feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3029 from SparkiDev/aes-ccm-fix

Browse Source 
Fix optimized AES-CCM - counter
This commit is contained in:
toddouska
2020-06-09 13:13:42 -07:00
committed by GitHub
parent 3529d9a40d d543e305f1
commit 8fc908989a
2 changed files with 67 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
wolfcrypt/src/aes.c
View File

@@ -7164,20 +7164,20 @@ static WC_INLINE void AesCcmCtrIncSet4(byte* B, word32 lenSz)
XMEMCPY(B + AES_BLOCK_SIZE * 2, B, AES_BLOCK_SIZE * 2); XMEMCPY(B + AES_BLOCK_SIZE * 2, B, AES_BLOCK_SIZE * 2);
for (i = 0; i < lenSz; i++) { for (i = 0; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 1 - 1 - i] != 0) break;
}
B[AES_BLOCK_SIZE * 2 - 1] += 2;
if (B[AES_BLOCK_SIZE * 2 - 1] < 2) {
for (i = 1; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break; if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
} }
} B[AES_BLOCK_SIZE * 3 - 1] += 2;
B[AES_BLOCK_SIZE * 3 - 1] += 3; if (B[AES_BLOCK_SIZE * 3 - 1] < 2) {
if (B[AES_BLOCK_SIZE * 3 - 1] < 3) {
for (i = 1; i < lenSz; i++) { for (i = 1; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break; if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break;
} }
} }
B[AES_BLOCK_SIZE * 4 - 1] += 3;
if (B[AES_BLOCK_SIZE * 4 - 1] < 3) {
for (i = 1; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 4 - 1 - i] != 0) break;
}
}
} }
static WC_INLINE void AesCcmCtrInc4(byte* B, word32 lenSz) static WC_INLINE void AesCcmCtrInc4(byte* B, word32 lenSz)
@@ -7264,11 +7264,9 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
in += AES_BLOCK_SIZE * 4; in += AES_BLOCK_SIZE * 4;
out += AES_BLOCK_SIZE * 4; out += AES_BLOCK_SIZE * 4;
if (inSz < AES_BLOCK_SIZE * 4) {
AesCcmCtrInc4(B, lenSz); AesCcmCtrInc4(B, lenSz);
} }
} }
}
#endif #endif
while (inSz >= AES_BLOCK_SIZE) { while (inSz >= AES_BLOCK_SIZE) {
wc_AesEncrypt(aes, B, A); wc_AesEncrypt(aes, B, A);
@@ -7348,11 +7346,9 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
in += AES_BLOCK_SIZE * 4; in += AES_BLOCK_SIZE * 4;
o += AES_BLOCK_SIZE * 4; o += AES_BLOCK_SIZE * 4;
if (oSz < AES_BLOCK_SIZE * 4) {
AesCcmCtrInc4(B, lenSz); AesCcmCtrInc4(B, lenSz);
} }
} }
}
#endif #endif
while (oSz >= AES_BLOCK_SIZE) { while (oSz >= AES_BLOCK_SIZE) {
wc_AesEncrypt(aes, B, A); wc_AesEncrypt(aes, B, A);

57
wolfcrypt/test/test.c
View File

@@ -9089,28 +9089,66 @@ int aesccm_test(void)
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
}; };
/* plaintext - long */
const byte pl[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
0x50
};
const byte a[] = const byte a[] =
{ {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
}; };
/* ciphertext */
const byte c[] = const byte c[] =
{ {
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
}; };
/* tag - authentication */
const byte t[] = const byte t[] =
{ {
0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
}; };
/* ciphertext - long */
const byte cl[] =
{
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
0x0b
};
/* tag - authentication - long */
const byte tl[] =
{
0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
};
byte t2[sizeof(t)]; byte t2[sizeof(t)];
byte p2[sizeof(p)]; byte p2[sizeof(p)];
byte c2[sizeof(c)]; byte c2[sizeof(c)];
byte iv2[sizeof(iv)]; byte iv2[sizeof(iv)];
byte pl2[sizeof(pl)];
byte cl2[sizeof(cl)];
byte tl2[sizeof(tl)];
int result; int result;
@@ -9192,6 +9230,23 @@ int aesccm_test(void)
} }
#endif #endif
/* AES-CCM encrypt and decrypt both use AES encrypt internally */
result = wc_AesCcmEncrypt(&enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
tl2, sizeof(tl2), a, sizeof(a));
if (result != 0)
return -6301;
if (XMEMCMP(cl, cl2, sizeof(cl2)))
return -6302;
if (XMEMCMP(tl, tl2, sizeof(tl2)))
return -6303;
result = wc_AesCcmDecrypt(&enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
tl2, sizeof(tl2), a, sizeof(a));
if (result != 0)
return -6304;
if (XMEMCMP(pl, pl2, sizeof(pl2)))
return -6305;
return 0; return 0;
} }
#endif /* HAVE_AESCCM WOLFSSL_AES_128 */ #endif /* HAVE_AESCCM WOLFSSL_AES_128 */