Merge pull request #2930 from JacobBarthelmeh/SanityChecks
check on tag length for AES-CCM
This commit is contained in:
toddouska
GitHub
commit
a1489d981c
@ -6970,6 +6970,21 @@ int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
|
||||
return wc_AesSetKey(aes, key, keySz, NULL, AES_ENCRYPTION);
|
||||
}
|
||||
|
||||
|
||||
/* Checks if the tag size is an accepted value based on RFC 3610 section 2
|
||||
* returns 0 if tag size is ok
|
||||
*/
|
||||
int wc_AesCcmCheckTagSize(int sz)
|
||||
{
|
||||
/* values here are from RFC 3610 section 2 */
|
||||
if (sz != 4 && sz != 6 && sz != 8 && sz != 10 && sz != 12 && sz != 14
|
||||
&& sz != 16) {
|
||||
WOLFSSL_MSG("Bad auth tag size AES-CCM");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
/* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */
|
||||
|
||||
@ -6996,6 +7011,10 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
key = (byte*)aes->key;
|
||||
|
||||
status = wc_AesGetKeySize(aes, &keySize);
|
||||
@ -7184,6 +7203,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
authTagSz > AES_BLOCK_SIZE)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* sanity check on tag size */
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
XMEMSET(A, 0, sizeof(A));
|
||||
XMEMCPY(B+1, nonce, nonceSz);
|
||||
lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
|
||||
@ -7280,6 +7304,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
authTagSz > AES_BLOCK_SIZE)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* sanity check on tag size */
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
o = out;
|
||||
oSz = inSz;
|
||||
XMEMCPY(B+1, nonce, nonceSz);
|
||||
|
||||
@ -4438,6 +4438,10 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
XMEMCPY(B+1, nonce, nonceSz);
|
||||
lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
|
||||
B[0] = (authInSz > 0 ? 64 : 0)
|
||||
@ -4506,6 +4510,10 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
o = out;
|
||||
oSz = inSz;
|
||||
XMEMCPY(B+1, nonce, nonceSz);
|
||||
|
||||
@ -497,6 +497,10 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out,
|
||||
authTagSz > AES_BLOCK_SIZE)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (wc_AesGetKeySize(aes, &keySz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@ -576,6 +580,10 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out,
|
||||
authTagSz > AES_BLOCK_SIZE)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (wc_AesGetKeySize(aes, &keySz) != 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@ -9174,6 +9174,20 @@ int aesccm_test(void)
|
||||
return -6313;
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||
/* test fail on invalid IV sizes */
|
||||
result = wc_AesCcmSetKey(&enc, k, sizeof(k));
|
||||
if (result != 0)
|
||||
return -6314;
|
||||
|
||||
/* AES-CCM encrypt and decrypt both use AES encrypt internally */
|
||||
result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
|
||||
t2, 1, a, sizeof(a));
|
||||
if (result == 0) {
|
||||
return -6315;
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_AESCCM WOLFSSL_AES_128 */
|
||||
|
||||
@ -369,6 +369,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
|
||||
word32 cSz, byte* s, word32 sSz);
|
||||
#endif /* HAVE_AESGCM */
|
||||
#ifdef HAVE_AESCCM
|
||||
WOLFSSL_LOCAL int wc_AesCcmCheckTagSize(int sz);
|
||||
WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
|
||||
WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out,
|
||||
const byte* in, word32 inSz,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user