diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index fba9e87bb..9445173d8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -8015,6 +8015,31 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */ #endif /* (WOLFSSL_XILINX_CRYPT) */ + +int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, + byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, WC_RNG* rng) +{ + int ret = 0; + + if (aes == NULL || out == NULL || (in == NULL && sz != 0) || + iv == NULL || ivSz != NONCE_SZ || (authIn == NULL && authInSz != 0) || + rng == NULL) { + + ret = BAD_FUNC_ARG; + } + + if (ret == 0) + ret = wc_RNG_GenerateBlock(rng, iv, ivSz); + + if (ret == 0) + ret = wc_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); + + return ret; +} + + WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { if (gmac == NULL || key == NULL) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index bd1b90ffd..ea32669e3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6594,6 +6594,54 @@ int aesgcm_test(void) return -4325; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ + + /* Test encrypt with internally generated IV */ + { + WC_RNG rng; + byte randIV[12]; + + result = wc_InitRng(&rng); + if (result != 0) + return -8208; + + XMEMSET(randIV, 0, sizeof(randIV)); + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + wc_AesGcmSetKey(&enc, k1, sizeof(k1)); + result = wc_AesGcmEncrypt_ex(&enc, resultC, p, sizeof(p), + randIV, sizeof(randIV), resultT, sizeof(resultT), + a, sizeof(a), &rng); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -8209; + + /* Check the IV has been set. */ + { + word32 i, ivSum = 0; + + for (i = 0; i < sizeof(randIV); i++) + ivSum += randIV[i]; + if (ivSum == 0) + return -8210; + } + + result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), + randIV, sizeof(randIV), resultT, sizeof(resultT), + a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -8211; + if (XMEMCMP(p, resultP, sizeof(resultP))) + return -8212; + wc_FreeRng(&rng); + } + wc_AesFree(&enc); return 0; diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 212ded476..418b50b10 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -48,7 +48,6 @@ #endif #endif -#ifndef HAVE_FIPS /* to avoid redefinition of macros */ #ifdef WOLFSSL_AESNI @@ -58,11 +57,11 @@ #endif /* WOLFSSL_AESNI */ + #ifdef WOLFSSL_XILINX_CRYPT #include "xsecure_aes.h" #endif -#endif /* HAVE_FIPS */ #ifdef __cplusplus extern "C" { @@ -141,6 +140,8 @@ typedef struct XtsAes { #endif #ifdef HAVE_AESGCM +#include + typedef struct Gmac { Aes aes; } Gmac; @@ -214,6 +215,13 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); + WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, + const byte* in, word32 sz, + byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + WC_RNG* rng); + WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, const byte* authIn, word32 authInSz,