data + olen, rec->data_len - olen, + &part_len ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + olen += part_len; +#else + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, transform->iv_dec, transform->ivlen, data, rec->data_len, data, &olen ) ) != 0 ) @@ -1405,6 +1492,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Double-check that length hasn't changed during decryption. */ if( rec->data_len != olen ) From 1fe065b23512903a5c9c59a0753d976b1d10b507 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 13 Jan 2022 15:56:33 +0100 Subject: [PATCH 11/46] Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 8 +++++--- library/ssl_tls.c | 2 ++ library/ssl_tls13_keys.c | 2 ++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fe7d1e5cb..6a5faa571 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -709,14 +709,15 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) if( mode == MBEDTLS_MODE_STREAM ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; size_t part_len; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#endif MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", @@ -776,7 +777,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_MODE_CHACHAPOLY ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; @@ -784,6 +784,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ssl_transform_aead_dynamic_iv_is_explicit( transform ); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; +#else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1bd98548d..3cf741e04 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -669,6 +669,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t); +#if defined(MBEDTLS_USE_PSA_CRYPTO) static int psa_status_to_mbedtls( psa_status_t status ) { switch( status ) @@ -683,6 +684,7 @@ static int psa_status_to_mbedtls( psa_status_t status ) return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Populate a transform structure with session keys and all the other diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 99d086086..e91b123e5 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -795,6 +795,7 @@ exit: return( ret ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) static int psa_status_to_mbedtls( psa_status_t status ) { switch( status ) @@ -809,6 +810,7 @@ static int psa_status_to_mbedtls( psa_status_t status ) return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, int endpoint, From 8398a67e319828df20ac257f6a6c6d0a77035a79 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 17 Jan 2022 14:52:42 +0100 Subject: [PATCH 12/46] Fix description of the translation function Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 333b1c176..a8bc10856 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1281,15 +1281,28 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( return( MBEDTLS_SVC_KEY_ID_INIT ); } -/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL */ +/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. + * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is + * guaranteed to not be a valid PSA algorithm identifier. + */ #define MBEDTLS_SSL_NULL_CIPHER 0x04000000 /** - * Translate mbedtls cipher type/mode pair to psa: algorithm, key type and - * key size. + * \brief Translate mbedtls cipher type/taglen pair to psa: + * algorithm, key type and key size. * - * Return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if - * conversion is not supported. + * \param mbedtls_cipher_type [in] given mbedtls cipher type + * \param taglen [in] given tag length + * 0 - default tag length + * \param alg [out] corresponding PSA alg + * There is no corresponding PSA + * alg for MBEDTLS_SSL_NULL_CIPHER, so + * MBEDTLS_SSL_NULL_CIPHER is returned + * \param key_type [out] corresponding PSA key type + * \param key_size [out] corresponding PSA key size + * + * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if + * conversion is not supported. */ psa_status_t mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, From e87475d834c8d8e77f7b6d322c4f02f568800a94 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 17 Jan 2022 15:23:04 +0100 Subject: [PATCH 13/46] Move psa_status_to_mbedtls to ssl_misc.h Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 22 ++++++++++++++++++++++ library/ssl_tls.c | 17 ----------------- library/ssl_tls13_keys.c | 17 ----------------- 3 files changed, 22 insertions(+), 34 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a8bc10856..68cc4f038 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1309,6 +1309,28 @@ psa_status_t mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, psa_algorithm_t *alg, psa_key_type_t *key_type, size_t *key_size ); + +/** + * \brief Convert given PSA status to mbedtls error code. + * + * \param status [in] given PSA status + * + * \return corresponding mbedtls error code + */ +static inline int psa_status_to_mbedtls( psa_status_t status ) +{ + switch( status ) + { + case PSA_SUCCESS: + return( 0 ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + default: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } +} #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3cf741e04..19204d228 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -669,23 +669,6 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t); -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static int psa_status_to_mbedtls( psa_status_t status ) -{ - switch( status ) - { - case PSA_SUCCESS: - return( 0 ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - default: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Populate a transform structure with session keys and all the other * necessary information. diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index e91b123e5..af01a0428 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -795,23 +795,6 @@ exit: return( ret ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static int psa_status_to_mbedtls( psa_status_t status ) -{ - switch( status ) - { - case PSA_SUCCESS: - return( 0 ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - default: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, int endpoint, int ciphersuite, From dd7b501c92366f9d1773eab9045a1f8769b6c4bb Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 17 Jan 2022 15:28:57 +0100 Subject: [PATCH 14/46] Move PSA init after taglen is set Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls13_keys.c | 42 ++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index af01a0428..e7c8e722c 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -900,6 +900,27 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, return( ret ); } + /* + * Setup other fields in SSL transform + */ + + if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 ) + transform->taglen = 8; + else + transform->taglen = 16; + + transform->ivlen = traffic_keys->iv_len; + transform->maclen = 0; + transform->fixed_ivlen = transform->ivlen; + transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4; + + /* We add the true record content type (1 Byte) to the plaintext and + * then pad to the configured granularity. The mimimum length of the + * type-extended and padded plaintext is therefore the padding + * granularity. */ + transform->minlen = + transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; + #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ( status = mbedtls_cipher_to_psa( cipher_info->type, transform->taglen, @@ -934,27 +955,6 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Setup other fields in SSL transform - */ - - if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 ) - transform->taglen = 8; - else - transform->taglen = 16; - - transform->ivlen = traffic_keys->iv_len; - transform->maclen = 0; - transform->fixed_ivlen = transform->ivlen; - transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4; - - /* We add the true record content type (1 Byte) to the plaintext and - * then pad to the configured granularity. The mimimum length of the - * type-extended and padded plaintext is therefore the padding - * granularity. */ - transform->minlen = - transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - return( 0 ); } From fe7397d8a7713bf3231869be06e492ff1e9b18af Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 17 Jan 2022 15:47:07 +0100 Subject: [PATCH 15/46] Fix key attributes encrypt or decrypt only (not both) Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls.c | 5 ++++- library/ssl_tls13_keys.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 19204d228..364cfc71e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1097,7 +1097,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, goto end; } - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); transform->psa_alg = alg; @@ -1111,6 +1111,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, ret = psa_status_to_mbedtls( status ); goto end; } + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + if( ( status = psa_import_key( &attributes, key2, PSA_BITS_TO_BYTES( key_bits ), diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index e7c8e722c..0aade35b0 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -932,7 +932,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, return( psa_status_to_mbedtls( status ) ); } - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); transform->psa_alg = alg; @@ -945,6 +945,9 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); return( psa_status_to_mbedtls( status ) ); } + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + if( ( status = psa_import_key( &attributes, key_dec, PSA_BITS_TO_BYTES( key_bits ), From ce09e7d868dbe71b99505da4c99bfe3ffc0e3bd8 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 17 Jan 2022 16:03:22 +0100 Subject: [PATCH 16/46] Use psa_status_to_mbedtls() for psa error case Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 36 ++++++++++++++++++------------------ library/ssl_tls.c | 6 +++--- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6a5faa571..0eab9be7e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -728,26 +728,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); olen += part_len; #else @@ -849,7 +849,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, @@ -959,26 +959,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); olen += part_len; #else @@ -1139,26 +1139,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); olen += part_len; #else @@ -1280,7 +1280,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, @@ -1463,26 +1463,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( psa_status_to_mbedtls( status ) ); olen += part_len; #else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 364cfc71e..6191d634a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1092,8 +1092,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", psa_status_to_mbedtls( status ) ); ret = psa_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", ret ); goto end; } @@ -1107,8 +1107,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); ret = psa_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } @@ -1119,8 +1119,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); ret = psa_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From d4eab5793395029d0fa42a24ecb6c55c45c3c25c Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 17 Jan 2022 16:20:10 +0100 Subject: [PATCH 17/46] Skip psa encryption/decryption for null cipher Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 88 +++++++++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 38 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0eab9be7e..c9f75de6b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -724,32 +724,38 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, rec->data_len, 0 ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_cipher_encrypt_setup( &cipher_op, - transform->psa_key_enc, transform->psa_alg ); + /* Skip psa encryption for null cipher */ + if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) + { + status = psa_cipher_encrypt_setup( &cipher_op, + transform->psa_key_enc, transform->psa_alg ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); + status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - status = psa_cipher_update( &cipher_op, - data, rec->data_len, - data, rec->data_len, &olen ); + status = psa_cipher_update( &cipher_op, + data, rec->data_len, + data, rec->data_len, &olen ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - status = psa_cipher_finish( &cipher_op, - data + olen, rec->data_len - olen, - &part_len ); + status = psa_cipher_finish( &cipher_op, + data + olen, rec->data_len - olen, + &part_len ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - olen += part_len; + olen += part_len; + } else { + olen = rec->data_len; + } #else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, transform->iv_enc, transform->ivlen, @@ -956,7 +962,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_cipher_encrypt_setup( &cipher_op, - transform->psa_key_enc, transform->psa_alg ); + transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) return( psa_status_to_mbedtls( status ) ); @@ -1135,32 +1141,38 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_cipher_decrypt_setup( &cipher_op, - transform->psa_key_dec, transform->psa_alg ); + /* Skip psa decryption for null cipher */ + if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) + { + status = psa_cipher_decrypt_setup( &cipher_op, + transform->psa_key_dec, transform->psa_alg ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); + status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - status = psa_cipher_update( &cipher_op, - data, rec->data_len, - data, rec->data_len, &olen ); + status = psa_cipher_update( &cipher_op, + data, rec->data_len, + data, rec->data_len, &olen ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - status = psa_cipher_finish( &cipher_op, - data + olen, rec->data_len - olen, - &part_len ); + status = psa_cipher_finish( &cipher_op, + data + olen, rec->data_len - olen, + &part_len ); - if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + if( status != PSA_SUCCESS ) + return( psa_status_to_mbedtls( status ) ); - olen += part_len; + olen += part_len; + } else { + olen = rec->data_len; + } #else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, @@ -1460,7 +1472,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_cipher_decrypt_setup( &cipher_op, - transform->psa_key_dec, transform->psa_alg ); + transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) return( psa_status_to_mbedtls( status ) ); From 6be9cf542f3e5763371a347d199c6db6bdd96d06 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 19 Jan 2022 16:00:22 +0100 Subject: [PATCH 18/46] Cleanup the code Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO). Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 5 +- library/ssl_msg.c | 106 +++++++++++++++++++++++++++++++++-- library/ssl_tls.c | 117 ++++++++++++--------------------------- library/ssl_tls13_keys.c | 11 +++- 4 files changed, 150 insertions(+), 89 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 68cc4f038..a6439dc3e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -937,14 +937,15 @@ struct mbedtls_ssl_transform #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ - mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ int minor_ver; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */ psa_algorithm_t psa_alg; /*!< psa algorithm */ +#else + mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ + mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c9f75de6b..2353c5e44 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -522,7 +522,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_cipher_mode_t mode; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ int auth_done = 0; unsigned char * data; unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ]; @@ -568,7 +570,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", data, rec->data_len ); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { @@ -649,8 +653,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Add MAC before if needed */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER || + ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING +#else if( mode == MBEDTLS_MODE_STREAM || ( mode == MBEDTLS_MODE_CBC +#endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED #endif @@ -707,7 +716,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Encrypt */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) +#else if( mode == MBEDTLS_MODE_STREAM ) +#endif { size_t olen; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -779,9 +792,18 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == PSA_ALG_GCM || + /* PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to + psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) + in tls context (TLS only uses the default taglen or 8) */ + PSA_ALG_IS_AEAD( transform->psa_alg ) || + transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ) +#else if( mode == MBEDTLS_MODE_GCM || mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_MODE_CHACHAPOLY ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -897,7 +919,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) +#else if( mode == MBEDTLS_MODE_CBC ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t padlen, i; @@ -1092,7 +1118,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_record *rec ) { size_t olen; +#if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_cipher_mode_t mode; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ int ret, auth_done = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t padlen = 0, correct = 1; @@ -1117,7 +1145,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } data = rec->buf + rec->data_offset; +#if !defined(MBEDTLS_USE_PSA_CRYPTO) mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* @@ -1131,7 +1161,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) +#else if( mode == MBEDTLS_MODE_STREAM ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { padlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1198,9 +1232,18 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == PSA_ALG_GCM || + /* PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to + psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) + in tls context (TLS only uses the default taglen or 8) */ + PSA_ALG_IS_AEAD( transform->psa_alg ) || + transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ) +#else if( mode == MBEDTLS_MODE_GCM || mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_MODE_CHACHAPOLY ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1322,7 +1365,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) +#else if( mode == MBEDTLS_MODE_CBC ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { size_t minlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -5047,12 +5094,62 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) size_t transform_expansion = 0; const mbedtls_ssl_transform *transform = ssl->transform_out; unsigned block_size; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t key_type; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl ); if( transform == NULL ) return( (int) out_hdr_len ); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + switch( transform->psa_alg ) + { + case PSA_ALG_GCM: + case PSA_ALG_CHACHA20_POLY1305: + case MBEDTLS_SSL_NULL_CIPHER: + transform_expansion = transform->minlen; + break; + + case PSA_ALG_CBC_NO_PADDING: + (void) psa_get_key_attributes( transform->psa_key_enc, &attr ); + key_type = psa_get_key_type( &attr ); + + block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); + + /* Expansion due to the addition of the MAC. */ + transform_expansion += transform->maclen; + + /* Expansion due to the addition of CBC padding; + * Theoretically up to 256 bytes, but we never use + * more than the block size of the underlying cipher. */ + transform_expansion += block_size; + + /* For TLS 1.2 or higher, an explicit IV is added + * after the record header. */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + transform_expansion += block_size; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + break; + + default: + /* Handle CCM case in default: + PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to + psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) + in tls context (TLS only uses the default taglen or 8) */ + if ( PSA_ALG_IS_AEAD( transform->psa_alg ) ) + { + transform_expansion = transform->minlen; + break; + } + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } +#else switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) { case MBEDTLS_MODE_GCM: @@ -5087,6 +5184,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( transform->out_cid_len != 0 ) @@ -5591,13 +5689,13 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) if( transform == NULL ) return; - mbedtls_cipher_free( &transform->cipher_ctx_enc ); - mbedtls_cipher_free( &transform->cipher_ctx_dec ); - #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key( transform->psa_key_enc ); psa_destroy_key( transform->psa_key_dec ); -#endif +#else + mbedtls_cipher_free( &transform->cipher_ctx_enc ); + mbedtls_cipher_free( &transform->cipher_ctx_dec ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_md_free( &transform->md_ctx_enc ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6191d634a..4266af4d3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -705,9 +705,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, const mbedtls_ssl_context *ssl ) { int ret = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - int psa_fallthrough; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char keyblk[256]; unsigned char *key1; unsigned char *key2; @@ -1011,80 +1008,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, tls_prf_get_type( tls_prf ) ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - goto end; - } - - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) ); - psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) ); - psa_fallthrough = 1; - } - - if( psa_fallthrough == 1 ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - goto end; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - goto end; - } - - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) ); - psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) ); - psa_fallthrough = 1; - } - - if( psa_fallthrough == 1 ) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, - (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), - MBEDTLS_ENCRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, - (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), - MBEDTLS_DECRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - goto end; - } - #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ( status = mbedtls_cipher_to_psa( cipher_info->type, transform->taglen, @@ -1099,6 +1022,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); transform->psa_alg = alg; @@ -1123,7 +1047,36 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#else + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), + MBEDTLS_ENCRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), + MBEDTLS_DECRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + goto end; + } #if defined(MBEDTLS_CIPHER_MODE_CBC) if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) @@ -1143,7 +1096,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - +#endif /* MBEDTLS_USE_PSA_CRYPTO */ end: mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); @@ -3070,12 +3023,12 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) { memset( transform, 0, sizeof(mbedtls_ssl_transform) ); - mbedtls_cipher_init( &transform->cipher_ctx_enc ); - mbedtls_cipher_init( &transform->cipher_ctx_dec ); - #if defined(MBEDTLS_USE_PSA_CRYPTO) transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; +#else + mbedtls_cipher_init( &transform->cipher_ctx_enc ); + mbedtls_cipher_init( &transform->cipher_ctx_dec ); #endif #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 0aade35b0..a3c1fe54f 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -801,7 +801,9 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, mbedtls_ssl_key_set const *traffic_keys, mbedtls_ssl_context *ssl /* DEBUG ONLY */ ) { +#if !defined(MBEDTLS_USE_PSA_CRYPTO) int ret; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_cipher_info_t const *cipher_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char const *key_enc; @@ -838,10 +840,10 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } +#if !defined(MBEDTLS_USE_PSA_CRYPTO) /* * Setup cipher contexts in target transform */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, cipher_info ) ) != 0 ) { @@ -855,6 +857,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SRV_C) if( endpoint == MBEDTLS_SSL_IS_SERVER ) @@ -884,6 +887,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len ); memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len ); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key_enc, cipher_info->key_bitlen, MBEDTLS_ENCRYPT ) ) != 0 ) @@ -899,6 +903,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Setup other fields in SSL transform @@ -922,6 +927,9 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; #if defined(MBEDTLS_USE_PSA_CRYPTO) + /* + * Setup psa keys and alg + */ if( ( status = mbedtls_cipher_to_psa( cipher_info->type, transform->taglen, &alg, @@ -934,6 +942,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); transform->psa_alg = alg; From 9b22c2b1e66506fbdfb2dcf3fce5e2e6797ec724 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 19 Jan 2022 16:09:58 +0100 Subject: [PATCH 19/46] Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls13_keys.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a6439dc3e..8155fb79c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1305,7 +1305,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if * conversion is not supported. */ -psa_status_t mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, +psa_status_t tls_mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, psa_key_type_t *key_type, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4266af4d3..0efdd3e3e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,14 +1009,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( status = mbedtls_cipher_to_psa( cipher_info->type, + if( ( status = tls_mbedtls_cipher_to_psa( cipher_info->type, transform->taglen, &alg, &key_type, &key_bits ) ) != PSA_SUCCESS ) { ret = psa_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "tls_mbedtls_cipher_to_psa", ret ); goto end; } @@ -4012,7 +4012,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, return( ret ); } -psa_status_t mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, +psa_status_t tls_mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, psa_key_type_t *key_type, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a3c1fe54f..5f0595bbb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -930,13 +930,13 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, /* * Setup psa keys and alg */ - if( ( status = mbedtls_cipher_to_psa( cipher_info->type, + if( ( status = tls_mbedtls_cipher_to_psa( cipher_info->type, transform->taglen, &alg, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_to_psa", psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "tls_mbedtls_cipher_to_psa", psa_status_to_mbedtls( status ) ); return( psa_status_to_mbedtls( status ) ); } From 93cf4eea6739b64f92d3c2e66333d28592238874 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 19 Jan 2022 16:18:53 +0100 Subject: [PATCH 20/46] Adapt test_suite_ssl for psa crypto Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.function | 113 ++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7a0b1f7b6..acfc3a4f4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1196,6 +1196,14 @@ static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_cipher_info_t const *cipher_info; int ret = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + size_t key_bits; + psa_status_t status; +#endif + size_t keylen, maclen, ivlen; unsigned char *key0 = NULL, *key1 = NULL; unsigned char *md0 = NULL, *md1 = NULL; @@ -1230,6 +1238,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memset( key0, 0x1, keylen ); memset( key1, 0x2, keylen ); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) /* Setup cipher contexts */ CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 ); CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 ); @@ -1258,6 +1267,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, keylen << 3, MBEDTLS_ENCRYPT ) == 0 ); CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0, keylen << 3, MBEDTLS_DECRYPT ) == 0 ); +#endif /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) @@ -1420,6 +1430,74 @@ static int build_transforms( mbedtls_ssl_transform *t_in, t_out->out_cid_len = cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = tls_mbedtls_cipher_to_psa( cipher_type, + t_in->taglen, + &alg, + &key_type, + &key_bits ); + + if ( status != PSA_SUCCESS) + { + ret = psa_status_to_mbedtls( status ); + goto cleanup; + } + + t_in->psa_alg = alg; + t_out->psa_alg = alg; + + if ( alg != MBEDTLS_SSL_NULL_CIPHER ) + { + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + status = psa_import_key( &attributes, + key0, + PSA_BITS_TO_BYTES( key_bits ), + &t_in->psa_key_enc ); + + if ( status != PSA_SUCCESS) + { + ret = psa_status_to_mbedtls( status ); + goto cleanup; + } + + status = psa_import_key( &attributes, + key1, + PSA_BITS_TO_BYTES( key_bits ), + &t_in->psa_key_dec ); + + if ( status != PSA_SUCCESS) + { + ret = psa_status_to_mbedtls( status ); + goto cleanup; + } + + status = psa_import_key( &attributes, + key1, + PSA_BITS_TO_BYTES( key_bits ), + &t_out->psa_key_enc ); + + if ( status != PSA_SUCCESS) + { + ret = psa_status_to_mbedtls( status ); + goto cleanup; + } + + status = psa_import_key( &attributes, + key0, + PSA_BITS_TO_BYTES( key_bits ), + &t_out->psa_key_dec ); + + if ( status != PSA_SUCCESS) + { + ret = psa_status_to_mbedtls( status ); + goto cleanup; + } + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + cleanup: mbedtls_free( key0 ); @@ -3178,13 +3256,17 @@ void ssl_crypt_record( int cipher_type, int hash_id, size_t const buflen = 512; mbedtls_record rec, rec_backup; + USE_PSA_INIT( ); + mbedtls_ssl_init( &ssl ); mbedtls_ssl_transform_init( &t0 ); mbedtls_ssl_transform_init( &t1 ); - TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len ) == 0 ); + ret = build_transforms( &t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver, + (size_t) cid0_len, + (size_t) cid1_len ); + + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); @@ -3288,6 +3370,7 @@ exit: mbedtls_ssl_transform_free( &t1 ); mbedtls_free( buf ); + USE_PSA_DONE( ); } /* END_CASE */ @@ -3334,13 +3417,17 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, int seen_success; /* Indicates if in the current mode we've * already seen a successful test. */ + USE_PSA_INIT( ); + mbedtls_ssl_init( &ssl ); mbedtls_ssl_transform_init( &t0 ); mbedtls_ssl_transform_init( &t1 ); - TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, + ret = build_transforms( &t0, &t1, cipher_type, hash_id, etm, tag_mode, ver, (size_t) cid0_len, - (size_t) cid1_len ) == 0 ); + (size_t) cid1_len ); + + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); @@ -3454,10 +3541,11 @@ exit: mbedtls_ssl_transform_free( &t1 ); mbedtls_free( buf ); + USE_PSA_DONE( ); } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO */ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, int length_selector ) { @@ -3487,17 +3575,20 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, unsigned char add_data[13]; unsigned char mac[MBEDTLS_MD_MAX_SIZE]; int exp_ret; + int ret; const unsigned char pad_max_len = 255; /* Per the standard */ + USE_PSA_INIT( ); + mbedtls_ssl_init( &ssl ); mbedtls_ssl_transform_init( &t0 ); mbedtls_ssl_transform_init( &t1 ); /* Set up transforms with dummy keys */ - TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, + ret = build_transforms( &t0, &t1, cipher_type, hash_id, 0, trunc_hmac, MBEDTLS_SSL_MINOR_VERSION_3, - 0 , 0 ) == 0 ); + 0 , 0 ); /* Determine padding/plaintext length */ TEST_ASSERT( length_selector >= -2 && length_selector <= 255 ); @@ -3666,6 +3757,7 @@ exit: mbedtls_ssl_transform_free( &t1 ); mbedtls_free( buf ); mbedtls_free( buf_save ); + USE_PSA_DONE( ); } /* END_CASE */ @@ -3964,6 +4056,8 @@ void ssl_tls13_record_protection( int ciphersuite, size_t buf_len; int other_endpoint; + USE_PSA_INIT( ); + TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT || endpoint == MBEDTLS_SSL_IS_SERVER ); @@ -4039,6 +4133,7 @@ void ssl_tls13_record_protection( int ciphersuite, mbedtls_free( buf ); mbedtls_ssl_transform_free( &transform_send ); mbedtls_ssl_transform_free( &transform_recv ); + USE_PSA_DONE( ); } /* END_CASE */ From 5b2de0c35ce9d711490ace579018c3fd3fde0aa0 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 19 Jan 2022 16:19:40 +0100 Subject: [PATCH 21/46] test_suite_ssl.data: remove redundant test cases Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.data | 1152 ------------------------------ 1 file changed, 1152 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index b444040eb..eb477a21a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -822,198 +822,6 @@ Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, AES-192-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, AES-256-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1398,198 +1206,6 @@ Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, ARIA-192-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, ARIA-256-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1974,198 +1590,6 @@ Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -2950,198 +2374,6 @@ Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, AES-192-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, AES-256-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3526,198 +2758,6 @@ Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -4102,198 +3142,6 @@ Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 From 221b52791e3cfd58f5ec2329605ef5e5f028eb05 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 20 Jan 2022 09:18:44 +0100 Subject: [PATCH 22/46] ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 2353c5e44..e473c27f1 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1332,7 +1332,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, add_data, add_data_len, data, rec->data_len + transform->taglen, data, rec->buf_len - (data - rec->buf), - &rec->data_len ); + &olen ); if( status != PSA_SUCCESS ) return( psa_status_to_mbedtls( status ) ); From f4b3f087ae0c33de2ac67387dd5515a9c3f19f0b Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Fri, 21 Jan 2022 11:25:04 +0100 Subject: [PATCH 23/46] test_suite_ssl.data: remove redundant test cases(short tag + GCM) Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.data | 144 ------------------------------- 1 file changed, 144 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index eb477a21a..03ea99434 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -1798,18 +1798,6 @@ Record crypt, AES-128-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, AES-128-GCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-128-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-128-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, AES-192-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1826,18 +1814,6 @@ Record crypt, AES-192-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, AES-192-GCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-192-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-192-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, AES-256-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1854,18 +1830,6 @@ Record crypt, AES-256-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, AES-256-GCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, AES-256-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, AES-256-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, CAMELLIA-128-GCM, 1.2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1878,18 +1842,6 @@ Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, CAMELLIA-128-GCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, CAMELLIA-192-GCM, 1.2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1902,18 +1854,6 @@ Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, CAMELLIA-192-GCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, CAMELLIA-256-GCM, 1.2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -1926,18 +1866,6 @@ Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, CAMELLIA-256-GCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, AES-128-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3350,18 +3278,6 @@ Record crypt, little space, AES-128-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, AES-128-GCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, AES-192-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3378,18 +3294,6 @@ Record crypt, little space, AES-192-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, AES-192-GCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, AES-256-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3406,18 +3310,6 @@ Record crypt, little space, AES-256-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, AES-256-GCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, CAMELLIA-128-GCM, 1.2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3430,18 +3322,6 @@ Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, CAMELLIA-192-GCM, 1.2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3454,18 +3334,6 @@ Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, CAMELLIA-256-GCM, 1.2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -3478,18 +3346,6 @@ Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 -Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - Record crypt, little space, AES-128-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 From e88477844c4e1aa1a43ff1214031331e2323a193 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 24 Jan 2022 23:19:21 +0100 Subject: [PATCH 24/46] Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ). Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e473c27f1..d27c561f7 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -793,12 +793,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == PSA_ALG_GCM || - /* PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to - psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) - in tls context (TLS only uses the default taglen or 8) */ - PSA_ALG_IS_AEAD( transform->psa_alg ) || - transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ) + if ( PSA_ALG_IS_AEAD( transform->psa_alg ) ) #else if( mode == MBEDTLS_MODE_GCM || mode == MBEDTLS_MODE_CCM || @@ -1233,12 +1228,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == PSA_ALG_GCM || - /* PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to - psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) - in tls context (TLS only uses the default taglen or 8) */ - PSA_ALG_IS_AEAD( transform->psa_alg ) || - transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ) + if ( PSA_ALG_IS_AEAD( transform->psa_alg ) ) #else if( mode == MBEDTLS_MODE_GCM || mode == MBEDTLS_MODE_CCM || From 1d714479a3420e3f69744e5bb514392bdcaa4930 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 24 Jan 2022 23:46:50 +0100 Subject: [PATCH 25/46] mbedtls_ssl_get_record_expansion: rework switch statement for psa As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement. Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 58 +++++++++++++++++++---------------------------- 1 file changed, 23 insertions(+), 35 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d27c561f7..dcb8c98cc 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5096,48 +5096,36 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) - switch( transform->psa_alg ) + if ( transform->psa_alg == PSA_ALG_IS_AEAD( transform->psa_alg ) || + transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) { - case PSA_ALG_GCM: - case PSA_ALG_CHACHA20_POLY1305: - case MBEDTLS_SSL_NULL_CIPHER: - transform_expansion = transform->minlen; - break; + transform_expansion = transform->minlen; + } + else if ( transform->psa_alg ) + { + (void) psa_get_key_attributes( transform->psa_key_enc, &attr ); + key_type = psa_get_key_type( &attr ); - case PSA_ALG_CBC_NO_PADDING: - (void) psa_get_key_attributes( transform->psa_key_enc, &attr ); - key_type = psa_get_key_type( &attr ); + block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); + /* Expansion due to the addition of the MAC. */ + transform_expansion += transform->maclen; - /* Expansion due to the addition of the MAC. */ - transform_expansion += transform->maclen; + /* Expansion due to the addition of CBC padding; + * Theoretically up to 256 bytes, but we never use + * more than the block size of the underlying cipher. */ + transform_expansion += block_size; - /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ - transform_expansion += block_size; - - /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ + /* For TLS 1.2 or higher, an explicit IV is added + * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - transform_expansion += block_size; + transform_expansion += block_size; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - break; - - default: - /* Handle CCM case in default: - PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to - psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) - in tls context (TLS only uses the default taglen or 8) */ - if ( PSA_ALG_IS_AEAD( transform->psa_alg ) ) - { - transform_expansion = transform->minlen; - break; - } - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) From f57b45660d8520028f06f626bf8cf9e395c7c57e Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 25 Jan 2022 00:04:18 +0100 Subject: [PATCH 26/46] Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. New function name: mbedtls_ssl_cipher_to_psa(). Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls13_keys.c | 4 ++-- tests/suites/test_suite_ssl.function | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8155fb79c..f3b4b9f4e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1305,7 +1305,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if * conversion is not supported. */ -psa_status_t tls_mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, +psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, psa_key_type_t *key_type, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0efdd3e3e..ba8a09654 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,14 +1009,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( status = tls_mbedtls_cipher_to_psa( cipher_info->type, + if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type, transform->taglen, &alg, &key_type, &key_bits ) ) != PSA_SUCCESS ) { ret = psa_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "tls_mbedtls_cipher_to_psa", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); goto end; } @@ -4012,7 +4012,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, return( ret ); } -psa_status_t tls_mbedtls_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, +psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, psa_key_type_t *key_type, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 5f0595bbb..13122c80d 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -930,13 +930,13 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, /* * Setup psa keys and alg */ - if( ( status = tls_mbedtls_cipher_to_psa( cipher_info->type, + if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type, transform->taglen, &alg, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "tls_mbedtls_cipher_to_psa", psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_status_to_mbedtls( status ) ); return( psa_status_to_mbedtls( status ) ); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index acfc3a4f4..91858e41c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1431,7 +1431,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - status = tls_mbedtls_cipher_to_psa( cipher_type, + status = mbedtls_ssl_cipher_to_psa( cipher_type, t_in->taglen, &alg, &key_type, From f4ca3f0e525d4256021eb5fd68ae43cff545a7e7 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 25 Jan 2022 00:25:59 +0100 Subject: [PATCH 27/46] ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.function | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 91858e41c..4635b65f7 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1448,7 +1448,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( alg != MBEDTLS_SSL_NULL_CIPHER ) { - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -1466,7 +1466,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, status = psa_import_key( &attributes, key1, PSA_BITS_TO_BYTES( key_bits ), - &t_in->psa_key_dec ); + &t_out->psa_key_enc ); if ( status != PSA_SUCCESS) { @@ -1474,10 +1474,12 @@ static int build_transforms( mbedtls_ssl_transform *t_in, goto cleanup; } + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + status = psa_import_key( &attributes, key1, PSA_BITS_TO_BYTES( key_bits ), - &t_out->psa_key_enc ); + &t_in->psa_key_dec ); if ( status != PSA_SUCCESS) { From 4a36dd3da6fbef954a4cc1804d56eb1a0045f2da Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 25 Jan 2022 00:43:58 +0100 Subject: [PATCH 28/46] ssl test ssl_decrypt_non_etm_cbc(): add missing ret check Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4635b65f7..1d6370205 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3592,6 +3592,8 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, MBEDTLS_SSL_MINOR_VERSION_3, 0 , 0 ); + TEST_ASSERT( ret == 0 ); + /* Determine padding/plaintext length */ TEST_ASSERT( length_selector >= -2 && length_selector <= 255 ); block_size = t0.ivlen; From e5c2238a995efd32de1f1499ceaaa84d10d768b0 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 25 Jan 2022 00:56:34 +0100 Subject: [PATCH 29/46] Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 102 +++++++++++++++++++++++---------------------- 1 file changed, 52 insertions(+), 50 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f3b4b9f4e..c484415eb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1282,56 +1282,6 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( return( MBEDTLS_SVC_KEY_ID_INIT ); } -/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. - * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is - * guaranteed to not be a valid PSA algorithm identifier. - */ -#define MBEDTLS_SSL_NULL_CIPHER 0x04000000 - -/** - * \brief Translate mbedtls cipher type/taglen pair to psa: - * algorithm, key type and key size. - * - * \param mbedtls_cipher_type [in] given mbedtls cipher type - * \param taglen [in] given tag length - * 0 - default tag length - * \param alg [out] corresponding PSA alg - * There is no corresponding PSA - * alg for MBEDTLS_SSL_NULL_CIPHER, so - * MBEDTLS_SSL_NULL_CIPHER is returned - * \param key_type [out] corresponding PSA key type - * \param key_size [out] corresponding PSA key size - * - * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if - * conversion is not supported. - */ -psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, - size_t taglen, - psa_algorithm_t *alg, - psa_key_type_t *key_type, - size_t *key_size ); - -/** - * \brief Convert given PSA status to mbedtls error code. - * - * \param status [in] given PSA status - * - * \return corresponding mbedtls error code - */ -static inline int psa_status_to_mbedtls( psa_status_t status ) -{ - switch( status ) - { - case PSA_SUCCESS: - return( 0 ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - default: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } -} #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ @@ -2069,5 +2019,57 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #define MBEDTLS_SSL_SIG_ALG( hash ) #endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. + * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is + * guaranteed to not be a valid PSA algorithm identifier. + */ +#define MBEDTLS_SSL_NULL_CIPHER 0x04000000 + +/** + * \brief Translate mbedtls cipher type/taglen pair to psa: + * algorithm, key type and key size. + * + * \param mbedtls_cipher_type [in] given mbedtls cipher type + * \param taglen [in] given tag length + * 0 - default tag length + * \param alg [out] corresponding PSA alg + * There is no corresponding PSA + * alg for MBEDTLS_SSL_NULL_CIPHER, so + * MBEDTLS_SSL_NULL_CIPHER is returned + * \param key_type [out] corresponding PSA key type + * \param key_size [out] corresponding PSA key size + * + * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if + * conversion is not supported. + */ +psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, + size_t taglen, + psa_algorithm_t *alg, + psa_key_type_t *key_type, + size_t *key_size ); + +/** + * \brief Convert given PSA status to mbedtls error code. + * + * \param status [in] given PSA status + * + * \return corresponding mbedtls error code + */ +static inline int psa_status_to_mbedtls( psa_status_t status ) +{ + switch( status ) + { + case PSA_SUCCESS: + return( 0 ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + default: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* ssl_misc.h */ From 399ed511859a14d5f749c8240e846e3cd77ced5e Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 08:38:00 +0100 Subject: [PATCH 30/46] Fix condition in mbedtls_ssl_get_record_expansion Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index dcb8c98cc..6e3dff79b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5101,7 +5101,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) { transform_expansion = transform->minlen; } - else if ( transform->psa_alg ) + else if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) { (void) psa_get_key_attributes( transform->psa_key_enc, &attr ); key_type = psa_get_key_type( &attr ); From 2cb59df939a684e9492715abce6790a7e26105a9 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 09:16:30 +0100 Subject: [PATCH 31/46] ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled) Signed-off-by: Przemyslaw Stekiel --- tests/ssl-opt.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 295b82ea8..c29a13386 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1195,12 +1195,8 @@ run_test_psa() { "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \ 0 \ - -c "Successfully setup PSA-based decryption cipher context" \ - -c "Successfully setup PSA-based encryption cipher context" \ -c "PSA calc verify" \ -c "calc PSA finished" \ - -s "Successfully setup PSA-based decryption cipher context" \ - -s "Successfully setup PSA-based encryption cipher context" \ -s "PSA calc verify" \ -s "calc PSA finished" \ -C "Failed to setup PSA-based cipher context"\ @@ -1218,12 +1214,8 @@ run_test_psa_force_curve() { "$P_SRV debug_level=4 force_version=tls12 curves=$1" \ "$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ 0 \ - -c "Successfully setup PSA-based decryption cipher context" \ - -c "Successfully setup PSA-based encryption cipher context" \ -c "PSA calc verify" \ -c "calc PSA finished" \ - -s "Successfully setup PSA-based decryption cipher context" \ - -s "Successfully setup PSA-based encryption cipher context" \ -s "PSA calc verify" \ -s "calc PSA finished" \ -C "Failed to setup PSA-based cipher context"\ From 89dad93a78c674152e40f8d84dbb2e24ea65ff35 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 09:18:07 +0100 Subject: [PATCH 32/46] Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 4 +++- library/ssl_msg.c | 36 ++++++++++++++-------------- library/ssl_tls.c | 6 ++--- library/ssl_tls13_keys.c | 12 +++++----- tests/suites/test_suite_ssl.function | 10 ++++---- 5 files changed, 35 insertions(+), 33 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c484415eb..4f2caa205 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2056,7 +2056,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ * * \return corresponding mbedtls error code */ -static inline int psa_status_to_mbedtls( psa_status_t status ) +static inline int ssl_psa_status_to_mbedtls( psa_status_t status ) { switch( status ) { @@ -2066,6 +2066,8 @@ static inline int psa_status_to_mbedtls( psa_status_t status ) return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); case PSA_ERROR_NOT_SUPPORTED: return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_SSL_INVALID_MAC ); default: return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6e3dff79b..1d9b01211 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -744,26 +744,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; } else { @@ -872,7 +872,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, @@ -986,26 +986,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; #else @@ -1177,26 +1177,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; } else { @@ -1325,7 +1325,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, @@ -1512,26 +1512,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; #else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ba8a09654..a3148fb77 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1015,7 +1015,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); goto end; } @@ -1031,7 +1031,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } @@ -1043,7 +1043,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 13122c80d..7defac29c 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -936,8 +936,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_status_to_mbedtls( status ) ); - return( psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ssl_psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); } psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); @@ -951,8 +951,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); - return( psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ssl_psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); } psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); @@ -962,8 +962,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); - return( psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ssl_psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1d6370205..41985ea3d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1439,7 +1439,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1459,7 +1459,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1470,7 +1470,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1483,7 +1483,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1494,7 +1494,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } } From 2c87a200a3e45be6643fa0679c7efaf8b11ae0bc Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 10:59:30 +0100 Subject: [PATCH 33/46] ssl_write_encrypt_then_mac_ext(): adapt to psa crypto Signed-off-by: Przemyslaw Stekiel --- library/ssl_srv.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f189e1d60..2512c47e7 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2035,7 +2035,13 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; const mbedtls_ssl_ciphersuite_t *suite = NULL; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_algorithm_t alg; + size_t key_bits; +#else const mbedtls_cipher_info_t *cipher = NULL; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) { @@ -2051,8 +2057,13 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, */ if( ( suite = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) == NULL || +#if defined(MBEDTLS_USE_PSA_CRYPTO) + ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &key_type, &key_bits ) != PSA_SUCCESS) || + alg != PSA_ALG_CBC_NO_PADDING ) +#else ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || cipher->mode != MBEDTLS_MODE_CBC ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { *olen = 0; return; From be47ecf5e22a45028b5a5291512a114664e10018 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 13:53:11 +0100 Subject: [PATCH 34/46] mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1d9b01211..adb82b4ba 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5096,7 +5096,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( transform->psa_alg == PSA_ALG_IS_AEAD( transform->psa_alg ) || + if ( transform->psa_alg == PSA_ALG_GCM || + transform->psa_alg == PSA_ALG_CCM || + transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) || + transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) { transform_expansion = transform->minlen; From 77aec8d181ab882c85f4c88df8b07aa7284f98ea Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 20:22:53 +0100 Subject: [PATCH 35/46] Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 2 +- library/ssl_msg.c | 36 ++++++++++++++-------------- library/ssl_tls.c | 6 ++--- library/ssl_tls13_keys.c | 12 +++++----- tests/suites/test_suite_ssl.function | 10 ++++---- 5 files changed, 33 insertions(+), 33 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4f2caa205..a669da67b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2056,7 +2056,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ * * \return corresponding mbedtls error code */ -static inline int ssl_psa_status_to_mbedtls( psa_status_t status ) +static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) { switch( status ) { diff --git a/library/ssl_msg.c b/library/ssl_msg.c index adb82b4ba..a6555f119 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -744,26 +744,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); olen += part_len; } else { @@ -872,7 +872,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, @@ -986,26 +986,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); olen += part_len; #else @@ -1177,26 +1177,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); olen += part_len; } else { @@ -1325,7 +1325,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, &olen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, @@ -1512,26 +1512,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( ssl_psa_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); olen += part_len; #else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a3148fb77..921d82fe5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1015,7 +1015,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); goto end; } @@ -1031,7 +1031,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } @@ -1043,7 +1043,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 7defac29c..88ff21701 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -936,8 +936,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ssl_psa_status_to_mbedtls( status ) ); - return( ssl_psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); } psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); @@ -951,8 +951,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ssl_psa_status_to_mbedtls( status ) ); - return( ssl_psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); } psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); @@ -962,8 +962,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ssl_psa_status_to_mbedtls( status ) ); - return( ssl_psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 41985ea3d..e6d66c079 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1439,7 +1439,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; } @@ -1459,7 +1459,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; } @@ -1470,7 +1470,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; } @@ -1483,7 +1483,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; } @@ -1494,7 +1494,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = ssl_psa_status_to_mbedtls( status ); + ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; } } From f9cd60853fcbb189270f4332ab8e2cf3bcb99c95 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 1 Feb 2022 11:25:55 +0100 Subject: [PATCH 36/46] ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls.c | 46 ++++++++++++++++++++++------------------ library/ssl_tls13_keys.c | 41 ++++++++++++++++++----------------- 2 files changed, 47 insertions(+), 40 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 921d82fe5..0c92a059e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1020,32 +1020,36 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, goto end; } - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - transform->psa_alg = alg; - if( ( status = psa_import_key( &attributes, - key1, - PSA_BITS_TO_BYTES( key_bits ), - &transform->psa_key_enc ) ) != PSA_SUCCESS ) + if ( alg != MBEDTLS_SSL_NULL_CIPHER ) { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); - goto end; - } + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + if( ( status = psa_import_key( &attributes, + key1, + PSA_BITS_TO_BYTES( key_bits ), + &transform->psa_key_enc ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status ); + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); + goto end; + } - if( ( status = psa_import_key( &attributes, - key2, - PSA_BITS_TO_BYTES( key_bits ), - &transform->psa_key_dec ) ) != PSA_SUCCESS ) - { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); - goto end; + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + + if( ( status = psa_import_key( &attributes, + key2, + PSA_BITS_TO_BYTES( key_bits ), + &transform->psa_key_dec ) ) != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); + goto end; + } } #else if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 88ff21701..561538678 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -940,30 +940,33 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, return( psa_ssl_status_to_mbedtls( status ) ); } - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - transform->psa_alg = alg; - if( ( status = psa_import_key( &attributes, - key_enc, - PSA_BITS_TO_BYTES( key_bits ), - &transform->psa_key_enc ) ) != PSA_SUCCESS ) + if ( alg != MBEDTLS_SSL_NULL_CIPHER ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) ); - return( psa_ssl_status_to_mbedtls( status ) ); - } + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + if( ( status = psa_import_key( &attributes, + key_enc, + PSA_BITS_TO_BYTES( key_bits ), + &transform->psa_key_enc ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); + } - if( ( status = psa_import_key( &attributes, - key_dec, - PSA_BITS_TO_BYTES( key_bits ), - &transform->psa_key_dec ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) ); - return( psa_ssl_status_to_mbedtls( status ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + + if( ( status = psa_import_key( &attributes, + key_dec, + PSA_BITS_TO_BYTES( key_bits ), + &transform->psa_key_dec ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) ); + return( psa_ssl_status_to_mbedtls( status ) ); + } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From b97556e8d1a910818cf0ebf33c0c729f68c539a5 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 1 Feb 2022 14:52:19 +0100 Subject: [PATCH 37/46] mbedtls_ssl_encrypt/decrypt_buf: remove dead code Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 89 ++++++++--------------------------------------- 1 file changed, 14 insertions(+), 75 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a6555f119..b9395107b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -723,52 +723,20 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #endif { size_t olen; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; - size_t part_len; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - -#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", rec->data_len, 0 ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Skip psa encryption for null cipher */ - if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) - { - status = psa_cipher_encrypt_setup( &cipher_op, - transform->psa_key_enc, transform->psa_alg ); + /* The only stream "cipher" we support is "NULL" */ + if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); - - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - status = psa_cipher_update( &cipher_op, - data, rec->data_len, - data, rec->data_len, &olen ); - - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - status = psa_cipher_finish( &cipher_op, - data + olen, rec->data_len - olen, - &part_len ); - - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - olen += part_len; - } else { - olen = rec->data_len; - } + olen = rec->data_len; #else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, transform->iv_enc, transform->ivlen, @@ -1116,7 +1084,10 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_cipher_mode_t mode; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - int ret, auth_done = 0; +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + int ret; +#endif + int auth_done = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t padlen = 0, correct = 1; #endif @@ -1163,45 +1134,13 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_USE_PSA_CRYPTO */ { padlen = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; - size_t part_len; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Skip psa decryption for null cipher */ - if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) - { - status = psa_cipher_decrypt_setup( &cipher_op, - transform->psa_key_dec, transform->psa_alg ); + /* The only stream "cipher" we support is "NULL" */ + if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); - - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - status = psa_cipher_update( &cipher_op, - data, rec->data_len, - data, rec->data_len, &olen ); - - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - status = psa_cipher_finish( &cipher_op, - data + olen, rec->data_len - olen, - &part_len ); - - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); - - olen += part_len; - } else { - olen = rec->data_len; - } + olen = rec->data_len; #else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, From