GCM ciphersuites partially using cipher layer
This commit is contained in:
Manuel Pégourié-Gonnard
parent
1af50a240b
commit
226d5da1fc
2 changed files with 8 additions and 50 deletions
|
|
@ -441,40 +441,6 @@ struct _ssl_session
|
||||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
|
||||||
* Helpers to find the correct size of the context in _ssl_transform
|
|
||||||
* (in the long run, we'll use the cipher layer, but for now...)
|
|
||||||
*/
|
|
||||||
#define SSL_MAX(a, b) ( a > b ? a : b )
|
|
||||||
#define SSL_CTX_MAX_0 0
|
|
||||||
#if defined(POLARSSL_AES_C)
|
|
||||||
#define SSL_CTX_MAX_1 SSL_MAX( SSL_CTX_MAX_0, sizeof( aes_context ) )
|
|
||||||
#else
|
|
||||||
#define SSL_CTX_MAX_1 SSL_CTX_MAX_0
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
|
||||||
#define SSL_CTX_MAX_2 SSL_MAX( SSL_CTX_MAX_1, sizeof( arc4_context ) )
|
|
||||||
#else
|
|
||||||
#define SSL_CTX_MAX_2 SSL_CTX_MAX_1
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_DES_C)
|
|
||||||
#define SSL_CTX_MAX_3 SSL_MAX( SSL_CTX_MAX_2, sizeof( des_context ) )
|
|
||||||
#define SSL_CTX_MAX_4 SSL_MAX( SSL_CTX_MAX_3, sizeof( des3_context ) )
|
|
||||||
#else
|
|
||||||
#define SSL_CTX_MAX_4 SSL_CTX_MAX_2
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
|
||||||
#define SSL_CTX_MAX_5 SSL_MAX( SSL_CTX_MAX_4, sizeof( camellia_context ) )
|
|
||||||
#else
|
|
||||||
#define SSL_CTX_MAX_5 SSL_CTX_MAX_4
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
|
||||||
#define SSL_CTX_MAX_6 SSL_MAX( SSL_CTX_MAX_5, sizeof( gcm_context ) )
|
|
||||||
#else
|
|
||||||
#define SSL_CTX_MAX_6 SSL_CTX_MAX_5
|
|
||||||
#endif
|
|
||||||
#define SSL_CTX_MAX SSL_CTX_MAX_6
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This structure contains a full set of runtime transform parameters
|
* This structure contains a full set of runtime transform parameters
|
||||||
* either in negotiation or active.
|
* either in negotiation or active.
|
||||||
|
|
@ -507,9 +473,6 @@ struct _ssl_transform
|
||||||
cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
||||||
cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
||||||
|
|
||||||
uint32_t ctx_enc[SSL_CTX_MAX / 4]; /*!< encryption context */
|
|
||||||
uint32_t ctx_dec[SSL_CTX_MAX / 4]; /*!< decryption context */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Session specific compression layer
|
* Session specific compression layer
|
||||||
*/
|
*/
|
||||||
|
|
@ -519,17 +482,6 @@ struct _ssl_transform
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Not needed any more */
|
|
||||||
#undef SSL_MAX
|
|
||||||
#undef SSL_CTX_MAX_0
|
|
||||||
#undef SSL_CTX_MAX_1
|
|
||||||
#undef SSL_CTX_MAX_2
|
|
||||||
#undef SSL_CTX_MAX_3
|
|
||||||
#undef SSL_CTX_MAX_4
|
|
||||||
#undef SSL_CTX_MAX_5
|
|
||||||
#undef SSL_CTX_MAX_6
|
|
||||||
#undef SSL_CTX_MAX
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This structure contains the parameters only needed during handshake.
|
* This structure contains the parameters only needed during handshake.
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -640,6 +640,8 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||||
case POLARSSL_CIPHER_AES_128_CBC:
|
case POLARSSL_CIPHER_AES_128_CBC:
|
||||||
case POLARSSL_CIPHER_AES_256_CBC:
|
case POLARSSL_CIPHER_AES_256_CBC:
|
||||||
case POLARSSL_CIPHER_DES_CBC:
|
case POLARSSL_CIPHER_DES_CBC:
|
||||||
|
case POLARSSL_CIPHER_AES_128_GCM:
|
||||||
|
case POLARSSL_CIPHER_AES_256_GCM:
|
||||||
if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
|
if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
|
||||||
cipher_info ) ) != 0 )
|
cipher_info ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -1021,6 +1023,9 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||||
|
|
||||||
|
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
|
||||||
|
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Fix pointer positions and message length with added IV
|
* Fix pointer positions and message length with added IV
|
||||||
*/
|
*/
|
||||||
|
|
@ -1041,7 +1046,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
ssl->out_msglen += 16;
|
ssl->out_msglen += 16;
|
||||||
|
|
||||||
gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc,
|
gcm_crypt_and_tag( ssl->transform_out->cipher_ctx_enc->cipher_ctx,
|
||||||
GCM_ENCRYPT, enc_msglen,
|
GCM_ENCRYPT, enc_msglen,
|
||||||
ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
|
ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
|
||||||
add_data, 13,
|
add_data, 13,
|
||||||
|
|
@ -1280,7 +1285,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||||
ssl->transform_in->ivlen );
|
ssl->transform_in->ivlen );
|
||||||
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
|
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
|
||||||
|
|
||||||
ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec,
|
ret = gcm_auth_decrypt( ssl->transform_in->cipher_ctx_dec->cipher_ctx,
|
||||||
dec_msglen,
|
dec_msglen,
|
||||||
ssl->transform_in->iv_dec,
|
ssl->transform_in->iv_dec,
|
||||||
ssl->transform_in->ivlen,
|
ssl->transform_in->ivlen,
|
||||||
|
|
@ -1295,6 +1300,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||||
|
|
||||||
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_GCM_C */
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue