feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

AES-CTR ARM32 crypto ASM fix

Browse Source 
Fix handling of counter to support incrementing across all bytes in
ARM32 crypto asm.
Added test cases for wrapping of counter when 2 blocks are being
encrypted to check assembly alternative path.
This commit is contained in:
Sean Parkinson
2022-08-24 10:51:56 +10:00
parent 3b6124cf34
commit 9228354d29
2 changed files with 669 additions and 510 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
wolfcrypt/src/port/arm/armv8-aes.c
View File

@@ -3582,45 +3582,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
/* AES-CTR */ /* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in,
/* Increment AES counter */ word32 numBlocks)
static WC_INLINE void IncrementAesCounter(byte* inOutCtr) {
{
int i;
/* in network byte order so start at end and work back */
for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
if (++inOutCtr[i]) /* we're done unless we overflow */
return;
}
}
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
byte* tmp;
word32 numBlocks;
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
/* consume any unused bytes left in aes->tmp */
while (aes->left && sz) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
sz--;
}
/* do as many block size ops as possible */
numBlocks = sz/AES_BLOCK_SIZE;
if (numBlocks > 0) {
/* pointer needed because it is incremented when read, causing
* an issue with call to encrypt/decrypt leftovers */
word32* keyPt = aes->key; word32* keyPt = aes->key;
word32* regPt = aes->reg; word32* regPt = aes->reg;
sz -= numBlocks * AES_BLOCK_SIZE;
switch(aes->rounds) { switch(aes->rounds) {
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
case 10: /* AES 128 BLOCK */ case 10: /* AES 128 BLOCK */
@@ -3653,8 +3620,16 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VEXT.8 q13, q13, q13, #8 \n" "VEXT.8 q13, q13, q13, #8 \n"
"SUB r11, r11, #2 \n" "SUB r11, r11, #2 \n"
"VMOV.u32 q12, #0xffffffff \n"
"VADD.u32 q12, q14 \n"
"VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */
"VCEQ.i32 q13, q15, q12 \n"
"VEXT.8 q13, q14, q13, #12 \n"
"VSUB.i32 q15, q15, q13 \n"
"VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */
"VCEQ.i32 q12, q13, q12 \n"
"VEXT.8 q12, q14, q12, #12 \n"
"VSUB.i32 q13, q13, q12 \n"
"AESE.8 q0, q3\n" "AESE.8 q0, q3\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VEXT.8 q15, q15, q15, #8 \n" "VEXT.8 q15, q15, q15, #8 \n"
@@ -3714,6 +3689,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
/* single block */ /* single block */
"2: \n" "2: \n"
"VMOV.u32 q15, #0xffffffff \n"
"VADD.u32 q15, q14 \n"
"VMOV.32 q0, q13 \n" "VMOV.32 q0, q13 \n"
"AESE.8 q0, q1\n" "AESE.8 q0, q1\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
@@ -3724,6 +3701,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"AESE.8 q0, q3\n" "AESE.8 q0, q3\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */
"VCEQ.i32 q12, q13, q15 \n"
"VEXT.8 q12, q14, q12, #12 \n"
"VSUB.i32 q13, q13, q12 \n"
"AESE.8 q0, q4\n" "AESE.8 q0, q4\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"SUB r11, r11, #1 \n" "SUB r11, r11, #1 \n"
@@ -3790,8 +3770,16 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VEXT.8 q13, q13, q13, #8 \n" "VEXT.8 q13, q13, q13, #8 \n"
"SUB r11, r11, #2 \n" "SUB r11, r11, #2 \n"
"VMOV.u32 q12, #0xffffffff \n"
"VADD.u32 q12, q14 \n"
"VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */
"VCEQ.i32 q13, q15, q12 \n"
"VEXT.8 q13, q14, q13, #12 \n"
"VSUB.i32 q15, q15, q13 \n"
"VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */
"VCEQ.i32 q12, q13, q12 \n"
"VEXT.8 q12, q14, q12, #12 \n"
"VSUB.i32 q13, q13, q12 \n"
"AESE.8 q0, q3\n" "AESE.8 q0, q3\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VEXT.8 q15, q15, q15, #8 \n" "VEXT.8 q15, q15, q15, #8 \n"
@@ -3867,6 +3855,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
/* single block */ /* single block */
"2: \n" "2: \n"
"VMOV.u32 q15, #0xffffffff \n"
"VADD.u32 q15, q14 \n"
"VLD1.32 {q11}, [%[Key]]! \n" "VLD1.32 {q11}, [%[Key]]! \n"
"VMOV.32 q0, q13 \n" "VMOV.32 q0, q13 \n"
"AESE.8 q0, q1\n" "AESE.8 q0, q1\n"
@@ -3878,6 +3868,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"AESE.8 q0, q3\n" "AESE.8 q0, q3\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */
"VCEQ.i32 q12, q13, q15 \n"
"VEXT.8 q12, q14, q12, #12 \n"
"VSUB.i32 q13, q13, q12 \n"
"AESE.8 q0, q4\n" "AESE.8 q0, q4\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"SUB r11, r11, #1 \n" "SUB r11, r11, #1 \n"
@@ -3950,8 +3943,16 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VEXT.8 q13, q13, q13, #8 \n" "VEXT.8 q13, q13, q13, #8 \n"
