WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfcrypt/test/test.c: add test coverage for WOLFSSL_AESXTS_STREAM. 

linuxkm/lkcapi_glue.c: typographic cleanups, and failsafe error return constructs when skcipher_walk_virt() returns zero walk.nbytes.

wolfcrypt/src/aes.c: additional comments and inline documentation.

.github/workflows/openvpn.yml: disable test on master branch.
pull/7522/head
Daniel Pouzzner 2024-05-14 18:23:22 -05:00
parent 8392748cda
commit 2fe366cc74
4 changed files with 363 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/openvpn.yml vendored
View File

@ -39,7 +39,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
# List of refs to test # List of refs to test
ref: [ release/2.6, v2.6.0, master ] # disabled master on 20240514 -- see https://github.com/wolfSSL/wolfssl/issues/7508
ref: [ release/2.6, v2.6.0 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.

52
linuxkm/lkcapi_glue.c
View File

@ -925,7 +925,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
err = skcipher_walk_virt(&walk, req, false); err = skcipher_walk_virt(&walk, req, false);
if (!walk.nbytes) if (!walk.nbytes)
return err; return err ? : -EINVAL;
} else { } else {
tail = 0; tail = 0;
} }
@ -939,6 +939,9 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
} }
while ((nbytes = walk.nbytes) != 0) { while ((nbytes = walk.nbytes) != 0) {
/* if this isn't the final call, pass block-aligned data to prevent
* end-of-message ciphertext stealing.
*/
if (nbytes < walk.total) if (nbytes < walk.total)
nbytes &= ~(AES_BLOCK_SIZE - 1); nbytes &= ~(AES_BLOCK_SIZE - 1);
@ -961,7 +964,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
} }
} }
if (unlikely(tail > 0 && !err)) { if (unlikely(tail > 0)) {
struct scatterlist sg_src[2], sg_dst[2]; struct scatterlist sg_src[2], sg_dst[2];
struct scatterlist *src, *dst; struct scatterlist *src, *dst;
@ -1048,7 +1051,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
err = skcipher_walk_virt(&walk, req, false); err = skcipher_walk_virt(&walk, req, false);
if (!walk.nbytes) if (!walk.nbytes)
return err; return err ? : -EINVAL;
} else { } else {
tail = 0; tail = 0;
} }
@ -1062,6 +1065,9 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
} }
while ((nbytes = walk.nbytes) != 0) { while ((nbytes = walk.nbytes) != 0) {
/* if this isn't the final call, pass block-aligned data to prevent
* end-of-message ciphertext stealing.
*/
if (nbytes < walk.total) if (nbytes < walk.total)
nbytes &= ~(AES_BLOCK_SIZE - 1); nbytes &= ~(AES_BLOCK_SIZE - 1);
@ -1084,32 +1090,32 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
} }
} }
if (unlikely(tail > 0 && !err)) { if (unlikely(tail > 0)) {
struct scatterlist sg_src[2], sg_dst[2]; struct scatterlist sg_src[2], sg_dst[2];
struct scatterlist *src, *dst; struct scatterlist *src, *dst;
dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen); dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen);
if (req->dst != req->src) if (req->dst != req->src)
dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen); dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail, skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail,
req->iv); req->iv);
err = skcipher_walk_virt(&walk, &subreq, false); err = skcipher_walk_virt(&walk, &subreq, false);
if (err) if (err)
return err; return err;
err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr,
walk.src.virt.addr, walk.nbytes, walk.src.virt.addr, walk.nbytes,
walk.iv); walk.iv);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n", pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n",
crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
return -EINVAL; return -EINVAL;
} }
err = skcipher_walk_done(&walk, 0); err = skcipher_walk_done(&walk, 0);
} }
} }

22
wolfcrypt/src/aes.c
View File

@ -12840,6 +12840,15 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
/* Block-streaming AES-XTS.
*
* xaes AES keys to use for block encrypt/decrypt
* i readwrite value to use for tweak
* iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input
* adds a sanity check on how the user calls the function.
*
* returns 0 on success
*/
int wc_AesXtsEncryptInit(XtsAes* xaes, byte* i, word32 iSz) int wc_AesXtsEncryptInit(XtsAes* xaes, byte* i, word32 iSz)
{ {
int ret; int ret;
@ -12894,12 +12903,15 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, byte* i, word32 iSz)
return ret; return ret;
} }
/* AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text Stealing. /* Block-streaming AES-XTS
*
* Note that sz must be greater than AES_BLOCK_SIZE in each call, and must be a
* multiple of AES_BLOCK_SIZE in all but the final call.
* *
* xaes AES keys to use for block encrypt/decrypt * xaes AES keys to use for block encrypt/decrypt
* out output buffer to hold cipher text * out output buffer to hold cipher text
* in input plain text buffer to encrypt * in input plain text buffer to encrypt
* sz size of both out and in buffers * sz size of both out and in buffers -- must be >= AES_BLOCK_SIZE.
* i value to use for tweak * i value to use for tweak
* iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input
* adds a sanity check on how the user calls the function. * adds a sanity check on how the user calls the function.
@ -13211,7 +13223,6 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
* i readwrite value to use for tweak * i readwrite value to use for tweak
* iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input
* adds a sanity check on how the user calls the function. * adds a sanity check on how the user calls the function.
* tweak_block buffer of size AES_BLOCK_SIZE to use for tweak state
* *
* returns 0 on success * returns 0 on success
*/ */
@ -13269,7 +13280,10 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, byte* i, word32 iSz)
return ret; return ret;
} }
/* Same process as encryption but Aes key is AES_DECRYPTION type. /* Block-streaming AES-XTS
*
* Note that sz must be greater than AES_BLOCK_SIZE in each call, and must be a
* multiple of AES_BLOCK_SIZE in all but the final call.
* *
* xaes AES keys to use for block encrypt/decrypt * xaes AES keys to use for block encrypt/decrypt
* out output buffer to hold plain text * out output buffer to hold plain text

