From 07ad8977dd34c3fefda59cf4f17a3771bb504839 Mon Sep 17 00:00:00 2001 From: Benau Date: Tue, 18 Sep 2018 14:25:55 +0800 Subject: [PATCH] Use separate nettle aes context for encryption and decryption So it can be used and validated by different threads at the same time --- src/network/crypto_nettle.cpp | 26 +++++++++++++------------- src/network/crypto_nettle.hpp | 8 +++++--- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/src/network/crypto_nettle.cpp b/src/network/crypto_nettle.cpp index ac283358f..96c226f0c 100644 --- a/src/network/crypto_nettle.cpp +++ b/src/network/crypto_nettle.cpp @@ -74,9 +74,9 @@ std::string Crypto::m_client_iv; bool Crypto::encryptConnectionRequest(BareNetworkString& ns) { std::vector cipher(ns.m_buffer.size() + 4, 0); - gcm_aes128_encrypt(&m_aes_context, ns.m_buffer.size(), cipher.data() + 4, - ns.m_buffer.data()); - gcm_aes128_digest(&m_aes_context, 4, cipher.data()); + gcm_aes128_encrypt(&m_aes_encrypt_context, ns.m_buffer.size(), + cipher.data() + 4, ns.m_buffer.data()); + gcm_aes128_digest(&m_aes_encrypt_context, 4, cipher.data()); std::swap(ns.m_buffer, cipher); return true; } // encryptConnectionRequest @@ -88,9 +88,9 @@ bool Crypto::decryptConnectionRequest(BareNetworkString& ns) uint8_t* tag = ns.m_buffer.data(); std::array tag_after = {}; - gcm_aes128_decrypt(&m_aes_context, ns.m_buffer.size() - 4, pt.data(), - ns.m_buffer.data() + 4); - gcm_aes128_digest(&m_aes_context, 4, tag_after.data()); + gcm_aes128_decrypt(&m_aes_decrypt_context, ns.m_buffer.size() - 4, + pt.data(), ns.m_buffer.data() + 4); + gcm_aes128_digest(&m_aes_decrypt_context, 4, tag_after.data()); handleAuthentication(tag, tag_after); std::swap(ns.m_buffer, pt); @@ -119,10 +119,10 @@ ENetPacket* Crypto::encryptSend(BareNetworkString& ns, bool reliable) uint8_t* packet_start = p->data + 8; - gcm_aes128_set_iv(&m_aes_context, 12, iv.data()); - gcm_aes128_encrypt(&m_aes_context, ns.m_buffer.size(), packet_start, - ns.m_buffer.data()); - gcm_aes128_digest(&m_aes_context, 4, p->data + 4); + gcm_aes128_set_iv(&m_aes_encrypt_context, 12, iv.data()); + gcm_aes128_encrypt(&m_aes_encrypt_context, ns.m_buffer.size(), + packet_start, ns.m_buffer.data()); + gcm_aes128_digest(&m_aes_encrypt_context, 4, p->data + 4); ul.unlock(); memcpy(p->data, &val, 4); @@ -145,10 +145,10 @@ NetworkString* Crypto::decryptRecieve(ENetPacket* p) uint8_t* tag = p->data + 4; std::array tag_after = {}; - gcm_aes128_set_iv(&m_aes_context, 12, iv.data()); - gcm_aes128_decrypt(&m_aes_context, clen, ns->m_buffer.data(), + gcm_aes128_set_iv(&m_aes_decrypt_context, 12, iv.data()); + gcm_aes128_decrypt(&m_aes_decrypt_context, clen, ns->m_buffer.data(), packet_start); - gcm_aes128_digest(&m_aes_context, 4, tag_after.data()); + gcm_aes128_digest(&m_aes_decrypt_context, 4, tag_after.data()); handleAuthentication(tag, tag_after); NetworkString* result = ns.get(); diff --git a/src/network/crypto_nettle.hpp b/src/network/crypto_nettle.hpp index dca273f94..4d4d7eb00 100644 --- a/src/network/crypto_nettle.hpp +++ b/src/network/crypto_nettle.hpp @@ -50,7 +50,7 @@ private: uint32_t m_packet_counter; - struct gcm_aes128_ctx m_aes_context; + struct gcm_aes128_ctx m_aes_encrypt_context, m_aes_decrypt_context; std::mutex m_crypto_mutex; @@ -132,8 +132,10 @@ public: assert(iv.size() == 12); std::copy_n(iv.begin(), 12, m_iv.begin()); m_packet_counter = 0; - gcm_aes128_set_key(&m_aes_context, key.data()); - gcm_aes128_set_iv(&m_aes_context, 12, iv.data()); + gcm_aes128_set_key(&m_aes_encrypt_context, key.data()); + gcm_aes128_set_iv(&m_aes_encrypt_context, 12, iv.data()); + gcm_aes128_set_key(&m_aes_decrypt_context, key.data()); + gcm_aes128_set_iv(&m_aes_decrypt_context, 12, iv.data()); } // ------------------------------------------------------------------------ bool encryptConnectionRequest(BareNetworkString& ns);