"SUB r11, r11, #2 \n" "SUB r11, r11, #2 \n"
"VMOV.u32 q12, #0xffffffff \n"
"VADD.u32 q12, q14 \n"
"VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */
"VCEQ.i32 q13, q15, q12 \n"
"VEXT.8 q13, q14, q13, #12 \n"
"VSUB.i32 q15, q15, q13 \n"
"VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */
"VCEQ.i32 q12, q13, q12 \n"
"VEXT.8 q12, q14, q12, #12 \n"
"VSUB.i32 q13, q13, q12 \n"
"AESE.8 q0, q3\n" "AESE.8 q0, q3\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VEXT.8 q15, q15, q15, #8 \n" "VEXT.8 q15, q15, q15, #8 \n"
@@ -4039,6 +4040,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"B 1b \n" "B 1b \n"
"2: \n" "2: \n"
"VMOV.u32 q15, #0xffffffff \n"
"VADD.u32 q15, q14 \n"
"VLD1.32 {q11}, [%[Key]]! \n" "VLD1.32 {q11}, [%[Key]]! \n"
"VMOV.32 q0, q13 \n" "VMOV.32 q0, q13 \n"
"AESE.8 q0, q1\n" "AESE.8 q0, q1\n"
@@ -4050,6 +4053,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
"AESE.8 q0, q3\n" "AESE.8 q0, q3\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */
"VCEQ.i32 q12, q13, q15 \n"
"VEXT.8 q12, q14, q12, #12 \n"
"VSUB.i32 q13, q13, q12 \n"
"AESE.8 q0, q4\n" "AESE.8 q0, q4\n"
"AESMC.8 q0, q0\n" "AESMC.8 q0, q0\n"
"AESE.8 q0, q5\n" "AESE.8 q0, q5\n"
@@ -4096,18 +4102,58 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
); );
break; break;
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
}
}
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
byte* tmp;
word32 numBlocks;
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
switch(aes->rounds) {
#ifdef WOLFSSL_AES_128
case 10: /* AES 128 BLOCK */
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
case 12: /* AES 192 BLOCK */
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
case 14: /* AES 256 BLOCK */
#endif /* WOLFSSL_AES_256 */
break;
default: default:
WOLFSSL_MSG("Bad AES-CTR round qalue"); WOLFSSL_MSG("Bad AES-CTR round value");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
aes->left = 0;
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
/* consume any unused bytes left in aes->tmp */
while ((aes->left != 0) && (sz != 0)) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
sz--;
}
/* do as many block size ops as possible */
numBlocks = sz / AES_BLOCK_SIZE;
if (numBlocks > 0) {
wc_aes_ctr_encrypt_asm(aes, out, in, numBlocks);
sz -= numBlocks * AES_BLOCK_SIZE;
out += numBlocks * AES_BLOCK_SIZE;
in += numBlocks * AES_BLOCK_SIZE;
} }
/* handle non block size remaining */ /* handle non block size remaining */
if (sz) { if (sz) {
wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
IncrementAesCounter((byte*)aes->reg); 0, 0, 0, 0, 0, 0, 0, 0 };
wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1);
aes->left = AES_BLOCK_SIZE; aes->left = AES_BLOCK_SIZE;
tmp = (byte*)aes->tmp; tmp = (byte*)aes->tmp;
@@ -4117,9 +4163,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
aes->left--; aes->left--;
} }
} }
return 0; return 0;
} }
#endif /* WOLFSSL_AES_COUNTER */ #endif /* WOLFSSL_AES_COUNTER */

198
wolfcrypt/test/test.c
View File

@@ -8946,6 +8946,14 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
0xd3,0xda,0xe1,0x5b,0x04 0xd3,0xda,0xe1,0x5b,0x04
}; };
WOLFSSL_SMALL_STACK_STATIC const byte ctr128WrapCipherLong[] =
{
0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
};
#endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
@@ -8970,9 +8978,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipher[] = WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipher[] =
{ {
0xd4,0x45,0x1f,0xc8,0xa4,0x71,0xbf,0xd9, 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
0x61,0xe2,0xec,0xa8,0x4d,0x80,0x7b,0x81, 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
0xf8,0xd4,0x6f,0xa1,0x38 0x8c,0x68,0xa7,0xd9,0x57
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipherLong[] =
{
0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a,
}; };
#endif #endif
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
@@ -8998,9 +9014,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipher[] = WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipher[] =
{ {
0xed,0x4b,0xc8,0xa8,0x5c,0x84,0xae,0x14, 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
0xc4,0x6e,0xb2,0x25,0xba,0xf7,0x4f,0x47, 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
0x38,0xf1,0xe2,0xee,0x3d 0x4b,0x45,0x7c,0xd6,0x8a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipherLong[] =
{
0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05,
}; };
#endif #endif
@@ -9076,13 +9100,13 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
