Add an aligned uint8_t type data_t and use it to ensure the alignment of various buffers on the stack

13 files changed, 28 insertions, 25 deletions

diff --git a/src/hkdf_sha256.c b/src/hkdf_sha256.c
index 854cb86..9366304 100644
--- a/src/hkdf_sha256.c
+++ b/src/hkdf_sha256.c
@@ -29,7 +29,7 @@
 #include <string.h>
 
 
-void fastd_hkdf_sha256_expand(fastd_sha256_t *out, size_t blocks, const fastd_sha256_t *prk, const uint8_t *info, size_t infolen) {
+void fastd_hkdf_sha256_expand(fastd_sha256_t *out, size_t blocks, const fastd_sha256_t *prk, const data_t *info, size_t infolen) {
 	if (!blocks)
 		return;
 
diff --git a/src/hkdf_sha256.h b/src/hkdf_sha256.h
index 4da2f5b..97af3a6 100644
--- a/src/hkdf_sha256.h
+++ b/src/hkdf_sha256.h
@@ -28,12 +28,13 @@
 #define _FASTD_HKDF_SHA256_H_
 
 #include "sha256.h"
+#include "types.h"
 
 
 static inline void fastd_hkdf_sha256_extract(fastd_sha256_t *out, const uint32_t salt[FASTD_HMACSHA256_KEY_WORDS], const uint32_t *in, size_t len) {
 	fastd_hmacsha256(out, salt, in, len);
 }
 
-void fastd_hkdf_sha256_expand(fastd_sha256_t *out, size_t blocks, const fastd_sha256_t *prk, const uint8_t *info, size_t infolen);
+void fastd_hkdf_sha256_expand(fastd_sha256_t *out, size_t blocks, const fastd_sha256_t *prk, const data_t *info, size_t infolen);
 
 #endif /* _FASTD_HKDF_SHA256_H_ */
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c
index 3241acf..f6e01d0 100644
--- a/src/methods/cipher_test/cipher_test.c
+++ b/src/methods/cipher_test/cipher_test.c
@@ -117,7 +117,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 	if (tail_len)
 		memset(in.data+in.len, 0, tail_len);
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, session->common.send_nonce, sizeof(nonce));
 
 	int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -156,7 +156,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 	if (flags)
 		return false;
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, in_nonce, sizeof(nonce));
 
 	size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
diff --git a/src/methods/common.h b/src/methods/common.h
index b01401b..76fcb75 100644
--- a/src/methods/common.h
+++ b/src/methods/common.h
@@ -108,7 +108,7 @@ static inline bool fastd_method_handle_common_header(fastd_context_t *ctx, const
 }
 
 
-static inline void fastd_method_expand_nonce(uint8_t *buf, const uint8_t nonce[COMMON_NONCEBYTES], size_t len) {
+static inline void fastd_method_expand_nonce(data_t *buf, const uint8_t nonce[COMMON_NONCEBYTES], size_t len) {
 	if (!len)
 		return;
 
diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c
index 55ee3de..823939c 100644
--- a/src/methods/composed_gmac/composed_gmac.c
+++ b/src/methods/composed_gmac/composed_gmac.c
@@ -131,7 +131,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
 	fastd_block128_t H;
 
 	size_t gmac_iv_length = method->gmac_cipher_info->iv_length;
-	uint8_t zeroiv[gmac_iv_length];
+	data_t zeroiv[gmac_iv_length];
 	memset(zeroiv, 0, gmac_iv_length);
 
 	if (!session->gmac_cipher->crypt(session->gmac_cipher_state, &H, &ZERO_BLOCK, sizeof(fastd_block128_t), zeroiv)) {
@@ -196,13 +196,13 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 	fastd_block128_t *outblocks = out->data;
 	fastd_block128_t tag;
 
-	uint8_t gmac_nonce[session->method->gmac_cipher_info->iv_length];
+	data_t gmac_nonce[session->method->gmac_cipher_info->iv_length];
 	fastd_method_expand_nonce(gmac_nonce, session->common.send_nonce, sizeof(gmac_nonce));
 
 	bool ok = session->gmac_cipher->crypt(session->gmac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), gmac_nonce);
 
 	if (ok) {
-		uint8_t nonce[session->method->cipher_info->iv_length];
+		data_t nonce[session->method->cipher_info->iv_length];
 		fastd_method_expand_nonce(nonce, session->common.send_nonce, sizeof(nonce));
 
 		ok = session->cipher->crypt(session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
@@ -248,10 +248,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 	if (flags)
 		return false;
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, in_nonce, sizeof(nonce));
 
-	uint8_t gmac_nonce[session->method->gmac_cipher_info->iv_length];
+	data_t gmac_nonce[session->method->gmac_cipher_info->iv_length];
 	fastd_method_expand_nonce(gmac_nonce, in_nonce, sizeof(gmac_nonce));
 
 	size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c
index 0580e1a..a93dcb4 100644
--- a/src/methods/generic_gmac/generic_gmac.c
+++ b/src/methods/generic_gmac/generic_gmac.c
@@ -106,7 +106,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
 	fastd_block128_t H;
 
 	size_t iv_length = method->cipher_info->iv_length;
-	uint8_t zeroiv[iv_length];
+	data_t zeroiv[iv_length];
 	memset(zeroiv, 0, iv_length);
 
 	if (!session->cipher->crypt(session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv)) {
@@ -164,7 +164,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 	if (tail_len)
 		memset(in.data+in.len, 0, tail_len);
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, session->common.send_nonce, sizeof(nonce));
 
 	int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -215,7 +215,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 	if (flags)
 		return false;
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, in_nonce, sizeof(nonce));
 
 	size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index 82c5bf1..b65f35b 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -126,14 +126,14 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 	if (tail_len)
 		memset(in.data+in.len, 0, tail_len);
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, session->common.send_nonce, sizeof(nonce));
 
 	int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
 
 	fastd_block128_t *inblocks = in.data;
 	fastd_block128_t *outblocks = out->data;
-	uint8_t tag[TAGBYTES];
+	data_t tag[TAGBYTES];
 
 	bool ok = session->cipher->crypt(session->cipher_state, outblocks, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
 
