From 14d893aeb00545d5a6ceebfa26beb61d5f10fa17 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 19 Oct 2015 11:28:25 -0700
Subject: [PATCH] Add decrypt of AES-GCM to the sniffer.

---
 src/sniffer.c            | 36 ++++++++++++++++++++++++++++++++++--
 wolfssl/sniffer_error.h  |  2 ++
 wolfssl/sniffer_error.rc |  2 ++
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 7f6dc552b..f26e83f0b 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -248,7 +248,10 @@ static const char* const msgTable[] =
     "Reassembly Buffer Size Exceeded",
     "Dropping Lost Fragment",
     "Dropping Partial Record",
-    "Clear ACK Fault"
+    "Clear ACK Fault",
+
+    /* 81 */
+    "Bad Decrypt Size"
 };
 
 
@@ -1968,6 +1971,30 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
             break;
         #endif
 
+        #ifdef HAVE_AESGCM
+        case wolfssl_aes_gcm:
+            if (sz >= AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size)
+            {
+                byte nonce[AEAD_NONCE_SZ];
+                XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
+                XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
+
+                if (wc_AesGcmEncrypt(ssl->decrypt.aes,
+                            output,
+                            input + AEAD_EXP_IV_SZ,
+                            sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
+                            nonce, AEAD_NONCE_SZ,
+                            NULL, 0,
+                            NULL, 0) < 0) {
+                    ret = -1;
+                }
+                ForceZero(nonce, AEAD_NONCE_SZ);
+            }
+            else
+                Trace(BAD_DECRYPT_SIZE);
+            break;
+         #endif
+
         default:
             Trace(BAD_DECRYPT_TYPE);
             ret = -1;
@@ -1996,7 +2023,12 @@ static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
         *advance = ssl->specs.block_size;
     }
 
-    ssl->keys.padSz = ssl->specs.hash_size;
+    if (ssl->specs.cipher_type == aead) {
+        *advance = ssl->specs.aead_mac_size;
+        ssl->keys.padSz = ssl->specs.aead_mac_size;
+    }
+    else
+        ssl->keys.padSz = ssl->specs.hash_size;
 
     if (ssl->specs.cipher_type == block)
         ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h
index 53acf6a10..ee953a255 100644
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -114,6 +114,8 @@
 #define DROPPING_LOST_FRAG_STR 78
 #define DROPPING_PARTIAL_RECORD 79
 #define CLEAR_ACK_FAULT 80
+
+#define BAD_DECRYPT_SIZE 81
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
 
 
diff --git a/wolfssl/sniffer_error.rc b/wolfssl/sniffer_error.rc
index 40bfac84a..e7d998059 100644
--- a/wolfssl/sniffer_error.rc
+++ b/wolfssl/sniffer_error.rc
@@ -96,5 +96,7 @@ STRINGTABLE
     78, "Dropping Lost Fragment"
     79, "Dropping Partial Record"
     80, "Clear ACK Fault"
+
+    81, "Bad Decrypt Size"
 }