From 9fe8a6f37548a2bcbd6c0bddf61f1f8069594aba Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 22 Sep 2019 14:39:34 +0100
Subject: [PATCH] server/bulkcrypto.c: Abstract out the AEAD nonce formatting.

No functional change at this time.
---
 server/bulkcrypto.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/server/bulkcrypto.c b/server/bulkcrypto.c
index 10b51d60..2e1cb81d 100644
--- a/server/bulkcrypto.c
+++ b/server/bulkcrypto.c
@@ -1072,6 +1072,14 @@ static void aead_freectx(bulkctx *bbc)
   DESTROY(bc);
 }
 
+static void aead_fmtnonce(aead_ctx *bc, octet *n, uint32 seq, unsigned ty)
+{
+  assert(bc->nsz <= AEAD_NONCEMAX);
+  STORE32(n, seq); STORE32(n + SEQSZ, ty);
+  if (bc->nsz > 8) memset(n + 8, 0, bc->nsz - 8);
+  TRACE_IV(n, bc->nsz);
+}
+
 static int aead_encrypt(bulkctx *bbc, unsigned ty,
 			buf *b, buf *bb, uint32 seq)
 {
@@ -1090,11 +1098,7 @@ static int aead_encrypt(bulkctx *bbc, unsigned ty,
   qmac = BCUR(bb); qseq = qmac + bc->tsz; qpk = qseq + SEQSZ;
   STORE32(qseq, seq);
 
-  assert(bc->nsz <= sizeof(n));
-  memcpy(n, qseq, SEQSZ); STORE32(n + SEQSZ, ty);
-  if (bc->nsz > 8) memset(n + 8, 0, bc->nsz - 8);
-  TRACE_IV(n, bc->nsz);
-
+  aead_fmtnonce(bc, n, seq, ty);
   rc = gaead_encrypt(k, n, bc->nsz, 0, 0, p, sz, qpk, &csz, qmac, bc->tsz);
   assert(!rc);
   BSTEP(bb, bc->tsz + SEQSZ + csz);
@@ -1105,11 +1109,12 @@ static int aead_encrypt(bulkctx *bbc, unsigned ty,
 }
 
 static int aead_decrypt(bulkctx *bbc, unsigned ty,
-		       buf *b, buf *bb, uint32 *seq)
+		       buf *b, buf *bb, uint32 *seq_out)
 {
   aead_ctx *bc = (aead_ctx *)bbc;
   gaead_key *k = bc->d[DIR_IN].k;
   const octet *pmac, *pseq, *ppk;
+  uint32 seq;
   size_t psz = BLEFT(b);
   size_t sz;
   octet *q = BCUR(bb);
@@ -1124,17 +1129,14 @@ static int aead_decrypt(bulkctx *bbc, unsigned ty,
   }
   sz = psz - bc->tsz - SEQSZ;
   pmac = BCUR(b); pseq = pmac + bc->tsz; ppk = pseq + SEQSZ;
+  seq = LOAD32(pseq);
 
-  assert(bc->nsz <= sizeof(n));
-  memcpy(n, pseq, SEQSZ); STORE32(n + SEQSZ, ty);
-  if (bc->nsz > 8) memset(n + 8, 0, bc->nsz - 8);
-  TRACE_IV(n, bc->nsz);
-
+  aead_fmtnonce(bc, n, seq, ty);
   rc = gaead_decrypt(k, n, bc->nsz, 0, 0, ppk, sz, q, &sz, pmac, bc->tsz);
   assert(rc >= 0);
   if (!rc) { TRACE_MACERR(pmac, bc->tsz); return (KSERR_DECRYPT); }
 
-  *seq = LOAD32(pseq);
+  *seq_out = seq;
   BSTEP(bb, sz);
   return (0);
 }
-- 
2.11.0