ERROR_OUT(-5945, out); ERROR_OUT(-5945, out);
/* When more than a block but less than two and wrapping ctr */ /* When more than a block but less than two and wrapping ctr */
ret = wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key),
ctrIvWrap, AES_ENCRYPTION); ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5946, out); ERROR_OUT(-5946, out);
} }
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key),
ctrIvWrap, AES_ENCRYPTION); ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5947, out); ERROR_OUT(-5947, out);
@@ -9102,6 +9126,36 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
if (XMEMCMP(cipher, ctr128WrapCipher, sizeof(ctr128WrapCipher))) if (XMEMCMP(cipher, ctr128WrapCipher, sizeof(ctr128WrapCipher)))
ERROR_OUT(-5951, out); ERROR_OUT(-5951, out);
/* When more than a block but less than two and wrapping ctr */
ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key),
ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5952, out);
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key),
ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5953, out);
}
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain,
sizeof(ctr128WrapCipherLong));
if (ret != 0) {
ERROR_OUT(-5954, out);
}
ret = wc_AesCtrEncrypt(dec, plain, cipher,
sizeof(ctr128WrapCipherLong));
if (ret != 0) {
ERROR_OUT(-5955, out);
}
if (XMEMCMP(plain, ctrPlain, sizeof(ctr128WrapCipherLong)))
ERROR_OUT(-5956, out);
if (XMEMCMP(cipher, ctr128WrapCipherLong, sizeof(ctr128WrapCipherLong)))
ERROR_OUT(-5957, out);
#endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
@@ -9109,58 +9163,88 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5952, out); ERROR_OUT(-5958, out);
} }
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5953, out); ERROR_OUT(-5959, out);
} }
XMEMSET(plain, 0, sizeof(plain)); XMEMSET(plain, 0, sizeof(plain));
ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5954, out); ERROR_OUT(-5960, out);
} }
if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher)))
ERROR_OUT(-5955, out); ERROR_OUT(-5961, out);
ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain)); ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5956, out); ERROR_OUT(-5962, out);
} }
if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher)))
ERROR_OUT(-5957, out); ERROR_OUT(-5963, out);
/* When more than a block but less than two and wrapping ctr */ /* When more than a block but less than two and wrapping ctr */
ret = wc_AesSetKeyDirect(enc, ctr192Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
ctrIvWrap, AES_ENCRYPTION); ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5958, out); ERROR_OUT(-5964, out);
} }
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr192Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
ctrIvWrap, AES_ENCRYPTION); ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5959, out); ERROR_OUT(-5965, out);
} }
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr192WrapCipher)); ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr192WrapCipher));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5960, out); ERROR_OUT(-5966, out);
} }
ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr192WrapCipher)); ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr192WrapCipher));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5961, out); ERROR_OUT(-5967, out);
} }
if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipher))) if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipher)))
ERROR_OUT(-5962, out); ERROR_OUT(-5968, out);
if (XMEMCMP(cipher, ctr192WrapCipher, sizeof(ctr192WrapCipher))) if (XMEMCMP(cipher, ctr192WrapCipher, sizeof(ctr192WrapCipher)))
ERROR_OUT(-5963, out); ERROR_OUT(-5969, out);
/* When more than a block but less than two and wrapping ctr */
ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5970, out);
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5971, out);
}
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain,
sizeof(ctr192WrapCipherLong));
if (ret != 0) {
ERROR_OUT(-5972, out);
}
ret = wc_AesCtrEncrypt(dec, plain, cipher,
sizeof(ctr192WrapCipherLong));
if (ret != 0) {
ERROR_OUT(-5973, out);
}
if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipherLong)))
ERROR_OUT(-5974, out);
if (XMEMCMP(cipher, ctr192WrapCipherLong, sizeof(ctr192WrapCipherLong)))
ERROR_OUT(-5975, out);
#endif /* WOLFSSL_AES_192 */ #endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
@@ -9168,58 +9252,88 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5964, out); ERROR_OUT(-5976, out);
} }
