locka99 · BogdanYarotsky · Aug 29, 2024 · Aug 29, 2024 · Aug 29, 2024 · Aug 29, 2024
diff --git a/lib/src/core/comms/secure_channel.rs b/lib/src/core/comms/secure_channel.rs
@@ -1182,40 +1182,22 @@ impl SecureChannel {
     ) -> Result<usize, StatusCode> {
         match self.security_mode {
             MessageSecurityMode::None => {
-                // Just copy everything from src to dst
-                dst[..].copy_from_slice(src);
+                dst.copy_from_slice(src);
                 Ok(src.len())
             }
             MessageSecurityMode::Sign => {
                 self.expect_supported_security_policy();
-                // Copy everything
-                let all = ..src.len();
-                trace!("copying from slice {:?}", all);
-                dst[all].copy_from_slice(&src[all]);
-                // Verify signature
-                trace!(
-                    "Verifying range from {:?} to signature {}..",
-                    signed_range,
-                    signed_range.end
-                );
-                let verification_key = self.verification_key();
-                self.security_policy.symmetric_verify_signature(
-                    verification_key,
-                    &dst[signed_range.clone()],
-                    &dst[signed_range.end..],
-                )?;
-
+                trace!("copying from slice {:?}", ..src.len());
+                dst.copy_from_slice(src);
+                let signature_range = signed_range.end..dst.len();
+                self.symmetric_verify_signature_with_trace(dst, signed_range, signature_range)?;
                 Ok(encrypted_range.end)
             }
             MessageSecurityMode::SignAndEncrypt => {
                 self.expect_supported_security_policy();
 
                 // There is an expectation that the block is padded so, this is a quick test
                 let ciphertext_size = encrypted_range.end - encrypted_range.start;
-                //                if ciphertext_size % 16 != 0 {
-                //                    error!("The cipher text size is not padded properly, size = {}", ciphertext_size);
-                //                    return Err(StatusCode::BadUnexpectedError);
-                //                }
 
                 // Copy security header
                 dst[..encrypted_range.start].copy_from_slice(&src[..encrypted_range.start]);
@@ -1235,7 +1217,6 @@ impl SecureChannel {
                     &mut decrypted_tmp[..],
                 )?;
 
-                // Self::log_crypto_data("Encrypted buffer", &src[..encrypted_range.end]);
                 let encrypted_range =
                     encrypted_range.start..(encrypted_range.start + decrypted_size);
                 dst[encrypted_range.clone()].copy_from_slice(&decrypted_tmp[..decrypted_size]);
@@ -1245,17 +1226,8 @@ impl SecureChannel {
                 let signature_range = (encrypted_range.end
                     - self.security_policy.symmetric_signature_size())
                     ..encrypted_range.end;
-                trace!(
-                    "signed range = {:?}, signature range = {:?}",
-                    signed_range,
-                    signature_range
-                );
-                let verification_key = self.verification_key();
-                self.security_policy.symmetric_verify_signature(
-                    verification_key,
-                    &dst[signed_range],
-                    &dst[signature_range],
-                )?;
+
+                self.symmetric_verify_signature_with_trace(dst, signed_range, signature_range)?;
                 Ok(encrypted_range.end)
             }
             MessageSecurityMode::Invalid => {
@@ -1265,6 +1237,26 @@ impl SecureChannel {
         }
     }
 
+    fn symmetric_verify_signature_with_trace(
+        &self,
+        bytes: &[u8],
+        data_range: Range<usize>, 
+        signature_range: Range<usize>
+    ) -> Result<bool, StatusCode> {
+        trace!(
+            "Verifying signed range = {:?}, signature range = {:?}",
+            data_range,
+            signature_range
+        );
+
+        let verification_key = self.verification_key();
+        self.security_policy.symmetric_verify_signature(
+            verification_key,
+            &bytes[data_range],
+            &bytes[signature_range],
+        )
+    }
+
     // Panic code which requires a policy
     fn expect_supported_security_policy(&self) {
         match self.security_policy {