-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thread safety #75
Comments
Hi @sdrsdr - Thanks for taking an interest in this project and for pointing to this issue :) Others have already mentioned this design flaw: I still haven't checked to see how big a difference it makes for the binary output. You should be able to fetch a thread safe version from one of the forks of this project to get an immediate fixed and thread-safe version. |
How do you suggest the -DTHREADSAFE flag should be used? It has to change the API as I see it - I don't like a macro that changes all of the public API. I think the clean solution is to always parameterize the key/IV (and counter in CTR-mode) and pass along with every call. I think that is the solution in #9 . |
It can add the used global variables as parameter to the functions that uses them and see that they get called properly .. I'll have a PR ready in some days .. |
it will be ugly but it will allow for not wasting stack space on 8 bit platforms |
Did you like it this way? Shall I make a pull request?
|
Hi again Stoian, I really like that you've kept compatibility - but I think I will just go all the way: define a context-struct to store IV, key (counter if CTR) etc. - and then let the 8-bit people optimize the project for single-thread/session usage. I.e. changing the API to something like AES_CBC_encrypt_buffer(struct aes* ctx, ...). That change should also make it easier to handle buffered input in CBC-mode. Thanks for sharing your changes. I will take a rain check on the PR, but will have a look at refactoring the code sometime soon hopefully. |
The current implementation of CTR-mode is also just kind of thrown in there. Currently it uses a stack-local copy of the IV/nonce. It should overwrite the input-variable nonce instead of keeping a copy, to keep up with the current destructive behavior of the other modes ;) I would like to fix that in a change where the whole context is parameterized as mentioned in my comment above. |
As a user, let me just say that the introduction of a context struct for purposes of thread safety would be awesome. |
Hi @namreeb - thanks for being so active in the issues and PR sections :) you've been contributing steadily for years now. I don't think you would be the only user to salute the change. I just have a lot of irons in the fire - as usual - so I fear it may take a while before seeing it through, #9 has done most of the work really - I would do it almost exactly like that - but it doesn't merge cleanly any more.... |
If I can fix the merge errors? |
Yes then I'll merge it - with a single suggested change to #9 : I prefer a struct instead of a typedef'd type, so the API becomes |
I may also have a preference to something cosmetic, but I think I can edit code in a PR, online/through the browser accepting. @namreeb I would gladly accept another of your contributions :) |
I spoke too soon. There have been extensive changes. I was hoping it would be a few obvious conflicts. I don't think will have time for this. Sorry :( |
That was what I feared as well. I'll take a look at it sometime. Thanks for the effort though :] |
Again, maybe there's stuff that we can help with from OTAESGCM in terms of workspace management. (There's a layer above in another library of stuff that you can't see there.) And it is running on an 8-bit MCU. Our implementation is NOT perfect, but there may be useful stuff there for you. Rgds Damon |
@DamonHD besides our parallel discussion about GCM, what are you thinking about management-wise? Keys and IVs and such? Can you give me a hint for a filename or a structure specifically to look for :) ? 👍 |
If you're ok with changing the public API I can rework the code even easily :) |
Hi @sdrsdr I wouldn't mind a change as proposed and discussed with @namreeb above in #75 (comment) Thanks for offering your help :) |
I'm always willing to let other people fix my code ;) |
BTW there is API calling convention mismatch AES_ECB_* are called with argument |
And as we're going this way, can we make all operations "in-place" I see no point in copy input to output then ignore the input .. this way the functions themself will require half the ram .. |
also AES_ECB_encrypt/AES_ECB_decrypt does not use length in encryption itself .. only to copy input to output then decode the first 16 bytes of it .. assuming there are 16 bytes... shall we remove this param so it is more obvious that we're handling single block only? |
I'm not sure if ECB function will work with sizes not multiple of BLOCKLEN. Also the "almost working" zero padding is waste of time as there are more robust paddings as PKCS#7 (https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7) that can be reliably reversed for any input data unlike the proposed not working zeropad |
ECB only works for size = BLOCKLEN - it's fine with me if that is explicit in the code. |
https://github.com/sdrsdr/tiny-AES-c/tree/newapi see where this is headding.. |
It is 3 am here .. tomorrow I'll switch it to in-place, the only "problem" being CBC decryption where input matters .. I'll update the test also as it needs some copy to handle in-place encryption |
@kokke Maybe take a look in the first instance at OTAES128GCMGenericWithWorkspace. As I say there's a prettier layer on top, but we wanted to keep this really simple without needing header dependencies with our other libraries. |
The code uses global variables for key/iv this is horribly thread unsafe! I know this is supposed to be mcu implementation but yet passing arguments around should not be that big of an issue. At least the there could be an -DTHREADSAFE option to compile a thread safe version of this code.
The text was updated successfully, but these errors were encountered: