From c1c7c903458b83a9e4ec0bcf01ba65e80805b617 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 1 Mar 2017 11:17:24 -0800 Subject: [PATCH 1/2] add defined for default AES AUTH_TAG_MIN_SZ --- wolfcrypt/src/aes.c | 10 ++++++++++ wolfcrypt/test/test.c | 26 -------------------------- wolfssl/wolfcrypt/settings.h | 6 ++++++ 3 files changed, 16 insertions(+), 26 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 09c78bd4e..7b8c4b40a 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4238,6 +4238,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, uint32_t keySize; status_t status; + if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + WOLFSSL_MSG("GcmEncrypt authTagSz too small error"); + return BAD_FUNC_ARG; + } + key = (byte*)aes->key; status = wc_AesGetKeySize(aes, &keySize); @@ -4265,6 +4270,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, if (authTagSz > AES_BLOCK_SIZE) return BAD_FUNC_ARG; + if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + WOLFSSL_MSG("GcmEncrypt authTagSz too small error"); + return BAD_FUNC_ARG; + } + #ifdef WOLFSSL_AESNI if (haveAESNI) { AES_GCM_encrypt(in, out, authIn, iv, authTag, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 24aaaecc8..2e0cebb5a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3432,26 +3432,6 @@ int gmac_test(void) 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91 }; - const byte k3[] = - { - 0xb8, 0xe4, 0x9a, 0x5e, 0x37, 0xf9, 0x98, 0x2b, - 0xb9, 0x6d, 0xd0, 0xc9, 0xb6, 0xab, 0x26, 0xac - }; - const byte iv3[] = - { - 0xe4, 0x4a, 0x42, 0x18, 0x8c, 0xae, 0x94, 0x92, - 0x6a, 0x9c, 0x26, 0xb0 - }; - const byte a3[] = - { - 0x9d, 0xb9, 0x61, 0x68, 0xa6, 0x76, 0x7a, 0x31, - 0xf8, 0x29, 0xe4, 0x72, 0x61, 0x68, 0x3f, 0x8a - }; - const byte t3[] = - { - 0x23, 0xe2, 0x9f, 0x66, 0xe4, 0xc6, 0x52, 0x48 - }; - byte tag[16]; XMEMSET(tag, 0, sizeof(tag)); @@ -3466,12 +3446,6 @@ int gmac_test(void) if (XMEMCMP(t2, tag, sizeof(t2)) != 0) return -127; - XMEMSET(tag, 0, sizeof(tag)); - wc_GmacSetKey(&gmac, k3, sizeof(k3)); - wc_GmacUpdate(&gmac, iv3, sizeof(iv3), a3, sizeof(a3), tag, sizeof(t3)); - if (XMEMCMP(t3, tag, sizeof(t3)) != 0) - return -128; - return 0; } #endif /* HAVE_AESGCM */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e1c93cd75..e8d7f1fc9 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1396,6 +1396,12 @@ static char *fgets(char *buff, int sz, FILE *fp) #define NO_OLD_TLS #endif + +/* Default AES minimum auth tag sz, allow user to override */ +#ifndef WOLFSSL_MIN_AUTH_TAG_SZ + #define WOLFSSL_MIN_AUTH_TAG_SZ 12 +#endif + /* If not forcing ARC4 as the DRBG or using custom RNG block gen, enable Hash_DRBG */ #undef HAVE_HASHDRBG #if !defined(WOLFSSL_FORCE_RC4_DRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) From a348898e96b46d5edb595180f0df7bf3d9be7c1d Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 3 Mar 2017 11:42:24 -0800 Subject: [PATCH 2/2] add AUTH_SZ size check to ti and armv8 ports --- wolfcrypt/src/port/arm/armv8-aes.c | 5 +++++ wolfcrypt/src/port/ti/ti-aes.c | 3 +++ 2 files changed, 8 insertions(+) diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index e59bd2571..c189b3eda 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -2532,6 +2532,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return BAD_FUNC_ARG; } + if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + WOLFSSL_MSG("GcmEncrypt authTagSz too small error"); + return BAD_FUNC_ARG; + } + switch (aes->rounds) { case 10: return Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz, diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index 5b982c41d..cd8d2eed9 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -490,6 +490,9 @@ WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { + if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + return BAD_FUNC_ARG; + } return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ; }