NetX Secure AEAD Cipher checking #40
Assignees
Comments
|
If you are implementing AEAD ciphers other than AES-CCM or AES-GCM, you can define NX_SECURE_AEAD_CIPHER_CHECK to detect your new algorithms. This macro allows you to extend the conditions to check other algorithms. For example, you can define the macro like: |
|
Hi @yanwucai -san, Sorry. I was misunderstanding. Thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If AEAD Cipher is enabled, AEAD Cipher checking is necessary to detect cipher algorithms other than AES-CCM or AES-GCM. NX_SECURE_AEAD_CIPHER_CHECK macro defines whether the AEAD chcking is used or not.
But actually, the AEAD checking is not working even if NX_SECURE_AEAD_CIPHER_CHECK macro is defined (See https://github.com/azure-rtos/netxduo/blob/master/nx_secure/src/nx_secure_tls_record_payload_decrypt.c#L158 ). Also, if using cipher algorithms other than AES-CCM or AES-GCM, the communicating counterparty will raise a Bad Record MAC alert.
I think it's a bug in the code. I suggest the following change.
Note: When apply this change, the warning "NX_SECURE_AEAD_CIPHER_CHECK macro redefined" will happened. Please clear the warning.
https://github.com/azure-rtos/netxduo/blob/master/nx_secure/inc/nx_secure_tls.h#L123
#define NX_SECURE_AEAD_CIPHER_CHECK(a) NX_FALSE
#endif /* NX_SECURE_AEAD_CIPHER_CHECK */
#define NX_SECURE_AEAD_CIPHER_CHECK(a) NX_FALSE
#endif /* NX_SECURE_AEAD_CIPHER_CHECK */
The text was updated successfully, but these errors were encountered: