wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3704 from douzzer/aesgcm-table-small-stack

Browse Source 
--enable-aesgcm=table --enable-smallstack
This commit is contained in:
David Garske
2021-01-29 19:53:08 -08:00
committed by GitHub
parent eae4124908 d0b20f90d5
commit f5f19fda42
10 changed files with 1551 additions and 867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -6311,6 +6311,7 @@ echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * AES-CTR: $ENABLED_AESCTR"
echo " * AES-CFB: $ENABLED_AESCFB"
echo " * AES-OFB: $ENABLED_AESOFB"
echo " * DES3: $ENABLED_DES3"
echo " * IDEA: $ENABLED_IDEA"
echo " * Camellia: $ENABLED_CAMELLIA"

173
wolfcrypt/src/aes.c
View File

@ -775,17 +775,34 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
const int bits, Aes* aes)
{
int nr;
Aes temp_key;
__m128i *Key_Schedule = (__m128i*)aes->key;
__m128i *Temp_Key_Schedule = (__m128i*)temp_key.key;
#ifdef WOLFSSL_SMALL_STACK
Aes *temp_key;
#else
Aes temp_key[1];
#endif
__m128i *Key_Schedule;
__m128i *Temp_Key_Schedule;
if (!userKey || !aes)
return BAD_FUNC_ARG;
if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
if ((temp_key = (Aes *)XMALLOC(sizeof *aes, aes->heap,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
nr = temp_key.rounds;
if (AES_set_encrypt_key(userKey,bits,temp_key) == BAD_FUNC_ARG) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES);
#endif
return BAD_FUNC_ARG;
}
Key_Schedule = (__m128i*)aes->key;
Temp_Key_Schedule = (__m128i*)temp_key->key;
nr = temp_key->rounds;
aes->rounds = nr;
SAVE_VECTOR_REGISTERS();
@ -815,6 +832,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
RESTORE_VECTOR_REGISTERS();
#ifdef WOLFSSL_SMALL_STACK
XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES);
#endif
return 0;
}
#endif /* HAVE_AES_DECRYPT */
@ -7473,7 +7494,11 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz, WC_RNG* rng)
{
Aes aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = NULL;
#else
Aes aes[1];
#endif
int ret;
if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
@ -7482,17 +7507,26 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
return BAD_FUNC_ARG;
}
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
ret = wc_AesGcmSetKey(aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmSetIV(&aes, ivSz, NULL, 0, rng);
ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
if (ret == 0)
ret = wc_AesGcmEncrypt_ex(&aes, NULL, NULL, 0, iv, ivSz,
ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
wc_AesFree(&aes);
wc_AesFree(aes);
}
ForceZero(&aes, sizeof(aes));
ForceZero(aes, sizeof *aes);
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
return ret;
}
@ -7504,7 +7538,11 @@ int wc_GmacVerify(const byte* key, word32 keySz,
{
int ret;
#ifdef HAVE_AES_DECRYPT
Aes aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = NULL;
#else
Aes aes[1];
#endif
if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
@ -7512,15 +7550,24 @@ int wc_GmacVerify(const byte* key, word32 keySz,
return BAD_FUNC_ARG;
}
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
ret = wc_AesGcmSetKey(aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmDecrypt(&aes, NULL, NULL, 0, iv, ivSz,
ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
wc_AesFree(&aes);
wc_AesFree(aes);
}
ForceZero(&aes, sizeof(aes));
ForceZero(aes, sizeof *aes);
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
#else
(void)key;
(void)keySz;
@ -8854,7 +8901,12 @@ static WC_INLINE void DecrementKeyWrapCounter(byte* inOutCtr)
int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
byte* out, word32 outSz, const byte* iv)
{
Aes aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = NULL;
#else
Aes aes[1];
#endif
int aes_inited = 0;
byte* r;
word32 i;
int ret, j;
@ -8871,6 +8923,12 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
if (inSz % KEYWRAP_BLOCK_SIZE != 0)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
/* user IV is optional */
if (iv == NULL) {
XMEMSET(tmp, 0xA6, KEYWRAP_BLOCK_SIZE);
@ -8882,13 +8940,15 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
XMEMCPY(r, in, inSz);
XMEMSET(t, 0, sizeof(t));
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
goto out;
else
aes_inited = 1;
ret = wc_AesSetKey(&aes, key, keySz, NULL, AES_ENCRYPTION);
ret = wc_AesSetKey(aes, key, keySz, NULL, AES_ENCRYPTION);
if (ret != 0)
return ret;
goto out;
for (j = 0; j <= 5; j++) {
for (i = 1; i <= inSz / KEYWRAP_BLOCK_SIZE; i++) {
@ -8896,7 +8956,7 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
/* load R[i] */
XMEMCPY(tmp + KEYWRAP_BLOCK_SIZE, r, KEYWRAP_BLOCK_SIZE);
wc_AesEncryptDirect(&aes, tmp, tmp);
wc_AesEncryptDirect(aes, tmp, tmp);
/* calculate new A */
IncrementKeyWrapCounter(t);
@ -8912,15 +8972,32 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
/* C[0] = A */
XMEMCPY(out, tmp, KEYWRAP_BLOCK_SIZE);
wc_AesFree(&aes);
ret = 0;
return inSz + KEYWRAP_BLOCK_SIZE;
out:
if (aes_inited)
wc_AesFree(aes);
#ifdef WOLFSSL_SMALL_STACK
if (aes)
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0)
return ret;
else
return inSz + KEYWRAP_BLOCK_SIZE;
}
int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
byte* out, word32 outSz, const byte* iv)
{
Aes aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = NULL;
#else
Aes aes[1];
#endif
int aes_inited = 0;
byte* r;
word32 i, n;
int ret, j;
@ -8943,6 +9020,12 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
if (inSz % KEYWRAP_BLOCK_SIZE != 0)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
/* user IV optional */
if (iv != NULL) {
expIv = iv;
@ -8955,13 +9038,15 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
XMEMCPY(out, in + KEYWRAP_BLOCK_SIZE, inSz - KEYWRAP_BLOCK_SIZE);
XMEMSET(t, 0, sizeof(t));
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
goto out;
else
aes_inited = 1;
ret = wc_AesSetKey(&aes, key, keySz, NULL, AES_DECRYPTION);
ret = wc_AesSetKey(aes, key, keySz, NULL, AES_DECRYPTION);
if (ret != 0)
return ret;
goto out;
/* initialize counter to 6n */
n = (inSz - 1) / KEYWRAP_BLOCK_SIZE;
@ -8977,20 +9062,32 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
/* load R[i], starting at end of R */
r = out + ((i - 1) * KEYWRAP_BLOCK_SIZE);
XMEMCPY(tmp + KEYWRAP_BLOCK_SIZE, r, KEYWRAP_BLOCK_SIZE);
wc_AesDecryptDirect(&aes, tmp, tmp);
wc_AesDecryptDirect(aes, tmp, tmp);
/* save R[i] */
XMEMCPY(r, tmp + KEYWRAP_BLOCK_SIZE, KEYWRAP_BLOCK_SIZE);
}
}
wc_AesFree(&aes);
/* verify IV */
if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0)
return BAD_KEYWRAP_IV_E;
if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) {
ret = BAD_KEYWRAP_IV_E;
goto out;
}
return inSz - KEYWRAP_BLOCK_SIZE;
out:
if (aes_inited)
wc_AesFree(aes);
#ifdef WOLFSSL_SMALL_STACK
if (aes)
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0)
return ret;
else
return inSz - KEYWRAP_BLOCK_SIZE;
}
#endif /* HAVE_AES_KEYWRAP */

88
wolfcrypt/src/blake2b.c
View File

@ -207,31 +207,14 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
return 0;
}
static int blake2b_compress( blake2b_state *S,
const byte block[BLAKE2B_BLOCKBYTES] )
static WC_INLINE int blake2b_compress(
blake2b_state *S,
const byte block[BLAKE2B_BLOCKBYTES],
word64* m,
word64* v)
{
int i;
#ifdef WOLFSSL_SMALL_STACK
word64* m;
word64* v;
m = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( m == NULL ) return MEMORY_E;
v = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( v == NULL )
{
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#else
word64 m[16];
word64 v[16];
#endif
for( i = 0; i < 16; ++i )
m[i] = load64( block + i * sizeof( m[i] ) );
@ -287,17 +270,27 @@ static int blake2b_compress( blake2b_state *S,
#undef G
#undef ROUND
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
/* inlen now in bytes */
int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
word64* m;
word64* v;
m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( m == NULL ) return MEMORY_E;
v = &m[16];
#else
word64 m[16];
word64 v[16];
#endif
while( inlen > 0 )
{
word64 left = S->buflen;
@ -310,8 +303,8 @@ int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
{
int ret = blake2b_compress( S, S->buf );
if (ret < 0) return ret;
ret = blake2b_compress( S, S->buf, m, v );
if (ret < 0) break;
}
XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
@ -328,22 +321,40 @@ int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
}
}
return 0;
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* Is this correct? */
int blake2b_final( blake2b_state *S, byte *out, byte outlen )
{
int ret = 0;
byte buffer[BLAKE2B_OUTBYTES];
int i;
#ifdef WOLFSSL_SMALL_STACK
word64* m;
word64* v;
m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( m == NULL ) return MEMORY_E;
v = &m[16];
#else
word64 m[16];
word64 v[16];
#endif
if( S->buflen > BLAKE2B_BLOCKBYTES )
{
blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
{
int ret = blake2b_compress( S, S->buf );
if (ret < 0) return ret;
ret = blake2b_compress( S, S->buf, m, v );
if (ret < 0) goto out;
}
S->buflen -= BLAKE2B_BLOCKBYTES;
@ -355,15 +366,22 @@ int blake2b_final( blake2b_state *S, byte *out, byte outlen )
XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) );
/* Padding */
{
int ret = blake2b_compress( S, S->buf );
if (ret < 0) return ret;
ret = blake2b_compress( S, S->buf, m, v );
if (ret < 0) goto out;
}
for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
XMEMCPY( out, buffer, outlen );
return 0;
out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* inlen, at least, should be word64. Others can be size_t. */

88
wolfcrypt/src/blake2s.c
View File

@ -204,31 +204,14 @@ int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key,
return 0;
}
static int blake2s_compress( blake2s_state *S,
const byte block[BLAKE2S_BLOCKBYTES] )
static WC_INLINE int blake2s_compress(
blake2s_state *S,
const byte block[BLAKE2S_BLOCKBYTES],
word32* m,
word32* v)
{
int i;
#ifdef WOLFSSL_SMALL_STACK
word32* m;
word32* v;
m = (word32*)XMALLOC(sizeof(word32) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( m == NULL ) return MEMORY_E;
v = (word32*)XMALLOC(sizeof(word32) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( v == NULL )
{
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#else
word32 m[16];
word32 v[16];
#endif
for( i = 0; i < 16; ++i )
m[i] = load32( block + i * sizeof( m[i] ) );
@ -282,17 +265,27 @@ static int blake2s_compress( blake2s_state *S,
#undef G
#undef ROUND
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
/* inlen now in bytes */
int blake2s_update( blake2s_state *S, const byte *in, word32 inlen )
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
word32* m;
word32* v;
m = (word32*)XMALLOC(sizeof(word32) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( m == NULL ) return MEMORY_E;
v = &m[16];
#else
word32 m[16];
word32 v[16];
#endif
while( inlen > 0 )
{
word32 left = S->buflen;
@ -305,8 +298,8 @@ int blake2s_update( blake2s_state *S, const byte *in, word32 inlen )
blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
{
int ret= blake2s_compress( S, S->buf );
if (ret < 0) return ret;
ret= blake2s_compress( S, S->buf, m, v );
if (ret < 0) break;
}
XMEMCPY( S->buf, S->buf + BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
@ -323,22 +316,40 @@ int blake2s_update( blake2s_state *S, const byte *in, word32 inlen )
}
}
return 0;
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* Is this correct? */
int blake2s_final( blake2s_state *S, byte *out, byte outlen )
{
int ret = 0;
int i;
byte buffer[BLAKE2S_BLOCKBYTES];
#ifdef WOLFSSL_SMALL_STACK
word32* m;
word32* v;
m = (word32*)XMALLOC(sizeof(word32) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( m == NULL ) return MEMORY_E;
v = &m[16];
#else
word32 m[16];
word32 v[16];
#endif
if( S->buflen > BLAKE2S_BLOCKBYTES )
{
blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
{
int ret = blake2s_compress( S, S->buf );
if (ret < 0) return ret;
ret = blake2s_compress( S, S->buf, m, v );
if (ret < 0) goto out;
}
S->buflen -= BLAKE2S_BLOCKBYTES;
@ -350,15 +361,22 @@ int blake2s_final( blake2s_state *S, byte *out, byte outlen )
XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2S_BLOCKBYTES - S->buflen) );
/* Padding */
{
int ret = blake2s_compress( S, S->buf );
if (ret < 0) return ret;
ret = blake2s_compress( S, S->buf, m, v );
if (ret < 0) goto out;
}
for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
XMEMCPY( out, buffer, outlen );
return 0;
out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* inlen, at least, should be word32. Others can be size_t. */

