From 8dbd9a88eef51547f4736a817e91b1021e572a32 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 12 Jun 2017 14:21:43 +1000 Subject: [PATCH] Fix for CCM - TLS v1.3 needs all nonce/IV bytes --- src/keys.c | 8 ++++---- src/tls13.c | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/keys.c b/src/keys.c index 92b03d651..3a22073b0 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2640,7 +2640,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } if (dec) { CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key, @@ -2649,7 +2649,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } else { @@ -2660,7 +2660,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } if (dec) { CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key, @@ -2669,7 +2669,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } if (enc) diff --git a/src/tls13.c b/src/tls13.c index 5b313842c..80c62eb08 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1616,6 +1616,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_AESGCM case wolfssl_aes_gcm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESGCM_NONCE_SZ); +#endif ret = wc_AesGcmEncrypt(ssl->encrypt.aes, output, input, dataSz, nonce, AESGCM_NONCE_SZ, output + dataSz, macSz, NULL, 0); break; @@ -1623,6 +1627,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #ifdef HAVE_AESCCM case wolfssl_aes_ccm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESCCM_NONCE_SZ); +#endif ret = wc_AesCcmEncrypt(ssl->encrypt.aes, output, input, dataSz, nonce, AESCCM_NONCE_SZ, output + dataSz, macSz, NULL, 0); break; @@ -1630,6 +1638,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case wolfssl_chacha: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, CHACHA_IV_BYTES); +#endif ret = ChaCha20Poly1305_Encrypt(ssl, output, input, dataSz, nonce, output + dataSz); break; @@ -1740,6 +1752,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_AESGCM case wolfssl_aes_gcm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESGCM_NONCE_SZ); +#endif ret = wc_AesGcmDecrypt(ssl->decrypt.aes, output, input, dataSz, nonce, AESGCM_NONCE_SZ, input + dataSz, macSz, NULL, 0); break; @@ -1747,6 +1763,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) #ifdef HAVE_AESCCM case wolfssl_aes_ccm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESCCM_NONCE_SZ); +#endif ret = wc_AesCcmDecrypt(ssl->decrypt.aes, output, input, dataSz, nonce, AESCCM_NONCE_SZ, input + dataSz, macSz, NULL, 0); break; @@ -1754,6 +1774,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case wolfssl_chacha: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, CHACHA_IV_BYTES); +#endif ret = ChaCha20Poly1305_Decrypt(ssl, output, input, dataSz, nonce, input + dataSz); break;