@@ -171,10 +171,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 	if (flags)
 		return false;
 
-	uint8_t nonce[session->method->cipher_info->iv_length];
+	data_t nonce[session->method->cipher_info->iv_length];
 	fastd_method_expand_nonce(nonce, in_nonce, sizeof(nonce));
 
-	uint8_t tag[TAGBYTES];
+	data_t tag[TAGBYTES];
 	fastd_buffer_push_head_to(ctx, &in, tag, TAGBYTES);
 	fastd_buffer_pull_head_zero(ctx, &in, KEYBYTES);
 
diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
index 365f435..5e0c7b2 100644
--- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
+++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
@@ -34,7 +34,7 @@
 struct fastd_method_session_state {
 	fastd_method_common_t common;
 
-	uint8_t key[crypto_secretbox_xsalsa20poly1305_KEYBYTES];
+	data_t key[crypto_secretbox_xsalsa20poly1305_KEYBYTES];
 };
 
 
@@ -121,7 +121,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 
 	*out = fastd_buffer_alloc(ctx, in.len, 0, 0);
 
-	uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES] = {};
+	data_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES] = {};
 	memcpy_nonce(nonce, session->common.send_nonce);
 
 	crypto_secretbox_xsalsa20poly1305(out->data, in.data, in.len, nonce, session->key);
@@ -151,7 +151,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 	if (flags)
 		return false;
 
-	uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES] = {};
+	data_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES] = {};
 	memcpy_nonce(nonce, in_nonce);
 
 	fastd_buffer_pull_head_zero(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index 3f08ecb..af899d7 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -54,7 +54,7 @@ static void derive_key(fastd_sha256_t *out, size_t blocks, const uint32_t *salt,
 		       const aligned_int256_t *A, const aligned_int256_t *B, const aligned_int256_t *X, const aligned_int256_t *Y,
 		       const aligned_int256_t *sigma) {
 	size_t methodlen = strlen(method_name);
-	uint8_t info[4*PUBLICKEYBYTES + methodlen];
+	data_t info[4*PUBLICKEYBYTES + methodlen];
 
 	memcpy(info, A, PUBLICKEYBYTES);
 	memcpy(info+PUBLICKEYBYTES, B, PUBLICKEYBYTES);
@@ -317,7 +317,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
 
 	bool valid;
 	if (!compat) {
-		uint8_t mac[HASHBYTES];
+		data_t mac[HASHBYTES];
 		memcpy(mac, handshake->records[RECORD_TLV_MAC].data, HASHBYTES);
 		memset(handshake->records[RECORD_TLV_MAC].data, 0, HASHBYTES);
 
diff --git a/src/receive.c b/src/receive.c
index 42dbe5a..ecc4459 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -187,7 +187,7 @@ void fastd_receive(fastd_context_t *ctx, fastd_socket_t *sock) {
 	fastd_peer_address_t local_addr;
 	fastd_peer_address_t recvaddr;
 	struct iovec buffer_vec = { .iov_base = buffer.data, .iov_len = buffer.len };
-	char cbuf[1024];
+	data_t cbuf[1024];
 
 	struct msghdr message = {
 		.msg_name = &recvaddr,
diff --git a/src/resolve.c b/src/resolve.c
index ff09094..9eec349 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -69,7 +69,7 @@ static void* resolve_peer(void *varg) {
 			n_addr++;
 	}
 
-	uint8_t retbuf[sizeof(fastd_resolve_return_t) + n_addr*sizeof(fastd_peer_address_t)];
+	data_t retbuf[sizeof(fastd_resolve_return_t) + n_addr*sizeof(fastd_peer_address_t)];
 	fastd_resolve_return_t *ret = (fastd_resolve_return_t*)retbuf;
 	ret->remote = arg->remote;
 
diff --git a/src/send.c b/src/send.c
index 9f76d31..feeb961 100644
--- a/src/send.c
+++ b/src/send.c
@@ -78,7 +78,7 @@ static void send_type(fastd_context_t *ctx, const fastd_socket_t *sock, const fa
 		exit_bug(ctx, "send: sock == NULL");
 
 	struct msghdr msg = {};
-	char cbuf[1024] = {};
+	data_t cbuf[1024] = {};
 	fastd_peer_address_t remote_addr6;
 
 	switch (remote_addr->sa.sa_family) {
diff --git a/src/types.h b/src/types.h
index 17c058c..964518c 100644
--- a/src/types.h
+++ b/src/types.h
@@ -132,6 +132,8 @@ typedef struct fastd_string_stack fastd_string_stack_t;
 typedef struct fastd_resolve_return fastd_resolve_return_t;
 
 
+typedef uint8_t data_t __attribute__((aligned(8)));
+
 typedef union fastd_block128 {
 	uint8_t b[16];
 	uint64_t qw[2];