diff --git a/src/ssl.c b/src/ssl.c index 7333e59dd..51b0e9f51 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21136,7 +21136,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt"); - if (key == NULL || in == NULL || out == NULL || iv == NULL) { + if (key == NULL || in == NULL || out == NULL || iv == NULL || len == 0) { WOLFSSL_MSG("Error, Null argument passed in"); return; } diff --git a/tests/api.c b/tests/api.c index 8f3c12248..260319361 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20344,6 +20344,198 @@ static void test_wolfSSL_DES_ncbc(void){ #endif } +static void test_wolfSSL_AES_cbc_encrypt() +{ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) + AES_KEY aes; + AES_KEY* aesN = NULL; + size_t len = 0; + size_t lenB = 0; + int keySz0 = 0; + int keySzN = -1; + byte out[AES_BLOCK_SIZE] = {0}; + byte* outN = NULL; + const int enc1 = AES_ENCRYPT; + const int enc2 = AES_DECRYPT; + + /* Test vectors retrieved from: + * + * https://csrc.nist.gov/ + * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/ + * documents/aes/KAT_AES.zip + * + */ + const byte* pt128N = NULL; + byte* key128N = NULL; + byte* iv128N = NULL; + byte iv128tmp[AES_BLOCK_SIZE] = {0}; + + const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + + const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9, + 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 }; + + const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + + byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 }; + + + len = sizeof(pt128); + + #define STRESS_T(a, b, c, d, e, f, g, h, i) \ + wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \ + AssertIntNE(XMEMCMP(b, g, h), i) + + #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE) + + printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()"); + STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); + STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0); + + wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1); + AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); + wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1); + AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); + + STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); + printf(resultFmt, "Stress Tests: passed"); + + printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key"); + AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0); + AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0); + AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0); + AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0); + printf(resultFmt, "Stress Tests: passed"); + + printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key"); + AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0); + AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0); + AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0); + AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0); + printf(resultFmt, "Stress Tests: passed"); + + #ifdef WOLFSSL_AES_128 + + printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit"); + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv128tmp, iv128); + + AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1); + AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); + printf(resultFmt, "passed"); + + #ifdef HAVE_AES_DECRYPT + + printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode"); + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv128tmp, iv128); + len = sizeof(ct128); + + AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2); + AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); + printf(resultFmt, "passed"); + + #endif + + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition + * Appendix F.2.3 */ + + byte iv192tmp[AES_BLOCK_SIZE] = {0}; + + const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; + + const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, + 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 }; + + const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; + + byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b }; + + len = sizeof(pt192); + + printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit"); + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv192tmp, iv192); + + AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1); + AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); + printf(resultFmt, "passed"); + + #ifdef HAVE_AES_DECRYPT + + printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode"); + len = sizeof(ct192); + RESET_IV(iv192tmp, iv192); + XMEMSET(out, 0, AES_BLOCK_SIZE); + + AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2); + AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); + printf(resultFmt, "passed"); + + #endif + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + byte iv256tmp[AES_BLOCK_SIZE] = {0}; + + const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; + + const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, + 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 }; + + const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; + + byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; + + + len = sizeof(pt256); + + printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit"); + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv256tmp, iv256); + + AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1); + AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); + printf(resultFmt, "passed"); + + #ifdef HAVE_AES_DECRYPT + + printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode"); + len = sizeof(ct256); + RESET_IV(iv256tmp, iv256); + XMEMSET(out, 0, AES_BLOCK_SIZE); + + AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2); + AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); + printf(resultFmt, "passed"); + + #endif + #endif /* WOLFSSL_AES_256 */ +#endif +} + + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -21996,6 +22188,7 @@ void ApiTest(void) test_wolfSSL_i2c_ASN1_INTEGER(); test_wolfSSL_X509_check_ca(); test_wolfSSL_DES_ncbc(); + test_wolfSSL_AES_cbc_encrypt(); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);