From da02a7f45e55f9e1394cf4cab118b78ac299dec2 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Sat, 31 Aug 2013 17:25:14 +0200 Subject: [PATCH] AES_CBC ciphersuites now run purely via cipher layer --- include/polarssl/ssl.h | 3 + library/ssl_tls.c | 136 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 123 insertions(+), 16 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 354c6c2fcb..aafbfb6875 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -504,6 +504,9 @@ struct _ssl_transform md_context_t md_ctx_enc; /*!< MAC (encryption) */ md_context_t md_ctx_dec; /*!< MAC (decryption) */ + cipher_context_t cipher_ctx_enc; /*!< encryption context */ + cipher_context_t cipher_ctx_dec; /*!< decryption context */ + uint32_t ctx_enc[SSL_CTX_MAX / 4]; /*!< encryption context */ uint32_t ctx_dec[SSL_CTX_MAX / 4]; /*!< decryption context */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ed95d3e038..5e2e7725be 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -355,6 +355,7 @@ static void ssl_calc_finished_tls_sha384(ssl_context *,unsigned char *,int); int ssl_derive_keys( ssl_context *ssl ) { + int ret = 0; unsigned char tmp[64]; unsigned char keyblk[256]; unsigned char *key1; @@ -648,15 +649,46 @@ int ssl_derive_keys( ssl_context *ssl ) break; #endif -#if defined(POLARSSL_AES_C) case POLARSSL_CIPHER_AES_128_CBC: case POLARSSL_CIPHER_AES_256_CBC: - aes_setkey_enc( (aes_context*) transform->ctx_enc, key1, - cipher_info->key_length ); - aes_setkey_dec( (aes_context*) transform->ctx_dec, key2, - cipher_info->key_length ); + if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc, + cipher_info ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_setkey( &transform->cipher_ctx_enc, key1, + cipher_info->key_length, + POLARSSL_ENCRYPT ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc, + POLARSSL_PADDING_NONE ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_init_ctx( &transform->cipher_ctx_dec, + cipher_info ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_setkey( &transform->cipher_ctx_dec, key2, + cipher_info->key_length, + POLARSSL_DECRYPT ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_dec, + POLARSSL_PADDING_NONE ) ) != 0 ) + { + return( ret ); + } break; -#endif #if defined(POLARSSL_CAMELLIA_C) case POLARSSL_CIPHER_CAMELLIA_128_CBC: @@ -999,8 +1031,10 @@ static int ssl_encrypt_buf( ssl_context *ssl ) else #endif /* POLARSSL_GCM_C */ { + int ret; unsigned char *enc_msg; size_t enc_msglen; + size_t olen = 0; padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % ssl->transform_out->ivlen; @@ -1065,14 +1099,49 @@ static int ssl_encrypt_buf( ssl_context *ssl ) break; #endif -#if defined(POLARSSL_AES_C) case POLARSSL_CIPHER_AES_128_CBC: case POLARSSL_CIPHER_AES_256_CBC: - aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc, - AES_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg ); - break; + if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc, + ssl->transform_out->iv_enc ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc, + enc_msg, enc_msglen, enc_msg, + &olen ) ) != 0 ) + { + return( ret ); + } + + enc_msglen -= olen; + + if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc, + enc_msg + olen, &olen ) ) != 0 ) + { + return( ret ); + } + + if( enc_msglen != olen ) + { + SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d", + enc_msglen, olen ) ); + // TODO Real error number + return( -1 ); + } + +#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) + if( ssl->minor_ver < SSL_MINOR_VERSION_2 ) + { + /* + * Save IV in SSL3 and TLS1 + */ + memcpy( ssl->transform_out->iv_enc, + ssl->transform_out->cipher_ctx_enc.iv, + ssl->transform_out->ivlen ); + } #endif + break; #if defined(POLARSSL_CAMELLIA_C) case POLARSSL_CIPHER_CAMELLIA_128_CBC: @@ -1190,10 +1259,12 @@ static int ssl_decrypt_buf( ssl_context *ssl ) /* * Decrypt and check the padding */ + int ret; unsigned char *dec_msg; unsigned char *dec_msg_result; size_t dec_msglen; size_t minlen = 0; + size_t olen = 0; /* * Check immediate ciphertext sanity @@ -1252,14 +1323,47 @@ static int ssl_decrypt_buf( ssl_context *ssl ) break; #endif -#if defined(POLARSSL_AES_C) case POLARSSL_CIPHER_AES_128_CBC: case POLARSSL_CIPHER_AES_256_CBC: - aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec, - AES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - break; + if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec, + ssl->transform_in->iv_dec ) ) != 0 ) + { + return( ret ); + } + + if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec, + dec_msg, dec_msglen, dec_msg_result, + &olen ) ) != 0 ) + { + return( ret ); + } + + dec_msglen -= olen; + if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec, + dec_msg_result + olen, &olen ) ) != 0 ) + { + return( ret ); + } + + if( dec_msglen != olen ) + { + SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) ); + // TODO Real error number + return( -1 ); + } + +#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) + if( ssl->minor_ver < SSL_MINOR_VERSION_2 ) + { + /* + * Save IV in SSL3 and TLS1 + */ + memcpy( ssl->transform_in->iv_dec, + ssl->transform_in->cipher_ctx_dec.iv, + ssl->transform_in->ivlen ); + } #endif + break; #if defined(POLARSSL_CAMELLIA_C) case POLARSSL_CIPHER_CAMELLIA_128_CBC: