diff --git a/lib/src/core/comms/secure_channel.rs b/lib/src/core/comms/secure_channel.rs index 87905ff77..0ddc5f001 100644 --- a/lib/src/core/comms/secure_channel.rs +++ b/lib/src/core/comms/secure_channel.rs @@ -1182,29 +1182,15 @@ impl SecureChannel { ) -> Result { match self.security_mode { MessageSecurityMode::None => { - // Just copy everything from src to dst - dst[..].copy_from_slice(src); + dst.copy_from_slice(src); Ok(src.len()) } MessageSecurityMode::Sign => { self.expect_supported_security_policy(); - // Copy everything - let all = ..src.len(); - trace!("copying from slice {:?}", all); - dst[all].copy_from_slice(&src[all]); - // Verify signature - trace!( - "Verifying range from {:?} to signature {}..", - signed_range, - signed_range.end - ); - let verification_key = self.verification_key(); - self.security_policy.symmetric_verify_signature( - verification_key, - &dst[signed_range.clone()], - &dst[signed_range.end..], - )?; - + trace!("copying from slice {:?}", ..src.len()); + dst.copy_from_slice(src); + let signature_range = signed_range.end..dst.len(); + self.symmetric_verify_signature_with_trace(dst, signed_range, signature_range)?; Ok(encrypted_range.end) } MessageSecurityMode::SignAndEncrypt => { @@ -1212,10 +1198,6 @@ impl SecureChannel { // There is an expectation that the block is padded so, this is a quick test let ciphertext_size = encrypted_range.end - encrypted_range.start; - // if ciphertext_size % 16 != 0 { - // error!("The cipher text size is not padded properly, size = {}", ciphertext_size); - // return Err(StatusCode::BadUnexpectedError); - // } // Copy security header dst[..encrypted_range.start].copy_from_slice(&src[..encrypted_range.start]); @@ -1235,7 +1217,6 @@ impl SecureChannel { &mut decrypted_tmp[..], )?; - // Self::log_crypto_data("Encrypted buffer", &src[..encrypted_range.end]); let encrypted_range = encrypted_range.start..(encrypted_range.start + decrypted_size); dst[encrypted_range.clone()].copy_from_slice(&decrypted_tmp[..decrypted_size]); @@ -1245,17 +1226,8 @@ impl SecureChannel { let signature_range = (encrypted_range.end - self.security_policy.symmetric_signature_size()) ..encrypted_range.end; - trace!( - "signed range = {:?}, signature range = {:?}", - signed_range, - signature_range - ); - let verification_key = self.verification_key(); - self.security_policy.symmetric_verify_signature( - verification_key, - &dst[signed_range], - &dst[signature_range], - )?; + + self.symmetric_verify_signature_with_trace(dst, signed_range, signature_range)?; Ok(encrypted_range.end) } MessageSecurityMode::Invalid => { @@ -1265,6 +1237,26 @@ impl SecureChannel { } } + fn symmetric_verify_signature_with_trace( + &self, + bytes: &[u8], + data_range: Range, + signature_range: Range + ) -> Result { + trace!( + "Verifying signed range = {:?}, signature range = {:?}", + data_range, + signature_range + ); + + let verification_key = self.verification_key(); + self.security_policy.symmetric_verify_signature( + verification_key, + &bytes[data_range], + &bytes[signature_range], + ) + } + // Panic code which requires a policy fn expect_supported_security_policy(&self) { match self.security_policy {