diff --git a/src/se050_wireguard.c b/src/se050_wireguard.c index 14e46b3..b5ec111 100644 --- a/src/se050_wireguard.c +++ b/src/se050_wireguard.c @@ -235,12 +235,14 @@ int se050_wireguard_encrypt_packet(se050_wireguard_session_t *session, memcpy(out, header, 16); - /* Encrypt payload with ChaCha20-Poly1305 */ + /* Encrypt payload with ChaCha20-Poly1305 + * Note: We encrypt directly into the output buffer to avoid large stack allocation + * out = [header(16)][ciphertext][tag(16)] + */ uint8_t nonce_buf[WG_NONCE_LEN]; memset(nonce_buf, 0, 4); - memcpy(nonce_buf + 4, header + 8, 8); /* Use last 8 bytes of 12-byte nonce */ + memcpy(nonce_buf + 4, header + 8, 8); - uint8_t ciphertext[WG_MAX_PACKET_SIZE]; uint8_t tag[16]; se050_chacha20_poly1305_ctx_t aead_ctx; @@ -251,17 +253,20 @@ int se050_wireguard_encrypt_packet(se050_wireguard_session_t *session, nonce_buf, /* nonce */ plaintext, plaintext_len, /* plaintext */ header, 16, /* aad */ - ciphertext, tag /* ciphertext, tag */ + out + 16, /* ciphertext (direct write) */ + tag /* tag */ ); + se050_chacha20_poly1305_zeroize(&aead_ctx); + if (ret < 0) { - se050_chacha20_poly1305_zeroize(&aead_ctx); + memzero_explicit(tag, 16); return -1; } - memcpy(out + 16, ciphertext, plaintext_len); memcpy(out + 16 + plaintext_len, tag, 16); - *out_len = 16 + plaintext_len + 16; /* header + ciphertext + tag */ + *out_len = 16 + plaintext_len + 16; + memzero_explicit(tag, 16); /* Increment nonce */ session->sending_nonce++; @@ -326,13 +331,13 @@ int se050_wireguard_decrypt_packet(se050_wireguard_session_t *session, ); se050_chacha20_poly1305_zeroize(&aead_ctx); + memzero_explicit(tag, 16); if (ret < 0) { return -1; } /* Update plaintext length and nonce */ - *plaintext_len = ciphertext_len; session->receiving_nonce = nonce; session->packets_received++;