diff --git a/networking/tls.c b/networking/tls.c index 4e9187d4f..30afd9ea9 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -722,17 +722,12 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) } while ((size & (AES_BLOCKSIZE - 1)) != 0); /* Encrypt content+MAC+padding in place */ - { - psCipherContext_t ctx; - psAesInit(&ctx, buf - AES_BLOCKSIZE, /* IV */ - tls->client_write_key, tls->key_size /* selects 128/256 */ - ); - psAesEncrypt(&ctx, - buf, /* plaintext */ - buf, /* ciphertext */ - size - ); - } + aes_cbc_encrypt( + tls->client_write_key, tls->key_size, /* selects 128/256 */ + buf - AES_BLOCKSIZE, /* IV */ + buf, size, /* plaintext */ + buf /* ciphertext */ + ); /* Write out */ dbg("writing 5 + %u IV + %u encrypted bytes, padding_length:0x%02x\n", @@ -875,7 +870,6 @@ static int tls_xread_record(tls_state_t *tls) /* Needs to be decrypted? */ if (tls->min_encrypted_len_on_read > tls->MAC_size) { - psCipherContext_t ctx; uint8_t *p = tls->inbuf + RECHDR_LEN; int padding_len; @@ -886,14 +880,12 @@ static int tls_xread_record(tls_state_t *tls) sz, tls->min_encrypted_len_on_read); } /* Decrypt content+MAC+padding, moving it over IV in the process */ - psAesInit(&ctx, p, /* IV */ - tls->server_write_key, tls->key_size /* selects 128/256 */ - ); sz -= AES_BLOCKSIZE; /* we will overwrite IV now */ - psAesDecrypt(&ctx, - p + AES_BLOCKSIZE, /* ciphertext */ - p, /* plaintext */ - sz + aes_cbc_decrypt( + tls->server_write_key, tls->key_size, /* selects 128/256 */ + p, /* IV */ + p + AES_BLOCKSIZE, sz, /* ciphertext */ + p /* plaintext */ ); padding_len = p[sz - 1]; dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); diff --git a/networking/tls_aes.c b/networking/tls_aes.c index 6c3c39373..ebaab15b1 100644 --- a/networking/tls_aes.c +++ b/networking/tls_aes.c @@ -5,6 +5,46 @@ */ #include "tls.h" +static +int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey); +static +void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, + psAesKey_t *skey); +static +void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, + psAesKey_t *skey); +static +int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV, + const unsigned char *key, uint32 keylen); +static +int32 psAesEncrypt(psCipherContext_t *ctx, const unsigned char *pt, + unsigned char *ct, uint32 len); +static +int32 psAesDecrypt(psCipherContext_t *ctx, const unsigned char *ct, + unsigned char *pt, uint32 len); + +void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) +{ + psCipherContext_t ctx; + psAesInit(&ctx, iv, key, klen); + psAesEncrypt(&ctx, + data, /* plaintext */ + dst, /* ciphertext */ + len + ); +} + +void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) +{ + psCipherContext_t ctx; + psAesInit(&ctx, iv, key, klen); + psAesDecrypt(&ctx, + data, /* ciphertext */ + dst, /* plaintext */ + len + ); +} + /* The file is taken almost verbatim from matrixssl-3-7-2b-open/crypto/symmetric/. * Changes are flagged with //bbox */ @@ -1079,8 +1119,9 @@ static uint32 setup_mix2(uint32 temp) Software implementation of AES CBC APIs */ #ifndef USE_AES_CBC_EXTERNAL +static //bbox int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, uint32 keylen) + const unsigned char *key, uint32 keylen) { int32 x, err; @@ -1106,7 +1147,8 @@ int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV, return PS_SUCCESS; } -int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt, +static //bbox +int32 psAesEncrypt(psCipherContext_t *ctx, const unsigned char *pt, unsigned char *ct, uint32 len) { int32 x; @@ -1156,7 +1198,8 @@ int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt, return len; } -int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct, +static //bbox +int32 psAesDecrypt(psCipherContext_t *ctx, const unsigned char *ct, unsigned char *pt, uint32 len) { int32 x; @@ -1223,6 +1266,7 @@ int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct, skey: The key in as scheduled by this function. */ +static //bbox int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey) { int32 i, j; @@ -1390,6 +1434,7 @@ int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey) #ifdef USE_BURN_STACK +static //bbox void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, psAesKey_t *skey) { @@ -1399,6 +1444,7 @@ void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, static void _aes_ecb_encrypt(const unsigned char *pt, unsigned char *ct, psAesKey_t *skey) #else +static //bbox void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, psAesKey_t *skey) #endif /* USE_BURN_STACK */ @@ -1555,6 +1601,7 @@ void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, } #ifdef USE_BURN_STACK +static //bbox void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, psAesKey_t *skey) { @@ -1564,6 +1611,7 @@ void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, static void _aes_ecb_decrypt(const unsigned char *ct, unsigned char *pt, psAesKey_t *skey) #else +static //bbox void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, psAesKey_t *skey) #endif /* USE_BURN_STACK */ diff --git a/networking/tls_aes.h b/networking/tls_aes.h index ea8ed7ea9..c6791866a 100644 --- a/networking/tls_aes.h +++ b/networking/tls_aes.h @@ -6,15 +6,5 @@ * Selected few declarations for AES. */ -int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey); -void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, - psAesKey_t *skey); -void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, - psAesKey_t *skey); - -int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, uint32 keylen); -int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt, - unsigned char *ct, uint32 len); -int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct, - unsigned char *pt, uint32 len); +void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst); +void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst);