From 656f43dcf5a8df1db3cca673486ab76350da8646 Mon Sep 17 00:00:00 2001 From: Mark Harfouche Date: Mon, 22 Sep 2025 10:37:16 -0400 Subject: [PATCH 1/4] Improve installation paths on windows This helps windows libraries get installed to ``` bin\srtp2.dll lib\srtp2.lib ``` This is the split we use at conda-forge to help keep the dlls findable while keeking the lib files separate. Let me know if you have any concerns. Excited to see this upstreamed. --- CMakeLists.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index e3de65d28..99dc34626 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -318,6 +318,13 @@ if(WIN32) endif() install(TARGETS srtp3 EXPORT libSRTPTargets) +======= +install(TARGETS srtp3 + EXPORT libSRTPTargets + RUNTIME DESTINATION bin + LIBRARY DESTINATION lib + ARCHIVE DESTINATION lib +) install(FILES include/srtp.h crypto/include/auth.h crypto/include/cipher.h From b84be184921d2102f33fd8209fd1b73ac64f913a Mon Sep 17 00:00:00 2001 From: Mark Harfouche Date: Thu, 2 Oct 2025 07:54:51 -0400 Subject: [PATCH 2/4] Try simplifying things so much --- CMakeLists.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 99dc34626..5e72676c4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -317,8 +317,6 @@ if(WIN32) target_compile_definitions(srtp3 PUBLIC _CRT_SECURE_NO_WARNINGS) endif() -install(TARGETS srtp3 EXPORT libSRTPTargets) -======= install(TARGETS srtp3 EXPORT libSRTPTargets RUNTIME DESTINATION bin From 9964b61046c972ceead0dad925dfac3450be3dd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20B=C3=BChler?= Date: Fri, 10 Oct 2025 07:20:02 +1100 Subject: [PATCH 3/4] add cmake release ci badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 06a99b613..76b570918 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ because it does its work behind the scenes. - [Installing and Building libSRTP](#installing-and-building-libsrtp) - [Changing Build Configuration](#changing-build-configuration) - [Using Visual Studio](#using-visual-studio) + - [Using Meson](#using-meson) - [Applications](#applications) - [Example Code](#example-code) - [Credits](#credits) From 40c43bf740ea41234d28e99396fe25389da8de6f Mon Sep 17 00:00:00 2001 From: Sayed Naser Moravej Date: Thu, 25 Dec 2025 15:17:27 +0330 Subject: [PATCH 4/4] mbedtls files changed and cmake instruction added to support MbedTLS V4.0 Signed-off-by: Sayed Naser Moravej --- README.md | 6 ++ crypto/cipher/aes_gcm_mbedtls.c | 76 ++++++++++++-------- crypto/cipher/aes_icm_mbedtls.c | 72 ++++++++++++++----- crypto/hash/hmac_mbedtls.c | 118 +++++++++++++++++++++++--------- crypto/include/aes_gcm.h | 44 +++++++++++- crypto/include/aes_icm_ext.h | 9 ++- 6 files changed, 241 insertions(+), 84 deletions(-) diff --git a/README.md b/README.md index 76b570918..f1e8bddc7 100644 --- a/README.md +++ b/README.md @@ -290,6 +290,12 @@ make: make ~~~ +Assuming the mbedtls V4.0 is installed in `mbedtls-4` directory. +~~~.txt +cmake -S . -B build -DCRYPTO_LIBRARY=mbedtls -DMBEDTLS_INCLUDE_DIRS=/opt/mbedtls-4/include -DMBEDTLS_LIBRARY="/opt/mbedtls-4/lib/libmbedtls.a;/opt/mbedtls-4/lib/libmbedcrypto.a" && cmake --build build +~~~ + + The configure script accepts the following options: Option | Description diff --git a/crypto/cipher/aes_gcm_mbedtls.c b/crypto/cipher/aes_gcm_mbedtls.c index 285c3680d..9c85895b9 100644 --- a/crypto/cipher/aes_gcm_mbedtls.c +++ b/crypto/cipher/aes_gcm_mbedtls.c @@ -46,7 +46,8 @@ #ifdef HAVE_CONFIG_H #include #endif -#include + +#include #include "aes_gcm.h" #include "alloc.h" #include "err.h" /* for srtp_debug */ @@ -198,7 +199,6 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_alloc(srtp_cipher_t **c, if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) { return (srtp_err_status_bad_param); } - /* allocate memory a cipher of type aes_gcm */ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); if (*c == NULL) { @@ -212,15 +212,15 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_alloc(srtp_cipher_t **c, return (srtp_err_status_alloc_fail); } - gcm->ctx = - (mbedtls_gcm_context *)srtp_crypto_alloc(sizeof(mbedtls_gcm_context)); + gcm->ctx = (psa_gcm_context *)srtp_crypto_alloc(sizeof(psa_gcm_context)); + if (gcm->ctx == NULL) { srtp_crypto_free(gcm); srtp_crypto_free(*c); *c = NULL; return srtp_err_status_alloc_fail; } - mbedtls_gcm_init(gcm->ctx); + gcm->ctx->op = psa_aead_operation_init(); /* set pointers */ (*c)->state = gcm; @@ -256,7 +256,7 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_dealloc(srtp_cipher_t *c) FUNC_ENTRY(); ctx = (srtp_aes_gcm_ctx_t *)c->state; if (ctx) { - mbedtls_gcm_free(ctx->ctx); + psa_destroy_key(ctx->ctx->key_id); srtp_crypto_free(ctx->ctx); /* zeroize the key material */ octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t)); @@ -275,7 +275,7 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_context_init(void *cv, FUNC_ENTRY(); srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; uint32_t key_len_in_bits; - int errCode = 0; + psa_status_t status = PSA_SUCCESS; c->dir = srtp_direction_any; c->aad_size = 0; @@ -291,10 +291,19 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_context_init(void *cv, break; } - errCode = - mbedtls_gcm_setkey(c->ctx, MBEDTLS_CIPHER_ID_AES, key, key_len_in_bits); - if (errCode != 0) { - debug_print(srtp_mod_aes_gcm, "mbedtls error code: %d", errCode); + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + + psa_set_key_usage_flags(&attr, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm( + &attr, PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, c->tag_len)); + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attr, key_len_in_bits); + + status = psa_import_key(&attr, key, key_len_in_bits / 8, &c->ctx->key_id); + + if (status != PSA_SUCCESS) { + debug_print(srtp_mod_aes_gcm, "mbedtls error code: %d", status); return srtp_err_status_init_fail; } @@ -366,7 +375,8 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_encrypt(void *cv, { FUNC_ENTRY(); srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; - int errCode = 0; + + psa_status_t status = PSA_SUCCESS; if (c->dir != srtp_direction_encrypt) { return srtp_err_status_bad_param; @@ -376,13 +386,16 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_encrypt(void *cv, return srtp_err_status_buffer_small; } - errCode = mbedtls_gcm_crypt_and_tag(c->ctx, MBEDTLS_GCM_ENCRYPT, src_len, - c->iv, c->iv_len, c->aad, c->aad_size, - src, dst, c->tag_len, dst + src_len); + size_t out_len = 0; + status = psa_aead_encrypt( + c->ctx->key_id, + PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, c->tag_len), c->iv, + c->iv_len, c->aad, c->aad_size, src, src_len, dst, + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(src_len), &out_len); c->aad_size = 0; - if (errCode != 0) { - debug_print(srtp_mod_aes_gcm, "mbedtls error code: %d", errCode); + if (status != PSA_SUCCESS) { + debug_print(srtp_mod_aes_gcm, "mbedtls error code: %d", status); return srtp_err_status_bad_param; } @@ -407,7 +420,9 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_decrypt(void *cv, { FUNC_ENTRY(); srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; - int errCode = 0; + + psa_status_t status = PSA_SUCCESS; + uint8_t full_tag[16] = { 0 }; if (c->dir != srtp_direction_decrypt) { return srtp_err_status_bad_param; @@ -417,26 +432,27 @@ static srtp_err_status_t srtp_aes_gcm_mbedtls_decrypt(void *cv, return srtp_err_status_bad_param; } - if (*dst_len < (src_len - c->tag_len)) { + size_t ciphertext_len = src_len - c->tag_len; + + if (*dst_len < ciphertext_len) { return srtp_err_status_buffer_small; } + memcpy(full_tag, src + ciphertext_len, c->tag_len); + debug_print(srtp_mod_aes_gcm, "AAD: %s", srtp_octet_string_hex_string(c->aad, c->aad_size)); - errCode = mbedtls_gcm_auth_decrypt( - c->ctx, (src_len - c->tag_len), c->iv, c->iv_len, c->aad, c->aad_size, - src + (src_len - c->tag_len), c->tag_len, src, dst); + size_t out_len = 0; + status = psa_aead_decrypt( + c->ctx->key_id, + PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, c->tag_len), c->iv, + c->iv_len, c->aad, c->aad_size, src, src_len, dst, + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(src_len), &out_len); + *dst_len = ciphertext_len; c->aad_size = 0; - if (errCode != 0) { + if (status != PSA_SUCCESS) { return srtp_err_status_auth_fail; } - - /* - * Reduce the buffer size by the tag length since the tag - * is not part of the original payload - */ - *dst_len = (src_len - c->tag_len); - return srtp_err_status_ok; } diff --git a/crypto/cipher/aes_icm_mbedtls.c b/crypto/cipher/aes_icm_mbedtls.c index 1b5d4b83b..4611b93ae 100644 --- a/crypto/cipher/aes_icm_mbedtls.c +++ b/crypto/cipher/aes_icm_mbedtls.c @@ -45,7 +45,9 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include +#include + #include "aes_icm_ext.h" #include "crypto_types.h" #include "err.h" /* for srtp_debug */ @@ -230,7 +232,8 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_alloc(srtp_cipher_t **c, } icm->ctx = - (mbedtls_aes_context *)srtp_crypto_alloc(sizeof(mbedtls_aes_context)); + (psa_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(psa_aes_icm_ctx_t)); + if (icm->ctx == NULL) { srtp_crypto_free(icm); srtp_crypto_free(*c); @@ -238,7 +241,8 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_alloc(srtp_cipher_t **c, return srtp_err_status_alloc_fail; } - mbedtls_aes_init(icm->ctx); + ((icm->ctx))->key_id = PSA_KEY_ID_NULL; + ((icm->ctx)->op) = psa_cipher_operation_init(); /* set pointers */ (*c)->state = icm; @@ -284,7 +288,7 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_dealloc(srtp_cipher_t *c) */ ctx = (srtp_aes_icm_ctx_t *)c->state; if (ctx != NULL) { - mbedtls_aes_free(ctx->ctx); + psa_destroy_key(ctx->ctx->key_id); srtp_crypto_free(ctx->ctx); /* zeroize the key material */ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); @@ -302,7 +306,8 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_context_init(void *cv, { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; uint32_t key_size_in_bits = (c->key_size << 3); - int errcode = 0; + + psa_status_t status = psa_crypto_init(); /* * set counter and initial values to 'offset' value, being careful not to @@ -330,9 +335,25 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_context_init(void *cv, break; } - errcode = mbedtls_aes_setkey_enc(c->ctx, key, key_size_in_bits); - if (errcode != 0) { - debug_print(srtp_mod_aes_icm, "errCode: %d", errcode); + /* Set key attributes */ + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attr, key_size_in_bits); + psa_set_key_usage_flags(&attr, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attr, PSA_ALG_CTR); + + if (c->ctx->key_id != PSA_KEY_ID_NULL) { + psa_destroy_key(c->ctx->key_id); + c->ctx->key_id = PSA_KEY_ID_NULL; + } + + status = + psa_import_key(&attr, key, key_size_in_bits / 8, &(c->ctx->key_id)); + + if (status != PSA_SUCCESS) { + debug_print(srtp_mod_aes_icm, "status: %d", status); } return srtp_err_status_ok; @@ -355,6 +376,8 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_set_iv( /* set nonce (for alignment) */ v128_copy_octet_string(&nonce, iv); + psa_cipher_set_iv(&(c->ctx->op), iv, 16); + debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); v128_xor(&c->counter, &c->offset, &nonce); @@ -369,7 +392,7 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_set_iv( * This function encrypts a buffer using AES CTR mode * * Parameters: - * c Crypto context + * c Crypto contextsrtp_aes_icm_mbedtls_encrypt * buf data to encrypt * enc_len length of encrypt buffer */ @@ -381,22 +404,35 @@ static srtp_err_status_t srtp_aes_icm_mbedtls_encrypt(void *cv, { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; - int errCode = 0; + psa_status_t status = PSA_SUCCESS; + size_t out_len = 0; + size_t total_len = 0; + debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); + debug_print(srtp_mod_aes_icm, "source: %s", + srtp_octet_string_hex_string(src, src_len)); if (*dst_len < src_len) { return srtp_err_status_buffer_small; } - errCode = - mbedtls_aes_crypt_ctr(c->ctx, src_len, &(c->nc_off), c->counter.v8, - c->stream_block.v8, src, dst); - if (errCode != 0) { - debug_print(srtp_mod_aes_icm, "encrypt error: %d", errCode); + status = + psa_cipher_encrypt_setup(&(c->ctx->op), c->ctx->key_id, PSA_ALG_CTR); + status = psa_cipher_set_iv(&c->ctx->op, c->counter.v8, 16); + status = + psa_cipher_update(&(c->ctx->op), src, src_len, dst, *dst_len, &out_len); + + total_len = out_len; + status = psa_cipher_finish(&(c->ctx->op), dst + total_len, + *dst_len - total_len, &out_len); + if (status != PSA_SUCCESS) { + debug_print(srtp_mod_aes_icm, "encrypt error: %d", status); return srtp_err_status_cipher_fail; } - - *dst_len = src_len; + total_len += out_len; + *dst_len = total_len; + debug_print(srtp_mod_aes_icm, "encrypted: %s", + srtp_octet_string_hex_string(dst, *dst_len)); return srtp_err_status_ok; -} +} \ No newline at end of file diff --git a/crypto/hash/hmac_mbedtls.c b/crypto/hash/hmac_mbedtls.c index 57d0ff1c1..2c4c2f797 100644 --- a/crypto/hash/hmac_mbedtls.c +++ b/crypto/hash/hmac_mbedtls.c @@ -49,7 +49,13 @@ #include "alloc.h" #include "err.h" /* for srtp_debug */ #include "auth_test_cases.h" -#include +#include + +typedef struct { + psa_mac_operation_t op; + psa_key_id_t key_id; + size_t key_len; +} psa_hmac_ctx_t; #define SHA1_DIGEST_SIZE 20 @@ -81,13 +87,15 @@ static srtp_err_status_t srtp_hmac_mbedtls_alloc(srtp_auth_t **a, return srtp_err_status_alloc_fail; } // allocate the buffer of mbedtls context. - (*a)->state = srtp_crypto_alloc(sizeof(mbedtls_md_context_t)); + (*a)->state = srtp_crypto_alloc(sizeof(psa_hmac_ctx_t)); + if ((*a)->state == NULL) { srtp_crypto_free(*a); *a = NULL; return srtp_err_status_alloc_fail; } - mbedtls_md_init((mbedtls_md_context_t *)(*a)->state); + + (((psa_hmac_ctx_t *)((*a)->state))->op) = psa_mac_operation_init(); /* set pointers */ (*a)->type = &srtp_hmac; @@ -100,9 +108,15 @@ static srtp_err_status_t srtp_hmac_mbedtls_alloc(srtp_auth_t **a, static srtp_err_status_t srtp_hmac_mbedtls_dealloc(srtp_auth_t *a) { - mbedtls_md_context_t *hmac_ctx; - hmac_ctx = (mbedtls_md_context_t *)a->state; - mbedtls_md_free(hmac_ctx); + psa_hmac_ctx_t *hmac_ctx; + hmac_ctx = (psa_hmac_ctx_t *)a->state; + + /* + There is no need for mbedtls_md_free function as it done automatically + by psa_mac_sign_finish function + */ + // mbedtls_md_free(hmac_ctx); + srtp_crypto_free(hmac_ctx); /* zeroize entire state*/ octet_string_set_to_zero(a, sizeof(srtp_auth_t)); @@ -115,8 +129,14 @@ static srtp_err_status_t srtp_hmac_mbedtls_dealloc(srtp_auth_t *a) static srtp_err_status_t srtp_hmac_mbedtls_start(void *statev) { - mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; - if (mbedtls_md_hmac_reset(state) != 0) { + psa_hmac_ctx_t *state = (psa_hmac_ctx_t *)statev; + + if (psa_mac_abort(&state->op) != 0) { + return srtp_err_status_auth_fail; + } + + if (psa_mac_sign_setup(&state->op, state->key_id, + PSA_ALG_HMAC(PSA_ALG_SHA_1)) != 0) { return srtp_err_status_auth_fail; } @@ -127,27 +147,52 @@ static srtp_err_status_t srtp_hmac_mbedtls_init(void *statev, const uint8_t *key, size_t key_len) { - mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; - const mbedtls_md_info_t *info = NULL; - - info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - if (info == NULL) { - return srtp_err_status_auth_fail; - } - - if (mbedtls_md_setup(state, info, 1) != 0) { - return srtp_err_status_auth_fail; - } - - debug_print(srtp_mod_hmac, "mbedtls setup, name: %s", - mbedtls_md_get_name(info)); - debug_print(srtp_mod_hmac, "mbedtls setup, size: %d", - mbedtls_md_get_size(info)); - - if (mbedtls_md_hmac_starts(state, key, key_len) != 0) { - return srtp_err_status_auth_fail; + /* + Please note that the two funcitons `mbedtls_md_setup` and + `mbedtls_md_hmac_starts` are combined into a single function + `psa_mac_sign_setup` + + Legacy: + Call mbedtls_md_setup to select the hash algorithm, with hmac=1. Then call + mbedtls_md_hmac_starts to set the key. + + PSA API: + Call psa_mac_sign_setup to specify the algorithm and the key. See “MAC key + management” for how to obtain a key identifier. + */ + + psa_hmac_ctx_t *state = (psa_hmac_ctx_t *)statev; + + /* + There is no equivalent to the type mbedtls_md_info_t and the functions + mbedtls_md_info_from_type and mbedtls_md_get_type in the PSA API + because it is unnecessary. All macros and functions operate directly + on algorithm (psa_algorithm_t, PSA_ALG_xxx constants). + */ + + /* + One of the major differences between the legacy API and the PSA API is that + in the PSA API, access to keys is indirect. Operations that require a key + take a parameter of type psa_key_id_t, which is an identifier for the key. + This allows the API to be used with keys hat are not directly accessible to + the application, for example because they are stored in a secure environment + that does not allow the key material to be exported. + */ + psa_status_t status = PSA_SUCCESS; + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type(&attr, PSA_KEY_TYPE_HMAC); + psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_SIGN_MESSAGE); + + /*Note: maybe caculate a MAC or verifiy it in both directions.*/ + psa_set_key_algorithm(&attr, PSA_ALG_HMAC(PSA_ALG_SHA_1)); + + status = psa_import_key(&attr, key, key_len, &state->key_id); + state->key_len = key_len; + if (status != PSA_SUCCESS) { + return status; } + /*Note: I don't know when to distroy a key*/ return srtp_err_status_ok; } @@ -155,12 +200,12 @@ static srtp_err_status_t srtp_hmac_mbedtls_update(void *statev, const uint8_t *message, size_t msg_octets) { - mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; + psa_hmac_ctx_t *state = (psa_hmac_ctx_t *)statev; debug_print(srtp_mod_hmac, "input: %s", srtp_octet_string_hex_string(message, msg_octets)); - if (mbedtls_md_hmac_update(state, message, msg_octets) != 0) { + if (psa_mac_update(&state->op, message, msg_octets) != 0) { return srtp_err_status_auth_fail; } @@ -173,7 +218,8 @@ static srtp_err_status_t srtp_hmac_mbedtls_compute(void *statev, size_t tag_len, uint8_t *result) { - mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; + psa_hmac_ctx_t *state = (psa_hmac_ctx_t *)statev; + uint8_t hash_value[SHA1_DIGEST_SIZE]; size_t i; @@ -183,14 +229,20 @@ static srtp_err_status_t srtp_hmac_mbedtls_compute(void *statev, } /* hash message, copy output into H */ - if (mbedtls_md_hmac_update(statev, message, msg_octets) != 0) { + if (psa_mac_update(&state->op, message, msg_octets) != 0) { return srtp_err_status_auth_fail; } - if (mbedtls_md_hmac_finish(state, hash_value) != 0) { + /* The `psa_mac_sign_finish` function can provide output length. I'm not + sure if it's usable or not now I just assigne it to a local variable named + `out_len`. I think the `out_len` must be equal to `tag_len`*/ + + size_t out_len = 0; + + if (psa_mac_sign_finish(&state->op, hash_value, sizeof(hash_value), + &out_len) != 0) { return srtp_err_status_auth_fail; } - /* copy hash_value to *result */ for (i = 0; i < tag_len; i++) { result[i] = hash_value[i]; diff --git a/crypto/include/aes_gcm.h b/crypto/include/aes_gcm.h index d6705a460..c56925f5b 100644 --- a/crypto/include/aes_gcm.h +++ b/crypto/include/aes_gcm.h @@ -90,7 +90,8 @@ typedef struct { #endif /* WOLFSSL */ -#ifdef MBEDTLS +#ifdef PSA +// #ifdef MBEDTLS #define MAX_AD_SIZE 2048 #include #include @@ -108,6 +109,47 @@ typedef struct { #endif /* MBEDTLS */ +#ifdef MBEDTLS +#define MAX_AD_SIZE 2048 +#include + +/** + * \brief The GCM context structure. + */ +typedef struct psa_gcm_context { + // psa_aead_operation_t cipher_ctx; /*!< The cipher context used. */ + + psa_aead_operation_t op; /*!< The cipher context used. */ + psa_key_id_t key_id; + + uint64_t HL[16]; /*!< Precalculated HTable low. */ + uint64_t HH[16]; /*!< Precalculated HTable high. */ + uint64_t len; /*!< The total length of the encrypted data. */ + uint64_t add_len; /*!< The total length of the additional data. */ + unsigned char base_ectr[16]; /*!< The first ECTR for tag. */ + unsigned char y[16]; /*!< The Y working value. */ + unsigned char buf[16]; /*!< The buf working value. */ + int mode; /*!< The operation to perform: + #MBEDTLS_GCM_ENCRYPT or + #MBEDTLS_GCM_DECRYPT. */ +} psa_gcm_context; + +typedef struct { + size_t key_size; + size_t tag_len; + size_t aad_size; + size_t iv_len; + uint8_t iv[12]; + uint8_t aad[MAX_AD_SIZE]; + + // mbedtls_gcm_context *ctx; + psa_gcm_context *ctx; + + srtp_cipher_direction_t dir; +} srtp_aes_gcm_ctx_t; + +#endif /* PSA */ + #ifdef NSS #define NSS_PKCS11_2_0_COMPAT 1 diff --git a/crypto/include/aes_icm_ext.h b/crypto/include/aes_icm_ext.h index 9000294e3..73ac62fcd 100644 --- a/crypto/include/aes_icm_ext.h +++ b/crypto/include/aes_icm_ext.h @@ -78,14 +78,19 @@ typedef struct { #ifdef MBEDTLS -#include +#include +typedef struct { + psa_key_id_t key_id; + psa_cipher_operation_t op; +} psa_aes_icm_ctx_t; + typedef struct { v128_t counter; /* holds the counter value */ v128_t offset; /* initial offset value */ v128_t stream_block; size_t nc_off; size_t key_size; - mbedtls_aes_context *ctx; + psa_aes_icm_ctx_t *ctx; } srtp_aes_icm_ctx_t; #endif /* MBEDTLS */