diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index e81852a80..27b2130f8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2569,25 +2569,96 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) /* Software AES - SetKey */ static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) + const byte* iv, int dir, int checkKeyLen) { - word32 *rk = aes->key; + int ret; + word32 *rk; #ifdef NEED_AES_TABLES word32 temp; unsigned int i = 0; #endif + #ifdef WOLFSSL_IMX6_CAAM_BLOB + byte local[32]; + word32 localSz = 32; + #endif - #ifdef WOLFSSL_AESNI - aes->use_aesni = 0; - #endif /* WOLFSSL_AESNI */ - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) - aes->left = 0; + if (aes == NULL) { + return BAD_FUNC_ARG; + } + + #ifdef WOLFSSL_IMX6_CAAM_BLOB + if (keylen == (16 + WC_CAAM_BLOB_SZ) || + keylen == (24 + WC_CAAM_BLOB_SZ) || + keylen == (32 + WC_CAAM_BLOB_SZ)) { + if (wc_caamOpenBlob((byte*)userKey, keylen, local, &localSz) != 0) { + return BAD_FUNC_ARG; + } + + /* set local values */ + userKey = local; + keylen = localSz; + } + #endif + + #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) + #ifdef WOLF_CRYPTO_CB + if (aes->devId != INVALID_DEVID) #endif + { + if (keylen > sizeof(aes->devKey)) { + return BAD_FUNC_ARG; + } + XMEMCPY(aes->devKey, userKey, keylen); + } + #endif + + if (checkKeyLen) { + if (keylen != 16 && keylen != 24 && keylen != 32) { + return BAD_FUNC_ARG; + } + #ifdef AES_MAX_KEY_SIZE + /* Check key length */ + if (keylen > (AES_MAX_KEY_SIZE / 8)) { + return BAD_FUNC_ARG; + } + #endif + } + + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ + defined(WOLFSSL_AES_OFB) + aes->left = 0; + #endif aes->keylen = keylen; aes->rounds = (keylen/4) + 6; + #ifdef WOLFSSL_AESNI + aes->use_aesni = 0; + if (checkAESNI == 0) { + haveAESNI = Check_CPU_support_AES(); + checkAESNI = 1; + } + if (haveAESNI) { + aes->use_aesni = 1; + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + else + XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); + if (dir == AES_ENCRYPTION) + return AES_set_encrypt_key(userKey, keylen * 8, aes); + #ifdef HAVE_AES_DECRYPT + else + return AES_set_decrypt_key(userKey, keylen * 8, aes); + #endif + } + #endif /* WOLFSSL_AESNI */ + + if (keylen > sizeof(aes->key)) { + return BAD_FUNC_ARG; + } + rk = aes->key; XMEMCPY(rk, userKey, keylen); #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ (!defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ @@ -2761,83 +2832,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) } #endif - return wc_AesSetIV(aes, iv); - } - - int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) - { - int ret; - #if defined(AES_MAX_KEY_SIZE) - const word32 max_key_len = (AES_MAX_KEY_SIZE / 8); - #endif - - #ifdef WOLFSSL_IMX6_CAAM_BLOB - byte local[32]; - word32 localSz = 32; - - if (keylen == (16 + WC_CAAM_BLOB_SZ) || - keylen == (24 + WC_CAAM_BLOB_SZ) || - keylen == (32 + WC_CAAM_BLOB_SZ)) { - if (wc_caamOpenBlob((byte*)userKey, keylen, local, &localSz) != 0) { - return BAD_FUNC_ARG; - } - - /* set local values */ - userKey = local; - keylen = localSz; - } - #endif - if (aes == NULL || - !((keylen == 16) || (keylen == 24) || (keylen == 32))) { - return BAD_FUNC_ARG; - } - - #if defined(AES_MAX_KEY_SIZE) - /* Check key length */ - if (keylen > max_key_len) { - return BAD_FUNC_ARG; - } - #endif - aes->keylen = keylen; - aes->rounds = keylen/4 + 6; - - #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ - (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ - (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) - #ifdef WOLF_CRYPTO_CB - if (aes->devId != INVALID_DEVID) - #endif - { - XMEMCPY(aes->devKey, userKey, keylen); - } - #endif - - #ifdef WOLFSSL_AESNI - if (checkAESNI == 0) { - haveAESNI = Check_CPU_support_AES(); - checkAESNI = 1; - } - if (haveAESNI) { - #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) - aes->left = 0; - #endif /* WOLFSSL_AES_COUNTER */ - aes->use_aesni = 1; - if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - else - XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); - if (dir == AES_ENCRYPTION) - return AES_set_encrypt_key(userKey, keylen * 8, aes); - #ifdef HAVE_AES_DECRYPT - else - return AES_set_decrypt_key(userKey, keylen * 8, aes); - #endif - } - #endif /* WOLFSSL_AESNI */ - - ret = wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir); + ret = wc_AesSetIV(aes, iv); #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) @@ -2849,37 +2844,19 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) return ret; } + int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1); + } + #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) - /* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */ + /* AES-CTR and AES-DIRECT need to use this for key setup */ + /* This function allows key sizes that are not 128/192/256 bits */ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { - int ret; - - #ifdef WOLFSSL_IMX6_CAAM_BLOB - byte local[32]; - word32 localSz = 32; - - if (keylen == (16 + WC_CAAM_BLOB_SZ) || - keylen == (24 + WC_CAAM_BLOB_SZ) || - keylen == (32 + WC_CAAM_BLOB_SZ)) { - if (wc_caamOpenBlob((byte*)userKey, keylen, local, &localSz) - != 0) { - return BAD_FUNC_ARG; - } - - /* set local values */ - userKey = local; - keylen = localSz; - } - #endif - ret = wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir); - - #ifdef WOLFSSL_IMX6_CAAM_BLOB - ForceZero(local, sizeof(local)); - #endif - - return ret; + return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 0); } #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #endif /* wc_AesSetKey block */