Introduce macros for max-{IV,block,key}-size for ciphers used in TLS
See the documentation in ssl_internal.h that this commit introduces
for more information.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 8a6c8eb..8827e0b 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -227,17 +227,24 @@
};
/** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers. */
+/* This should ideally be derived automatically from list of ciphers.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
+ * in ssl_internal.h. */
#define MBEDTLS_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers. */
+/* This should ideally be derived automatically from list of ciphers.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
+ * in ssl_internal.h. */
#define MBEDTLS_MAX_BLOCK_LENGTH 16
/** Maximum key length, in Bytes. */
/* This should ideally be derived automatically from list of ciphers.
* For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise. */
+ * and use 32 Bytes as an upper bound for the maximum key length otherwise.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
+ * in ssl_internal.h, which however deliberately ignores the case of XTS
+ * since the latter isn't used in SSL/TLS. */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
#define MBEDTLS_MAX_KEY_LENGTH 64
#else
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 617bdc7..2c30855 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -379,7 +379,29 @@
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen );
+/* cipher.h exports the maximum IV, key and block length from all
+ * all ciphers enabled in the config, regardless of whether those
+ * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled
+ * in the default configuration and uses 64 Byte keys, but it is
+ * not used for record protection in SSL/TLS.
+ *
+ * In order to prevent unnecessary inflation of key structures,
+ * we introduce SSL-specific variants of the max-{key,block,IV}
+ * macros here which are meant to only take those ciphers into
+ * account which can be negotiated in SSL/TLS.
+ *
+ * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH
+ * in cipher.h are rough overapproximations of the real maxima, here
+ * we content ourselves with defining replicating those overapproximations
+ * for the maximum block and IV length, and excluding XTS from the
+ * computation of the maximum key length. */
+#define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16
+#define MBEDTLS_SSL_MAX_IV_LENGTH 16
+#define MBEDTLS_SSL_MAX_KEY_LENGTH 32
+
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
/**
* \brief The data structure holding the cryptographic material (key and IV)
* used for record protection in TLS 1.3.
@@ -387,13 +409,13 @@
struct mbedtls_ssl_key_set
{
/*! The key for client->server records. */
- unsigned char client_write_key[ MBEDTLS_MAX_KEY_LENGTH ];
+ unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
/*! The key for server->client records. */
- unsigned char server_write_key[ MBEDTLS_MAX_KEY_LENGTH ];
+ unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
/*! The IV for client->server records. */
- unsigned char client_write_iv[ MBEDTLS_MAX_IV_LENGTH ];
+ unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
/*! The IV for server->client records. */
- unsigned char server_write_iv[ MBEDTLS_MAX_IV_LENGTH ];
+ unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
size_t key_len; /*!< The length of client_write_key and
* server_write_key, in Bytes. */