mbedtls files changed and cmake instruction added to support MbedTLS …#782
mbedtls files changed and cmake instruction added to support MbedTLS …#782seyednasermoravej wants to merge 4 commits intocisco:mainfrom
Conversation
seyednasermoravej
force-pushed
the
migration-to-psa-crypto
branch
3 times, most recently
from
1791e08 to
40c43bf
Compare
|
How can I check CI before push my code? |
|
I normally just try to replicate the environment, or else do a lot of pushing to a PR and then clean up and squash before creating the final PR. Just looking quickly I would guess you need to update the CI scripts to use MbedTLS 4 or ? |
I tested this scripts on Ubuntu 24.04 and Ubuntu 22.04. Maybe you face python errors because of absence of some packages. Please install them via pip. If you face no python error, you could create a .sh file and source it:
|
|
@seyednasermoravej I made some change to get the CI to pass, hope it was OK to push to this branch. You can do what you want with them. I would suggest rebasing and removing the commits which are not related to getting mbtls working. |
seyednasermoravej
force-pushed
the
migration-to-psa-crypto
branch
from
e9c82bb to
6c4dadb
Compare
Apologies for my delayed response. Is there anything in the code that could be improved? |
|
@seyednasermoravej I am not sure you need the change to the readme as when this is merged then it should just build as before. |
The aes interface in libsrtp expects to be able to call encrypt multiple times in a progressive manor. A call to set the IV should reset for a new set of operations. This interface is not so oblivious and there is currently no indication of the last call. This should really be improved.
Pass dst_len as it is the actual buffer size. Remove unused code, full_tag & ciphertext_len.
seyednasermoravej
force-pushed
the
migration-to-psa-crypto
branch
from
6c4dadb to
2bf6953
Compare
I removed the "README.md" changes from the branch "migration-to-psa-crypto" |
pabuhler
left a comment
pabuhler
left a comment
There was a problem hiding this comment.
Some small clean up and some unanswered questions.
Please ensure you understand the PSA API properly, this review focused mostly on the code and not the usage of the PSA API.
| } | ||
|
|
||
| *dst_len = src_len; | ||
| total_len += out_len; |
There was a problem hiding this comment.
total_len and out_len are probably not needed, could just pass dst_len psa_cipher_update, this does not make much difference but cleans the code up, at least total_len could be removed
|
|
||
| #ifdef MBEDTLS | ||
| #ifdef PSA | ||
| // #ifdef MBEDTLS |
There was a problem hiding this comment.
what should I continue with for naming?
MBEDTLS or PSA?
There was a problem hiding this comment.
I think MBEDTLS might make more sense but I do not mind.
| return status; | ||
| } | ||
|
|
||
| /*Note: I don't know when to distroy a key*/ |
| * | ||
| * Parameters: | ||
| * c Crypto context | ||
| * c Crypto contextsrtp_aes_icm_mbedtls_encrypt |
I'd added some comments to make the code easier for review. like: |
It's abit up to you, comments are fine if they are concise or explain something that otherwise does not make a lot of sense. No need to comment on "normal" behavior of API usage. |
2 participants
Hi Cisco team, and Merry Christmas 🎄
This PR is a draft for the migration to Mbed TLS v4.0.
For easier review and comparison, I’ve kept both the legacy code and the new implementation side by side.
There are still some unnecessary fields in a few structures, and in some places the implementation can be improved (for example, using
statusinstead oferrCode). I intentionally kept the changes as minimal as possible for now; we can clean up and refine these parts in follow-up steps once the migration direction is agreed upon.Feedback and suggestions are very welcome.