nfqws: fix crypto code

7 months ago · 43cea80619
3 changed files with 10 additions and 7 deletions
--- a/nfq/crypto/aes-gcm.c
+++ b/nfq/crypto/aes-gcm.c
@ -5,9 +5,11 @@ int aes_gcm_crypt(int mode, uint8_t *output, const uint8_t *input, size_t input_
 	int ret = 0;
 	gcm_context ctx;

-	gcm_setkey(&ctx, key, (const uint)key_len);
-	ret = gcm_crypt_and_tag(&ctx, mode, iv, iv_len, adata, adata_len, input, output, input_length, atag, atag_len);
-	gcm_zero_ctx(&ctx);
+	if (!(ret = gcm_setkey(&ctx, key, (const uint)key_len)))
+	{
+		ret = gcm_crypt_and_tag(&ctx, mode, iv, iv_len, adata, adata_len, input, output, input_length, atag, atag_len);
+		gcm_zero_ctx(&ctx);
+	}

 	return ret;
 }
--- a/nfq/crypto/aes.c
+++ b/nfq/crypto/aes.c
@ -367,7 +367,7 @@ int aes_setkey(aes_context *ctx,   // AES context provided by our caller
 	}

 #if AES_DECRYPTION
-	if (mode == DECRYPT)   // expand our key for encryption or decryption
+	if (mode == AES_DECRYPT)   // expand our key for encryption or decryption
 		return(aes_set_decryption_key(ctx, key, keysize));
 	else     /* ENCRYPT */
 #endif /* AES_DECRYPTION */
@ -399,7 +399,7 @@ int aes_cipher(aes_context *ctx,

 #if AES_DECRYPTION  // whether AES decryption is supported

-	if (ctx->mode == DECRYPT)
+	if (ctx->mode == AES_DECRYPT)
 	{
 		for (i = (ctx->rounds >> 1) - 1; i > 0; i--)
 		{
--- a/nfq/crypto/gcm.c
+++ b/nfq/crypto/gcm.c
@ -246,7 +246,7 @@ int gcm_setkey(gcm_context *ctx,   // pointer to caller-provided gcm context
 *
 ******************************************************************************/
 int gcm_start(gcm_context *ctx,    // pointer to user-provided GCM context
-	int mode,            // GCM_ENCRYPT or GCM_DECRYPT
+	int mode,            // AES_ENCRYPT or AES_DECRYPT
 	const uchar *iv,     // pointer to initialization vector
 	size_t iv_len,       // IV length in bytes (should == 12)
 	const uchar *add,    // ptr to additional AEAD data (NULL if none)
@ -288,6 +288,7 @@ int gcm_start(gcm_context *ctx,    // pointer to user-provided GCM context
 		for (i = 0; i < 16; i++) ctx->y[i] ^= work_buf[i];
 		gcm_mult(ctx, ctx->y, ctx->y);
 	}
+
 	if ((ret = aes_cipher(&ctx->aes_ctx, ctx->y, ctx->base_ectr)) != 0)
 		return(ret);

@ -427,7 +428,7 @@ int gcm_finish(gcm_context *ctx,   // pointer to user-provided GCM context
 ******************************************************************************/
 int gcm_crypt_and_tag(
 	gcm_context *ctx,       // gcm context with key already setup
-	int mode,               // cipher direction: GCM_ENCRYPT or GCM_DECRYPT
+	int mode,               // cipher direction: AES_ENCRYPT or AES_DECRYPT
 	const uchar *iv,        // pointer to the 12-byte initialization vector
 	size_t iv_len,          // byte length if the IV. should always be 12
 	const uchar *add,       // pointer to the non-ciphered additional data