feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

check on tag length for AES-CCM

Browse Source
This commit is contained in:
Jacob Barthelmeh
2020-04-20 13:44:41 -06:00
parent 0cfde0794b
commit 231c488ddf
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
wolfcrypt/src/aes.c
View File

@@ -6996,6 +6996,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
return BAD_FUNC_ARG;
/* sanity check on tag size */
if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
authTagSz != 16) {
WOLFSSL_MSG("Bad auth tag size AES-CCM");
return BAD_FUNC_ARG;
}
key = (byte*)aes->key;
status = wc_AesGetKeySize(aes, &keySize);
@@ -7184,6 +7192,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
/* sanity check on tag size */
if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
authTagSz != 16) {
WOLFSSL_MSG("Bad auth tag size AES-CCM");
return BAD_FUNC_ARG;
}
XMEMSET(A, 0, sizeof(A));
XMEMCPY(B+1, nonce, nonceSz);
lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
@@ -7280,6 +7296,14 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
/* sanity check on tag size */
if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
authTagSz != 16) {
WOLFSSL_MSG("Bad auth tag size AES-CCM");
return BAD_FUNC_ARG;
}
o = out;
oSz = inSz;
XMEMCPY(B+1, nonce, nonceSz);

12
wolfcrypt/test/test.c
View File

@@ -9157,6 +9157,18 @@ int aesccm_test(void)
return -6313;
#endif
/* test fail on invalid IV sizes */
result = wc_AesCcmSetKey(&enc, k, sizeof(k));
if (result != 0)
return -6314;
/* AES-CCM encrypt and decrypt both use AES encrypt internally */
result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
t2, 1, a, sizeof(a));
if (result == 0) {
return -6315;
}
return 0;
}
#endif /* HAVE_AESCCM WOLFSSL_AES_128 */