diff --git a/wolfcrypt/src/port/tropicsquare/tropic01.c b/wolfcrypt/src/port/tropicsquare/tropic01.c index 8fa96906b4..e77ca2d6aa 100644 --- a/wolfcrypt/src/port/tropicsquare/tropic01.c +++ b/wolfcrypt/src/port/tropicsquare/tropic01.c @@ -314,6 +314,17 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) #if !defined(NO_AES) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM) { + word32 keyLen = info->cipher.enc + ? info->cipher.aesgcm_enc.aes->keylen + : info->cipher.aesgcm_dec.aes->keylen; + if (keyLen != AES_128_KEY_SIZE && + keyLen != AES_192_KEY_SIZE && + keyLen != AES_256_KEY_SIZE) { + WOLFSSL_MSG_EX( + "TROPIC01: CryptoCB: invalid AES key length %u", + keyLen); + return BAD_FUNC_ARG; + } ret = Tropic01_GetKeyAES( lt_key, TROPIC01_AES_KEY_RMEM_SLOT, @@ -339,7 +350,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) } if (info->cipher.enc) { ret = wc_AesSetKey(info->cipher.aesgcm_enc.aes, lt_key, - WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION); + keyLen, lt_iv, AES_ENCRYPTION); ForceZero(lt_key, sizeof(lt_key)); ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) { @@ -367,7 +378,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) } else { ret = wc_AesSetKey(info->cipher.aesgcm_dec.aes, lt_key, - WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION); + keyLen, lt_iv, AES_DECRYPTION); ForceZero(lt_key, sizeof(lt_key)); ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) { @@ -397,6 +408,14 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) #endif /* HAVE_AESGCM */ #ifdef HAVE_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC) { + word32 keyLen = info->cipher.aescbc.aes->keylen; + if (keyLen != AES_128_KEY_SIZE && + keyLen != AES_192_KEY_SIZE && + keyLen != AES_256_KEY_SIZE) { + WOLFSSL_MSG_EX( + "TROPIC01: CryptoCB: invalid AES key length %u", keyLen); + return BAD_FUNC_ARG; + } ret = Tropic01_GetKeyAES( lt_key, TROPIC01_AES_KEY_RMEM_SLOT, @@ -420,7 +439,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) } if (info->cipher.enc) { ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key, - WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION); + keyLen, lt_iv, AES_ENCRYPTION); ForceZero(lt_key, sizeof(lt_key)); ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) { @@ -443,7 +462,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) else { ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key, - WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION); + keyLen, lt_iv, AES_DECRYPTION); ForceZero(lt_key, sizeof(lt_key)); ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) {