Commit 226d5da1 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

GCM ciphersuites partially using cipher layer

parent 1af50a24
......@@ -441,40 +441,6 @@ struct _ssl_session
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
};
/*
* Helpers to find the correct size of the context in _ssl_transform
* (in the long run, we'll use the cipher layer, but for now...)
*/
#define SSL_MAX(a, b) ( a > b ? a : b )
#define SSL_CTX_MAX_0 0
#if defined(POLARSSL_AES_C)
#define SSL_CTX_MAX_1 SSL_MAX( SSL_CTX_MAX_0, sizeof( aes_context ) )
#else
#define SSL_CTX_MAX_1 SSL_CTX_MAX_0
#endif
#if defined(POLARSSL_ARC4_C)
#define SSL_CTX_MAX_2 SSL_MAX( SSL_CTX_MAX_1, sizeof( arc4_context ) )
#else
#define SSL_CTX_MAX_2 SSL_CTX_MAX_1
#endif
#if defined(POLARSSL_DES_C)
#define SSL_CTX_MAX_3 SSL_MAX( SSL_CTX_MAX_2, sizeof( des_context ) )
#define SSL_CTX_MAX_4 SSL_MAX( SSL_CTX_MAX_3, sizeof( des3_context ) )
#else
#define SSL_CTX_MAX_4 SSL_CTX_MAX_2
#endif
#if defined(POLARSSL_CAMELLIA_C)
#define SSL_CTX_MAX_5 SSL_MAX( SSL_CTX_MAX_4, sizeof( camellia_context ) )
#else
#define SSL_CTX_MAX_5 SSL_CTX_MAX_4
#endif
#if defined(POLARSSL_GCM_C)
#define SSL_CTX_MAX_6 SSL_MAX( SSL_CTX_MAX_5, sizeof( gcm_context ) )
#else
#define SSL_CTX_MAX_6 SSL_CTX_MAX_5
#endif
#define SSL_CTX_MAX SSL_CTX_MAX_6
/*
* This structure contains a full set of runtime transform parameters
* either in negotiation or active.
......@@ -507,9 +473,6 @@ struct _ssl_transform
cipher_context_t cipher_ctx_enc; /*!< encryption context */
cipher_context_t cipher_ctx_dec; /*!< decryption context */
uint32_t ctx_enc[SSL_CTX_MAX / 4]; /*!< encryption context */
uint32_t ctx_dec[SSL_CTX_MAX / 4]; /*!< decryption context */
/*
* Session specific compression layer
*/
......@@ -519,17 +482,6 @@ struct _ssl_transform
#endif
};
/* Not needed any more */
#undef SSL_MAX
#undef SSL_CTX_MAX_0
#undef SSL_CTX_MAX_1
#undef SSL_CTX_MAX_2
#undef SSL_CTX_MAX_3
#undef SSL_CTX_MAX_4
#undef SSL_CTX_MAX_5
#undef SSL_CTX_MAX_6
#undef SSL_CTX_MAX
/*
* This structure contains the parameters only needed during handshake.
*/
......
......@@ -640,6 +640,8 @@ int ssl_derive_keys( ssl_context *ssl )
case POLARSSL_CIPHER_AES_128_CBC:
case POLARSSL_CIPHER_AES_256_CBC:
case POLARSSL_CIPHER_DES_CBC:
case POLARSSL_CIPHER_AES_128_GCM:
case POLARSSL_CIPHER_AES_256_GCM:
if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
......@@ -1021,6 +1023,9 @@ static int ssl_encrypt_buf( ssl_context *ssl )
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
/*
* Fix pointer positions and message length with added IV
*/
......@@ -1041,7 +1046,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
*/
ssl->out_msglen += 16;
gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc,
gcm_crypt_and_tag( ssl->transform_out->cipher_ctx_enc->cipher_ctx,
GCM_ENCRYPT, enc_msglen,
ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
add_data, 13,
......@@ -1280,7 +1285,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
ssl->transform_in->ivlen );
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec,
ret = gcm_auth_decrypt( ssl->transform_in->cipher_ctx_dec->cipher_ctx,
dec_msglen,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen,
......@@ -1295,6 +1300,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
}
else
#endif /* POLARSSL_GCM_C */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment