Provide standalone version of ssl_encrypt_buf

The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00 · 2017-12-27 21:37:21 +00:00 · 9eddaebda5
commit 9eddaebda5
parent d362dc504d
2 changed files with 221 additions and 141 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -581,6 +581,12 @@ struct mbedtls_ssl_transform
    mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
    mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */

+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    int encrypt_then_mac;       /*!< flag for EtM activation                */
+#endif
+
+    int minor_ver;
+
    /*
     * Session specific compression layer
     */
@ -593,11 +599,6 @@ struct mbedtls_ssl_transform
 /*
 * Internal representation of record frames
 *
- * The header layout is chosen to facilitate the computation of
- * authentication tags which often use the header bytes laid out
- * exactly as in the struct; note that it does not match what's
- * transferred on the wire.
- *
 * Instances come in two flavors:
 * (1) Encrypted
 *     These always have data_offset = 0
@ -617,7 +618,6 @@ typedef struct
    uint8_t ctr[8];         /*!< Record sequence number        */
    uint8_t type;           /*!< Record type                   */
    uint8_t ver[2];         /*!< SSL/TLS version               */
-    uint8_t len[2];         /*!< Content length, little endian */

    unsigned char *buf;     /*!< Memory buffer enclosing the record content */
    size_t buf_len;         /*!< Buffer length */