feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1058 from jrblixt/fix-AesFipsSanityCheck

Browse Source 
Unit test GCM sanity check Fips change.
This commit is contained in:
toddouska
2017-07-25 13:30:35 -07:00
committed by GitHub
parent a076a2f0d8 f8e2f596d6
commit ef98e96767
2 changed files with 55 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/api.c
View File

@@ -6127,7 +6127,7 @@ static int test_wc_AesGcmEncryptDecrypt (void)
0xab, 0xad, 0xda, 0xd2
};
byte iv[] = "1234567890a";
byte badIV[] = "1234567890abcde";
byte longIV[] = "1234567890abcdefghij";
byte enc[sizeof(vector)];
byte resultT[AES_BLOCK_SIZE];
byte dec[sizeof(vector)];
@@ -6142,17 +6142,16 @@ static int test_wc_AesGcmEncryptDecrypt (void)
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
if (ret == 0) {
ret = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (ret == 0) { /* If encrypt fails, no decrypt. */
gcmE = 0;
ret = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
if (gcmE == 0) { /* If encrypt fails, no decrypt. */
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
if(ret == 0 || (XMEMCMP(vector, dec, sizeof(vector)) == 0)) {
gcmD = 0;
if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
gcmD = SSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_AesGcmEncrypt()");
@@ -6172,8 +6171,8 @@ static int test_wc_AesGcmEncryptDecrypt (void)
resultT, sizeof(resultT) - 5, a, sizeof(a));
}
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), badIV,
sizeof(badIV)/sizeof(byte), resultT, sizeof(resultT),
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a));
}
#ifdef HAVE_FIPS
@@ -6186,6 +6185,7 @@ static int test_wc_AesGcmEncryptDecrypt (void)
} /* END wc_AesGcmEncrypt */
printf(resultFmt, gcmE == 0 ? passed : failed);
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wc_AesGcmDecrypt()");
if (gcmD == 0) {
@@ -6212,25 +6212,20 @@ static int test_wc_AesGcmEncryptDecrypt (void)
iv, sizeof(iv)/sizeof(byte), NULL,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, 0, iv,
sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT) + 1, a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = 0;
} else {
gcmD = SSL_FATAL_ERROR;
}
}
} /* END wc_AesGcmDecrypt */
printf(resultFmt, gcmD == 0 ? passed : failed);
#endif /* HAVE_AES_DECRYPT */
#endif
return 0;

13
wolfcrypt/src/aes.c
View File

@@ -122,8 +122,8 @@
const byte* authIn, word32 authInSz)
{
if (aes == NULL || authTagSz > AES_BLOCK_SIZE
|| ivSz != WOLFSSL_MIN_AUTH_TAG_SZ
|| authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
|| authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ ||
ivSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
@@ -137,10 +137,9 @@
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
if (aes == NULL || out == NULL || in == NULL || sz == 0
|| iv == NULL || authTag == NULL
|| ivSz != WOLFSSL_MIN_AUTH_TAG_SZ
||authTagSz > AES_BLOCK_SIZE) {
if (aes == NULL || out == NULL || in == NULL || iv == NULL
|| authTag == NULL || authTagSz > AES_BLOCK_SIZE ||
ivSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
@@ -7265,7 +7264,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif
/* argument checks */
if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL ||
if (aes == NULL || out == NULL || in == NULL || iv == NULL ||
authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}