From 27e1953e27fbabfdc3d6bcfc7925a1482e94bdea Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 17 Dec 2024 17:22:58 +1000 Subject: [PATCH] Multithreaded encrypt: improvements Split out encryption in software for TLSv13. Call software encryption in async encrypt. Support ChaCha20-Poly1305. --- src/internal.c | 77 ++++++------- src/keys.c | 5 +- src/ssl.c | 41 +++---- src/tls13.c | 271 +++++++++++++++++++++++---------------------- wolfssl/internal.h | 8 ++ 5 files changed, 205 insertions(+), 197 deletions(-) diff --git a/src/internal.c b/src/internal.c index ef53cf8d1a..9608fc4737 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8234,10 +8234,17 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) { int i; for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { - bufferStatic* buff = &ssl->buffers.encrypt[i].buffer; - - ssl->buffers.encrypt[i].stop = 1; - FreeCiphersSide(&ssl->buffers.encrypt[i].cipher, ssl->heap); + ThreadCrypt* encrypt = &ssl->buffers.encrypt[i]; + bufferStatic* buff = &encrypt->buffer; + + encrypt->stop = 1; + FreeCiphersSide(&encrypt->cipher, ssl->heap); + #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) + if (encrypt->auth.poly1305) + ForceZero(encrypt->auth.poly1305, sizeof(Poly1305)); + XFREE(encrypt->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); + encrypt->auth.poly1305 = NULL; + #endif if (buff->dynamicFlag) { XFREE(buff->buffer - buff->offset, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); @@ -8248,10 +8255,17 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) } } for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { - bufferStatic* buff = &ssl->buffers.decrypt[i].buffer; - - ssl->buffers.decrypt[i].stop = 1; - FreeCiphersSide(&ssl->buffers.decrypt[i].cipher, ssl->heap); + ThreadCrypt* decrypt = &ssl->buffers.decrypt[i]; + bufferStatic* buff = &decrypt->buffer; + + decrypt->stop = 1; + FreeCiphersSide(&decrypt->cipher, ssl->heap); + #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) + if (decrypt->auth.poly1305) + ForceZero(decrypt->auth.poly1305, sizeof(Poly1305)); + XFREE(decrypt->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); + decrypt->auth.poly1305 = NULL; + #endif if (buff->dynamicFlag) { XFREE(buff->buffer - buff->offset, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); @@ -25295,40 +25309,27 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) SetKeys(&encrypt->cipher, NULL, &ssl->keys, &ssl->specs, ssl->options.side, ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3); + #ifdef HAVE_ONE_TIME_AUTH + if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) { + ret = SetAuthKeys(&encrypt->auth, &ssl->keys, &ssl->specs, + ssl->heap, ssl->devId); + if (ret != 0) + return ret; + } + #endif + encrypt->init = 1; } + encrypt->buffer.length = sendSz; encrypt->offset = RECORD_HEADER_SZ; - if (ssl->options.dtls) { - encrypt->offset += DTLS_RECORD_EXTRA; - } - encrypt->cryptLen = outputSz - encrypt->offset; - #ifdef HAVE_TRUNCATED_HMAC - if (ssl->truncated_hmac) { - encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, - ssl->specs.hash_size); - } - else - #endif - { - encrypt->cryptLen -= ssl->specs.hash_size; - } - - #if !defined(NO_PUBLIC_GCM_SET_IV) && \ - ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) - XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, - AESGCM_IMP_IV_SZ); - XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV, - AESGCM_EXP_IV_SZ); - #endif - XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ); - WriteSEQ(ssl, CUR_ORDER, encrypt->additional); - XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, - encrypt->buffer.buffer, 3); - c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ - - ssl->specs.aead_mac_size, - encrypt->additional + AEAD_LEN_OFFSET); + encrypt->buffer.idx = 0; + encrypt->cryptLen = sendSz - RECORD_HEADER_SZ; + + BuildTls13Nonce(ssl, encrypt->nonce, ssl->keys.aead_enc_imp_IV, + CUR_ORDER); + XMEMCPY(encrypt->additional, encrypt->buffer.buffer, + encrypt->offset); #ifdef WOLFSSL_DTLS if (ssl->options.dtls) diff --git a/src/keys.c b/src/keys.c index 693e6b1333..231516bdd8 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3403,7 +3403,10 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef HAVE_ONE_TIME_AUTH /* set one time authentication keys */ -static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, +#ifndef WOLFSSL_THREADED_CRYPT +static +#endif +int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, CipherSpecs* specs, void* heap, int devId) { diff --git a/src/ssl.c b/src/ssl.c index 0afddab226..7ea2841624 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23914,36 +23914,23 @@ int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx) int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx) { - int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + int ret; ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx]; + unsigned char* out = encrypt->buffer.buffer + encrypt->offset; + word32 dataSz = encrypt->cryptLen - ssl->specs.aead_mac_size; - if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) { - unsigned char* out = encrypt->buffer.buffer + encrypt->offset; - unsigned char* input = encrypt->buffer.buffer + encrypt->offset; - word32 encSz = encrypt->buffer.length - encrypt->offset; - - ret = -#if !defined(NO_GCM_ENCRYPT_EXTRA) && \ - ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) - wc_AesGcmEncrypt_ex -#else - wc_AesGcmEncrypt -#endif - (encrypt->cipher.aes, - out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - encrypt->nonce, AESGCM_NONCE_SZ, - out + encSz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - encrypt->additional, AEAD_AUTH_DATA_SZ); -#if !defined(NO_PUBLIC_GCM_SET_IV) && \ - ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) - XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ); -#endif - encrypt->done = 1; + ret = EncryptTls13Sw(ssl->specs.bulk_cipher_algorithm, + &encrypt->cipher, &encrypt->auth, out, out, dataSz, + encrypt->nonce, encrypt->additional, RECORD_HEADER_SZ, + ssl->specs.aead_mac_size, 1); +#ifdef WOLFSSL_DTLS13 + if (ret == 0 && ssl->options.dtls) { + ret = Dtls13EncryptRecordNumber(ssl, encrypt->buffer.buffer, + (word16)encrypt->buffer.length); } +#endif /* WOLFSSL_DTLS13 */ + + encrypt->done = 1; return ret; } diff --git a/src/tls13.c b/src/tls13.c index 96c9ae9c48..6df0d57333 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2454,9 +2454,10 @@ void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv, int order) * tag The authentication tag buffer. * returns 0 on success, otherwise failure. */ -static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output, - const byte* input, word16 sz, byte* nonce, - const byte* aad, word16 aadSz, byte* tag) +static int ChaCha20Poly1305_Encrypt(Ciphers* encrypt, OneTimeAuth* auth, + byte* output, const byte* input, word16 sz, + byte* nonce, const byte* aad, word16 aadSz, + byte* tag) { int ret = 0; byte poly[CHACHA20_256_KEY_SIZE]; @@ -2465,21 +2466,21 @@ static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output, XMEMSET(poly, 0, sizeof(poly)); /* Set the nonce for ChaCha and get Poly1305 key. */ - ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0); + ret = wc_Chacha_SetIV(encrypt->chacha, nonce, 0); if (ret != 0) return ret; /* Create Poly1305 key using ChaCha20 keystream. */ - ret = wc_Chacha_Process(ssl->encrypt.chacha, poly, poly, sizeof(poly)); + ret = wc_Chacha_Process(encrypt->chacha, poly, poly, sizeof(poly)); if (ret != 0) return ret; #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("ChaCha20Poly1305_Encrypt poly", poly, sizeof(poly)); #endif - ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 1); + ret = wc_Chacha_SetIV(encrypt->chacha, nonce, 1); if (ret != 0) return ret; /* Encrypt the plain text. */ - ret = wc_Chacha_Process(ssl->encrypt.chacha, output, input, sz); + ret = wc_Chacha_Process(encrypt->chacha, output, input, sz); if (ret != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -2489,7 +2490,7 @@ static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output, } /* Set key for Poly1305. */ - ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly, sizeof(poly)); + ret = wc_Poly1305SetKey(auth->poly1305, poly, sizeof(poly)); ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */ #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, sizeof(poly)); @@ -2497,7 +2498,7 @@ static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output, if (ret != 0) return ret; /* Add authentication code of encrypted data to end. */ - ret = wc_Poly1305_MAC(ssl->auth.poly1305, aad, aadSz, output, sz, tag, + ret = wc_Poly1305_MAC(auth->poly1305, aad, aadSz, output, sz, tag, POLY1305_AUTH_SZ); return ret; @@ -2518,7 +2519,7 @@ static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output, * tag The authentication tag buffer. * returns 0 on success, otherwise failure. */ -static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, +static int Tls13IntegrityOnly_Encrypt(Ciphers* encrypt, byte* output, const byte* input, word16 sz, const byte* nonce, const byte* aad, word16 aadSz, byte* tag) @@ -2526,13 +2527,13 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, int ret; /* HMAC: nonce | aad | input */ - ret = wc_HmacUpdate(ssl->encrypt.hmac, nonce, HMAC_NONCE_SZ); + ret = wc_HmacUpdate(encrypt->hmac, nonce, HMAC_NONCE_SZ); if (ret == 0) - ret = wc_HmacUpdate(ssl->encrypt.hmac, aad, aadSz); + ret = wc_HmacUpdate(encrypt->hmac, aad, aadSz); if (ret == 0) - ret = wc_HmacUpdate(ssl->encrypt.hmac, input, sz); + ret = wc_HmacUpdate(encrypt->hmac, input, sz); if (ret == 0) - ret = wc_HmacFinal(ssl->encrypt.hmac, tag); + ret = wc_HmacFinal(encrypt->hmac, tag); /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); @@ -2540,6 +2541,100 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, } #endif +/* + */ +int EncryptTls13Sw(byte alg, Ciphers* encrypt, OneTimeAuth* auth, byte* output, + const byte* input, word16 dataSz, byte* nonce, + const byte* aad, word16 aadSz, word32 macSz, int async) +{ + int ret; + + (void)encrypt; + (void)auth; + (void)output; + (void)input; + (void)dataSz; + (void)nonce; + (void)aad; + (void)aadSz; + (void)macSz; + (void)async; + + switch (alg) { + #ifdef BUILD_AESGCM + case wolfssl_aes_gcm: + #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + ret = wc_AesGcmEncrypt(encrypt->aes, output, input, + dataSz, nonce, AEAD_NONCE_SZ, + output + dataSz, macSz, aad, aadSz); + #else + ret = wc_AesGcmSetExtIV(encrypt->aes, nonce, AEAD_NONCE_SZ); + if (ret == 0) { + ret = wc_AesGcmEncrypt_ex(encrypt->aes, output, + input, dataSz, nonce, AEAD_NONCE_SZ, + output + dataSz, macSz, aad, aadSz); + } + #endif + break; + #endif + + #ifdef HAVE_AESCCM + case wolfssl_aes_ccm: + #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + ret = wc_AesCcmEncrypt(encrypt->aes, output, input, + dataSz, nonce, AEAD_NONCE_SZ, + output + dataSz, macSz, aad, aadSz); + #else + ret = wc_AesCcmSetNonce(encrypt->aes, nonce, AEAD_NONCE_SZ); + if (ret == 0) { + ret = wc_AesCcmEncrypt_ex(encrypt->aes, output, + input, dataSz, nonce, AEAD_NONCE_SZ, + output + dataSz, macSz, aad, aadSz); + } + #endif + break; + #endif + + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + case wolfssl_chacha: + ret = ChaCha20Poly1305_Encrypt(encrypt, auth, output, + input, dataSz, nonce, aad, aadSz, output + dataSz); + break; + #endif + + #ifdef WOLFSSL_SM4_GCM + case wolfssl_sm4_gcm: + ret = wc_Sm4GcmEncrypt(&encrypt->sm4, output, input, + dataSz, nonce, AEAD_NONCE_SZ, output + dataSz, + macSz, aad, aadSz); + break; + #endif + + #ifdef WOLFSSL_SM4_CCM + case wolfssl_sm4_ccm: + ret = wc_Sm4CcmEncrypt(encrypt->sm4, output, input, + dataSz, nonce, AEAD_NONCE_SZ, output + dataSz, + macSz, aad, aadSz); + break; + #endif + + #ifdef HAVE_NULL_CIPHER + case wolfssl_cipher_null: + ret = Tls13IntegrityOnly_Encrypt(encrypt, output, input, dataSz, + nonce, aad, aadSz, output + dataSz); + break; + #endif + + default: + WOLFSSL_MSG("wolfSSL Encrypt programming error"); + ret = ENCRYPT_ERROR; + } + + return ret; +} + /* Encrypt data for TLS v1.3. * * ssl The SSL/TLS object. @@ -2558,7 +2653,6 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, int ret = 0; word16 dataSz = sz - ssl->specs.aead_mac_size; word16 macSz = ssl->specs.aead_mac_size; - word32 nonceSz = 0; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV* asyncDev = NULL; word32 event_flags = WC_ASYNC_FLAG_CALL_AGAIN; @@ -2572,7 +2666,6 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, (void)dataSz; (void)macSz; (void)asyncOkay; - (void)nonceSz; #ifdef WOLFSSL_ASYNC_CRYPT if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { @@ -2632,125 +2725,35 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, case CIPHER_STATE_DO: { - switch (ssl->specs.bulk_cipher_algorithm) { - #ifdef BUILD_AESGCM - case wolfssl_aes_gcm: - #ifdef WOLFSSL_ASYNC_CRYPT - /* initialize event */ - asyncDev = &ssl->encrypt.aes->asyncDev; - ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags); - if (ret != 0) - break; - #endif - - nonceSz = AESGCM_NONCE_SZ; - - #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; - if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { - ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, - output, input, dataSz, - ssl->encrypt.nonce, nonceSz, - output + dataSz, macSz, - aad, aadSz); - } - if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) - #endif - { - #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) - ret = wc_AesGcmEncrypt(ssl->encrypt.aes, output, input, - dataSz, ssl->encrypt.nonce, nonceSz, - output + dataSz, macSz, aad, aadSz); - #else - ret = wc_AesGcmSetExtIV(ssl->encrypt.aes, - ssl->encrypt.nonce, nonceSz); - if (ret == 0) { - ret = wc_AesGcmEncrypt_ex(ssl->encrypt.aes, output, - input, dataSz, ssl->encrypt.nonce, nonceSz, - output + dataSz, macSz, aad, aadSz); - } - #endif - } - break; - #endif - - #ifdef HAVE_AESCCM - case wolfssl_aes_ccm: - #ifdef WOLFSSL_ASYNC_CRYPT - /* initialize event */ - asyncDev = &ssl->encrypt.aes->asyncDev; - ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags); - if (ret != 0) - break; - #endif - - nonceSz = AESCCM_NONCE_SZ; - #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; - if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { - ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, - output, input, dataSz, - ssl->encrypt.nonce, nonceSz, - output + dataSz, macSz, - aad, aadSz); - } - if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) - #endif - { - #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) - ret = wc_AesCcmEncrypt(ssl->encrypt.aes, output, input, - dataSz, ssl->encrypt.nonce, nonceSz, - output + dataSz, macSz, aad, aadSz); - #else - ret = wc_AesCcmSetNonce(ssl->encrypt.aes, - ssl->encrypt.nonce, nonceSz); - if (ret == 0) { - ret = wc_AesCcmEncrypt_ex(ssl->encrypt.aes, output, - input, dataSz, ssl->encrypt.nonce, nonceSz, - output + dataSz, macSz, aad, aadSz); - } - #endif - } - break; - #endif - - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case wolfssl_chacha: - ret = ChaCha20Poly1305_Encrypt(ssl, output, input, dataSz, - ssl->encrypt.nonce, aad, aadSz, output + dataSz); - break; - #endif - - #ifdef WOLFSSL_SM4_GCM - case wolfssl_sm4_gcm: - nonceSz = SM4_GCM_NONCE_SZ; - ret = wc_Sm4GcmEncrypt(ssl->encrypt.sm4, output, input, - dataSz, ssl->encrypt.nonce, nonceSz, output + dataSz, - macSz, aad, aadSz); - break; - #endif - - #ifdef WOLFSSL_SM4_CCM - case wolfssl_sm4_ccm: - nonceSz = SM4_CCM_NONCE_SZ; - ret = wc_Sm4CcmEncrypt(ssl->encrypt.sm4, output, input, - dataSz, ssl->encrypt.nonce, nonceSz, output + dataSz, - macSz, aad, aadSz); + if ((ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm || + ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm)) { + #ifdef WOLFSSL_ASYNC_CRYPT + /* initialize event */ + asyncDev = &ssl->encrypt.aes->asyncDev; + ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags); + if (ret != 0) break; #endif - - #ifdef HAVE_NULL_CIPHER - case wolfssl_cipher_null: - ret = Tls13IntegrityOnly_Encrypt(ssl, output, input, dataSz, - ssl->encrypt.nonce, aad, aadSz, output + dataSz); + #if defined(HAVE_PK_CALLBACKS) + ret = NOT_COMPILED_IN; + if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { + ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, + output, input, dataSz, + ssl->encrypt.nonce, AEAD_NONCE_SZ, + output + dataSz, macSz, + aad, aadSz); + } + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) break; + ret = 0; #endif + } - default: - WOLFSSL_MSG("wolfSSL Encrypt programming error"); - return ENCRYPT_ERROR; + if (ret == 0) { + ret = EncryptTls13Sw(ssl->specs.bulk_cipher_algorithm, + &ssl->encrypt, &ssl->auth, output, input, + dataSz, ssl->encrypt.nonce, aad, aadSz, + macSz, 0); } /* Advance state */ @@ -3061,7 +3064,6 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, ret = wc_AesGcmDecrypt(ssl->decrypt.aes, output, input, dataSz, ssl->decrypt.nonce, nonceSz, input + dataSz, macSz, aad, aadSz); - #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, @@ -3385,6 +3387,13 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, output, output, args->size, ssl->MacEncryptCtx); } else + #endif + #ifdef WOLFSSL_THREADED_CRYPT + if (ssl->buffers.encryptSignalRegistered && + type == application_data) { + ret = args->sz; + } + else #endif { const byte* aad = output; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index dc9afda97b..7bebf6e70f 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4744,6 +4744,7 @@ enum AcceptStateTls13 { typedef struct ThreadCrypt { Ciphers cipher; + OneTimeAuth auth; bufferStatic buffer; unsigned char nonce[AESGCM_NONCE_SZ]; unsigned char additional[AEAD_AUTH_DATA_SZ]; @@ -6822,6 +6823,10 @@ WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, int tls13); WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); +#ifdef WOLFSSL_THREADED_CRYPT +WOLFSSL_LOCAL int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, + CipherSpecs* specs, void* heap, int devId); +#endif /* Set*Internal and Set*External functions */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -6876,6 +6881,9 @@ WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, WOLFSSL_LOCAL void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv, int order); #endif +int EncryptTls13Sw(byte alg, Ciphers* encrypt, OneTimeAuth* auth, byte* output, + const byte* input, word16 dataSz, byte* nonce, + const byte* aad, word16 aadSz, word32 macSz, int async); /* Use WOLFSSL_API to use this function in tests/api.c */ WOLFSSL_API int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,