20240516-wc_AesXtsEnDecryptFinal

[douzzer]

AES-XTS: add wc_AesXtsEncryptFinal() and wc_AesXtsDecryptFinal() for API consistency, and add error-checking (block alignment check) to wc_AesXtsEncryptUpdate() and wc_AesXtsDecryptUpdate().

tested with wolfssl-multi-test.sh ... linuxkm-aesxts-cryptonly-noasm-LKCAPI-no-twc-insmod-crypto-fuzzer linuxkm-aesxts-cryptonly-aesni-LKCAPI-no-twc-insmod-crypto-fuzzer linuxkm-aesxts-cryptonly-noasm-ECB-LKCAPI-no-twc-insmod-crypto-fuzzer linuxkm-aesxts-cryptonly-aesni-ECB-LKCAPI-no-twc-insmod-crypto-fuzzer linuxkm-fips-dev-static-hash-intelasm-LKCS-insmod-6.1.73-fortify check-source-text all-g++

[dgarske]

@SparkiDev please review

[dgarske]

Does this input "sz" not have to be multiple of block size?

[douzzer]

that's right. for the last call, the input can have any length >= AES_BLOCK_SIZE. if the length isn't a multiple of the block size, then the ciphertext stealing stuff is used to finish out the message. and btw that's exactly why only the last call can be non-block-aligned.

[dgarske]

What value does "final" add? Is it the zero'ing of "i"?

[douzzer]

it's a couple things:

(1) lets us add error-checking for all calls to Update() to make sure they're correctly block-aligned (trying to get ahead of ZenDesk tickets on that).

(2) the zeroing lets us check for API abuse, in that it guarantees a wrong result if the user calls Update after a Final, and of course it also prevents anything valuable from leaking out through the IV.

[dgarske]

Answers satisfy my concerns. @SparkiDev please finalize. Thanks