From 41591e7eb9e54074910c7aecaee2ceb9c1cad990 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 19 Jun 2025 14:34:32 -0700 Subject: [PATCH] Fixes for TSIP AES CTR unit tests and handling of invalid cases. --- .../wolfssl_demo/wolfssl_tsip_unit_test.c | 70 +++++++++---------- wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 12 ++-- 2 files changed, 40 insertions(+), 42 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c index 24a5402e1..66569085c 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c @@ -226,12 +226,6 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }; - WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; - WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] = { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, @@ -249,13 +243,6 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] = - { - 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, - 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, - 0xd3,0xda,0xe1,0x5b,0x04 - }; WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] = { 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, @@ -274,14 +261,6 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) } testVec[] = { { ctr128Key, (int)sizeof(ctr128Key), ctrIv, ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher }, - /* let's try with just 9 bytes, non block size test */ - { ctr128Key, (int)sizeof(ctr128Key), ctrIv, - ctrPlain, (int)sizeof(oddCipher), ctr128Cipher }, - /* and an additional 9 bytes to reuse tmp left buffer */ - { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher }, - /* Counter wrapping */ - { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, - ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher }, { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), ctr128Wrap128CipherLong }, @@ -302,6 +281,22 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) goto out; } + /* test failure cases - null */ + ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1); + if (ret != BAD_FUNC_ARG) { + ret = -8; goto out; + } + /* test failure cases - size, but no buffer */ + ret = wc_tsip_AesCtr(enc, NULL, NULL, 1); + if (ret != BAD_FUNC_ARG) { + ret = -9; goto out; + } + /* test failure cases - non block aligned */ + ret = wc_tsip_AesCtr(enc, plain, cipher, 15); + if (ret != BAD_FUNC_ARG) { + ret = -10; goto out; + } + for (i = 0; i < AES_CTR_TEST_LEN; i++) { if (testVec[i].key != NULL) { ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz, @@ -386,11 +381,6 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }; - WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, @@ -410,12 +400,6 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 }; - WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] = - { - 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, - 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, - 0x4b,0x45,0x7c,0xd6,0x8a - }; WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] = { 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, @@ -435,12 +419,6 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) } testVec[] = { { ctr256Key, (int)sizeof(ctr256Key), ctrIv, ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher }, - /* let's try with just 9 bytes, non block size test */ - { ctr256Key, (int)sizeof(ctr256Key), ctrIv, - ctrPlain, (int)sizeof(oddCipher), ctr256Cipher }, - /* Counter wrapping */ - { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, - ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher }, { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), ctr256Wrap128CipherLong }, @@ -461,6 +439,22 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key) goto out; } + /* test failure cases - null */ + ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1); + if (ret != BAD_FUNC_ARG) { + ret = -8; goto out; + } + /* test failure cases - size, but no buffer */ + ret = wc_tsip_AesCtr(enc, NULL, NULL, 1); + if (ret != BAD_FUNC_ARG) { + ret = -9; goto out; + } + /* test failure cases - non block aligned */ + ret = wc_tsip_AesCtr(enc, plain, cipher, 15); + if (ret != BAD_FUNC_ARG) { + ret = -10; goto out; + } + for (i = 0; i < AES_CTR_TEST_LEN; i++) { if (testVec[i].key != NULL) { ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz, diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index df7c41ada..020eb001e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -606,13 +606,17 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER +/* API only supports even blocks (16 byte) */ +/* Use the public wc_AesCtrEncrypt with crypto callbacks to handle odd remain */ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz) { tsip_aes_handle_t _handle; int ret; + int blocks = (int)(sz / WC_AES_BLOCK_SIZE); + int remain = (int)(sz % WC_AES_BLOCK_SIZE); byte *iv; - if ((in == NULL) || (out == NULL) || (aes == NULL)) { + if (aes == NULL || in == NULL || out == NULL || sz == 0 || remain != 0) { return BAD_FUNC_ARG; } @@ -630,7 +634,7 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz) ret = R_TSIP_Aes128CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv); if (ret == TSIP_SUCCESS) { ret = R_TSIP_Aes128CtrUpdate(&_handle, (uint8_t*)in, - (uint8_t*)out, sz); + (uint8_t*)out, blocks * WC_AES_BLOCK_SIZE); if (ret == TSIP_SUCCESS) { ret = R_TSIP_Aes128CtrFinal(&_handle); } @@ -644,7 +648,7 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz) ret = R_TSIP_Aes256CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv); if (ret == TSIP_SUCCESS) { ret = R_TSIP_Aes256CtrUpdate(&_handle, (uint8_t*)in, - (uint8_t*)out, sz); + (uint8_t*)out, blocks * WC_AES_BLOCK_SIZE); if (ret == TSIP_SUCCESS) { ret = R_TSIP_Aes256CtrFinal(&_handle); } @@ -656,9 +660,9 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz) if (ret == TSIP_SUCCESS) { /* increment IV counter */ - int i, blocks = (int)(sz / WC_AES_BLOCK_SIZE); while (blocks--) { /* in network byte order so start at end and work back */ + int i; for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) { if (++iv[i]) /* we're done unless we overflow */ break;