ssl_helpers: allow mbedtls_test_ssl_build_transforms to work without CIPHER_C
A new internal function is added to get cipher's info (mode, key bits and
iv len) without relying on CIPHER_C. This function is basically a lookup
table used only for test purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 5c305cb..072a177 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1108,6 +1108,123 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC &&
MBEDTLS_AES_C */
+static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type,
+ mbedtls_cipher_mode_t *cipher_mode,
+ size_t *key_bits, size_t *iv_len)
+{
+ switch (cipher_type) {
+ case MBEDTLS_CIPHER_AES_128_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 128;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_AES_256_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 256;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_ARIA_128_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 128;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_ARIA_256_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 256;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 128;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 256;
+ *iv_len = 16;
+ break;
+
+ case MBEDTLS_CIPHER_AES_128_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_192_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_256_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+
+ case MBEDTLS_CIPHER_AES_128_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_192_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_256_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+
+ case MBEDTLS_CIPHER_CHACHA20_POLY1305:
+ *cipher_mode = MBEDTLS_MODE_CHACHAPOLY;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+
+ case MBEDTLS_CIPHER_NULL:
+ *cipher_mode = MBEDTLS_MODE_STREAM;
+ *key_bits = 0;
+ *iv_len = 0;
+ break;
+
+ default:
+ *cipher_mode = MBEDTLS_MODE_NONE;
+ *key_bits = 0;
+ *iv_len = 0;
+ }
+}
+
int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id,
@@ -1116,18 +1233,22 @@
size_t cid0_len,
size_t cid1_len)
{
- mbedtls_cipher_info_t const *cipher_info;
+ mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE;
+ size_t key_bits = 0;
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
- size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif
- size_t keylen, maclen, ivlen;
+#if defined(MBEDTLS_CIPHER_C)
+ mbedtls_cipher_info_t const *cipher_info;
+#endif
+
+ size_t keylen, maclen, ivlen = 0;
unsigned char *key0 = NULL, *key1 = NULL;
unsigned char *md0 = NULL, *md1 = NULL;
unsigned char iv_enc[16], iv_dec[16];
@@ -1144,15 +1265,11 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
maclen = 0;
-
- /* Pick cipher */
- cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
- CHK(cipher_info != NULL);
- CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
- CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
+ mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type,
+ &cipher_mode, &key_bits, &ivlen);
/* Pick keys */
- keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
+ keylen = key_bits / 8;
/* Allocate `keylen + 1` bytes to ensure that we get
* a non-NULL pointers from `mbedtls_calloc` even if
* `keylen == 0` in the case of the NULL cipher. */
@@ -1161,6 +1278,12 @@
memset(key0, 0x1, keylen);
memset(key1, 0x2, keylen);
+#if defined(MBEDTLS_CIPHER_C)
+ /* Pick cipher */
+ cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
+ CHK(cipher_info != NULL);
+ CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
+ CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* Setup cipher contexts */
CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
@@ -1169,7 +1292,7 @@
CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (cipher_info->mode == MBEDTLS_MODE_CBC) {
+ if (cipher_mode == MBEDTLS_MODE_CBC) {
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
MBEDTLS_PADDING_NONE) == 0);
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
@@ -1197,12 +1320,13 @@
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
MBEDTLS_DECRYPT)
== 0);
-#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_CIPHER_C */
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if (cipher_info->mode == MBEDTLS_MODE_CBC ||
- cipher_info->mode == MBEDTLS_MODE_STREAM) {
+ if (cipher_mode == MBEDTLS_MODE_CBC ||
+ cipher_mode == MBEDTLS_MODE_STREAM) {
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
CHK(md_info != NULL);
@@ -1240,7 +1364,7 @@
md1, maclen,
&t_out->psa_mac_enc) == PSA_SUCCESS);
- if (cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ if (cipher_mode == MBEDTLS_MODE_STREAM ||
etm == MBEDTLS_SSL_ETM_DISABLED) {
/* mbedtls_ct_hmac() requires the key to be exportable */
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
@@ -1279,7 +1403,6 @@
/* Pick IV's (regardless of whether they
* are being used by the transform). */
- ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
memset(iv_enc, 0x3, sizeof(iv_enc));
memset(iv_dec, 0x4, sizeof(iv_dec));
@@ -1300,7 +1423,7 @@
t_out->ivlen = ivlen;
t_in->ivlen = ivlen;
- switch (cipher_info->mode) {
+ switch (cipher_mode) {
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)