From 4a511fe36d2800e7e4b552871066a159a9aaa2a4 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 17 Apr 2014 13:32:47 -0700 Subject: [PATCH 1/3] Added epoch to sequence number for AES-GCM with DTLS encrypt/decrypt. --- src/internal.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index fcf96e277..4eab1ae8a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4202,8 +4202,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) /* Store the type, version. Unfortunately, they are in * the input buffer ahead of the plaintext. */ #ifdef CYASSL_DTLS - if (ssl->options.dtls) + if (ssl->options.dtls) { + c16toa(ssl->keys.dtls_epoch, additional); additionalSrc -= DTLS_HANDSHAKE_EXTRA; + } #endif XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); @@ -4346,7 +4348,12 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); - + + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + c16toa(ssl->keys.dtls_state.curEpoch, additional); + #endif + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; From da5b042d218c43f788782b0109fdccf0fa4a9466 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 16 May 2014 15:47:22 -0700 Subject: [PATCH 2/3] AEAD additional data for encrypt and decrypt should be AEAD_AUTH_DATA_SZ --- src/internal.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/src/internal.c b/src/internal.c index 4eab1ae8a..3deec6712 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4189,11 +4189,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4222,8 +4222,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, nonce, AEAD_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, additional, - AEAD_AUTH_DATA_SZ); + ssl->specs.aead_mac_size, + additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); } @@ -4233,11 +4233,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4270,9 +4270,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); - - break; } + break; #endif #ifdef HAVE_CAMELLIA @@ -4341,10 +4340,10 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); @@ -4375,17 +4374,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); - break; } + break; #endif #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); @@ -4416,8 +4415,8 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); - break; } + break; #endif #ifdef HAVE_CAMELLIA From df81401cf0e2a5fab9a0c4a11369d350ec1c4b30 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 19 May 2014 17:06:56 -0700 Subject: [PATCH 3/3] add debugging output to benchmark --- ctaocrypt/benchmark/benchmark.c | 7 +++++++ ctaocrypt/src/aes.c | 1 + 2 files changed, 8 insertions(+) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 47dd3a777..5363fc95c 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -128,6 +128,9 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #endif +#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) + CYASSL_API int CyaSSL_Debugging_ON(); +#endif /* so embedded projects can pull in tests on their own */ #if !defined(NO_MAIN_DRIVER) @@ -142,6 +145,10 @@ int benchmark_test(void *args) { #endif + #if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) + CyaSSL_Debugging_ON(); + #endif + #ifdef HAVE_CAVIUM int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); if (ret != 0) { diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 000210868..e25b5d873 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -2241,6 +2241,7 @@ int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) if ((word)in % 16) { #ifndef NO_CYASSL_ALLOC_ALIGN byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + CYASSL_MSG("AES-CBC encrypt with bad alignment"); if (tmp == NULL) return MEMORY_E; XMEMCPY(tmp, in, sz);