35
wolfcrypt/src/cmac.c
View File

@ -165,25 +165,42 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz)
{
Cmac cmac;
#ifdef WOLFSSL_SMALL_STACK
Cmac *cmac;
#else
Cmac cmac[1];
#endif
int ret;
if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0)
return BAD_FUNC_ARG;
ret = wc_InitCmac(&cmac, key, keySz, WC_CMAC_AES, NULL);
if (ret != 0)
return ret;
#ifdef WOLFSSL_SMALL_STACK
if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL,
DYNAMIC_TYPE_CMAC)) == NULL)
return MEMORY_E;
#endif
ret = wc_CmacUpdate(&cmac, in, inSz);
ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
if (ret != 0)
return ret;
goto out;
ret = wc_CmacFinal(&cmac, out, outSz);
ret = wc_CmacUpdate(cmac, in, inSz);
if (ret != 0)
return ret;
goto out;
return 0;
ret = wc_CmacFinal(cmac, out, outSz);
if (ret != 0)
goto out;
out:
#ifdef WOLFSSL_SMALL_STACK
if (cmac)
XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
#endif
return ret;
}

108
wolfcrypt/src/ecc.c
View File

@ -10615,20 +10615,32 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
switch (ctx->encAlgo) {
case ecAES_128_CBC:
{
Aes aes;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
#else
Aes aes[1];
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz);
ret = wc_AesCbcEncrypt(aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
ret = wc_AsyncWait(ret, &aes.asyncDev,
ret = wc_AsyncWait(ret, &aes->asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(&aes);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0)
break;
}
@ -10644,18 +10656,30 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
switch (ctx->macAlgo) {
case ecHMAC_SHA256:
{
Hmac hmac;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE);
if (ret == 0)
ret = wc_HmacUpdate(&hmac, out, msgSz);
if (ret == 0)
ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
if (ret == 0)
ret = wc_HmacFinal(&hmac, out+msgSz);
wc_HmacFree(&hmac);
#ifdef WOLFSSL_SMALL_STACK
Hmac *hmac = (Hmac *)XMALLOC(sizeof *hmac, NULL,
DYNAMIC_TYPE_HMAC);
if (hmac == NULL) {
ret = MEMORY_E;
break;
}
#else
Hmac hmac[1];
#endif
ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_HmacSetKey(hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE);
if (ret == 0)
ret = wc_HmacUpdate(hmac, out, msgSz);
if (ret == 0)
ret = wc_HmacUpdate(hmac, ctx->macSalt, ctx->macSaltSz);
if (ret == 0)
ret = wc_HmacFinal(hmac, out+msgSz);
wc_HmacFree(hmac);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(hmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
}
break;
@ -10785,24 +10809,34 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
case ecHMAC_SHA256:
{
byte verify[WC_SHA256_DIGEST_SIZE];
Hmac hmac;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
Hmac *hmac = (Hmac *)XMALLOC(sizeof *hmac, NULL, DYNAMIC_TYPE_HMAC);
if (hmac == NULL) {
ret = MEMORY_E;
break;
}
#else
Hmac hmac[1];
#endif
ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE);
ret = wc_HmacSetKey(hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE);
if (ret == 0)
ret = wc_HmacUpdate(&hmac, msg, msgSz-digestSz);
ret = wc_HmacUpdate(hmac, msg, msgSz-digestSz);
if (ret == 0)
ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
ret = wc_HmacUpdate(hmac, ctx->macSalt, ctx->macSaltSz);
if (ret == 0)
ret = wc_HmacFinal(&hmac, verify);
ret = wc_HmacFinal(hmac, verify);
if (ret == 0) {
if (XMEMCMP(verify, msg + msgSz - digestSz, digestSz) != 0)
ret = -1;
}
wc_HmacFree(&hmac);
wc_HmacFree(hmac);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(hmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
break;
}
@ -10817,21 +10851,33 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#ifdef HAVE_AES_CBC
case ecAES_128_CBC:
{
Aes aes;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
#else
Aes aes[1];
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
AES_DECRYPTION);
if (ret == 0) {
ret = wc_AesCbcDecrypt(&aes, out, msg,
ret = wc_AesCbcDecrypt(aes, out, msg,
msgSz-digestSz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
ret = wc_AsyncWait(ret, &aes.asyncDev,
ret = wc_AsyncWait(ret, &aes->asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(&aes);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0)
break;
}

109
wolfcrypt/src/pkcs7.c
View File

@ -6628,7 +6628,11 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
{
int ret;
#ifndef NO_AES
Aes aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
#else
Aes aes[1];
#endif
#endif
#ifndef NO_DES3
Des des;
@ -6662,13 +6666,21 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
(ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION);
ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
if (ret == 0)
ret = wc_AesCbcEncrypt(&aes, out, in, inSz);
wc_AesFree(&aes);
ret = wc_AesCbcEncrypt(aes, out, in, inSz);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
@ -6685,14 +6697,22 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
ret = wc_AesGcmSetKey(aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmEncrypt(&aes, out, in, inSz, iv, ivSz,
ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif
#endif /* HAVE_AESGCM */
@ -6711,14 +6731,22 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key, keySz);
ret = wc_AesCcmSetKey(aes, key, keySz);
if (ret == 0)
ret = wc_AesCcmEncrypt(&aes, out, in, inSz, iv, ivSz,
ret = wc_AesCcmEncrypt(aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif
#endif /* HAVE_AESCCM */
@ -6770,7 +6798,11 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
{
int ret;
#ifndef NO_AES
Aes aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
#else
Aes aes[1];
#endif
#endif
#ifndef NO_DES3
Des des;
@ -6812,13 +6844,21 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
#endif
(ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION);
ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
wc_AesFree(&aes);
ret = wc_AesCbcDecrypt(aes, out, in, inSz);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
@ -6835,14 +6875,22 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
ret = wc_AesGcmSetKey(aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmDecrypt(&aes, out, in, inSz, iv, ivSz,
ret = wc_AesGcmDecrypt(aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif
#endif /* HAVE_AESGCM */
@ -6861,14 +6909,22 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
DYNAMIC_TYPE_AES)) == NULL)
return MEMORY_E;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key, keySz);
ret = wc_AesCcmSetKey(aes, key, keySz);
if (ret == 0)
ret = wc_AesCcmDecrypt(&aes, out, in, inSz, iv, ivSz,
ret = wc_AesCcmDecrypt(aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif
#endif /* HAVE_AESCCM */
@ -10695,7 +10751,6 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
const byte contentTypeOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01,
0x09, 0x03 };
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0)
return BAD_FUNC_ARG;

24
wolfcrypt/src/wc_encrypt.c
View File

@ -618,31 +618,41 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
case PBE_AES256_CBC:
case PBE_AES128_CBC:
{
Aes aes;
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
aes = (Aes *)XMALLOC(sizeof *aes, NULL, DYNAMIC_TYPE_AES);
if (aes == NULL)
return MEMORY_E;
#else
Aes aes[1];
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
if (enc) {
ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv,
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_ENCRYPTION);
}
else {
ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv,
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_DECRYPTION);
}
}
if (ret == 0) {
if (enc)
ret = wc_AesCbcEncrypt(&aes, input, input, length);
ret = wc_AesCbcEncrypt(aes, input, input, length);
else
ret = wc_AesCbcDecrypt(&aes, input, input, length);
ret = wc_AesCbcDecrypt(aes, input, input, length);
}
ForceZero(aes, sizeof(Aes));
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ForceZero(&aes, sizeof(Aes));
break;
}
#endif /* WOLFSSL_AES_256 */

1790
wolfcrypt/test/test.c Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

2
wolfssl/wolfcrypt/types.h
View File

@ -757,6 +757,8 @@ decouple library dependencies with standard string, memory and so on.
DYNAMIC_TYPE_NAME_ENTRY = 90,
DYNAMIC_TYPE_CURVE448 = 91,
DYNAMIC_TYPE_ED448 = 92,
DYNAMIC_TYPE_AES = 93,
DYNAMIC_TYPE_CMAC = 94,
DYNAMIC_TYPE_SNIFFER_SERVER = 1000,
DYNAMIC_TYPE_SNIFFER_SESSION = 1001,
DYNAMIC_TYPE_SNIFFER_PB = 1002,