wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

add defined for default AES AUTH_TAG_MIN_SZ

Browse Source
This commit is contained in:
toddouska
2017-03-01 11:17:24 -08:00
parent 0608cd0dd3
commit c1c7c90345
3 changed files with 16 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/aes.c
View File

@@ -4238,6 +4238,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
uint32_t keySize; uint32_t keySize;
status_t status; status_t status;
if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
WOLFSSL_MSG("GcmEncrypt authTagSz too small error");
return BAD_FUNC_ARG;
}
key = (byte*)aes->key; key = (byte*)aes->key;
status = wc_AesGetKeySize(aes, &keySize); status = wc_AesGetKeySize(aes, &keySize);
@@ -4265,6 +4270,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
if (authTagSz > AES_BLOCK_SIZE) if (authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
WOLFSSL_MSG("GcmEncrypt authTagSz too small error");
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (haveAESNI) { if (haveAESNI) {
AES_GCM_encrypt(in, out, authIn, iv, authTag, AES_GCM_encrypt(in, out, authIn, iv, authTag,

26
wolfcrypt/test/test.c
View File

@@ -3432,26 +3432,6 @@ int gmac_test(void)
0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
}; };
const byte k3[] =
{
0xb8, 0xe4, 0x9a, 0x5e, 0x37, 0xf9, 0x98, 0x2b,
0xb9, 0x6d, 0xd0, 0xc9, 0xb6, 0xab, 0x26, 0xac
};
const byte iv3[] =
{
0xe4, 0x4a, 0x42, 0x18, 0x8c, 0xae, 0x94, 0x92,
0x6a, 0x9c, 0x26, 0xb0
};
const byte a3[] =
{
0x9d, 0xb9, 0x61, 0x68, 0xa6, 0x76, 0x7a, 0x31,
0xf8, 0x29, 0xe4, 0x72, 0x61, 0x68, 0x3f, 0x8a
};
const byte t3[] =
{
0x23, 0xe2, 0x9f, 0x66, 0xe4, 0xc6, 0x52, 0x48
};
byte tag[16]; byte tag[16];
XMEMSET(tag, 0, sizeof(tag)); XMEMSET(tag, 0, sizeof(tag));
@@ -3466,12 +3446,6 @@ int gmac_test(void)
if (XMEMCMP(t2, tag, sizeof(t2)) != 0) if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
return -127; return -127;
XMEMSET(tag, 0, sizeof(tag));
wc_GmacSetKey(&gmac, k3, sizeof(k3));
wc_GmacUpdate(&gmac, iv3, sizeof(iv3), a3, sizeof(a3), tag, sizeof(t3));
if (XMEMCMP(t3, tag, sizeof(t3)) != 0)
return -128;
return 0; return 0;
} }
#endif /* HAVE_AESGCM */ #endif /* HAVE_AESGCM */

6
wolfssl/wolfcrypt/settings.h
View File

@@ -1396,6 +1396,12 @@ static char *fgets(char *buff, int sz, FILE *fp)
#define NO_OLD_TLS #define NO_OLD_TLS
#endif #endif
/* Default AES minimum auth tag sz, allow user to override */
#ifndef WOLFSSL_MIN_AUTH_TAG_SZ
#define WOLFSSL_MIN_AUTH_TAG_SZ 12
#endif
/* If not forcing ARC4 as the DRBG or using custom RNG block gen, enable Hash_DRBG */ /* If not forcing ARC4 as the DRBG or using custom RNG block gen, enable Hash_DRBG */
#undef HAVE_HASHDRBG #undef HAVE_HASHDRBG
#if !defined(WOLFSSL_FORCE_RC4_DRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) #if !defined(WOLFSSL_FORCE_RC4_DRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)