From 6b23543abd857faef64d5e7131091381b5614c43 Mon Sep 17 00:00:00 2001
From: Pascal Knecht <pascal.knecht@hsr.ch>
Date: Wed, 28 Oct 2020 21:54:09 +0100
Subject: [PATCH] tls-crypto: Move AEAD ownership to the protection layer

This separates key derivation from key switching.
---
 src/libtls/tls_crypto.c     | 20 +++++++++++++++++++-
 src/libtls/tls_protection.c |  4 ++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2d0475274..78d9a5003 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -2162,8 +2162,17 @@ static bool derive_labeled_keys(private_tls_crypto_t *this,
 								tls_hkdf_label_t client_label,
 								tls_hkdf_label_t server_label)
 {
-	tls_aead_t *aead_c = this->aead_out, *aead_s = this->aead_in;
+	tls_aead_t *aead_c, *aead_s;
+	suite_algs_t *algs;
 
+	algs = find_suite(this->suite);
+	destroy_aeads(this);
+	if (!create_aead(this, algs))
+	{
+		return FALSE;
+	}
+	aead_c = this->aead_out;
+	aead_s = this->aead_in;
 	if (this->tls->is_server(this->tls))
 	{
 		aead_c = this->aead_in;
@@ -2209,8 +2218,15 @@ METHOD(tls_crypto_t, derive_app_keys, bool,
 METHOD(tls_crypto_t, update_app_keys, bool,
 	private_tls_crypto_t *this, bool inbound)
 {
+	suite_algs_t *algs;
 	tls_hkdf_label_t label = TLS_HKDF_UPD_C_TRAFFIC;
 
+	algs = find_suite(this->suite);
+	destroy_aeads(this);
+	if (!create_aead(this, algs))
+	{
+		return FALSE;
+	}
 	if (this->tls->is_server(this->tls) != inbound)
 	{
 		label = TLS_HKDF_UPD_S_TRAFFIC;
@@ -2264,10 +2280,12 @@ METHOD(tls_crypto_t, change_cipher, void,
 		if (inbound)
 		{
 			this->protection->set_cipher(this->protection, TRUE, this->aead_in);
+			this->aead_in = NULL;
 		}
 		else
 		{
 			this->protection->set_cipher(this->protection, FALSE, this->aead_out);
+			this->aead_out = NULL;
 		}
 	}
 }
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c
index 3d0ec489b..2dcca4e2d 100644
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -123,11 +123,13 @@ METHOD(tls_protection_t, set_cipher, void,
 {
 	if (inbound)
 	{
+		DESTROY_IF(this->aead_in);
 		this->aead_in = aead;
 		this->seq_in = 0;
 	}
 	else
 	{
+		DESTROY_IF(this->aead_out);
 		this->aead_out = aead;
 		this->seq_out = 0;
 	}
@@ -142,6 +144,8 @@ METHOD(tls_protection_t, set_version, void,
 METHOD(tls_protection_t, destroy, void,
 	private_tls_protection_t *this)
 {
+	DESTROY_IF(this->aead_in);
+	DESTROY_IF(this->aead_out);
 	free(this);
 }
 
-- 
2.47.3