aboutsummaryrefslogtreecommitdiff
path: root/networking
diff options
context:
space:
mode:
Diffstat (limited to 'networking')
-rw-r--r--networking/tls.c31
1 files changed, 16 insertions, 15 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 3b4f1b7e2..2a0098674 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -788,14 +788,15 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty
788{ 788{
789#define COUNTER(v) (*(uint32_t*)(v + 12)) 789#define COUNTER(v) (*(uint32_t*)(v + 12))
790 790
791 uint8_t aad[13 + 3]; /* +3 creates [16] buffer, simplifying GHASH() */ 791 uint8_t aad[13 + 3] ALIGNED(4); /* +3 creates [16] buffer, simplifying GHASH() */
792 uint8_t nonce[12 + 4]; /* +4 creates space for AES block counter */ 792 uint8_t nonce[12 + 4] ALIGNED(4); /* +4 creates space for AES block counter */
793 uint8_t scratch[AES_BLOCK_SIZE]; //[16] 793 uint8_t scratch[AES_BLOCK_SIZE] ALIGNED(4); //[16]
794 uint8_t authtag[AES_BLOCK_SIZE]; //[16] 794 uint8_t authtag[AES_BLOCK_SIZE] ALIGNED(4); //[16]
795 uint8_t *buf; 795 uint8_t *buf;
796 struct record_hdr *xhdr; 796 struct record_hdr *xhdr;
797 unsigned remaining; 797 unsigned remaining;
798 unsigned cnt; 798 unsigned cnt;
799 uint64_t t64;
799 800
800 buf = tls->outbuf + OUTBUF_PFX; /* see above for the byte it points to */ 801 buf = tls->outbuf + OUTBUF_PFX; /* see above for the byte it points to */
801 dump_hex("xwrite_encrypted_aesgcm plaintext:%s\n", buf, size); 802 dump_hex("xwrite_encrypted_aesgcm plaintext:%s\n", buf, size);
@@ -810,13 +811,13 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty
810 /* set aad[12], and clear aad[13..15] */ 811 /* set aad[12], and clear aad[13..15] */
811 COUNTER(aad) = SWAP_LE32(size & 0xff); 812 COUNTER(aad) = SWAP_LE32(size & 0xff);
812 813
813 memcpy(nonce, tls->client_write_IV, 4); 814 memcpy(nonce, tls->client_write_IV, 4);
814 memcpy(nonce + 4, &tls->write_seq64_be, 8); 815 t64 = tls->write_seq64_be;
815 memcpy(aad, &tls->write_seq64_be, 8); 816 move_to_unaligned64(nonce + 4, t64);
816 memcpy(buf - 8, &tls->write_seq64_be, 8); 817 move_to_unaligned64(aad, t64);
817//optimize 818 move_to_unaligned64(buf - 8, t64);
818 /* seq64 is not used later in this func, can increment here */ 819 /* seq64 is not used later in this func, can increment here */
819 tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); 820 tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(t64));
820 821
821 cnt = 1; 822 cnt = 1;
822 remaining = size; 823 remaining = size;
@@ -923,13 +924,14 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size)
923{ 924{
924#define COUNTER(v) (*(uint32_t*)(v + 12)) 925#define COUNTER(v) (*(uint32_t*)(v + 12))
925 926
926 //uint8_t aad[13 + 3]; /* +3 creates [16] buffer, simplifying GHASH() */ 927 //uint8_t aad[13 + 3] ALIGNED(4); /* +3 creates [16] buffer, simplifying GHASH() */
927 uint8_t nonce[12 + 4]; /* +4 creates space for AES block counter */ 928 uint8_t nonce[12 + 4] ALIGNED(4); /* +4 creates space for AES block counter */
928 uint8_t scratch[AES_BLOCK_SIZE]; //[16] 929 uint8_t scratch[AES_BLOCK_SIZE] ALIGNED(4); //[16]
929 //uint8_t authtag[AES_BLOCK_SIZE]; //[16] 930 //uint8_t authtag[AES_BLOCK_SIZE] ALIGNED(4); //[16]
930 unsigned remaining; 931 unsigned remaining;
931 unsigned cnt; 932 unsigned cnt;
932 933
934 //memcpy(aad, buf, 8);
933 //aad[8] = type; 935 //aad[8] = type;
934 //aad[9] = TLS_MAJ; 936 //aad[9] = TLS_MAJ;
935 //aad[10] = TLS_MIN; 937 //aad[10] = TLS_MIN;
@@ -937,7 +939,6 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size)
937 ///* set aad[12], and clear aad[13..15] */ 939 ///* set aad[12], and clear aad[13..15] */
938 //COUNTER(aad) = SWAP_LE32(size & 0xff); 940 //COUNTER(aad) = SWAP_LE32(size & 0xff);
939 941
940 //memcpy(aad, &tls->write_seq64_be, 8);
941 memcpy(nonce, tls->server_write_IV, 4); 942 memcpy(nonce, tls->server_write_IV, 4);
942 memcpy(nonce + 4, buf, 8); 943 memcpy(nonce + 4, buf, 8);
943 buf += 8; 944 buf += 8;