commit dec64735e2924ff581b0341cf24d350e9fbdcfaf
author Hanno Becker <hanno.becker@arm.com> Thu Nov 15 15:48:57 2018 +0000
committer Hanno Becker <hanno.becker@arm.com> Thu Nov 22 16:27:57 2018 +0000
tree dbf6a5bc79dffc15da48484a5e84b5643896740f
parent 14f78b03bb6460d1ef3735b4b9b29a939c7de8d2

Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode()

In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.

This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.

include/mbedtls/psa_util.h

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index d9f1be4..f66635c 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -93,16 +93,18 @@
 }
 
 static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
-    mbedtls_cipher_mode_t mode )
+    mbedtls_cipher_mode_t mode, size_t taglen )
 {
     switch( mode )
     {
         case MBEDTLS_MODE_GCM:
-            return( PSA_ALG_GCM );
+            return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );
         case MBEDTLS_MODE_CCM:
-            return( PSA_ALG_CCM );
+            return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) );
         case MBEDTLS_MODE_CBC:
-            return( PSA_ALG_CBC_NO_PADDING );
+            if( taglen == 0 )
+                return( PSA_ALG_CBC_NO_PADDING );
+            /* Intentional fallthrough for taglen != 0 */
         default:
             return( 0 );
     }