WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

AES XTS: encrypt not handling in-place properly 

Fix AES XTS in-place encrypt to work when ciphertext stealing.
pull/6011/head
Sean Parkinson 2023-01-25 09:32:37 +10:00
parent a21c3a3c89
commit e9af0136b9
2 changed files with 71 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
wolfcrypt/src/aes.c
View File

@ -12014,8 +12014,17 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
RESTORE_VECTOR_REGISTERS();
return BUFFER_E;
}
XMEMCPY(out, buf, sz);
XMEMCPY(buf, in, sz);
if (in != out) {
XMEMCPY(out, buf, sz);
XMEMCPY(buf, in, sz);
}
else {
byte buf2[AES_BLOCK_SIZE];
XMEMCPY(buf2, buf, sz);
XMEMCPY(buf, in, sz);
XMEMCPY(out, buf2, sz);
}
xorbuf(buf, tmp, AES_BLOCK_SIZE);
ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf);

62
wolfcrypt/test/test.c
View File

@ -8438,8 +8438,8 @@ static int aes_xts_128_test(void)
#endif
int aes_inited = 0;
int ret = 0;
unsigned char buf[AES_BLOCK_SIZE * 2];
unsigned char cipher[AES_BLOCK_SIZE * 2];
unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
/* 128 key tests */
WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@ -8497,6 +8497,31 @@ static int aes_xts_128_test(void)
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
};
WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
};
WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
};
WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
};
WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
};
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
ERROR_OUT(-5417, out);
@ -8604,6 +8629,39 @@ static int aes_xts_128_test(void)
if (XMEMCMP(p2, buf, sizeof(p2)))
ERROR_OUT(-5416, out);
wc_AesXtsFree(aes);
/* Test ciphertext stealing in-place. */
XMEMCPY(buf, p3, sizeof(p3));
if (wc_AesXtsSetKey(aes, k3, sizeof(k3), AES_ENCRYPTION,
HEAP_HINT, devId) != 0)
ERROR_OUT(-5417, out);
else
aes_inited = 1;
ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(-5418, out);
if (XMEMCMP(c3, buf, sizeof(c3)))
ERROR_OUT(-5419, out);
wc_AesXtsFree(aes);
if (wc_AesXtsSetKey(aes, k3, sizeof(k3), AES_DECRYPTION,
HEAP_HINT, devId) != 0)
ERROR_OUT(-5420, out);
ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(-5421, out);
if (XMEMCMP(p3, buf, sizeof(p3)))
ERROR_OUT(-5422, out);
out:
if (aes_inited)