From 830aa7f7b6dbf20ad97da53e079210e9a5c73518 Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Tue, 19 May 2026 10:17:49 -0700 Subject: [PATCH] Rust wrapper: fix CFB::encrypt1 and CFB::decrypt1 to take size in bits --- wrapper/rust/wolfssl-wolfcrypt/src/aes.rs | 28 ++++++++++++------- .../rust/wolfssl-wolfcrypt/tests/test_aes.rs | 28 +++++++++++++++++++ 2 files changed, 46 insertions(+), 10 deletions(-) diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs b/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs index 7d954d2164..3974d930af 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs @@ -806,19 +806,23 @@ impl CFB { /// * `din`: Data to encrypt. /// * `dout`: Buffer in which to store the encrypted data. The size of /// the buffer must match that of the `din` buffer. + /// * `size`: Number of bits to encrypt. The `din` and `dout` buffers must + /// each be large enough to hold this number of bits. /// /// # Returns /// /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. - pub fn encrypt1(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> { - let in_size = crate::buffer_len_to_u32(din.len())?; - let out_size = crate::buffer_len_to_u32(dout.len())?; - if in_size != out_size { + pub fn encrypt1(&mut self, din: &[u8], dout: &mut [u8], size: usize) -> Result<(), i32> { + if din.len() != dout.len() { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } + if din.len() < size.div_ceil(8) { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let bit_size = crate::buffer_len_to_u32(size)?; let rc = unsafe { - sys::wc_AesCfb1Encrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size) + sys::wc_AesCfb1Encrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), bit_size) }; if rc != 0 { return Err(rc); @@ -894,20 +898,24 @@ impl CFB { /// * `din`: Data to decrypt. /// * `dout`: Buffer in which to store the decrypted data. The size of /// the buffer must match that of the `din` buffer. + /// * `size`: Number of bits to decrypt. The `din` and `dout` buffers must + /// each be large enough to hold this number of bits. /// /// # Returns /// /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. #[cfg(aes_decrypt)] - pub fn decrypt1(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> { - let in_size = crate::buffer_len_to_u32(din.len())?; - let out_size = crate::buffer_len_to_u32(dout.len())?; - if in_size != out_size { + pub fn decrypt1(&mut self, din: &[u8], dout: &mut [u8], size: usize) -> Result<(), i32> { + if din.len() != dout.len() { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } + if din.len() < size.div_ceil(8) { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let bit_size = crate::buffer_len_to_u32(size)?; let rc = unsafe { - sys::wc_AesCfb1Decrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size) + sys::wc_AesCfb1Decrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), bit_size) }; if rc != 0 { return Err(rc); diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs index d5a171fd9e..05ceedc78b 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs @@ -256,6 +256,34 @@ fn test_cfb_big_msg() { assert_eq!(big_plain, BIG_MSG); } +#[test] +#[cfg(aes_cfb)] +fn test_cfb_encrypt1() { + /* Test vector taken from wolfcrypt aescfb1_test() (AES-128). */ + let key: [u8; 16] = [ + 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73, + 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66 + ]; + let iv: [u8; 16] = [ + 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9, + 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7 + ]; + let msg: [u8; 1] = [0xC0]; + let mut enc = CFB::new().expect("Failed to create CFB"); + let mut dec = CFB::new().expect("Failed to create CFB"); + enc.init(&key, &iv).expect("Error with init()"); + dec.init(&key, &iv).expect("Error with init()"); + let mut cipher: [u8; 1] = [0]; + enc.encrypt1(&msg, &mut cipher, 2).expect("Error with encrypt1()"); + assert_eq!(cipher[0], 0x00); + let mut plain: [u8; 1] = [0]; + dec.decrypt1(&cipher, &mut plain, 2).expect("Error with decrypt1()"); + assert_eq!(plain[0], 0xC0); + cipher[0] = 0; + enc.encrypt1(&msg, &mut cipher, 7).expect("Error with encrypt1()"); + assert_eq!(cipher[0], 0x1C); +} + #[test] #[cfg(aes_ctr)] fn test_ctr_encrypt_decrypt() {