Skip to content

Commit

Permalink
Merge pull request wolfSSL#7529 from SparkiDev/aes_decrypt_fixes
Browse files Browse the repository at this point in the history
AES: NO_AES_DECRYPT defined
  • Loading branch information
dgarske authored and jefferyq2 committed Jun 9, 2024
1 parent 85c24a6 commit c391b52
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 10 deletions.
2 changes: 2 additions & 0 deletions wolfcrypt/benchmark/benchmark.c
Original file line number Diff line number Diff line change
Expand Up @@ -5222,6 +5222,7 @@ void bench_aesccm(int useDeviceID)
goto exit;
}

#ifdef HAVE_AES_DECRYPT
RESET_MULTI_VALUE_STATS_VARS();

bench_stats_start(&count, &start);
Expand All @@ -5248,6 +5249,7 @@ void bench_aesccm(int useDeviceID)
printf("wc_AesCcmEncrypt failed, ret = %d\n", ret);
goto exit;
}
#endif

exit:

Expand Down
4 changes: 4 additions & 0 deletions wolfcrypt/src/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -11447,6 +11447,7 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
return ret;
}

#ifdef HAVE_AES_DECRYPT
static WARN_UNUSED_RESULT int _AesEcbDecrypt(
Aes* aes, byte* out, const byte* in, word32 sz)
{
Expand Down Expand Up @@ -11497,6 +11498,7 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(

return ret;
}
#endif

int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
Expand All @@ -11509,6 +11511,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
return _AesEcbEncrypt(aes, out, in, sz);
}

#ifdef HAVE_AES_DECRYPT
int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if ((in == NULL) || (out == NULL) || (aes == NULL))
Expand All @@ -11519,6 +11522,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)

return _AesEcbDecrypt(aes, out, in, sz);
}
#endif /* HAVE_AES_DECRYPT */
#endif
#endif /* HAVE_AES_ECB */

Expand Down
6 changes: 6 additions & 0 deletions wolfcrypt/src/wc_encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -658,15 +658,21 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
AES_ENCRYPTION);
}
else {
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_DECRYPTION);
#else
ret = NOT_COMPILED_IN;
#endif
}
}
if (ret == 0) {
if (enc)
ret = wc_AesCbcEncrypt(aes, input, input, (word32)length);
#ifdef HAVE_AES_DECRYPT
else
ret = wc_AesCbcDecrypt(aes, input, input, (word32)length);
#endif
}
if (free_aes)
wc_AesFree(aes);
Expand Down
46 changes: 36 additions & 10 deletions wolfcrypt/test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -8654,9 +8654,11 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);

#ifdef HAVE_AES_DECRYPT
ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif

ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
Expand Down Expand Up @@ -8882,7 +8884,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
out:

wc_AesFree(enc);
#ifdef HAVE_AES_DECRYPT
wc_AesFree(dec);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (enc)
XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
Expand Down Expand Up @@ -9211,8 +9215,10 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,

if (enc_inited)
wc_AesFree(enc);
#ifdef HAVE_AES_DECRYPT
if (dec_inited)
wc_AesFree(dec);
#endif

#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (enc)
Expand Down Expand Up @@ -10933,6 +10939,8 @@ static wc_test_ret_t aes_cbc_test(void)
#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
static wc_test_ret_t aesecb_test(void)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_AES_256)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
#else
Expand All @@ -10947,11 +10955,9 @@ static wc_test_ret_t aesecb_test(void)
Aes dec[1];
#endif
int dec_inited = 0;
byte plain [AES_BLOCK_SIZE * 4];
byte plain[AES_BLOCK_SIZE * 4];
#endif /* HAVE_AES_DECRYPT */
wc_test_ret_t ret = 0;

#if defined(WOLFSSL_AES_256)
{
WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
{
Expand Down Expand Up @@ -11026,6 +11032,7 @@ static wc_test_ret_t aesecb_test(void)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif

#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0)
Expand Down Expand Up @@ -11069,6 +11076,7 @@ static wc_test_ret_t aesecb_test(void)
if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#endif /* HAVE_AES_DECRYPT */
}

out:
Expand Down Expand Up @@ -11796,15 +11804,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
#endif
int enc_inited = 0;
byte cipher[AES_BLOCK_SIZE * 4];
#ifdef HAVE_AES_DECRYPT
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#else
Aes dec[1];
#endif
int dec_inited = 0;
byte plain [AES_BLOCK_SIZE * 4];
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
wc_test_ret_t ret = 0;

Expand Down Expand Up @@ -11836,7 +11844,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
Expand Down Expand Up @@ -12235,6 +12243,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);

#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0)
Expand All @@ -12251,6 +12260,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
#endif
if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
}
#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */

Expand Down Expand Up @@ -12287,7 +12297,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
wc_AesFree(enc);
#endif
(void)cipher;
#ifdef HAVE_AES_DECRYPT
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (dec) {
if (dec_inited)
Expand All @@ -12299,7 +12309,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
wc_AesFree(dec);
#endif
(void)plain;
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */

return ret;
Expand Down Expand Up @@ -12423,8 +12433,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
dec_inited = 1;
#endif

ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
if (ret != 0)
Expand Down Expand Up @@ -12476,9 +12486,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
if (enc_inited)
wc_AesFree(enc);
#ifdef HAVE_AES_DECRYPT
if (dec_inited)
wc_AesFree(dec);
#endif
#endif
#endif /* HAVE_AES_CBC */

return ret;
Expand Down Expand Up @@ -12557,8 +12569,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
dec_inited = 1;
#endif

ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
if (ret != 0)
Expand Down Expand Up @@ -12688,9 +12700,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
if (enc_inited)
wc_AesFree(enc);
#ifdef HAVE_AES_DECRYPT
if (dec_inited)
wc_AesFree(dec);
#endif
#endif
#endif /* HAVE_AES_CBC */

return ret;
Expand Down Expand Up @@ -13982,6 +13996,7 @@ static wc_test_ret_t aesccm_256_test(void)
ret = WC_TEST_RET_ENC_NC;
}

#ifdef HAVE_AES_DECRYPT
if (ret == 0) {
/* decrypt inline */
ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output),
Expand All @@ -13995,6 +14010,7 @@ static wc_test_ret_t aesccm_256_test(void)
XMEMCMP(output, in_plaintext, sizeof(output))) {
ret = WC_TEST_RET_ENC_NC;
}
#endif

wc_AesFree(aes);

Expand Down Expand Up @@ -14135,6 +14151,7 @@ static wc_test_ret_t aesccm_128_test(void)
if (XMEMCMP(t, t2, sizeof(t2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);

#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
t2, sizeof(t2), a, sizeof(a));
if (ret != 0)
Expand All @@ -14154,6 +14171,7 @@ static wc_test_ret_t aesccm_128_test(void)
XMEMSET(c2, 0, sizeof(c2));
if (XMEMCMP(p2, c2, sizeof(p2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
wc_AesFree(enc);

XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
Expand Down Expand Up @@ -14212,12 +14230,14 @@ static wc_test_ret_t aesccm_128_test(void)
if (XMEMCMP(tl, tl2, sizeof(tl2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);

#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
tl2, sizeof(tl2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pl, pl2, sizeof(pl2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif

/* test empty message as null input or output with nonzero inSz. */
ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
Expand All @@ -14230,6 +14250,7 @@ static wc_test_ret_t aesccm_128_test(void)
a, sizeof(a));
if (ret != BAD_FUNC_ARG)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
sizeof(a));
Expand All @@ -14240,6 +14261,7 @@ static wc_test_ret_t aesccm_128_test(void)
sizeof(a));
if (ret != BAD_FUNC_ARG)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif

/* test empty message as null input and output with zero inSz --
* must either succeed, or fail early with BAD_FUNC_ARG.
Expand All @@ -14253,11 +14275,13 @@ static wc_test_ret_t aesccm_128_test(void)
if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);

#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
0 /* inSz */, iv, sizeof(iv), t_empty2,
sizeof(t_empty2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
}

/* test empty message as zero-length string -- must work. */
Expand All @@ -14269,11 +14293,13 @@ static wc_test_ret_t aesccm_128_test(void)
if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);

#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif

wc_AesFree(enc);

Expand Down

0 comments on commit c391b52

Please sign in to comment.