From eeb11a6e510ef3fb687d0fc314546a5fc779bd98 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 7 Jan 2013 14:06:58 -0800 Subject: [PATCH] fix rabbit and hc128 CTaoCrypt test buffers for aligned access only, allow TLS on intel w/o aligned stream buffers, otherwise align --- ctaocrypt/test/test.c | 47 ++++++++++++++++++++++--------------- cyassl/ctaocrypt/settings.h | 7 ++++++ cyassl/ctaocrypt/types.h | 3 ++- src/internal.c | 24 +++++++++++++++++++ 4 files changed, 61 insertions(+), 20 deletions(-) diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 08842fd30..1f4abd4da 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1194,11 +1194,16 @@ int hc128_test(void) HC128 enc; HC128 dec; - Hc128_SetKey(&enc, (byte*)keys[i], (byte*)ivs[i]); - Hc128_SetKey(&dec, (byte*)keys[i], (byte*)ivs[i]); + /* align keys/ivs in plain/cipher buffers */ + memcpy(plain, keys[i], 16); + memcpy(cipher, ivs[i], 16); - Hc128_Process(&enc, cipher, (byte*)test_hc128[i].input, - (word32)test_hc128[i].outLen); + Hc128_SetKey(&enc, plain, cipher); + Hc128_SetKey(&dec, plain, cipher); + + /* align input */ + memcpy(plain, test_hc128[i].input, test_hc128[i].outLen); + Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen); Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen); if (memcmp(plain, test_hc128[i].input, test_hc128[i].outLen)) @@ -1219,22 +1224,17 @@ int rabbit_test(void) byte cipher[16]; byte plain[16]; - const char* keys[] = /* align with 3 extra bytes cause null is added */ + const char* keys[] = { - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00", - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91" - "\x00\x00\x00" }; - const char* ivs[] = /* align with 3 extra bytes casue null is added */ + const char* ivs[] = { - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00", - "\x59\x7E\x26\xC1\x75\xF5\x73\xC3" - "\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00", + "\x59\x7E\x26\xC1\x75\xF5\x73\xC3", 0 }; @@ -1265,12 +1265,21 @@ int rabbit_test(void) for (i = 0; i < times; ++i) { Rabbit enc; Rabbit dec; + byte* iv; - RabbitSetKey(&enc, (byte*)keys[i], (byte*)ivs[i]); - RabbitSetKey(&dec, (byte*)keys[i], (byte*)ivs[i]); + /* align keys/ivs in plain/cipher buffers */ + memcpy(plain, keys[i], 16); + if (ivs[i]) { + memcpy(cipher, ivs[i], 8); + iv = cipher; + } else + iv = NULL; + RabbitSetKey(&enc, plain, iv); + RabbitSetKey(&dec, plain, iv); - RabbitProcess(&enc, cipher, (byte*)test_rabbit[i].input, - (word32)test_rabbit[i].outLen); + /* align input */ + memcpy(plain, test_rabbit[i].input, test_rabbit[i].outLen); + RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen); RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen); if (memcmp(plain, test_rabbit[i].input, test_rabbit[i].outLen)) diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index c8075760e..2890ebd18 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -72,6 +72,13 @@ #include +/* stream ciphers except arc4 need 32bit alignment, intel ok without */ +#if defined(__x86_64__) || defined(__ia64__) || defined(__i386__) + #define NO_XSTREAM_ALIGNMENT +#else + #define XSTREAM_ALIGNMENT +#endif + #ifdef IPHONE #define SIZEOF_LONG_LONG 8 #endif diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 89a5a2857..82bbaec5b 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -227,7 +227,8 @@ enum { DYNAMIC_TYPE_DTLS_POOL = 34, DYNAMIC_TYPE_SOCKADDR = 35, DYNAMIC_TYPE_LIBZ = 36, - DYNAMIC_TYPE_ECC = 37 + DYNAMIC_TYPE_ECC = 37, + DYNAMIC_TYPE_TMP_BUFFER = 38 }; /* stack protection */ diff --git a/src/internal.c b/src/internal.c index 4a79e6162..eef89380c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3000,12 +3000,36 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) #ifdef HAVE_HC128 case hc128: + #ifdef XSTREAM_ALIGNMENT + if ((word)input % 4) { + byte* tmp = (byte*)XMALLOC(sz, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) return MEMORY_E; + XMEMCPY(tmp, input, sz); + Hc128_Process(ssl->encrypt.hc128, tmp, tmp, sz); + XMEMCPY(out, tmp, sz); + XFREE(tmp, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + break; + } + #endif Hc128_Process(ssl->encrypt.hc128, out, input, sz); break; #endif #ifdef BUILD_RABBIT case rabbit: + #ifdef XSTREAM_ALIGNMENT + if ((word)input % 4) { + byte* tmp = (byte*)XMALLOC(sz, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) return MEMORY_E; + XMEMCPY(tmp, input, sz); + RabbitProcess(ssl->encrypt.rabbit, tmp, tmp, sz); + XMEMCPY(out, tmp, sz); + XFREE(tmp, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + break; + } + #endif RabbitProcess(ssl->encrypt.rabbit, out, input, sz); break; #endif