mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 20:54:41 +02:00
allow aes gcm fips wrappers, no void returns
This commit is contained in:
toddouska
@@ -1113,6 +1113,13 @@ then
|
|||||||
AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384"
|
AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384"
|
||||||
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
||||||
fi
|
fi
|
||||||
|
# requires AESGCM
|
||||||
|
if test "x$ENABLED_AESGCM" != "xyes"
|
||||||
|
then
|
||||||
|
ENABLED_AESGCM="yes"
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
||||||
|
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
||||||
|
fi
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@@ -2617,7 +2617,7 @@ static void GenerateM0(Aes* aes)
|
|||||||
#endif /* GCM_TABLE */
|
#endif /* GCM_TABLE */
|
||||||
|
|
||||||
|
|
||||||
void AesGcmSetKey(Aes* aes, const byte* key, word32 len)
|
int AesGcmSetKey(Aes* aes, const byte* key, word32 len)
|
||||||
{
|
{
|
||||||
byte iv[AES_BLOCK_SIZE];
|
byte iv[AES_BLOCK_SIZE];
|
||||||
|
|
||||||
@@ -2626,7 +2626,7 @@ void AesGcmSetKey(Aes* aes, const byte* key, word32 len)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!((len == 16) || (len == 24) || (len == 32)))
|
if (!((len == 16) || (len == 24) || (len == 32)))
|
||||||
return;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
XMEMSET(iv, 0, AES_BLOCK_SIZE);
|
XMEMSET(iv, 0, AES_BLOCK_SIZE);
|
||||||
AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
|
AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
|
||||||
@@ -2639,6 +2639,8 @@ void AesGcmSetKey(Aes* aes, const byte* key, word32 len)
|
|||||||
#ifdef GCM_TABLE
|
#ifdef GCM_TABLE
|
||||||
GenerateM0(aes);
|
GenerateM0(aes);
|
||||||
#endif /* GCM_TABLE */
|
#endif /* GCM_TABLE */
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -3145,7 +3147,7 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
|
|||||||
#endif /* end GCM_WORD32 */
|
#endif /* end GCM_WORD32 */
|
||||||
|
|
||||||
|
|
||||||
void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
int AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||||
const byte* iv, word32 ivSz,
|
const byte* iv, word32 ivSz,
|
||||||
byte* authTag, word32 authTagSz,
|
byte* authTag, word32 authTagSz,
|
||||||
const byte* authIn, word32 authInSz)
|
const byte* authIn, word32 authInSz)
|
||||||
@@ -3215,6 +3217,7 @@ void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|||||||
#endif
|
#endif
|
||||||
xorbuf(authTag, scratch, authTagSz);
|
xorbuf(authTag, scratch, authTagSz);
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -3301,17 +3304,17 @@ int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
CYASSL_API void GmacSetKey(Gmac* gmac, const byte* key, word32 len)
|
CYASSL_API int GmacSetKey(Gmac* gmac, const byte* key, word32 len)
|
||||||
{
|
{
|
||||||
AesGcmSetKey(&gmac->aes, key, len);
|
return AesGcmSetKey(&gmac->aes, key, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
CYASSL_API void GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
|
CYASSL_API int GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
|
||||||
const byte* authIn, word32 authInSz,
|
const byte* authIn, word32 authInSz,
|
||||||
byte* authTag, word32 authTagSz)
|
byte* authTag, word32 authTagSz)
|
||||||
{
|
{
|
||||||
AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
|
return AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
|
||||||
authTag, authTagSz, authIn, authInSz);
|
authTag, authTagSz, authIn, authInSz);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -118,8 +118,8 @@ CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
|
|||||||
CYASSL_API int AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
|
CYASSL_API int AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
|
||||||
const byte* iv, int dir);
|
const byte* iv, int dir);
|
||||||
#ifdef HAVE_AESGCM
|
#ifdef HAVE_AESGCM
|
||||||
CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len);
|
CYASSL_API int AesGcmSetKey(Aes* aes, const byte* key, word32 len);
|
||||||
CYASSL_API void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
CYASSL_API int AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||||
const byte* iv, word32 ivSz,
|
const byte* iv, word32 ivSz,
|
||||||
byte* authTag, word32 authTagSz,
|
byte* authTag, word32 authTagSz,
|
||||||
const byte* authIn, word32 authInSz);
|
const byte* authIn, word32 authInSz);
|
||||||
@@ -131,8 +131,8 @@ CYASSL_API int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|||||||
typedef struct Gmac {
|
typedef struct Gmac {
|
||||||
Aes aes;
|
Aes aes;
|
||||||
} Gmac;
|
} Gmac;
|
||||||
CYASSL_API void GmacSetKey(Gmac* gmac, const byte* key, word32 len);
|
CYASSL_API int GmacSetKey(Gmac* gmac, const byte* key, word32 len);
|
||||||
CYASSL_API void GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
|
CYASSL_API int GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
|
||||||
const byte* authIn, word32 authInSz,
|
const byte* authIn, word32 authInSz,
|
||||||
byte* authTag, word32 authTagSz);
|
byte* authTag, word32 authTagSz);
|
||||||
#endif /* HAVE_AESGCM */
|
#endif /* HAVE_AESGCM */
|
||||||
@@ -163,12 +163,24 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|||||||
word32 sz);
|
word32 sz);
|
||||||
CYASSL_API int AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in,
|
CYASSL_API int AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in,
|
||||||
word32 sz);
|
word32 sz);
|
||||||
|
CYASSL_API int AesGcmSetKey_fips(Aes* aes, const byte* key, word32 len);
|
||||||
|
CYASSL_API int AesGcmEncrypt_fips(Aes* aes, byte* out, const byte* in,
|
||||||
|
word32 sz, const byte* iv, word32 ivSz,
|
||||||
|
byte* authTag, word32 authTagSz,
|
||||||
|
const byte* authIn, word32 authInSz);
|
||||||
|
CYASSL_API int AesGcmDecrypt_fips(Aes* aes, byte* out, const byte* in,
|
||||||
|
word32 sz, const byte* iv, word32 ivSz,
|
||||||
|
const byte* authTag, word32 authTagSz,
|
||||||
|
const byte* authIn, word32 authInSz);
|
||||||
#ifndef FIPS_NO_WRAPPERS
|
#ifndef FIPS_NO_WRAPPERS
|
||||||
/* if not impl or fips.c impl wrapper force fips calls if fips build */
|
/* if not impl or fips.c impl wrapper force fips calls if fips build */
|
||||||
#define AesSetKey AesSetKey_fips
|
#define AesSetKey AesSetKey_fips
|
||||||
#define AesSetIV AesSetIV_fips
|
#define AesSetIV AesSetIV_fips
|
||||||
#define AesCbcEncrypt AesCbcEncrypt_fips
|
#define AesCbcEncrypt AesCbcEncrypt_fips
|
||||||
#define AesCbcDecrypt AesCbcDecrypt_fips
|
#define AesCbcDecrypt AesCbcDecrypt_fips
|
||||||
|
#define AesGcmSetKey AesGcmSetKey_fips
|
||||||
|
#define AesGcmEncrypt AesGcmEncrypt_fips
|
||||||
|
#define AesGcmDecrypt AesGcmDecrypt_fips
|
||||||
#endif /* FIPS_NO_WRAPPERS */
|
#endif /* FIPS_NO_WRAPPERS */
|
||||||
|
|
||||||
#endif /* HAVE_FIPS */
|
#endif /* HAVE_FIPS */
|
||||||
|
|||||||
@@ -5390,6 +5390,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
|
|||||||
#ifdef BUILD_AESGCM
|
#ifdef BUILD_AESGCM
|
||||||
case cyassl_aes_gcm:
|
case cyassl_aes_gcm:
|
||||||
{
|
{
|
||||||
|
int gcmRet;
|
||||||
byte additional[AEAD_AUTH_DATA_SZ];
|
byte additional[AEAD_AUTH_DATA_SZ];
|
||||||
byte nonce[AEAD_NONCE_SZ];
|
byte nonce[AEAD_NONCE_SZ];
|
||||||
const byte* additionalSrc = input - 5;
|
const byte* additionalSrc = input - 5;
|
||||||
@@ -5418,15 +5419,17 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
|
|||||||
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
|
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
|
||||||
XMEMCPY(nonce + AEAD_IMP_IV_SZ,
|
XMEMCPY(nonce + AEAD_IMP_IV_SZ,
|
||||||
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
|
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
|
||||||
AesGcmEncrypt(ssl->encrypt.aes,
|
gcmRet = AesGcmEncrypt(ssl->encrypt.aes,
|
||||||
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
|
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
|
||||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||||
nonce, AEAD_NONCE_SZ,
|
nonce, AEAD_NONCE_SZ,
|
||||||
out + sz - ssl->specs.aead_mac_size,
|
out + sz - ssl->specs.aead_mac_size,
|
||||||
ssl->specs.aead_mac_size,
|
ssl->specs.aead_mac_size,
|
||||||
additional, AEAD_AUTH_DATA_SZ);
|
additional, AEAD_AUTH_DATA_SZ);
|
||||||
AeadIncrementExpIV(ssl);
|
if (gcmRet == 0)
|
||||||
|
AeadIncrementExpIV(ssl);
|
||||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||||
|
return gcmRet;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
18
src/keys.c
18
src/keys.c
@@ -2115,6 +2115,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
|
|
||||||
#ifdef BUILD_AESGCM
|
#ifdef BUILD_AESGCM
|
||||||
if (specs->bulk_cipher_algorithm == cyassl_aes_gcm) {
|
if (specs->bulk_cipher_algorithm == cyassl_aes_gcm) {
|
||||||
|
int gcmRet;
|
||||||
|
|
||||||
if (enc && enc->aes == NULL)
|
if (enc && enc->aes == NULL)
|
||||||
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
if (enc && enc->aes == NULL)
|
if (enc && enc->aes == NULL)
|
||||||
@@ -2126,24 +2128,32 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
|
|
||||||
if (side == CYASSL_CLIENT_END) {
|
if (side == CYASSL_CLIENT_END) {
|
||||||
if (enc) {
|
if (enc) {
|
||||||
AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
|
gcmRet = AesGcmSetKey(enc->aes, keys->client_write_key,
|
||||||
|
specs->key_size);
|
||||||
|
if (gcmRet != 0) return gcmRet;
|
||||||
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
|
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
|
||||||
AEAD_IMP_IV_SZ);
|
AEAD_IMP_IV_SZ);
|
||||||
}
|
}
|
||||||
if (dec) {
|
if (dec) {
|
||||||
AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
|
gcmRet = AesGcmSetKey(dec->aes, keys->server_write_key,
|
||||||
|
specs->key_size);
|
||||||
|
if (gcmRet != 0) return gcmRet;
|
||||||
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
|
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
|
||||||
AEAD_IMP_IV_SZ);
|
AEAD_IMP_IV_SZ);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (enc) {
|
if (enc) {
|
||||||
AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
|
gcmRet = AesGcmSetKey(enc->aes, keys->server_write_key,
|
||||||
|
specs->key_size);
|
||||||
|
if (gcmRet != 0) return gcmRet;
|
||||||
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
|
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
|
||||||
AEAD_IMP_IV_SZ);
|
AEAD_IMP_IV_SZ);
|
||||||
}
|
}
|
||||||
if (dec) {
|
if (dec) {
|
||||||
AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
|
gcmRet = AesGcmSetKey(dec->aes, keys->client_write_key,
|
||||||
|
specs->key_size);
|
||||||
|
if (gcmRet != 0) return gcmRet;
|
||||||
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
|
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
|
||||||
AEAD_IMP_IV_SZ);
|
AEAD_IMP_IV_SZ);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user