diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 8ccf00460..def94b706 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -411,9 +411,7 @@ int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out, if (aes == NULL || out == NULL || in == NULL) return BAD_FUNC_ARG; - wc_AesCtrEncrypt((Aes*)aes, out, in, inSz); - - return 0; + return wc_AesCtrEncrypt((Aes*)aes, out, in, inSz); } @@ -525,7 +523,7 @@ int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX* rsa, unsigned char* out, /* RSA Get Encrypt size helper */ -int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa) +int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa) { if (rsa == NULL) return BAD_FUNC_ARG; diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 5f1e4549e..82450f917 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -960,8 +960,11 @@ static int check_aesctr(void) printf("mcapi aes-128 ctr encrypt failed\n"); return -1; } - wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); - + ret = wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); + if (ret != 0) { + printf("mcapi aes-128 ctr encrypt set failed\n"); + return -1; + } if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-128 ctr encrypt cmp failed\n"); return -1; @@ -1007,8 +1010,11 @@ static int check_aesctr(void) printf("mcapi aes-192 ctr encrypt failed\n"); return -1; } - wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); - + ret = wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); + if (ret != 0) { + printf("mcapi aes-192 ctr encrypt set failed\n"); + return -1; + } if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-192 ctr encrypt cmp failed\n"); return -1; @@ -1054,8 +1060,11 @@ static int check_aesctr(void) printf("mcapi aes-256 ctr encrypt failed\n"); return -1; } - wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); - + ret = wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); + if (ret != 0) { + printf("mcapi aes-256 ctr encrypt set failed\n"); + return -1; + } if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-256 ctr encrypt cmp failed\n"); return -1; diff --git a/tests/api.c b/tests/api.c index 2df11e7b2..5debbfe62 100644 --- a/tests/api.c +++ b/tests/api.c @@ -61,6 +61,12 @@ #ifdef WOLFSSL_SHA384 #include #endif +#ifndef NO_AES + #include + #ifdef HAVE_AES_DECRYPT + #include + #endif +#endif #ifdef WOLFSSL_RIPEMD #include #endif @@ -5583,6 +5589,760 @@ static int test_wc_ChaCha20Poly1305_aead (void) } /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */ +/* + * Testing function for wc_AesSetIV + */ +static int test_wc_AesSetIV (void) +{ +#ifndef NO_AES + Aes aes; + byte key16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte iv1[] = "1234567890abcdef"; + byte iv2[] = "0987654321fedcba"; + int ret; + + printf(testingFmt, "wc_AesSetIV()"); + + ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), + iv1, AES_ENCRYPTION); + if(ret == 0) { + ret = wc_AesSetIV(&aes, iv2); + } + /* Test bad args. */ + if(ret == 0) { + ret = wc_AesSetIV(NULL, iv1); + if(ret == BAD_FUNC_ARG) { + /* NULL iv should return 0. */ + ret = wc_AesSetIV(&aes, NULL); + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; +} /* test_wc_AesSetIV */ + + +/* + * Testing function for wc_AesSetKey(). + */ +static int test_wc_AesSetKey (void) +{ +#ifndef NO_AES + Aes aes; + byte key16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte key24[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte key32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte badKey16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte iv[] = "1234567890abcdef"; + int ret; + + printf(testingFmt, "wc_AesSetKey()"); + + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), + iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte), + iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte), + iv, AES_ENCRYPTION); + } + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte), + iv, AES_ENCRYPTION); + if (ret == BAD_FUNC_ARG) { + ret = wc_AesSetKey(&aes, badKey16, + (word32) sizeof(badKey16) / sizeof(byte), + iv, AES_ENCRYPTION); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; +} /* END test_wc_AesSetKey */ + + + +/* + * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), + * and wc_AesCbcDecryptWithKey() + */ +static int test_wc_AesCbcEncryptDecrypt (void) +{ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT) + Aes aes; + byte key32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = /* Now is the time for all w/o trailing 0 */ + { + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte iv[] = "1234567890abcdef"; + byte enc[AES_BLOCK_SIZE]; + byte dec[sizeof(vector)]; + int cbcE = SSL_FATAL_ERROR; + int cbcD = SSL_FATAL_ERROR; + int cbcDWK = SSL_FATAL_ERROR; + byte dec2[sizeof(vector)]; + int ret; + + /* Init stack variables. */ + XMEMSET(enc, 0, AES_BLOCK_SIZE); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(dec2, 0, sizeof(vector)); + + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)); + if (ret == 0) { + ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, + iv, AES_DECRYPTION); + } + if (ret == 0) { + ret = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE); + if (ret != 0 || XMEMCMP(vector, dec, AES_BLOCK_SIZE) != 0) { + ret = SSL_FATAL_ERROR; + } + } + } + + if (ret == 0) { + ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), iv); + if (ret != 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) != 0) { + ret = SSL_FATAL_ERROR; + } + } + + printf(testingFmt, "wc_AesCbcEncrypt()"); + /* Pass in bad args */ + if (ret == 0) { + cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)); + if (cbcE == BAD_FUNC_ARG) { + cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)); + } + if (cbcE == BAD_FUNC_ARG) { + cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)); + } + if (cbcE == BAD_FUNC_ARG) { + cbcE = 0; + } else { + cbcE = SSL_FATAL_ERROR; + } + } + printf(resultFmt, cbcE == 0 ? passed : failed); + + printf(testingFmt, "wc_AesCbcDecrypt()"); + if (ret == 0) { + cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE); + if (cbcD == BAD_FUNC_ARG) { + cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE); + } + if (cbcD == BAD_FUNC_ARG) { + cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE); + } + if (cbcD == BAD_FUNC_ARG) { + cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1); + } + if (cbcD == BAD_FUNC_ARG) { + cbcD = 0; + } else { + cbcD = SSL_FATAL_ERROR; + } + } + printf(resultFmt, cbcD == 0 ? passed : failed); + + printf(testingFmt, "wc_AesCbcDecryptWithKey()"); + if (ret == 0) { + cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), iv); + if (cbcDWK == BAD_FUNC_ARG) { + cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), iv); + } + if (cbcDWK == BAD_FUNC_ARG) { + cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, + NULL, sizeof(key32)/sizeof(byte), iv); + } + if (cbcDWK == BAD_FUNC_ARG) { + cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), NULL); + } + if (cbcDWK == BAD_FUNC_ARG) { + cbcDWK = 0; + } else { + cbcDWK = SSL_FATAL_ERROR; + } + } + printf(resultFmt, cbcDWK == 0 ? passed : failed); +#endif + return 0; +} /* END test_wc_AesCbcEncryptDecrypt */ + +/* + * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt + */ +static int test_wc_AesCtrEncryptDecrypt (void) +{ +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + Aes aesEnc, aesDec; + byte key32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = /* Now is the time for all w/o trailing 0 */ + { + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte iv[] = "1234567890abcdef"; + byte enc[AES_BLOCK_SIZE * 2]; + byte dec[AES_BLOCK_SIZE * 2]; + int ret; + + /* Init stack variables. */ + XMEMSET(enc, 0, AES_BLOCK_SIZE * 2); + XMEMSET(dec, 0, AES_BLOCK_SIZE * 2); + + printf(testingFmt, "wc_AesCtrEncrypt()"); + + ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID); + } + if (ret == 0) { + ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, + iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_AesCtrEncrypt(&aesEnc, enc, vector, + sizeof(vector)/sizeof(byte)); + if (ret == 0) { + /* Decrypt with wc_AesCtrEncrypt() */ + ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, + iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)); + if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) { + ret = SSL_FATAL_ERROR; + } + } + } + + /* Test bad args. */ + if (ret == 0) { + ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)); + if (ret == BAD_FUNC_ARG) { + ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_AesCtrEncryptDecrypt */ + +/* + * test function for wc_AesGcmSetKey() + */ +static int test_wc_AesGcmSetKey (void) +{ +#if !defined(NO_AES) && defined(HAVE_AESGCM) + + Aes aes; + byte key16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte key24[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte key32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte badKey16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte badKey24[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte badKey32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + int ret; + + printf(testingFmt, "wc_AesGcmSetKey()"); + + ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)); + if (ret == 0) { + ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)); + } + if (ret == 0) { + ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); + } + + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)); + if (ret == BAD_FUNC_ARG) { + ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; +} /* END test_wc_AesGcmSetKey */ + +/* + * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt + */ +static int test_wc_AesGcmEncryptDecrypt (void) +{ +#if !defined(NO_AES) && defined(HAVE_AESGCM) + + Aes aes; + byte key32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = /* Now is the time for all w/o trailing 0 */ + { + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + const byte a[] = + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + byte iv[] = "1234567890a"; + byte badIV[] = "1234567890abcde"; + byte enc[sizeof(vector)]; + byte resultT[AES_BLOCK_SIZE]; + byte dec[sizeof(vector)]; + int ret; + int gcmD = SSL_FATAL_ERROR; + int gcmE = SSL_FATAL_ERROR; + + /* Init stack variables. */ + XMEMSET(enc, 0, sizeof(vector)); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(resultT, 0, AES_BLOCK_SIZE); + + ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); + if (ret == 0) { + ret = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (ret == 0) { + ret = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if(ret != 0 || (XMEMCMP(vector, dec, sizeof(vector)) != 0)) { + ret = SSL_FATAL_ERROR; + } + printf(testingFmt, "wc_AesGcmEncrypt()"); + /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ + if (ret == 0) { + gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), + iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), + a, sizeof(a)); + if (gcmE == BAD_FUNC_ARG) { + gcmE = wc_AesGcmEncrypt(&aes, enc, vector, + sizeof(vector), iv, sizeof(iv)/sizeof(byte), + resultT, sizeof(resultT) + 1, a, sizeof(a)); + } + if (gcmE == BAD_FUNC_ARG) { + gcmE = wc_AesGcmEncrypt(&aes, enc, vector, + sizeof(vector), iv, sizeof(iv)/sizeof(byte), + resultT, sizeof(resultT) - 5, a, sizeof(a)); + } + if (gcmE == BAD_FUNC_ARG) { + gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), badIV, + sizeof(badIV)/sizeof(byte), resultT, sizeof(resultT), + a, sizeof(a)); + } + #ifdef HAVE_FIPS + if (gcmE == BAD_FUNC_ARG) { + gcmE = 0; + } else { + gcmE = SSL_FATAL_ERROR; + } + #endif + } /* END wc_AesGcmEncrypt */ + + printf(resultFmt, gcmE == 0 ? passed : failed); + printf(testingFmt, "wc_AesGcmDecrypt()"); + + if (ret == 0) { + gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + NULL, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), NULL, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, 0, iv, + sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT) + 1, a, sizeof(a)); + if (gcmD == BAD_FUNC_ARG) { + gcmD = 0; + } else { + gcmD = SSL_FATAL_ERROR; + } + } + } /* END wc_AesGcmDecrypt */ + + printf(resultFmt, gcmD == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_AesGcmEncryptDecrypt */ + +/* + * unit test for wc_GmacSetKey() + */ +static int test_wc_GmacSetKey (void) +{ +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Gmac gmac; + byte key16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte key24[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte key32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte badKey16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 + }; + byte badKey24[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte badKey32[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + int ret; + + printf(testingFmt, "wc_GmacSetKey()"); + + ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)); + if (ret == 0) { + ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); + } + if (ret == 0) { + ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); + } + + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)); + if (ret == BAD_FUNC_ARG) { + ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_GmacSetKey */ + +/* + * unit test for wc_GmacUpdate + */ +static int test_wc_GmacUpdate (void) +{ +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Gmac gmac; + const byte key16[] = + { + 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, + 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 + }; + byte key24[] = + { + 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, + 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, + 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 + }; + byte key32[] = + { + 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, + 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, + 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, + 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 + }; + const byte authIn[] = + { + 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, + 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 + }; + const byte authIn2[] = + { + 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, + 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 + }; + const byte authIn3[] = + { + 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, + 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 + }; + const byte tag1[] = /* Known. */ + { + 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; + const byte tag2[] = /* Known */ + { + 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, + 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 + }; + const byte tag3[] = /* Known */ + { + 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, + 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 + }; + const byte iv[] = + { + 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, + 0xe2, 0x8c, 0x8f, 0x16 + }; + const byte iv2[] = + { + 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, + 0x7e, 0x1a, 0x6f, 0xbc + }; + const byte iv3[] = + { + 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, + 0xc3, 0xfb, 0x6c, 0x8a + }; + byte tagOut[16]; + byte tagOut2[24]; + byte tagOut3[32]; + int ret; + + /* Init stack varaibles. */ + XMEMSET(tagOut, 0, sizeof(tagOut)); + XMEMSET(tagOut2, 0, sizeof(tagOut2)); + XMEMSET(tagOut3, 0, sizeof(tagOut3)); + + printf(testingFmt, "wc_GmacUpdate()"); + + ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)); + if (ret == 0) { + ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), + tagOut, sizeof(tag1)); + if (ret == 0) { + ret = XMEMCMP(tag1, tagOut, sizeof(tag1)); + } + if (ret == 0) { + XMEMSET(&gmac, 0, sizeof(Gmac)); + ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); + } + if (ret == 0) { + ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, + sizeof(authIn2), tagOut2, sizeof(tag2)); + } + if (ret == 0) { + ret = XMEMCMP(tagOut2, tag2, sizeof(tag2)); + } + if (ret == 0) { + XMEMSET(&gmac, 0, sizeof(Gmac)); + ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); + } + if (ret == 0) { + ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, + sizeof(authIn3), tagOut3, sizeof(tag3)); + } + if (ret == 0) { + ret = XMEMCMP(tag3, tagOut3, sizeof(tag3)); + } + } + + /*Pass bad args. */ + if (ret == 0) { + ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, + sizeof(authIn3), tagOut3, sizeof(tag3)); + if (ret == BAD_FUNC_ARG) { + ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, + sizeof(authIn3), tagOut3, sizeof(tag3) - 5); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, + sizeof(authIn3), tagOut3, sizeof(tag3) + 1); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_GmacUpdate */ + /* * testing wc_CamelliaSetKey @@ -7383,6 +8143,14 @@ void ApiTest(void) AssertIntEQ(test_wc_Arc4SetKey(), 0); AssertIntEQ(test_wc_Arc4Process(), 0); + AssertIntEQ(test_wc_AesSetKey(), 0); + AssertIntEQ(test_wc_AesSetIV(), 0); + AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0); + AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0); + AssertIntEQ(test_wc_AesGcmSetKey(), 0); + AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0); + AssertIntEQ(test_wc_GmacSetKey(), 0); + AssertIntEQ(test_wc_GmacUpdate(), 0); printf(" End API Tests\n"); } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 08d022781..9a62ffcda 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1320,14 +1320,17 @@ void bench_aesctr(void) { Aes enc; double start; - int i, count; + int i, count, ret; wc_AesSetKeyDirect(&enc, bench_key, AES_BLOCK_SIZE, bench_iv, AES_ENCRYPTION); bench_stats_start(&count, &start); do { for (i = 0; i < numBlocks; i++) { - wc_AesCtrEncrypt(&enc, bench_plain, bench_cipher, BENCH_SIZE); + if((ret = wc_AesCtrEncrypt(&enc, bench_plain, bench_cipher, BENCH_SIZE)) != 0) { + printf("wc_AesCtrEncrypt failed, ret = %d\n", ret); + return; + } } count += i; } while (bench_stats_sym_check(start)); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index a8cba6d70..11aeb271a 100755 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -25,6 +25,7 @@ #endif #include +#include #ifndef NO_AES @@ -35,20 +36,36 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { + if (aes == NULL || !( (len == 16) || (len == 24) || (len == 32)) ) { + return BAD_FUNC_ARG; + } + return AesSetKey_fips(aes, key, len, iv, dir); } int wc_AesSetIV(Aes* aes, const byte* iv) { + if (aes == NULL) { + return BAD_FUNC_ARG; + } + return AesSetIV_fips(aes, iv); } #ifdef HAVE_AES_CBC int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + return AesCbcEncrypt_fips(aes, out, in, sz); } #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL || sz % 16 != 0) { + return BAD_FUNC_ARG; + } + return AesCbcDecrypt_fips(aes, out, in, sz); } #endif /* HAVE_AES_DECRYPT */ @@ -56,9 +73,13 @@ /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER - void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - AesCtrEncrypt(aes, out, in, sz); + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + + return AesCtrEncrypt(aes, out, in, sz); } #endif @@ -87,6 +108,10 @@ #ifdef HAVE_AESGCM int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) { + if (aes == NULL || !( (len == 16) || (len == 24) || (len == 32)) ) { + return BAD_FUNC_ARG; + } + return AesGcmSetKey_fips(aes, key, len); } int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, @@ -94,6 +119,11 @@ byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { + if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz != 12 || + authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + return BAD_FUNC_ARG; + } + return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); } @@ -104,6 +134,12 @@ const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { + if (aes == NULL || out == NULL || in == NULL || sz == 0 || + iv == NULL || authTag == NULL || ivSz != 12 || + authTagSz > AES_BLOCK_SIZE) { + return BAD_FUNC_ARG; + } + return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); } @@ -111,12 +147,22 @@ int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { + if (gmac == NULL || key == NULL || !((len == 16) || + (len == 24) || (len == 32)) ) { + return BAD_FUNC_ARG; + } + return GmacSetKey(gmac, key, len); } int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, const byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz) { + if (gmac == NULL || authTagSz > AES_BLOCK_SIZE || + authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + return BAD_FUNC_ARG; + } + return GmacUpdate(gmac, iv, ivSz, authIn, authInSz, authTag, authTagSz); } @@ -179,7 +225,6 @@ #include #else -#include #include #ifdef NO_INLINE @@ -2801,6 +2846,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { word32 blocks = (sz / AES_BLOCK_SIZE); + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) /* if async and byte count above threshold */ if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES && @@ -2886,6 +2935,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { word32 blocks; + if (aes == NULL || out == NULL || in == NULL || sz % 16 != 0) { + return BAD_FUNC_ARG; + } + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) /* if async and byte count above threshold */ if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES && @@ -2988,8 +3041,12 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) #if defined(WOLFSSL_AES_COUNTER) || (defined(HAVE_AESGCM_DECRYPT) && defined(STM32F4_CRYPTO)) #if defined(STM32F2_CRYPTO) || defined(STM32F4_CRYPTO) #ifdef WOLFSSL_STM32_CUBEMX - void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + CRYP_HandleTypeDef hcryp; XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); @@ -3019,10 +3076,15 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } HAL_CRYP_DeInit(&hcryp); + + return 0; } #else - void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } word32 *enc_key, *iv; int len = (int)sz; CRYP_InitTypeDef AES_CRYP_InitStructure; @@ -3125,8 +3187,12 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif /* WOLFSSL_STM32_CUBEMX */ #elif defined(WOLFSSL_PIC32MZ_CRYPT) - void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + int i; char out_block[AES_BLOCK_SIZE]; int odd; @@ -3180,14 +3246,20 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) XMEMCPY(out, out_block+aes->left,odd); aes->left += odd; } + + return 0; } #elif defined(HAVE_COLDFIRE_SEC) #error "Coldfire SEC doesn't currently support AES-CTR mode" #elif defined(FREESCALE_LTC) - void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + uint32_t keySize; byte *iv, *enc_key; byte* tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; @@ -3209,6 +3281,8 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) iv, enc_key, keySize, (byte*)aes->tmp, (uint32_t*)&(aes->left)); } + + return 0; } #else @@ -3224,8 +3298,11 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } } - void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } byte* tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; /* consume any unused bytes left in aes->tmp */ @@ -3260,6 +3337,8 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) aes->left--; } } + + return 0; } #endif /* AES-CTR block */ @@ -4844,6 +4923,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { + if (gmac == NULL || key == NULL) { + return BAD_FUNC_ARG; + } return wc_AesGcmSetKey(&gmac->aes, key, len); } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 3dcac0c02..aabe9fc08 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -190,9 +190,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, case AES_192_CTR_TYPE: case AES_256_CTR_TYPE: if (ctx->enc) - wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); + ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); else - wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); + ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); break; #endif #if !defined(NO_AES) && defined(HAVE_AES_ECB) diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index a14e7a451..2ebb884e4 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -43,6 +43,10 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, Aes aes[1]; #endif + if (out == NULL || in == NULL || key == NULL || iv == NULL) { + return BAD_FUNC_ARG; + } + #ifdef WOLFSSL_SMALL_STACK aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (aes == NULL) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3afddfdd5..359c9517f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4138,9 +4138,14 @@ int aes_test(void) wc_AesSetKeyDirect(&dec, ctr128Key, sizeof(ctr128Key), ctrIv, AES_ENCRYPTION); - wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); - wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); - + ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); + if (ret != 0) { + return -4227; + } + ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); + if (ret != 0) { + return -4228; + } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) return -4213; @@ -4154,8 +4159,14 @@ int aes_test(void) wc_AesSetKeyDirect(&dec, ctr128Key, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION); - wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); - wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); + ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); + if (ret != 0) { + return -4229; + } + ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); + if (ret != 0) { + return -4230; + } if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) return -4215; @@ -4165,8 +4176,14 @@ int aes_test(void) #if !defined(STM32F2_CRYPTO) && !defined(STM32F4_CRYPTO) /* test not supported on STM32 crypto HW */ /* and an additional 9 bytes to reuse tmp left buffer */ - wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); - wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); + ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); + if (ret != 0) { + return -4231; + } + ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); + if (ret != 0) { + return -4232; + } if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) return -4217; @@ -4183,12 +4200,18 @@ int aes_test(void) ctrIv, AES_ENCRYPTION); XMEMSET(plain, 0, sizeof(plain)); - wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); + ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); + if (ret != 0) { + return -4233; + } if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) return -4219; - wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); + ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); + if (ret != 0) { + return -4234; + } if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) return -4220; @@ -4200,12 +4223,18 @@ int aes_test(void) ctrIv, AES_ENCRYPTION); XMEMSET(plain, 0, sizeof(plain)); - wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); + ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); + if (ret != 0) { + return -4235; + } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) return -4221; - wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); + ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); + if (ret != 0) { + return -4236; + } if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) return -4222; } diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 785edc181..8d2833c88 100755 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -142,7 +142,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER - WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, + WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); #endif /* AES-DIRECT */