From 3cfda77e382576c8ade2f8cab0db933f30ca57d8 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Thu, 17 Mar 2022 10:21:42 -0500 Subject: [PATCH] Correct use of key size in crypto/aes examples --- .gitignore | 2 ++ crypto/aes/README.md | 2 +- crypto/aes/aes-file-encrypt.c | 22 ++++++++++++++++------ crypto/aes/aescfb-file-encrypt.c | 22 ++++++++++++++++------ crypto/aes/aesctr-file-encrypt.c | 22 ++++++++++++++++------ 5 files changed, 51 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index cac97196..44e8582f 100644 --- a/.gitignore +++ b/.gitignore @@ -100,6 +100,8 @@ tls/server-tls-uart crypto/3des/3des-file-encrypt crypto/aes/aes-file-encrypt +crypto/aes/aescfb-file-encrypt +crypto/aes/aesctr-file-encrypt crypto/camellia/camellia-encrypt crypto/pkcs12/pkcs12-create-example crypto/pkcs12/pkcs12-example diff --git a/crypto/aes/README.md b/crypto/aes/README.md index 32c12a0a..4c5360f5 100644 --- a/crypto/aes/README.md +++ b/crypto/aes/README.md @@ -8,7 +8,7 @@ How to use aes-file-encrypt.c ./aes-file-encrypt <-option> - KeySize examples: 128, 192, 256 + KeySize (in bits) allowed values: 128, 192, 256 typing -e for option will encrypt the input.file onto the output.file. typing -d for option will decrypt the input.file onto the output.file. diff --git a/crypto/aes/aes-file-encrypt.c b/crypto/aes/aes-file-encrypt.c index 5a7219bc..d89af672 100644 --- a/crypto/aes/aes-file-encrypt.c +++ b/crypto/aes/aes-file-encrypt.c @@ -115,7 +115,7 @@ int AesEncrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) return -1040; /* sets key */ - ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(aes, key, size, iv, AES_ENCRYPTION); if (ret != 0) return -1001; @@ -191,7 +191,7 @@ int AesDecrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) return -1050; /* sets key */ - ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); + ret = wc_AesSetKey(aes, key, size, iv, AES_DECRYPTION); if (ret != 0) return -1002; @@ -273,11 +273,21 @@ int NoEcho(char* key, int size) return 0; } -int SizeCheck(int size) +int SizeCheck(int *size) { int ret = 0; - if (size != 128 && size != 192 && size != 256) { + /* Use key size values (size/8) */ + if (*size == 128) { + *size = AES_128_KEY_SIZE; + } + else if (*size == 192) { + *size = AES_192_KEY_SIZE; + } + else if (*size == 256) { + *size = AES_256_KEY_SIZE; + } + else { /* if the entered size does not match acceptable size */ printf("Invalid AES key size\n"); ret = -1080; @@ -307,12 +317,12 @@ int main(int argc, char** argv) switch (option) { case 'd': /* if entered decrypt */ size = atoi(optarg); - ret = SizeCheck(size); + ret = SizeCheck(&size); choice = 'd'; break; case 'e': /* if entered encrypt */ size = atoi(optarg); - ret = SizeCheck(size); + ret = SizeCheck(&size); choice = 'e'; break; case 'h': /* if entered 'help' */ diff --git a/crypto/aes/aescfb-file-encrypt.c b/crypto/aes/aescfb-file-encrypt.c index 16801095..28f2d475 100644 --- a/crypto/aes/aescfb-file-encrypt.c +++ b/crypto/aes/aescfb-file-encrypt.c @@ -113,7 +113,7 @@ int AesEncrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) return -1040; /* sets key */ - ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(aes, key, size, iv, AES_ENCRYPTION); if (ret != 0) return -1001; @@ -190,7 +190,7 @@ int AesDecrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) /* sets key */ /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(aes, key, size, iv, AES_ENCRYPTION); if (ret != 0) return -1002; @@ -272,11 +272,21 @@ int NoEcho(char* key, int size) return 0; } -int SizeCheck(int size) +int SizeCheck(int *size) { int ret = 0; - if (size != 128 && size != 192 && size != 256) { + /* Use key size values (size/8) */ + if (*size == 128) { + *size = AES_128_KEY_SIZE; + } + else if (*size == 192) { + *size = AES_192_KEY_SIZE; + } + else if (*size == 256) { + *size = AES_256_KEY_SIZE; + } + else { /* if the entered size does not match acceptable size */ printf("Invalid AES key size\n"); ret = -1080; @@ -306,12 +316,12 @@ int main(int argc, char** argv) switch (option) { case 'd': /* if entered decrypt */ size = atoi(optarg); - ret = SizeCheck(size); + ret = SizeCheck(&size); choice = 'd'; break; case 'e': /* if entered encrypt */ size = atoi(optarg); - ret = SizeCheck(size); + ret = SizeCheck(&size); choice = 'e'; break; case 'h': /* if entered 'help' */ diff --git a/crypto/aes/aesctr-file-encrypt.c b/crypto/aes/aesctr-file-encrypt.c index d19b5bf1..67bcfe41 100644 --- a/crypto/aes/aesctr-file-encrypt.c +++ b/crypto/aes/aesctr-file-encrypt.c @@ -96,7 +96,7 @@ int AesCtrEncrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) return -1040; /* sets key */ - ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(aes, key, size, iv, AES_ENCRYPTION); if (ret != 0) return -1001; @@ -166,7 +166,7 @@ int AesCtrDecrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) /* sets key */ /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(aes, key, size, iv, AES_ENCRYPTION); if (ret != 0) return -1002; @@ -236,11 +236,21 @@ int NoEcho(char* key, int size) return 0; } -int SizeCheck(int size) +int SizeCheck(int *size) { int ret = 0; - if (size != 128 && size != 192 && size != 256) { + /* Use key size values (size/8) */ + if (*size == 128) { + *size = AES_128_KEY_SIZE; + } + else if (*size == 192) { + *size = AES_192_KEY_SIZE; + } + else if (*size == 256) { + *size = AES_256_KEY_SIZE; + } + else { /* if the entered size does not match acceptable size */ printf("Invalid AES key size\n"); ret = -1080; @@ -270,12 +280,12 @@ int main(int argc, char** argv) switch (option) { case 'd': /* if entered decrypt */ size = atoi(optarg); - ret = SizeCheck(size); + ret = SizeCheck(&size); choice = 'd'; break; case 'e': /* if entered encrypt */ size = atoi(optarg); - ret = SizeCheck(size); + ret = SizeCheck(&size); choice = 'e'; break; case 'h': /* if entered 'help' */