316
wolfcrypt/test/test.c
View File

@ -9863,6 +9863,9 @@ static wc_test_ret_t aes_xts_128_test(void)
wc_test_ret_t ret = 0; wc_test_ret_t ret = 0;
unsigned char buf[AES_BLOCK_SIZE * 2 + 8]; unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
unsigned char cipher[AES_BLOCK_SIZE * 2 + 8]; unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
#ifdef WOLFSSL_AESXTS_STREAM
unsigned char i_copy[AES_BLOCK_SIZE];
#endif
/* 128 key tests */ /* 128 key tests */
WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@ -9987,6 +9990,34 @@ static wc_test_ret_t aes_xts_128_test(void)
if (XMEMCMP(c2, buf, sizeof(c2))) if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i2, sizeof(i2));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK) defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
@ -10015,6 +10046,27 @@ static wc_test_ret_t aes_xts_128_test(void)
if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK) defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
@ -10040,6 +10092,27 @@ static wc_test_ret_t aes_xts_128_test(void)
if (XMEMCMP(cp2, cipher, sizeof(cp2))) if (XMEMCMP(cp2, cipher, sizeof(cp2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, pp, sizeof(pp), i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cp2, buf, sizeof(cp2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK) defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
@ -10073,6 +10146,27 @@ static wc_test_ret_t aes_xts_128_test(void)
if (XMEMCMP(pp, buf, sizeof(pp))) if (XMEMCMP(pp, buf, sizeof(pp)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsDecryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptUpdate(aes, buf, cipher, sizeof(pp), i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pp, buf, sizeof(pp)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK) defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
@ -10104,9 +10198,30 @@ static wc_test_ret_t aes_xts_128_test(void)
#endif #endif
if (ret != 0) if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) if (XMEMCMP(p1, buf, sizeof(p1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsDecryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptUpdate(aes, buf, c1, sizeof(c1), i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, sizeof(p1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK) defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
@ -10176,6 +10291,34 @@ static wc_test_ret_t aes_xts_128_test(void)
if (XMEMCMP(c3, buf, sizeof(c3))) if (XMEMCMP(c3, buf, sizeof(c3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i3, sizeof(i3));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c3, buf, sizeof(c3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION); ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
if (ret != 0) if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@ -10192,6 +10335,34 @@ static wc_test_ret_t aes_xts_128_test(void)
if (XMEMCMP(p3, buf, sizeof(p3))) if (XMEMCMP(p3, buf, sizeof(p3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i3, sizeof(i3));
ret = wc_AesXtsDecryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptUpdate(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, buf, sizeof(p3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#endif /* !HAVE_FIPS */ #endif /* !HAVE_FIPS */
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
@ -10206,6 +10377,9 @@ static wc_test_ret_t aes_xts_128_test(void)
#endif #endif
int i; int i;
int j; int j;
#ifdef WOLFSSL_AESXTS_STREAM
int k;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (large_input == NULL) if (large_input == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
@ -10247,6 +10421,71 @@ static wc_test_ret_t aes_xts_128_test(void)
} }
} }
} }
#ifdef WOLFSSL_AESXTS_STREAM
for (i = 0; i < (int)LARGE_XTS_SZ; i++)
large_input[i] = (byte)i;
for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (k = 0; k < j; k += AES_BLOCK_SIZE) {
ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if ((j - k) < AES_BLOCK_SIZE*2)
break;
}
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsDecryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (k = 0; k < j; k += AES_BLOCK_SIZE) {
ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if ((j - k) < AES_BLOCK_SIZE*2)
break;
}
for (i = 0; i < j; i++) {
if (large_input[i] != (byte)i) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
}
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@ -10282,6 +10521,9 @@ static wc_test_ret_t aes_xts_256_test(void)
wc_test_ret_t ret = 0; wc_test_ret_t ret = 0;
unsigned char buf[AES_BLOCK_SIZE * 3]; unsigned char buf[AES_BLOCK_SIZE * 3];
unsigned char cipher[AES_BLOCK_SIZE * 3]; unsigned char cipher[AES_BLOCK_SIZE * 3];
#ifdef WOLFSSL_AESXTS_STREAM
unsigned char i_copy[AES_BLOCK_SIZE];
#endif
/* 256 key tests */ /* 256 key tests */
WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@ -10389,6 +10631,34 @@ static wc_test_ret_t aes_xts_256_test(void)
if (XMEMCMP(c2, buf, sizeof(c2))) if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i2, sizeof(i2));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
XMEMSET(buf, 0, sizeof(buf)); XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0) if (ret != 0)
@ -10402,6 +10672,27 @@ static wc_test_ret_t aes_xts_256_test(void)
if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsEncryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
/* partial block encryption test */ /* partial block encryption test */
XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
@ -10441,9 +10732,30 @@ static wc_test_ret_t aes_xts_256_test(void)
#endif #endif
if (ret != 0) if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) if (XMEMCMP(p1, buf, sizeof(p1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
XMEMCPY(i_copy, i1, sizeof(i1));
ret = wc_AesXtsDecryptInit(aes, i_copy, sizeof(i_copy));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptUpdate(aes, buf, c1, sizeof(c1), i_copy);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, sizeof(p1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
XMEMSET(buf, 0, sizeof(buf)); XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
if (ret != 0) if (ret != 0)