f4facef9ba0fa2f65c85e476d6b8f2943bc44ff3 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 2 Feb 2022 21:31:04 +0100 Subject: [PATCH 38/46] Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.data | 256 --------------------------- tests/suites/test_suite_ssl.function | 59 +++++- 2 files changed, 58 insertions(+), 257 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 03ea99434..4400afa10 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -4334,262 +4334,6 @@ Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=255 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:255 -Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-1 - -Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-2 - -Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:248 - -Decrypt CBC !EtM, 3DES MD5 trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:0 - -Decrypt CBC !EtM, 3DES MD5 trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:248 - -Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:249 - -Decrypt CBC !EtM, 3DES MD5 trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:1 - -Decrypt CBC !EtM, 3DES MD5 trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:249 - -Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:7 - -Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, 3DES MD5 trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:7 - -Decrypt CBC !EtM, 3DES MD5 trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:255 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-1 - -Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-2 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:248 - -Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:0 - -Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:248 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:249 - -Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:1 - -Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:249 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:7 - -Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:7 - -Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:255 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-1 - -Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-2 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:248 - -Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:0 - -Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:248 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:249 - -Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:1 - -Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:249 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:7 - -Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:7 - -Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:255 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, minpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-1 - -Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, maxpad -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-2 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:248 - -Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=0 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:0 - -Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=248 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:248 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:249 - -Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=1 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:1 - -Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=249 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:249 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:7 - -Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=7 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:7 - -Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255 -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255 - SSL TLS 1.3 Key schedule: Secret evolution #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Initial secret to Early Secret diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e6d66c079..0351db093 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1186,6 +1186,44 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl, #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, + const unsigned char *iv, size_t iv_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen ) +{ + psa_status_t status; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; + size_t part_len; + + status = psa_cipher_encrypt_setup( &cipher_op, + transform->psa_key_enc, transform->psa_alg ); + + if( status != PSA_SUCCESS ) + return( psa_ssl_status_to_mbedtls( status ) ); + + status = psa_cipher_set_iv( &cipher_op, iv, iv_len ); + + if( status != PSA_SUCCESS ) + return( psa_ssl_status_to_mbedtls( status ) ); + + status = psa_cipher_update( &cipher_op, + input, ilen, output, ilen, olen ); + + if( status != PSA_SUCCESS ) + return( psa_ssl_status_to_mbedtls( status ) ); + + status = psa_cipher_finish( &cipher_op, + output + *olen, ilen - *olen, &part_len ); + + if( status != PSA_SUCCESS ) + return( psa_ssl_status_to_mbedtls( status ) ); + + *olen += part_len; + return( 0 ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, int cipher_type, int hash_id, @@ -1440,6 +1478,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { ret = psa_ssl_status_to_mbedtls( status ); + mbedtls_fprintf( stderr, "mbedtls_ssl_cipher_to_psa: %d\n", (int)status); goto cleanup; } @@ -3547,7 +3586,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, int length_selector ) { @@ -3680,10 +3719,16 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* * Encrypt and decrypt the correct record, expecting success */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + rec.buf + rec.data_offset, rec.data_len, + rec.buf + rec.data_offset, &olen ) ); +#else TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3706,10 +3751,16 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, rec.buf[i] ^= 0x01; /* Encrypt */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + rec.buf + rec.data_offset, rec.data_len, + rec.buf + rec.data_offset, &olen ) ); +#else TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3743,10 +3794,16 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, memset( buf + buflen - padlen - 1, i, padlen + 1 ); /* Encrypt */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + rec.buf + rec.data_offset, rec.data_len, + rec.buf + rec.data_offset, &olen ) ); +#else TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; From d66387f8fa3937dff5037c589d19c9846ccf5627 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 3 Feb 2022 08:55:33 +0100 Subject: [PATCH 39/46] Init psa status to PSA_ERROR_CORRUPTION_DETECTED Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 8 ++++---- library/ssl_tls.c | 2 +- tests/suites/test_suite_ssl.function | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index b9395107b..0e8ce6590 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -774,7 +774,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, int dynamic_iv_is_explicit = ssl_transform_aead_dynamic_iv_is_explicit( transform ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -892,7 +892,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, size_t padlen, i; size_t olen; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t part_len; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1178,7 +1178,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, unsigned char *dynamic_iv; size_t dynamic_iv_len; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* @@ -1302,7 +1302,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, { size_t minlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t part_len; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c92a059e..1e9cb2ddf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -722,7 +722,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; size_t key_bits; - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif #if !defined(MBEDTLS_DEBUG_C) && \ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0351db093..00a9f8cad 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1192,7 +1192,7 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; @@ -1239,7 +1239,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; size_t key_bits; - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif size_t keylen, maclen, ivlen; From 6b2eedd25f14b246491c5cb86a41150ad157bb02 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 3 Feb 2022 09:54:34 +0100 Subject: [PATCH 40/46] ssl_msg.c: add debug code for psa failures Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 87 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 68 insertions(+), 19 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0e8ce6590..a0a3e44b8 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -775,10 +775,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ssl_transform_aead_dynamic_iv_is_explicit( transform ); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Check that there's space for the authentication tag. */ if( post_avail < transform->taglen ) @@ -840,7 +838,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret ); + return( ret ); + + } #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, @@ -954,26 +957,45 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + } status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + + } status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + + } status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + + } olen += part_len; #else @@ -1081,12 +1103,14 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_record *rec ) { size_t olen; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_cipher_mode_t mode; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_USE_PSA_CRYPTO) int ret; -#endif + +#else + mbedtls_cipher_mode_t mode; + int ret; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + int auth_done = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t padlen = 0, correct = 1; @@ -1264,7 +1288,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, &olen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, @@ -1451,26 +1480,46 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } olen += part_len; #else @@ -5066,7 +5115,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) } else { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else From 8c010eb467ddc30ae442ef26b404ef5eedb6fd7f Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 3 Feb 2022 10:44:02 +0100 Subject: [PATCH 41/46] Fix comments, code style, remove debug code Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 5 +++-- library/ssl_msg.c | 6 +++--- library/ssl_srv.c | 3 ++- tests/suites/test_suite_ssl.function | 21 ++++++++++----------- 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a669da67b..6af9964b8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2035,8 +2035,9 @@ static inline int mbedtls_ssl_sig_alg_is_supported( * 0 - default tag length * \param alg [out] corresponding PSA alg * There is no corresponding PSA - * alg for MBEDTLS_SSL_NULL_CIPHER, so - * MBEDTLS_SSL_NULL_CIPHER is returned + * alg for MBEDTLS_CIPHER_NULL, so + * in this case MBEDTLS_SSL_NULL_CIPHER + * is returned via this parameter * \param key_type [out] corresponding PSA key type * \param key_size [out] corresponding PSA key size * diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a0a3e44b8..a7370997d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5103,12 +5103,12 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) transform_expansion += transform->maclen; /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ + * Theoretically up to 256 bytes, but we never use + * more than the block size of the underlying cipher. */ transform_expansion += block_size; /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ + * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) transform_expansion += block_size; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2512c47e7..522e59e33 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2058,7 +2058,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, if( ( suite = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) == NULL || #if defined(MBEDTLS_USE_PSA_CRYPTO) - ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &key_type, &key_bits ) != PSA_SUCCESS) || + ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, + &key_type, &key_bits ) != PSA_SUCCESS ) || alg != PSA_ALG_CBC_NO_PADDING ) #else ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 00a9f8cad..2a7b29dbd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1475,10 +1475,9 @@ static int build_transforms( mbedtls_ssl_transform *t_in, &key_type, &key_bits ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - mbedtls_fprintf( stderr, "mbedtls_ssl_cipher_to_psa: %d\n", (int)status); goto cleanup; } @@ -1496,7 +1495,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_in->psa_key_enc ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -1507,7 +1506,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_out->psa_key_enc ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -1520,7 +1519,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_in->psa_key_dec ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -1531,7 +1530,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_out->psa_key_dec ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -3307,7 +3306,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len ); - TEST_ASSERT( ret == 0 ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); @@ -3468,7 +3467,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len ); - TEST_ASSERT( ret == 0 ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); @@ -3720,7 +3719,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, * Encrypt and decrypt the correct record, expecting success */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); #else @@ -3752,7 +3751,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* Encrypt */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); #else @@ -3795,7 +3794,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* Encrypt */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); #else From 6928a5164d0dcf3049c7938077bd4dc3ff15f036 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 3 Feb 2022 13:50:35 +0100 Subject: [PATCH 42/46] Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only Signed-off-by: Przemyslaw Stekiel --- library/ssl_tls.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1e9cb2ddf..099bd55c4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4016,6 +4016,30 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, return( ret ); } +int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, + mbedtls_svc_key_id_t psk ) +{ + if( ( mbedtls_svc_key_id_is_null( psk ) ) || + ( ssl->handshake == NULL ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + ssl_remove_psk( ssl ); + ssl->handshake->psk_opaque = psk; + return( 0 ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, + int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_psk ) +{ + conf->f_psk = f_psk; + conf->p_psk = p_psk; +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, @@ -4160,30 +4184,8 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ return PSA_SUCCESS; } - -int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t psk ) -{ - if( ( mbedtls_svc_key_id_is_null( psk ) ) || - ( ssl->handshake == NULL ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl_remove_psk( ssl ); - ssl->handshake->psk_opaque = psk; - return( 0 ); -} #endif /* MBEDTLS_USE_PSA_CRYPTO */ -void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk ) -{ - conf->f_psk = f_psk; - conf->p_psk = p_psk; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, From 5648d577a460ffe07d834666a4e7afc9314b00aa Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 3 Feb 2022 14:09:02 +0100 Subject: [PATCH 43/46] Optimize psa_cipher_encrypt_helper() Signed-off-by: Przemyslaw Stekiel --- tests/suites/test_suite_ssl.function | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2a7b29dbd..53f541fad 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1186,12 +1186,12 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl, #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; @@ -1221,8 +1221,11 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, *olen += part_len; return( 0 ); -} +#else + return mbedtls_cipher_crypt( &transform->cipher_ctx_enc, + iv, iv_len, input, ilen, output, olen ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ +} static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, @@ -3718,16 +3721,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* * Encrypt and decrypt the correct record, expecting success */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); -#else - TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, - t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen ) ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3750,16 +3746,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, rec.buf[i] ^= 0x01; /* Encrypt */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); -#else - TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, - t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen ) ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3793,16 +3782,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, memset( buf + buflen - padlen - 1, i, padlen + 1 ); /* Encrypt */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); -#else - TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, - t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen ) ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; From 98ef6dca68a20289b070a4b98e23d1606a974e39 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 7 Feb 2022 08:04:39 +0100 Subject: [PATCH 44/46] Remove redundant new lines Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a7370997d..ac476ec9b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -842,7 +842,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret ); return( ret ); - } #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, @@ -1292,7 +1291,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); return( ret ); - } #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, @@ -1484,7 +1482,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); return( ret ); - } status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); @@ -1494,7 +1491,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); return( ret ); - } status = psa_cipher_update( &cipher_op, @@ -1506,7 +1502,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); return( ret ); - } status = psa_cipher_finish( &cipher_op, @@ -1518,7 +1513,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ret = psa_ssl_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); return( ret ); - } olen += part_len; From c8a06feae6c5fcf25969a4fc300218c7517a032f Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 7 Feb 2022 10:52:47 +0100 Subject: [PATCH 45/46] ssl_msg.c: Optimize null/stream cipher decryption/encryption Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 58 ++++------------------------------------------- 1 file changed, 4 insertions(+), 54 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ac476ec9b..08b4c637d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -722,37 +722,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( mode == MBEDTLS_MODE_STREAM ) #endif { - size_t olen; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", rec->data_len, 0 ) ); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* The only stream "cipher" we support is "NULL" */ - if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - olen = rec->data_len; -#else - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, - transform->iv_enc, transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + /* The only supported stream cipher is "NULL", + * so there's nothing to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ @@ -1156,33 +1131,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( mode == MBEDTLS_MODE_STREAM ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ { - padlen = 0; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* The only stream "cipher" we support is "NULL" */ - if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - olen = rec->data_len; -#else - - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, - transform->iv_dec, - transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - + /* The only supported stream cipher is "NULL", + * so there's nothing to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ From c499e33ed02e85f440258ced10deb541fc2300e7 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 7 Feb 2022 15:12:05 +0100 Subject: [PATCH 46/46] ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name Signed-off-by: Przemyslaw Stekiel --- library/ssl_msg.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 08b4c637d..5f80ed511 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -933,7 +933,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_encrypt_setup", ret ); return( ret ); } @@ -942,7 +942,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret ); return( ret ); } @@ -954,7 +954,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret ); return( ret ); } @@ -966,7 +966,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret ); return( ret ); } @@ -1239,7 +1239,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_decrypt", ret ); return( ret ); } #else @@ -1430,7 +1430,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_decrypt_setup", ret ); return( ret ); } @@ -1439,7 +1439,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret ); return( ret ); } @@ -1450,7 +1450,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret ); return( ret ); } @@ -1461,7 +1461,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret ); return( ret ); }