feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixes for KCAPI AES GCM. Add guards for algorithm macros on KCAPI.

Browse Source
This commit is contained in:
David Garske
2022-03-17 14:44:11 -07:00
parent 1b0e5f4806
commit 9f2dc408a0
6 changed files with 51 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
wolfcrypt/src/port/kcapi/kcapi_aes.c
View File

@@ -234,8 +234,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
{ {
int ret = 0; int ret = 0;
byte* data = NULL; byte* data = NULL;
word32 dataSz = authInSz + sz + authTagSz; word32 dataSz;
ssize_t rc; int inbuflen, outbuflen;
size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); size_t pageSz = (size_t)sysconf(_SC_PAGESIZE);
/* argument checks */ /* argument checks */
@@ -255,16 +255,22 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
} }
if (ret == 0) { if (ret == 0) {
ret = posix_memalign((void*)&data, pageSz, dataSz); ret = kcapi_aead_init(&aes->handle, WC_NAME_AESGCM, 0);
if (ret < 0) { if (ret != 0) {
ret = MEMORY_E; WOLFSSL_MSG("Error with first time setup of kcapi");
} }
} }
if (ret == 0) { if (ret == 0) {
ret = kcapi_aead_init(&aes->handle, WC_NAME_AESGCM, 0); inbuflen = (int)kcapi_aead_inbuflen_enc( aes->handle, sz, authInSz,
if (ret != 0) { authTagSz);
WOLFSSL_MSG("Error with first time setup of kcapi"); outbuflen = (int)kcapi_aead_outbuflen_enc(aes->handle, sz, authInSz,
authTagSz);
dataSz = (inbuflen > outbuflen) ? inbuflen : outbuflen;
ret = posix_memalign((void*)&data, pageSz, dataSz);
if (ret < 0) {
ret = MEMORY_E;
} }
} }
@@ -287,16 +293,18 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
XMEMCPY(data, authIn, authInSz); XMEMCPY(data, authIn, authInSz);
XMEMCPY(data + authInSz, in, sz); XMEMCPY(data + authInSz, in, sz);
rc = kcapi_aead_encrypt(aes->handle, data, dataSz, iv, data, dataSz, ret = (int)kcapi_aead_encrypt(aes->handle, data, inbuflen, iv, data,
KCAPI_ACCESS_HEURISTIC); outbuflen, KCAPI_ACCESS_HEURISTIC);
if (rc < 0) { if (ret < 0) {
WOLFSSL_MSG("GcmEncrypt failed"); WOLFSSL_MSG("GcmEncrypt failed");
ret = (int)rc;
} }
else if ((word32)rc != dataSz) { else if (ret != outbuflen) {
WOLFSSL_MSG("GcmEncrypt produced wrong output length"); WOLFSSL_MSG("GcmEncrypt produced wrong output length");
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
else {
ret = 0; /* success */
}
} }
if (ret == 0) { if (ret == 0) {
@@ -327,9 +335,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
{ {
int ret = 0; int ret = 0;
byte* data = NULL; byte* data = NULL;
word32 dataSz = authInSz + sz + authTagSz; word32 dataSz;
word32 outSz = authInSz + sz; int inbuflen, outbuflen;
ssize_t rc;
size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); size_t pageSz = (size_t)sysconf(_SC_PAGESIZE);
/* argument checks */ /* argument checks */
@@ -350,16 +357,22 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
} }
if (ret == 0) { if (ret == 0) {
ret = posix_memalign((void*)&data, pageSz, dataSz); ret = kcapi_aead_init(&aes->handle, WC_NAME_AESGCM, 0);
if (ret < 0) { if (ret != 0) {
ret = MEMORY_E; WOLFSSL_MSG("Error with first time setup of kcapi");
} }
} }
if (ret == 0) { if (ret == 0) {
ret = kcapi_aead_init(&aes->handle, WC_NAME_AESGCM, 0); inbuflen = (int)kcapi_aead_inbuflen_dec( aes->handle, sz, authInSz,
if (ret != 0) { authTagSz);
WOLFSSL_MSG("Error with first time setup of kcapi"); outbuflen = (int)kcapi_aead_outbuflen_dec(aes->handle, sz, authInSz,
authTagSz);
dataSz = (inbuflen > outbuflen) ? inbuflen : outbuflen;
ret = posix_memalign((void*)&data, pageSz, dataSz);
if (ret < 0) {
ret = MEMORY_E;
} }
} }
@@ -380,19 +393,20 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
XMEMCPY(data + authInSz, in, sz); XMEMCPY(data + authInSz, in, sz);
XMEMCPY(data + authInSz + sz, authTag, authTagSz); XMEMCPY(data + authInSz + sz, authTag, authTagSz);
rc = kcapi_aead_decrypt(aes->handle, data, dataSz, iv, data, outSz, ret = (int)kcapi_aead_decrypt(aes->handle, data, inbuflen, iv, data,
KCAPI_ACCESS_HEURISTIC); outbuflen, KCAPI_ACCESS_HEURISTIC);
if (rc < 0) { if (ret < 0) {
WOLFSSL_MSG("GcmDecrypt failed"); WOLFSSL_MSG("GcmDecrypt failed");
if (rc == -EBADMSG) if (ret == -EBADMSG)
ret = AES_GCM_AUTH_E; ret = AES_GCM_AUTH_E;
else
ret = (int)rc;
} }
else if ((word32)rc != outSz) { else if (ret != outbuflen) {
WOLFSSL_MSG("GcmDecrypt produced wrong output length"); WOLFSSL_MSG("GcmDecrypt produced wrong output length");
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
else {
ret = 0; /* success */
}
} }
if (ret == 0) { if (ret == 0) {

4
wolfcrypt/src/port/kcapi/kcapi_dh.c
View File

@@ -26,7 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_KCAPI_DH) #if defined(WOLFSSL_KCAPI_DH) && !defined(NO_DH)
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
@@ -232,4 +232,4 @@ int KcapiDh_SharedSecret(DhKey* private_key, const byte* pub, word32 pubSz,
return ret; return ret;
} }
#endif /* WOLFSSL_KCAPI_DH */ #endif /* WOLFSSL_KCAPI_DH && !NO_DH */

4
wolfcrypt/src/port/kcapi/kcapi_ecc.c
View File

@@ -26,7 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_KCAPI_ECC) #if defined(WOLFSSL_KCAPI_ECC) && defined(HAVE_ECC)
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
@@ -367,4 +367,4 @@ int KcapiEcc_Verify(ecc_key* key, const byte* hash, word32 hashLen, byte* sig,
} }
#endif #endif
#endif /* WOLFSSL_KCAPI_ECC */ #endif /* WOLFSSL_KCAPI_ECC && HAVE_ECC */

1
wolfcrypt/src/port/kcapi/kcapi_hash.c
View File

@@ -642,4 +642,3 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#endif /* WOLFSSL_KCAPI_HASH */ #endif /* WOLFSSL_KCAPI_HASH */

5
wolfcrypt/src/port/kcapi/kcapi_hmac.c
View File

@@ -26,7 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_KCAPI_HMAC) #if defined(WOLFSSL_KCAPI_HMAC) && !defined(NO_HMAC)
#define FIPS_NO_WRAPPERS #define FIPS_NO_WRAPPERS
@@ -334,5 +334,4 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
return ret; return ret;
} }
#endif /* WOLFSSL_KCAPI_HMAC */ #endif /* WOLFSSL_KCAPI_HMAC && !NO_HMAC */

5
wolfcrypt/src/port/kcapi/kcapi_rsa.c
View File

@@ -26,7 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_KCAPI_RSA) #if defined(WOLFSSL_KCAPI_RSA) && !defined(NO_RSA)
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
@@ -356,5 +356,4 @@ int KcapiRsa_Encrypt(RsaKey* key, const byte* in, word32 inLen, byte* out,
return ret; return ret;
} }
#endif /* WOLFSSL_KCAPI_RSA */ #endif /* WOLFSSL_KCAPI_RSA && !NO_RSA */