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
ctrIv, AES_ENCRYPTION); ctrIv, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5965, out); ERROR_OUT(-5977, out);
} }
XMEMSET(plain, 0, sizeof(plain)); XMEMSET(plain, 0, sizeof(plain));
ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5966, out); ERROR_OUT(-5978, out);
} }
if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
ERROR_OUT(-5967, out); ERROR_OUT(-5979, out);
ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain)); ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5968, out); ERROR_OUT(-5980, out);
} }
if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher)))
ERROR_OUT(-5969, out); ERROR_OUT(-5981, out);
/* When more than a block but less than two and wrapping ctr */ /* When more than a block but less than two and wrapping ctr */
ret = wc_AesSetKeyDirect(enc, ctr256Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
ctrIvWrap, AES_ENCRYPTION); ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5970, out); ERROR_OUT(-5982, out);
} }
/* Ctr only uses encrypt, even on key setup */ /* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr256Key, AES_BLOCK_SIZE, ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
ctrIvWrap, AES_ENCRYPTION); ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5971, out); ERROR_OUT(-5983, out);
} }
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr256WrapCipher)); ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr256WrapCipher));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5972, out); ERROR_OUT(-5984, out);
} }
ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr256WrapCipher)); ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr256WrapCipher));
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-5973, out); ERROR_OUT(-5985, out);
} }
if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipher))) if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipher)))
ERROR_OUT(-5974, out); ERROR_OUT(-5986, out);
if (XMEMCMP(cipher, ctr256WrapCipher, sizeof(ctr256WrapCipher))) if (XMEMCMP(cipher, ctr256WrapCipher, sizeof(ctr256WrapCipher)))
ERROR_OUT(-5975, out); ERROR_OUT(-5987, out);
/* When more than a block but less than two and wrapping ctr */
ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5888, out);
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
ctrIvWrap, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(-5989, out);
}
ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain,
sizeof(ctr256WrapCipherLong));
if (ret != 0) {
ERROR_OUT(-5990, out);
}
ret = wc_AesCtrEncrypt(dec, plain, cipher,
sizeof(ctr256WrapCipherLong));
if (ret != 0) {
ERROR_OUT(-5991, out);
}
if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipherLong)))
ERROR_OUT(-5992, out);
if (XMEMCMP(cipher, ctr256WrapCipherLong, sizeof(ctr256WrapCipherLong)))
ERROR_OUT(-5993, out);
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
} }
#endif /* WOLFSSL_AES_COUNTER */ #endif /* WOLFSSL_AES_COUNTER */
@@ -9249,34 +9363,34 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
XMEMSET(cipher, 0, AES_BLOCK_SIZE); XMEMSET(cipher, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
if (ret != 0) if (ret != 0)
ERROR_OUT(-5976, out); ERROR_OUT(-5994, out);
#if !defined(HAVE_SELFTEST) && \ #if !defined(HAVE_SELFTEST) && \
(defined(WOLFSSL_LINUXKM) || \ (defined(WOLFSSL_LINUXKM) || \
!defined(HAVE_FIPS) || \ !defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0) if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0)
ERROR_OUT(-5977, out); ERROR_OUT(-5995, out);
#else #else
wc_AesEncryptDirect(enc, cipher, niPlain); wc_AesEncryptDirect(enc, cipher, niPlain);
#endif #endif
if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
ERROR_OUT(-5978, out); ERROR_OUT(-5996, out);
XMEMSET(plain, 0, AES_BLOCK_SIZE); XMEMSET(plain, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0) if (ret != 0)
ERROR_OUT(-5979, out); ERROR_OUT(-5997, out);
#if !defined(HAVE_SELFTEST) && \ #if !defined(HAVE_SELFTEST) && \
(defined(WOLFSSL_LINUXKM) || \ (defined(WOLFSSL_LINUXKM) || \
!defined(HAVE_FIPS) || \ !defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
if (wc_AesDecryptDirect(dec, plain, niCipher) != 0) if (wc_AesDecryptDirect(dec, plain, niCipher) != 0)
ERROR_OUT(-5980, out); ERROR_OUT(-5998, out);
#else #else
wc_AesDecryptDirect(dec, plain, niCipher); wc_AesDecryptDirect(dec, plain, niCipher);
#endif #endif
if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
ERROR_OUT(-5981, out); ERROR_OUT(-5999, out);
} }
#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */