Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha.

mcapi/crypto.h

@@ -116,10 +116,10 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX*, unsigned char*);
 
 /* HMAC types */
 enum {
-    CRYPT_HMAC_SHA    = 1,
+    CRYPT_HMAC_SHA    = 4,
-    CRYPT_HMAC_SHA256 = 2,
+    CRYPT_HMAC_SHA256 = 6,
-    CRYPT_HMAC_SHA384 = 5,
+    CRYPT_HMAC_SHA384 = 7,
-    CRYPT_HMAC_SHA512 = 4
+    CRYPT_HMAC_SHA512 = 8
 };
 
 

src/internal.c

@@ -686,21 +686,21 @@ static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     idx++; /* no truncated hmac */
 #endif
     sz = exp[idx++];
-    if (sz > WC_MAX_DIGEST_SIZE || sz + idx > len) {
+    if (sz > sizeof(keys->client_write_MAC_secret) || sz + idx > len) {
         return BUFFER_E;
     }
     XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz;
     XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz;
 
     sz = exp[idx++];
-    if (sz > AES_256_KEY_SIZE || sz + idx > len) {
+    if (sz > sizeof(keys->client_write_key) || sz + idx > len) {
         return BUFFER_E;
     }
     XMEMCPY(keys->client_write_key, exp + idx, sz); idx += sz;
     XMEMCPY(keys->server_write_key, exp + idx, sz); idx += sz;
 
     sz = exp[idx++];
-    if (sz > MAX_WRITE_IV_SZ || sz + idx > len) {
+    if (sz > sizeof(keys->client_write_IV) || sz + idx > len) {
         return BUFFER_E;
     }
     XMEMCPY(keys->client_write_IV, exp + idx, sz); idx += sz;
@@ -709,7 +709,7 @@ static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     idx += AEAD_MAX_EXP_SZ;
 
     sz = exp[idx++];
-    if (sz > AEAD_MAX_IMP_SZ || sz + idx > len) {
+    if (sz > sizeof(keys->aead_enc_imp_IV) || sz + idx > len) {
         return BUFFER_E;
     }
     XMEMCPY(keys->aead_enc_imp_IV, exp + idx, sz); idx += sz;

wolfcrypt/src/chacha.c

@@ -338,7 +338,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
-    if (keySz != 16 && keySz != 32)
+    if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
         return BAD_FUNC_ARG;
 
 #ifdef XSTREAM_ALIGN
@@ -369,7 +369,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     ctx->X[5] = U8TO32_LITTLE(k +  4);
     ctx->X[6] = U8TO32_LITTLE(k +  8);
     ctx->X[7] = U8TO32_LITTLE(k + 12);
-    if (keySz == 32) {
+    if (keySz == CHACHA_MAX_KEY_SZ) {
         k += 16;
         constants = sigma;
     }

wolfcrypt/src/wc_encrypt.c

@@ -247,7 +247,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
 #ifdef WOLFSSL_SMALL_STACK
     byte* key      = NULL;
 #else
-    byte  key[AES_MAX_KEY_SIZE];
+    byte  key[WC_MAX_SYM_KEY_SIZE];
 #endif
 
     (void)derSz;
@@ -264,7 +264,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    key = (byte*)XMALLOC(AES_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
+    key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
     if (key == NULL) {
         return MEMORY_E;
     }
@@ -306,7 +306,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
 #ifdef WOLFSSL_SMALL_STACK
     byte* key      = NULL;
 #else
-    byte  key[AES_MAX_KEY_SIZE];
+    byte  key[WC_MAX_SYM_KEY_SIZE];
 #endif
 
     (void)derSz;
@@ -319,7 +319,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    key = (byte*)XMALLOC(AES_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
+    key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
     if (key == NULL) {
         return MEMORY_E;
     }

wolfssl/internal.h

@@ -106,6 +106,7 @@
     #include <wolfssl/wolfcrypt/dh.h>
 #endif
 
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
@@ -1153,7 +1154,6 @@ enum Misc {
 
 #ifdef HAVE_FIPS
     /* these moved into wolfCrypt, but kept here for backwards compatibility with FIPS */
-    RC4_KEY_SIZE        = 16,  /* always 128bit           */
     DES_KEY_SIZE        =  8,  /* des                     */
     DES3_KEY_SIZE       = 24,  /* 3 des ede               */
     DES_IV_SIZE         = DES_BLOCK_SIZE,
@@ -1161,6 +1161,10 @@ enum Misc {
     AES_192_KEY_SIZE    = 24,  /* for 192 bit             */
     AES_IV_SIZE         = 16,  /* always block size       */
     AES_128_KEY_SIZE    = 16,  /* for 128 bit             */
+
+    MAX_SYM_KEY_SIZE    = AES_256_KEY_SIZE,
+#else
+    MAX_SYM_KEY_SIZE    = WC_MAX_SYM_KEY_SIZE,
 #endif
 
     AEAD_SEQ_OFFSET     = 4,   /* Auth Data: Sequence number */
@@ -1844,8 +1848,8 @@ typedef struct WOLFSSL_DTLS_PEERSEQ {
 typedef struct Keys {
     byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE];   /* max sizes */
     byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
-    byte client_write_key[AES_256_KEY_SIZE];         /* max sizes */
+    byte client_write_key[MAX_SYM_KEY_SIZE];         /* max sizes */
-    byte server_write_key[AES_256_KEY_SIZE];
+    byte server_write_key[MAX_SYM_KEY_SIZE];
     byte client_write_IV[MAX_WRITE_IV_SZ];               /* max sizes */
     byte server_write_IV[MAX_WRITE_IV_SZ];
 #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)

wolfssl/wolfcrypt/aes.h

@@ -69,16 +69,18 @@
 #endif
 
 enum {
-    AES_ENC_TYPE   = 1,   /* cipher unique type */
+    AES_ENC_TYPE   = WC_CIPHER_AES,   /* cipher unique type */
     AES_ENCRYPTION = 0,
     AES_DECRYPTION = 1,
-    KEYWRAP_BLOCK_SIZE = 8,
+
     AES_BLOCK_SIZE      = 16,
+    AES_IV_SIZE         = AES_BLOCK_SIZE,
+    
+    KEYWRAP_BLOCK_SIZE  = 8,
 
     AES_128_KEY_SIZE    = 16,  /* for 128 bit */
     AES_192_KEY_SIZE    = 24,  /* for 192 bit */
     AES_256_KEY_SIZE    = 32,  /* for 256 bit */
-    AES_IV_SIZE         = 16,  /* always block size       */
 };
 
 

wolfssl/wolfcrypt/chacha.h

@@ -44,7 +44,8 @@
 #define CHACHA_CHUNK_BYTES (CHACHA_CHUNK_WORDS * sizeof(word32))
 
 enum {
-	CHACHA_ENC_TYPE = 7     /* cipher unique type */
+	CHACHA_ENC_TYPE = WC_CIPHER_CHACHA,    /* cipher unique type */
+    CHACHA_MAX_KEY_SZ = 32,
 };
 
 typedef struct ChaCha {

wolfssl/wolfcrypt/des3.h

@@ -46,8 +46,8 @@
 #endif
 
 enum {
-    DES_ENC_TYPE    = 2,     /* cipher unique type */
+    DES_ENC_TYPE    = WC_CIPHER_DES,     /* cipher unique type */
-    DES3_ENC_TYPE   = 3,     /* cipher unique type */
+    DES3_ENC_TYPE   = WC_CIPHER_DES3,    /* cipher unique type */
 
     DES_BLOCK_SIZE  = 8,
     DES_KS_SIZE     = 32,    /* internal DES key buffer size */

wolfssl/wolfcrypt/hc128.h

@@ -36,7 +36,7 @@
 #endif
 
 enum {
-	HC128_ENC_TYPE    =  6    /* cipher unique type */
+	HC128_ENC_TYPE =  WC_CIPHER_HC128,     /* cipher unique type */
 };
 
 /* HC-128 stream cipher */

wolfssl/wolfcrypt/types.h

@@ -501,6 +501,24 @@
         WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2B
     };
 
+    /* cipher types */
+    enum CipherTypes {
+        WC_CIPHER_NONE = 0,
+        WC_CIPHER_AES = 1,
+        WC_CIPHER_AES_CBC = 2,
+        WC_CIPHER_AES_GCM = 3,
+        WC_CIPHER_AES_CTR = 4,
+        WC_CIPHER_AES_XTS = 5,
+        WC_CIPHER_AES_CFB = 6,
+        WC_CIPHER_DES3 = 7,
+        WC_CIPHER_DES = 8,
+        WC_CIPHER_CHACHA = 9,
+        WC_CIPHER_HC128 = 10,
+
+        WC_CIPHER_MAX = WC_CIPHER_HC128
+    };
+
+
 	/* settings detection for compile vs runtime math incompatibilities */
 	enum {
 	#if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)

wolfssl/wolfcrypt/wc_encrypt.h

@@ -33,38 +33,18 @@
     extern "C" {
 #endif
 
-enum CipherTypes {
+/* determine max cipher key size */
-    WC_CIPHER_NONE,
 #ifndef NO_AES
-    #ifdef HAVE_AES_CBC
+    #define WC_MAX_SYM_KEY_SIZE     (AES_MAX_KEY_SIZE/8)
-        WC_CIPHER_AES_CBC,
+#elif defined(HAVE_CHACHA)
+    #define WC_MAX_SYM_KEY_SIZE     CHACHA_MAX_KEY_SZ
+#elif !defined(NO_DES)
+    #define WC_MAX_SYM_KEY_SIZE     DES3_KEY_SIZE
+#elif !defined(NO_RC4)
+    #define WC_MAX_SYM_KEY_SIZE     RC4_KEY_SIZE
+#else
+    #define WC_MAX_SYM_KEY_SIZE     32
 #endif
-    #ifdef HAVE_AESGCM
-        WC_CIPHER_AES_GCM,
-    #endif
-    #ifdef WOLFSSL_AES_COUNTER
-        WC_CIPHER_AES_CTR,
-    #endif
-    #ifdef WOLFSSL_AES_XTS
-        WC_CIPHER_AES_XTS,
-    #endif
-    #ifdef WOLFSSL_AES_CFB
-        WC_CIPHER_AES_CFB,
-    #endif
-#endif
-#ifndef NO_DES3
-    WC_CIPHER_DES3,
-#endif
-#ifndef NO_DES
-    WC_CIPHER_DES,
-#endif
-#ifdef HAVE_CHAHCA
-    WC_CIPHER_CHACHA,
-#endif
-#ifdef HAVE_HC128
-    WC_CIPHER_HC128,
-#endif
-};
 
 
 #ifndef NO_AES