feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add AES CCM support to sniffer. ZD 11078.

Browse Source
This commit is contained in:
David Garske
2020-10-08 13:58:31 -07:00
parent 4f6c1db9a2
commit 8a57eead51
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/sniffer.c
View File

@@ -3730,17 +3730,27 @@ static int Decrypt(WOLFSSL* ssl, byte* output, const byte* input, word32 sz)
break; break;
#endif #endif
#ifdef HAVE_AESGCM #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
case wolfssl_aes_gcm: case wolfssl_aes_gcm:
if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size)) case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
{ if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size)) {
/* scratch buffer, sniffer ignores auth tag*/ /* scratch buffer, sniffer ignores auth tag */
wc_AesAuthEncryptFunc aes_auth_fn;
byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ]; byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
byte nonce[AESGCM_NONCE_SZ]; byte nonce[AESGCM_NONCE_SZ];
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ); XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ); XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
if (wc_AesGcmEncrypt(ssl->decrypt.aes, /* use encrypt because we don't care about authtag */
#if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
? wc_AesGcmEncrypt : wc_AesCcmEncrypt;
#elif defined(BUILD_AESGCM)
aes_auth_fn = wc_AesGcmEncrypt;
#else
aes_auth_fn = wc_AesCcmEncrypt;
#endif
if (aes_auth_fn(ssl->decrypt.aes,
output, output,
input + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,