GCM ciphersuites partially using cipher layer
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index aafbfb6..52ec216 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -442,40 +442,6 @@
};
/*
- * Helpers to find the correct size of the context in _ssl_transform
- * (in the long run, we'll use the cipher layer, but for now...)
- */
-#define SSL_MAX(a, b) ( a > b ? a : b )
-#define SSL_CTX_MAX_0 0
-#if defined(POLARSSL_AES_C)
-#define SSL_CTX_MAX_1 SSL_MAX( SSL_CTX_MAX_0, sizeof( aes_context ) )
-#else
-#define SSL_CTX_MAX_1 SSL_CTX_MAX_0
-#endif
-#if defined(POLARSSL_ARC4_C)
-#define SSL_CTX_MAX_2 SSL_MAX( SSL_CTX_MAX_1, sizeof( arc4_context ) )
-#else
-#define SSL_CTX_MAX_2 SSL_CTX_MAX_1
-#endif
-#if defined(POLARSSL_DES_C)
-#define SSL_CTX_MAX_3 SSL_MAX( SSL_CTX_MAX_2, sizeof( des_context ) )
-#define SSL_CTX_MAX_4 SSL_MAX( SSL_CTX_MAX_3, sizeof( des3_context ) )
-#else
-#define SSL_CTX_MAX_4 SSL_CTX_MAX_2
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#define SSL_CTX_MAX_5 SSL_MAX( SSL_CTX_MAX_4, sizeof( camellia_context ) )
-#else
-#define SSL_CTX_MAX_5 SSL_CTX_MAX_4
-#endif
-#if defined(POLARSSL_GCM_C)
-#define SSL_CTX_MAX_6 SSL_MAX( SSL_CTX_MAX_5, sizeof( gcm_context ) )
-#else
-#define SSL_CTX_MAX_6 SSL_CTX_MAX_5
-#endif
-#define SSL_CTX_MAX SSL_CTX_MAX_6
-
-/*
* This structure contains a full set of runtime transform parameters
* either in negotiation or active.
*/
@@ -507,9 +473,6 @@
cipher_context_t cipher_ctx_enc; /*!< encryption context */
cipher_context_t cipher_ctx_dec; /*!< decryption context */
- uint32_t ctx_enc[SSL_CTX_MAX / 4]; /*!< encryption context */
- uint32_t ctx_dec[SSL_CTX_MAX / 4]; /*!< decryption context */
-
/*
* Session specific compression layer
*/
@@ -519,17 +482,6 @@
#endif
};
-/* Not needed any more */
-#undef SSL_MAX
-#undef SSL_CTX_MAX_0
-#undef SSL_CTX_MAX_1
-#undef SSL_CTX_MAX_2
-#undef SSL_CTX_MAX_3
-#undef SSL_CTX_MAX_4
-#undef SSL_CTX_MAX_5
-#undef SSL_CTX_MAX_6
-#undef SSL_CTX_MAX
-
/*
* This structure contains the parameters only needed during handshake.
*/
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 399d6ba..cddaec6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -640,6 +640,8 @@
case POLARSSL_CIPHER_AES_128_CBC:
case POLARSSL_CIPHER_AES_256_CBC:
case POLARSSL_CIPHER_DES_CBC:
+ case POLARSSL_CIPHER_AES_128_GCM:
+ case POLARSSL_CIPHER_AES_256_GCM:
if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
@@ -1021,6 +1023,9 @@
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+ SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
+ ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+
/*
* Fix pointer positions and message length with added IV
*/
@@ -1041,7 +1046,7 @@
*/
ssl->out_msglen += 16;
- gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc,
+ gcm_crypt_and_tag( ssl->transform_out->cipher_ctx_enc->cipher_ctx,
GCM_ENCRYPT, enc_msglen,
ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
add_data, 13,
@@ -1280,7 +1285,7 @@
ssl->transform_in->ivlen );
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
- ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec,
+ ret = gcm_auth_decrypt( ssl->transform_in->cipher_ctx_dec->cipher_ctx,
dec_msglen,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen,
@@ -1295,6 +1300,7 @@
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
+
}
else
#endif /* POLARSSL_GCM_C */