You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If AEAD Cipher is enabled, AEAD Cipher checking is necessary to detect cipher algorithms other than AES-CCM or AES-GCM. NX_SECURE_AEAD_CIPHER_CHECK macro defines whether the AEAD chcking is used or not.
If you are implementing AEAD ciphers other than AES-CCM or AES-GCM, you can define NX_SECURE_AEAD_CIPHER_CHECK to detect your new algorithms. This macro allows you to extend the conditions to check other algorithms. For example, you can define the macro like: #define NX_SECURE_AEAD_CIPHER_CHECK(a) ((a) == YOUR_ALGORITHM_ID)
If AEAD Cipher is enabled, AEAD Cipher checking is necessary to detect cipher algorithms other than AES-CCM or AES-GCM. NX_SECURE_AEAD_CIPHER_CHECK macro defines whether the AEAD chcking is used or not.
But actually, the AEAD checking is not working even if NX_SECURE_AEAD_CIPHER_CHECK macro is defined (See https://github.com/azure-rtos/netxduo/blob/master/nx_secure/src/nx_secure_tls_record_payload_decrypt.c#L158 ). Also, if using cipher algorithms other than AES-CCM or AES-GCM, the communicating counterparty will raise a Bad Record MAC alert.
I think it's a bug in the code. I suggest the following change.
Note: When apply this change, the warning "NX_SECURE_AEAD_CIPHER_CHECK macro redefined" will happened. Please clear the warning.
https://github.com/azure-rtos/netxduo/blob/master/nx_secure/inc/nx_secure_tls.h#L123
#define NX_SECURE_AEAD_CIPHER_CHECK(a) NX_FALSE
#endif /* NX_SECURE_AEAD_CIPHER_CHECK */
#define NX_SECURE_AEAD_CIPHER_CHECK(a) NX_FALSE
#endif /* NX_SECURE_AEAD_CIPHER_CHECK */
The text was updated successfully, but these errors were encountered: