mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2).

This commit is contained in:
Daniel Pouzzner 2022-01-21 14:48:12 -06:00
parent dee66cfe9e
commit a718637c6f
13 changed files with 542 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@ -280,13 +280,13 @@ AS_CASE([$ENABLED_FIPS],
[ready|v5-ready],[ [ready|v5-ready],[
FIPS_VERSION="v5-ready" FIPS_VERSION="v5-ready"
HAVE_FIPS_VERSION=5 HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=2 HAVE_FIPS_VERSION_MINOR=3
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
[dev|v5-dev],[ [dev|v5-dev],[
FIPS_VERSION="v5-dev" FIPS_VERSION="v5-dev"
HAVE_FIPS_VERSION=5 HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=2 HAVE_FIPS_VERSION_MINOR=3
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
[ [

10
doc/dox_comments/header_files/aes.h
View File

@ -214,6 +214,9 @@ WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
use cases ECB mode is considered to be less secure. Please avoid using ECB use cases ECB mode is considered to be less secure. Please avoid using ECB
APIs directly whenever possible APIs directly whenever possible
\return int integer values corresponding to wolfSSL error or success
status
\param aes pointer to the AES object used to encrypt data \param aes pointer to the AES object used to encrypt data
\param out pointer to the output buffer in which to store the cipher \param out pointer to the output buffer in which to store the cipher
text of the encrypted message text of the encrypted message
@ -232,7 +235,7 @@ WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
\sa wc_AesDecryptDirect \sa wc_AesDecryptDirect
\sa wc_AesSetKeyDirect \sa wc_AesSetKeyDirect
*/ */
WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
/*! /*!
\ingroup AES \ingroup AES
@ -245,7 +248,8 @@ WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
ECB mode is considered to be less secure. Please avoid using ECB APIs ECB mode is considered to be less secure. Please avoid using ECB APIs
directly whenever possible directly whenever possible
\return none \return int integer values corresponding to wolfSSL error or success
status
\param aes pointer to the AES object used to encrypt data \param aes pointer to the AES object used to encrypt data
\param out pointer to the output buffer in which to store the plain \param out pointer to the output buffer in which to store the plain
@ -266,7 +270,7 @@ WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
\sa wc_AesEncryptDirect \sa wc_AesEncryptDirect
\sa wc_AesSetKeyDirect \sa wc_AesSetKeyDirect
*/ */
WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in); WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
/*! /*!
\ingroup AES \ingroup AES

20
src/ssl.c
View File

@ -30798,7 +30798,15 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
return; return;
} }
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) {
WOLFSSL_MSG("wc_AesEncryptDirect failed");
return;
}
#else
wc_AesEncryptDirect((Aes*)key, output, input); wc_AesEncryptDirect((Aes*)key, output, input);
#endif
} }
@ -30818,7 +30826,15 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
return; return;
} }
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) {
WOLFSSL_MSG("wc_AesDecryptDirect failed");
return;
}
#else
wc_AesDecryptDirect((Aes*)key, output, input); wc_AesDecryptDirect((Aes*)key, output, input);
#endif
} }
#endif /* WOLFSSL_AES_DIRECT */ #endif /* WOLFSSL_AES_DIRECT */
@ -30948,11 +30964,13 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
if (enc == AES_ENCRYPT) { if (enc == AES_ENCRYPT) {
if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) { if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) {
WOLFSSL_MSG("Error with AES CBC encrypt"); WOLFSSL_MSG("Error with AES CBC encrypt");
return;
} }
} }
else { else {
if (wc_AesCbcDecrypt(aes, out, in, (word32)len) != 0) { if (wc_AesCbcDecrypt(aes, out, in, (word32)len) != 0) {
WOLFSSL_MSG("Error with AES CBC decrypt"); WOLFSSL_MSG("Error with AES CBC decrypt");
return;
} }
} }
@ -31006,11 +31024,13 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
if (enc == AES_ENCRYPT) { if (enc == AES_ENCRYPT) {
if (wc_AesCfbEncrypt(aes, out, in, (word32)len) != 0) { if (wc_AesCfbEncrypt(aes, out, in, (word32)len) != 0) {
WOLFSSL_MSG("Error with AES CBC encrypt"); WOLFSSL_MSG("Error with AES CBC encrypt");
return;
} }
} }
else { else {
if (wc_AesCfbDecrypt(aes, out, in, (word32)len) != 0) { if (wc_AesCfbDecrypt(aes, out, in, (word32)len) != 0) {
WOLFSSL_MSG("Error with AES CBC decrypt"); WOLFSSL_MSG("Error with AES CBC decrypt");
return;
} }
} }

537
wolfcrypt/src/aes.c
View File

File diff suppressed because it is too large Load Diff

30
wolfcrypt/src/cmac.c
View File

@ -116,19 +116,12 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
byte l[AES_BLOCK_SIZE]; byte l[AES_BLOCK_SIZE];
XMEMSET(l, 0, AES_BLOCK_SIZE); XMEMSET(l, 0, AES_BLOCK_SIZE);
#ifdef WOLFSSL_LINUXKM ret = wc_AesEncryptDirect(&cmac->aes, l, l);
ret =
#endif
wc_AesEncryptDirect(&cmac->aes, l, l);
#ifdef WOLFSSL_LINUXKM
if (ret == 0) { if (ret == 0) {
#endif
ShiftAndXorRb(cmac->k1, l); ShiftAndXorRb(cmac->k1, l);
ShiftAndXorRb(cmac->k2, cmac->k1); ShiftAndXorRb(cmac->k2, cmac->k1);
ForceZero(l, AES_BLOCK_SIZE); ForceZero(l, AES_BLOCK_SIZE);
#ifdef WOLFSSL_LINUXKM
} }
#endif
} }
return ret; return ret;
} }
@ -178,18 +171,11 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
if (cmac->totalSz != 0) { if (cmac->totalSz != 0) {
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
} }
#ifdef WOLFSSL_LINUXKM ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
ret =
#endif
wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
#ifdef WOLFSSL_LINUXKM
if (ret == 0) { if (ret == 0) {
#endif
cmac->totalSz += AES_BLOCK_SIZE; cmac->totalSz += AES_BLOCK_SIZE;
cmac->bufferSz = 0; cmac->bufferSz = 0;
#ifdef WOLFSSL_LINUXKM
} }
#endif
} }
} }
@ -199,7 +185,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
{ {
int ret = 0; int ret;
const byte* subKey; const byte* subKey;
if (cmac == NULL || out == NULL || outSz == NULL) { if (cmac == NULL || out == NULL || outSz == NULL) {
@ -215,7 +201,6 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
if (ret != CRYPTOCB_UNAVAILABLE) if (ret != CRYPTOCB_UNAVAILABLE)
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
ret = 0; /* reset error code */
} }
#endif #endif
@ -236,17 +221,10 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
} }
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
#ifdef WOLFSSL_LINUXKM ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
ret =
#endif
wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
#ifdef WOLFSSL_LINUXKM
if (ret == 0) { if (ret == 0) {
#endif
XMEMCPY(out, cmac->digest, *outSz); XMEMCPY(out, cmac->digest, *outSz);
#ifdef WOLFSSL_LINUXKM
} }
#endif
wc_AesFree(&cmac->aes); wc_AesFree(&cmac->aes);
ForceZero(cmac, sizeof(Cmac)); ForceZero(cmac, sizeof(Cmac));

24
wolfcrypt/src/port/af_alg/afalg_aes.c
View File

@ -301,19 +301,15 @@ static int wc_Afalg_AesDirect(Aes* aes, byte* out, const byte* in, word32 sz)
#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AFALG) #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AFALG)
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{ {
if (wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE) != 0) { return wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE);
WOLFSSL_MSG("Error with AES encrypt direct call");
}
} }
void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{ {
if (wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE) != 0) { return wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE);
WOLFSSL_MSG("Error with AES decrypt direct call");
}
} }
@ -639,7 +635,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
XMEMCPY(initalCounter, iv, ivSz); XMEMCPY(initalCounter, iv, ivSz);
initalCounter[AES_BLOCK_SIZE - 1] = 1; initalCounter[AES_BLOCK_SIZE - 1] = 1;
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
wc_AesEncryptDirect(aes, scratch, initalCounter); ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
return ret;
xorbuf(authTag, scratch, authTagSz); xorbuf(authTag, scratch, authTagSz);
} }
#else #else
@ -786,7 +784,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
initalCounter[AES_BLOCK_SIZE - 1] = 1; initalCounter[AES_BLOCK_SIZE - 1] = 1;
tag = buf; tag = buf;
GHASH(aes, NULL, 0, in, sz, tag, AES_BLOCK_SIZE); GHASH(aes, NULL, 0, in, sz, tag, AES_BLOCK_SIZE);
wc_AesEncryptDirect(aes, scratch, initalCounter); ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
return ret;
xorbuf(tag, scratch, AES_BLOCK_SIZE); xorbuf(tag, scratch, AES_BLOCK_SIZE);
if (ret != 0) { if (ret != 0) {
return AES_GCM_AUTH_E; return AES_GCM_AUTH_E;
@ -836,7 +836,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
/* check on tag */ /* check on tag */
if (authIn != NULL && authInSz > 0) { if (authIn != NULL && authInSz > 0) {
GHASH(aes, authIn, authInSz, in, sz, tag, AES_BLOCK_SIZE); GHASH(aes, authIn, authInSz, in, sz, tag, AES_BLOCK_SIZE);
wc_AesEncryptDirect(aes, scratch, initalCounter); ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
return ret;
xorbuf(tag, scratch, AES_BLOCK_SIZE); xorbuf(tag, scratch, AES_BLOCK_SIZE);
if (ConstantCompare(tag, authTag, authTagSz) != 0) { if (ConstantCompare(tag, authTag, authTagSz) != 0) {
return AES_GCM_AUTH_E; return AES_GCM_AUTH_E;

10
wolfcrypt/src/port/arm/armv8-aes.c
View File

@ -5320,23 +5320,23 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
/* AES-DIRECT */ /* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_AES_DIRECT)
/* Allow direct access to one block encrypt */ /* Allow direct access to one block encrypt */
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{ {
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
WOLFSSL_MSG("Invalid input to wc_AesEncryptDirect"); WOLFSSL_MSG("Invalid input to wc_AesEncryptDirect");
return; return BAD_FUNC_ARG;
} }
wc_AesEncrypt(aes, in, out); return wc_AesEncrypt(aes, in, out);
} }
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
/* Allow direct access to one block decrypt */ /* Allow direct access to one block decrypt */
void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{ {
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
WOLFSSL_MSG("Invalid input to wc_AesDecryptDirect"); WOLFSSL_MSG("Invalid input to wc_AesDecryptDirect");
return; return;
} }
wc_AesDecrypt(aes, in, out); return wc_AesDecrypt(aes, in, out);
} }
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AES_DIRECT */ #endif /* WOLFSSL_AES_DIRECT */

74
wolfcrypt/src/port/caam/caam_aes.c
View File

@ -120,8 +120,8 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out,
word32 keySz; word32 keySz;
int ret; int ret;
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
@ -173,8 +173,8 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out,
word32 keySz; word32 keySz;
int ret; int ret;
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
@ -224,8 +224,8 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out,
blocks = sz / AES_BLOCK_SIZE; blocks = sz / AES_BLOCK_SIZE;
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
@ -269,8 +269,8 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out,
blocks = sz / AES_BLOCK_SIZE; blocks = sz / AES_BLOCK_SIZE;
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
@ -326,8 +326,8 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* consume any unused bytes left in aes->tmp */ /* consume any unused bytes left in aes->tmp */
@ -373,7 +373,8 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
} }
if (sz) { if (sz) {
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); if ((ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg)) != 0)
return ret;
IncrementAesCounter((byte*)aes->reg); IncrementAesCounter((byte*)aes->reg);
aes->left = AES_BLOCK_SIZE; aes->left = AES_BLOCK_SIZE;
@ -392,20 +393,19 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
/* AES-DIRECT */ /* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{ {
Buffer buf[3]; Buffer buf[3];
word32 arg[4]; word32 arg[4];
word32 keySz; word32 keySz;
int ret;
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
/* return BAD_FUNC_ARG; */ return BAD_FUNC_ARG;
return;
} }
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
/* return BAD_FUNC_ARG; */ return ret;
return;
} }
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
@ -425,26 +425,28 @@ void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
arg[1] = keySz; arg[1] = keySz;
arg[2] = AES_BLOCK_SIZE; arg[2] = AES_BLOCK_SIZE;
if (wc_caamAddAndWait(buf, arg, CAAM_AESECB) != 0) { if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
WOLFSSL_MSG("Error with CAAM AES direct encrypt"); WOLFSSL_MSG("Error with CAAM AES direct encrypt");
return ret;
} }
return ret;
} }
void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{ {
Buffer buf[3]; Buffer buf[3];
word32 arg[4]; word32 arg[4];
word32 keySz; word32 keySz;
int ret;
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
/* return BAD_FUNC_ARG; */ return BAD_FUNC_ARG;
return;
} }
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
/* return BAD_FUNC_ARG; */ return ret;
return;
} }
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
@ -464,9 +466,12 @@ void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
arg[1] = keySz; arg[1] = keySz;
arg[2] = AES_BLOCK_SIZE; arg[2] = AES_BLOCK_SIZE;
if (wc_caamAddAndWait(buf, arg, CAAM_AESECB) != 0) { if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
WOLFSSL_MSG("Error with CAAM AES direct decrypt"); WOLFSSL_MSG("Error with CAAM AES direct decrypt");
return ret;
} }
return 0;
} }
@ -500,12 +505,12 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out,
authTagSz > AES_BLOCK_SIZE) authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (wc_AesCcmCheckTagSize(authTagSz) != 0) { if ((ret = wc_AesCcmCheckTagSize(authTagSz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */ /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
@ -583,12 +588,12 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out,
authTagSz > AES_BLOCK_SIZE) authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (wc_AesCcmCheckTagSize(authTagSz) != 0) { if ((ret = wc_AesCcmCheckTagSize(authTagSz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
if (wc_AesGetKeySize(aes, &keySz) != 0) { if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
return BAD_FUNC_ARG; return ret;
} }
/* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */ /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
@ -605,7 +610,8 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out,
B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0; B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
} }
B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1; B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
wc_AesEncryptDirect(aes, tag, B0Ctr0 + AES_BLOCK_SIZE); if ((ret = wc_AesEncryptDirect(aes, tag, B0Ctr0 + AES_BLOCK_SIZE)) != 0)
return ret;
/* Set buffers for key, cipher text, and plain text */ /* Set buffers for key, cipher text, and plain text */
buf[0].BufferType = DataBuffer; buf[0].BufferType = DataBuffer;

17
wolfcrypt/src/port/devcrypto/devcrypto_aes.c
View File

@ -169,15 +169,15 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{ {
wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT); return wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
} }
void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{ {
wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_DECRYPT); return wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_DECRYPT);
} }
@ -208,6 +208,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
int ret; int ret;
struct crypt_op crt; struct crypt_op crt;
byte* tmp; byte* tmp;
int ret;
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -253,9 +254,11 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
/* create key stream for later if needed */ /* create key stream for later if needed */
if (sz > 0) { if (sz > 0) {
Aes tmpAes; Aes tmpAes;
wc_AesSetKey(&tmpAes, (byte*)aes->devKey, aes->keylen, (byte*)aes->reg, if ((ret = wc_AesSetKey(&tmpAes, (byte*)aes->devKey, aes->keylen, (byte*)aes->reg,
AES_ENCRYPTION); AES_ENCRYPTION)) != 0)
wc_AesEncryptDirect(&tmpAes, (byte*)aes->tmp, (const byte*)aes->reg); return ret;
if ((ret = wc_AesEncryptDirect(&tmpAes, (byte*)aes->tmp, (const byte*)aes->reg)) != 0)
return ret;
wc_AesFree(&tmpAes); wc_AesFree(&tmpAes);
IncrementAesCounter((byte*)aes->reg); IncrementAesCounter((byte*)aes->reg);

27
wolfcrypt/src/port/ti/ti-aes.c
View File

@ -166,12 +166,13 @@ WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz
} }
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{ {
char out_block[AES_BLOCK_SIZE] ; char out_block[AES_BLOCK_SIZE] ;
int odd ; int odd ;
int even ; int even ;
char *tmp ; /* (char *)aes->tmp, for short */ char *tmp ; /* (char *)aes->tmp, for short */
int ret;
tmp = (char *)aes->tmp ; tmp = (char *)aes->tmp ;
if(aes->left) { if(aes->left) {
@ -182,8 +183,10 @@ WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz
} }
XMEMCPY(tmp+aes->left, in, odd) ; XMEMCPY(tmp+aes->left, in, odd) ;
if((odd+aes->left) == AES_BLOCK_SIZE){ if((odd+aes->left) == AES_BLOCK_SIZE){
AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ; AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
if (ret != 0)
return ret;
XMEMCPY(out, out_block+aes->left, odd) ; XMEMCPY(out, out_block+aes->left, odd) ;
aes->left = 0 ; aes->left = 0 ;
XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ; XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
@ -195,38 +198,42 @@ WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz
odd = sz % AES_BLOCK_SIZE ; /* if there is tail flagment */ odd = sz % AES_BLOCK_SIZE ; /* if there is tail flagment */
if(sz / AES_BLOCK_SIZE) { if(sz / AES_BLOCK_SIZE) {
even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ; even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR); ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
if (ret != 0)
return ret;
out += even ; out += even ;
in += even ; in += even ;
} }
if(odd) { if(odd) {
XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ; XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
XMEMCPY(tmp+aes->left, in, odd) ; XMEMCPY(tmp+aes->left, in, odd) ;
AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
AES_CFG_DIR_ENCRYPT, AES_CFG_DIR_ENCRYPT,
AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */ AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
); );
if (ret != 0)
return ret;
XMEMCPY(out, out_block+aes->left,odd) ; XMEMCPY(out, out_block+aes->left,odd) ;
aes->left += odd ; aes->left += odd ;
} }
return; // work around cppcheck 2.6.3 false positive missingReturn return 0;
} }
#endif #endif
/* AES-DIRECT */ /* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_AES_DIRECT)
WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{ {
AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ; return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
} }
WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{ {
AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ; return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
} }
WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir) const byte* iv, int dir)
{ {
return(wc_AesSetKey(aes, key, len, iv, dir)) ; return(wc_AesSetKey(aes, key, len, iv, dir)) ;
} }
#endif #endif

14
wolfcrypt/src/port/xilinx/xil-aesgcm.c
View File

@ -95,6 +95,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out,
byte* tmp; byte* tmp;
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
byte initalCounter[AES_BLOCK_SIZE]; byte initalCounter[AES_BLOCK_SIZE];
int ret;
if ((in == NULL && sz > 0) || iv == NULL || authTag == NULL || if ((in == NULL && sz > 0) || iv == NULL || authTag == NULL ||
authTagSz > AES_GCM_AUTH_SZ) { authTagSz > AES_GCM_AUTH_SZ) {
@ -136,7 +137,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out,
XMEMCPY(initalCounter, iv, ivSz); XMEMCPY(initalCounter, iv, ivSz);
initalCounter[AES_BLOCK_SIZE - 1] = 1; initalCounter[AES_BLOCK_SIZE - 1] = 1;
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
wc_AesEncryptDirect(aes, scratch, initalCounter); ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
return ret;
xorbuf(authTag, scratch, authTagSz); xorbuf(authTag, scratch, authTagSz);
} }
@ -154,6 +157,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
byte buf[AES_GCM_AUTH_SZ]; byte buf[AES_GCM_AUTH_SZ];
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
byte initalCounter[AES_BLOCK_SIZE]; byte initalCounter[AES_BLOCK_SIZE];
int ret;
if (in == NULL || iv == NULL || authTag == NULL || if (in == NULL || iv == NULL || authTag == NULL ||
authTagSz < AES_GCM_AUTH_SZ) { authTagSz < AES_GCM_AUTH_SZ) {
@ -172,7 +176,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
initalCounter[AES_BLOCK_SIZE - 1] = 1; initalCounter[AES_BLOCK_SIZE - 1] = 1;
tag = buf; tag = buf;
GHASH(aes, NULL, 0, in, sz, tag, AES_GCM_AUTH_SZ); GHASH(aes, NULL, 0, in, sz, tag, AES_GCM_AUTH_SZ);
wc_AesEncryptDirect(aes, scratch, initalCounter); ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
return ret;
xorbuf(tag, scratch, AES_GCM_AUTH_SZ); xorbuf(tag, scratch, AES_GCM_AUTH_SZ);
} }
else { else {
@ -187,7 +193,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
/* account for additional data */ /* account for additional data */
if (authIn != NULL && authInSz > 0) { if (authIn != NULL && authInSz > 0) {
GHASH(aes, authIn, authInSz, in, sz, tag, AES_GCM_AUTH_SZ); GHASH(aes, authIn, authInSz, in, sz, tag, AES_GCM_AUTH_SZ);
wc_AesEncryptDirect(aes, scratch, initalCounter); ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
return ret;
xorbuf(tag, scratch, AES_GCM_AUTH_SZ); xorbuf(tag, scratch, AES_GCM_AUTH_SZ);
if (ConstantCompare(authTag, tag, authTagSz) != 0) { if (ConstantCompare(authTag, tag, authTagSz) != 0) {
return AES_GCM_AUTH_E; return AES_GCM_AUTH_E;

50
wolfcrypt/test/test.c
View File

@ -8914,11 +8914,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
#endif #endif
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key), ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5947, out);
}
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key), ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5948, out);
}
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctrPlain)); ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctrPlain));
if (ret != 0) { if (ret != 0) {
@ -8935,11 +8941,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
ERROR_OUT(-5926, out); ERROR_OUT(-5926, out);
/* let's try with just 9 bytes, non block size test */ /* let's try with just 9 bytes, non block size test */
wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE,
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5949, out);
}
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE,
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5952, out);
}
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher)); ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
if (ret != 0) { if (ret != 0) {
@ -8975,11 +8987,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
/* 192 bit key */ /* 192 bit key */
wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5953, out);
}
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5954, out);
}
XMEMSET(plain, 0, sizeof(plain)); XMEMSET(plain, 0, sizeof(plain));
ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher));
@ -9000,11 +9018,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
/* 256 bit key */ /* 256 bit key */
wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5955, out);
}
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5956, out);
}
XMEMSET(plain, 0, sizeof(plain)); XMEMSET(plain, 0, sizeof(plain));
ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher));
@ -9051,7 +9075,10 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
if (ret != 0) if (ret != 0)
ERROR_OUT(-5943, out); ERROR_OUT(-5943, out);
#ifdef WOLFSSL_LINUXKM #if !defined(HAVE_SELFTEST) && \
(defined(WOLFSSL_LINUXKM) || \
!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0) if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0)
ERROR_OUT(-5950, out); ERROR_OUT(-5950, out);
#else #else
@ -9064,7 +9091,10 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0) if (ret != 0)
ERROR_OUT(-5945, out); ERROR_OUT(-5945, out);
#ifdef WOLFSSL_LINUXKM #if !defined(HAVE_SELFTEST) && \
(defined(WOLFSSL_LINUXKM) || \
!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
if (wc_AesDecryptDirect(dec, plain, niCipher) != 0) if (wc_AesDecryptDirect(dec, plain, niCipher) != 0)
ERROR_OUT(-5951, out); ERROR_OUT(-5951, out);
#else #else

20
wolfssl/wolfcrypt/aes.h
View File

@ -373,15 +373,23 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
#endif #endif
/* AES-DIRECT */ /* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_LINUXKM #if defined(HAVE_FIPS) && \
WOLFSSL_API __must_check int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
WOLFSSL_API __must_check int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
#else
WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in); WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
#endif WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir); const byte* iv, int dir);
#elif defined(BUILDING_WOLFSSL)
WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API WARN_UNUSED_RESULT int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API WARN_UNUSED_RESULT int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
#else
WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
#endif
#endif #endif
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM