Update EVP_CIPHER to handle multi-part AAD

2020-09-28 20:42:23 +02:00
parent 942168c62d
commit 07f6c19156
1 changed files with 61 additions and 52 deletions
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -551,6 +551,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
 #if defined(HAVE_AESGCM)
 static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
        const unsigned char *in, int inl) {
    if (in && inl > 0) {
        byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn,
                ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL);
        if (tmp) {
@@ -562,6 +563,7 @@ static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
            WOLFSSL_MSG("realloc error");
            return MEMORY_E;
        }
    }
    return 0;
 }
@@ -766,6 +768,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
        case AES_256_GCM_TYPE:
            if (ctx->gcmBuffer &&
                    ctx->gcmBufferLen > 0) {
                ret = 0;
                if (ctx->gcmAuthIn) {
                    /* authenticated, non-confidential data*/
                    if (ctx->enc) {
@@ -784,6 +787,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                    }
                }
                if (ret == 0) {
                    if (ctx->enc)
                        /* encrypt confidential data*/
                        ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out,
@@ -796,6 +800,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                ctx->gcmBuffer, ctx->gcmBufferLen,
                                ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
                                NULL, 0);
                }
                if (ret == 0) {
                    ret = WOLFSSL_SUCCESS;
@@ -5247,41 +5252,45 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
            case AES_192_GCM_TYPE :
            case AES_256_GCM_TYPE :
                WOLFSSL_MSG("AES GCM");
-                if (ctx->enc) {
+                if (!dst) {
-                    if (dst){
+                    ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
                        /* encrypt confidential data*/
                        ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len,
                                  ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
                                  NULL, 0);
                }
                else {
                        /* authenticated, non-confidential data */
                        ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0,
                                  ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
                                  src, len);
                        /* Reset partial authTag error for AAD*/
                        if (ret == AES_GCM_AUTH_E)
                    ret = 0;
-                    }
+                    if (ctx->gcmAuthIn) {
                }
                else {
                    if (dst){
                        /* decrypt confidential data*/
                        ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len,
                                  ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
                                  NULL, 0);
                    }
                    else {
                        /* authenticated, non-confidential data*/
-                        ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0,
+                        if (ctx->enc) {
-                                  ctx->iv, ctx->ivSz,
+                            XMEMSET(ctx->authTag, 0, ctx->authTagSz);
-                                  ctx->authTag, ctx->authTagSz,
+                            ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL,
-                                  src, len);
+                                    NULL, 0, ctx->iv, ctx->ivSz, ctx->authTag,
                                    ctx->authTagSz, ctx->gcmAuthIn,
                                    ctx->gcmAuthInSz);
                        }
                        else {
                            ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL,
                                    NULL, 0, ctx->iv, ctx->ivSz, ctx->authTag,
                                    ctx->authTagSz, ctx->gcmAuthIn,
                                    ctx->gcmAuthInSz);
                            /* Reset partial authTag error for AAD*/
                            if (ret == AES_GCM_AUTH_E)
                                ret = 0;
                        }
                    }
                    if (ret == 0) {
                        if (ctx->enc)
                            /* encrypt confidential data*/
                            ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src,
                                    len, ctx->iv, ctx->ivSz, ctx->authTag,
                                    ctx->authTagSz, NULL, 0);
                        else
                            /* decrypt confidential data*/
                            ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src,
                                    len, ctx->iv, ctx->ivSz, ctx->authTag,
                                    ctx->authTagSz, NULL, 0);
                    }
                }
                break;
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AES_ECB