forked from wolfSSL/wolfssl
Merge pull request #1316 from JacobBarthelmeh/Testing
Fix for AES-CFB with --enable-armasm and fix for windows fips tests
This commit is contained in:
toddouska
GitHub
@ -3058,130 +3058,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
||||
#endif /* AES-CBC block */
|
||||
#endif /* HAVE_AES_CBC */
|
||||
|
||||
#ifdef WOLFSSL_AES_CFB
|
||||
/* CFB 128
|
||||
*
|
||||
* aes structure holding key to use for encryption
|
||||
* out buffer to hold result of encryption (must be at least as large as input
|
||||
* buffer)
|
||||
* in buffer to encrypt
|
||||
* sz size of input buffer
|
||||
*
|
||||
* returns 0 on success and negative error values on failure
|
||||
*/
|
||||
int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
byte* tmp = NULL;
|
||||
byte* reg = NULL;
|
||||
|
||||
WOLFSSL_ENTER("wc_AesCfbEncrypt");
|
||||
|
||||
if (aes == NULL || out == NULL || in == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (aes->left && sz) {
|
||||
reg = (byte*)aes->reg + AES_BLOCK_SIZE - aes->left;
|
||||
}
|
||||
|
||||
/* consume any unused bytes left in aes->tmp */
|
||||
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
|
||||
while (aes->left && sz) {
|
||||
*(out++) = *(reg++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
sz--;
|
||||
}
|
||||
|
||||
while (sz >= AES_BLOCK_SIZE) {
|
||||
wc_AesEncrypt(aes, (byte*)aes->reg, out);
|
||||
xorbuf(out, in, AES_BLOCK_SIZE);
|
||||
XMEMCPY(aes->reg, out, AES_BLOCK_SIZE);
|
||||
out += AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
sz -= AES_BLOCK_SIZE;
|
||||
aes->left = 0;
|
||||
}
|
||||
|
||||
/* encrypt left over data */
|
||||
if (sz) {
|
||||
wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
|
||||
aes->left = AES_BLOCK_SIZE;
|
||||
tmp = (byte*)aes->tmp;
|
||||
reg = (byte*)aes->reg;
|
||||
|
||||
while (sz--) {
|
||||
*(out++) = *(reg++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
/* CFB 128
|
||||
*
|
||||
* aes structure holding key to use for decryption
|
||||
* out buffer to hold result of decryption (must be at least as large as input
|
||||
* buffer)
|
||||
* in buffer to decrypt
|
||||
* sz size of input buffer
|
||||
*
|
||||
* returns 0 on success and negative error values on failure
|
||||
*/
|
||||
int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
byte* tmp;
|
||||
|
||||
WOLFSSL_ENTER("wc_AesCfbDecrypt");
|
||||
|
||||
if (aes == NULL || out == NULL || in == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* check if more input needs copied over to aes->reg */
|
||||
if (aes->left && sz) {
|
||||
int size = min(aes->left, sz);
|
||||
XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, in, size);
|
||||
}
|
||||
|
||||
/* consume any unused bytes left in aes->tmp */
|
||||
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
|
||||
while (aes->left && sz) {
|
||||
*(out++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
sz--;
|
||||
}
|
||||
|
||||
while (sz > AES_BLOCK_SIZE) {
|
||||
wc_AesEncrypt(aes, (byte*)aes->reg, out);
|
||||
xorbuf(out, in, AES_BLOCK_SIZE);
|
||||
XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
|
||||
out += AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
sz -= AES_BLOCK_SIZE;
|
||||
aes->left = 0;
|
||||
}
|
||||
|
||||
/* decrypt left over data */
|
||||
if (sz) {
|
||||
wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
|
||||
XMEMCPY(aes->reg, in, sz);
|
||||
aes->left = AES_BLOCK_SIZE;
|
||||
tmp = (byte*)aes->tmp;
|
||||
|
||||
while (sz--) {
|
||||
*(out++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_AES_DECRYPT */
|
||||
#endif /* WOLFSSL_AES_CFB */
|
||||
|
||||
#ifdef HAVE_AES_ECB
|
||||
#if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
|
||||
/* implemented in wolfcrypt/src/port/caam/caam_aes.c */
|
||||
@ -7833,6 +7709,130 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
|
||||
#endif /* !WOLFSSL_ARMASM */
|
||||
#endif /* !WOLFSSL_TI_CRYPT */
|
||||
|
||||
#ifdef WOLFSSL_AES_CFB
|
||||
/* CFB 128
|
||||
*
|
||||
* aes structure holding key to use for encryption
|
||||
* out buffer to hold result of encryption (must be at least as large as input
|
||||
* buffer)
|
||||
* in buffer to encrypt
|
||||
* sz size of input buffer
|
||||
*
|
||||
* returns 0 on success and negative error values on failure
|
||||
*/
|
||||
int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
byte* tmp = NULL;
|
||||
byte* reg = NULL;
|
||||
|
||||
WOLFSSL_ENTER("wc_AesCfbEncrypt");
|
||||
|
||||
if (aes == NULL || out == NULL || in == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (aes->left && sz) {
|
||||
reg = (byte*)aes->reg + AES_BLOCK_SIZE - aes->left;
|
||||
}
|
||||
|
||||
/* consume any unused bytes left in aes->tmp */
|
||||
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
|
||||
while (aes->left && sz) {
|
||||
*(out++) = *(reg++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
sz--;
|
||||
}
|
||||
|
||||
while (sz >= AES_BLOCK_SIZE) {
|
||||
wc_AesEncryptDirect(aes, out, (byte*)aes->reg);
|
||||
xorbuf(out, in, AES_BLOCK_SIZE);
|
||||
XMEMCPY(aes->reg, out, AES_BLOCK_SIZE);
|
||||
out += AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
sz -= AES_BLOCK_SIZE;
|
||||
aes->left = 0;
|
||||
}
|
||||
|
||||
/* encrypt left over data */
|
||||
if (sz) {
|
||||
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
|
||||
aes->left = AES_BLOCK_SIZE;
|
||||
tmp = (byte*)aes->tmp;
|
||||
reg = (byte*)aes->reg;
|
||||
|
||||
while (sz--) {
|
||||
*(out++) = *(reg++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
/* CFB 128
|
||||
*
|
||||
* aes structure holding key to use for decryption
|
||||
* out buffer to hold result of decryption (must be at least as large as input
|
||||
* buffer)
|
||||
* in buffer to decrypt
|
||||
* sz size of input buffer
|
||||
*
|
||||
* returns 0 on success and negative error values on failure
|
||||
*/
|
||||
int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
byte* tmp;
|
||||
|
||||
WOLFSSL_ENTER("wc_AesCfbDecrypt");
|
||||
|
||||
if (aes == NULL || out == NULL || in == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* check if more input needs copied over to aes->reg */
|
||||
if (aes->left && sz) {
|
||||
int size = min(aes->left, sz);
|
||||
XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, in, size);
|
||||
}
|
||||
|
||||
/* consume any unused bytes left in aes->tmp */
|
||||
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
|
||||
while (aes->left && sz) {
|
||||
*(out++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
sz--;
|
||||
}
|
||||
|
||||
while (sz > AES_BLOCK_SIZE) {
|
||||
wc_AesEncryptDirect(aes, out, (byte*)aes->reg);
|
||||
xorbuf(out, in, AES_BLOCK_SIZE);
|
||||
XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
|
||||
out += AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
sz -= AES_BLOCK_SIZE;
|
||||
aes->left = 0;
|
||||
}
|
||||
|
||||
/* decrypt left over data */
|
||||
if (sz) {
|
||||
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
|
||||
XMEMCPY(aes->reg, in, sz);
|
||||
aes->left = AES_BLOCK_SIZE;
|
||||
tmp = (byte*)aes->tmp;
|
||||
|
||||
while (sz--) {
|
||||
*(out++) = *(in++) ^ *(tmp++);
|
||||
aes->left--;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_AES_DECRYPT */
|
||||
#endif /* WOLFSSL_AES_CFB */
|
||||
|
||||
|
||||
#ifdef HAVE_AES_KEYWRAP
|
||||
|
||||
|
||||
@ -11586,6 +11586,7 @@ int openssl_pkey0_test(void)
|
||||
return ERR_BASE_PKEY-32;
|
||||
}
|
||||
|
||||
#ifndef HAVE_FIPS
|
||||
if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
|
||||
printf("second set rsa padding error\n");
|
||||
return ERR_BASE_PKEY-33;
|
||||
@ -11595,6 +11596,7 @@ int openssl_pkey0_test(void)
|
||||
printf("third set rsa padding error\n");
|
||||
return ERR_BASE_PKEY-34;
|
||||
}
|
||||
#endif
|
||||
|
||||
memset(out, 0, sizeof(out));
|
||||
ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
|
||||
@ -11647,40 +11649,38 @@ int openssl_pkey1_test(void)
|
||||
unsigned char cipher[256];
|
||||
unsigned char plain[256];
|
||||
size_t outlen = sizeof(cipher);
|
||||
char cliCert[] = "./certs/client-cert.pem";
|
||||
FILE* f;
|
||||
|
||||
#if defined(USE_CERT_BUFFERS_2048)
|
||||
XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
|
||||
cliKeySz = (long)sizeof_client_key_der_2048;
|
||||
|
||||
x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
|
||||
sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
|
||||
#else
|
||||
FILE* f;
|
||||
|
||||
f = fopen(clientKey, "rb");
|
||||
|
||||
if (!f) {
|
||||
err_sys("can't open ./certs/client-key.der, "
|
||||
"Please run from wolfSSL home dir", -40);
|
||||
return -40;
|
||||
"Please run from wolfSSL home dir", -41);
|
||||
return -41;
|
||||
}
|
||||
|
||||
cliKeySz = (long)fread(tmp, 1, FOURK_BUF, f);
|
||||
fclose(f);
|
||||
|
||||
/* using existing wolfSSL api to get public and private key */
|
||||
x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
|
||||
#endif /* USE_CERT_BUFFERS */
|
||||
clikey = tmp;
|
||||
|
||||
if ((prvKey = EVP_PKEY_new()) == NULL) {
|
||||
return -41;
|
||||
return -42;
|
||||
}
|
||||
EVP_PKEY_free(prvKey);
|
||||
prvKey = NULL;
|
||||
|
||||
/* using existing wolfSSL api to get public and private key */
|
||||
f = fopen(cliCert, "rb");
|
||||
if (f == NULL) {
|
||||
return -42;
|
||||
}
|
||||
|
||||
x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
|
||||
fclose(f);
|
||||
if (x509 == NULL) {
|
||||
ret = -43;
|
||||
goto openssl_pkey1_test_done;
|
||||
@ -11731,6 +11731,7 @@ int openssl_pkey1_test(void)
|
||||
goto openssl_pkey1_test_done;
|
||||
}
|
||||
|
||||
#ifndef HAVE_FIPS
|
||||
if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
|
||||
ret = -52;
|
||||
goto openssl_pkey1_test_done;
|
||||
@ -11740,6 +11741,7 @@ int openssl_pkey1_test(void)
|
||||
ret = -53;
|
||||
goto openssl_pkey1_test_done;
|
||||
}
|
||||
#endif
|
||||
|
||||
XMEMSET(cipher, 0, sizeof(cipher));
|
||||
if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
|
||||
|
||||
@ -33,8 +33,19 @@
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
|
||||
#define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD
|
||||
#define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD
|
||||
#if defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION < 2))
|
||||
/*
|
||||
choice of padding added after fips, so not available when using fips RSA
|
||||
*/
|
||||
|
||||
/* Padding types */
|
||||
#define RSA_PKCS1_PADDING 0
|
||||
#define RSA_PKCS1_OAEP_PADDING 1
|
||||
#else
|
||||
#define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD
|
||||
#define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD
|
||||
#endif /* HAVE_FIPS */
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
|
||||
|
||||
@ -1403,6 +1403,12 @@ extern void uITRON4_free(void *p) ;
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_AES_CFB
|
||||
/* AES-CFB makes calls to AES direct functions */
|
||||
#ifndef WOLFSSL_AES_DIRECT
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* if desktop type system and fastmath increase default max bits */
|
||||
|
||||
Reference in New Issue
Block a user