diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index 047f3258ba..643a653e0c 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -945,9 +945,14 @@ static int km_AesXtsEncrypt(struct skcipher_request *req) if (nbytes < walk.total) nbytes &= ~(AES_BLOCK_SIZE - 1); - err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr, - walk.src.virt.addr, nbytes, - walk.iv); + if (nbytes & ((unsigned int)AES_BLOCK_SIZE - 1U)) + err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + walk.iv); + else + err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + walk.iv); if (unlikely(err)) { pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n", @@ -979,12 +984,12 @@ static int km_AesXtsEncrypt(struct skcipher_request *req) if (err) return err; - err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr, + err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr, walk.src.virt.addr, walk.nbytes, walk.iv); if (unlikely(err)) { - pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n", + pr_err("%s: wc_AesXtsEncryptFinal failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } @@ -1071,9 +1076,14 @@ static int km_AesXtsDecrypt(struct skcipher_request *req) if (nbytes < walk.total) nbytes &= ~(AES_BLOCK_SIZE - 1); - err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, - walk.src.virt.addr, nbytes, - walk.iv); + if (nbytes & ((unsigned int)AES_BLOCK_SIZE - 1U)) + err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + walk.iv); + else + err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + walk.iv); if (unlikely(err)) { pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n", @@ -1105,12 +1115,12 @@ static int km_AesXtsDecrypt(struct skcipher_request *req) if (err) return err; - err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, + err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr, walk.src.virt.addr, walk.nbytes, walk.iv); if (unlikely(err)) { - pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n", + pr_err("%s: wc_AesXtsDecryptFinal failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } @@ -2029,7 +2039,7 @@ static int aes_xts_128_test(void) ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, iv); if (ret != 0) goto out; - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, iv); if (ret != 0) @@ -2214,7 +2224,10 @@ static int aes_xts_128_test(void) if (ret != 0) goto out; for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, iv); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, iv); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, iv); if (ret != 0) goto out; if ((j - k) < AES_BLOCK_SIZE*2) @@ -2252,7 +2265,10 @@ static int aes_xts_128_test(void) if (ret != 0) goto out; for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, iv); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, iv); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, iv); if (ret != 0) goto out; if ((j - k) < AES_BLOCK_SIZE*2) @@ -2611,7 +2627,7 @@ static int aes_xts_256_test(void) ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, iv); if (ret != 0) goto out; - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, iv); if (ret != 0) @@ -2700,7 +2716,10 @@ static int aes_xts_256_test(void) if (ret != 0) goto out; for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, iv); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, iv); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, iv); if (ret != 0) goto out; if ((j - k) < AES_BLOCK_SIZE*2) @@ -2738,7 +2757,10 @@ static int aes_xts_256_test(void) if (ret != 0) goto out; for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, iv); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, iv); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, iv); if (ret != 0) goto out; if ((j - k) < AES_BLOCK_SIZE*2) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6aafcc2d43..0416cd2947 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -12907,8 +12907,9 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, byte* i, word32 iSz) /* Block-streaming AES-XTS * - * Note that sz must be greater than AES_BLOCK_SIZE in each call, and must be a - * multiple of AES_BLOCK_SIZE in all but the final call. + * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple + * of AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate(). + * wc_AesXtsEncryptFinal() can handle any length >= AES_BLOCK_SIZE. * * xaes AES keys to use for block encrypt/decrypt * out output buffer to hold cipher text @@ -12920,7 +12921,7 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, byte* i, word32 iSz) * * returns 0 on success */ -int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, +static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte *i) { int ret; @@ -12975,6 +12976,29 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, return ret; } +int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, + byte *i) +{ + if (sz & ((word32)AES_BLOCK_SIZE - 1U)) + return BAD_FUNC_ARG; + return AesXtsEncryptUpdate(xaes, out, in, sz, i); +} + +int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz, + byte *i) +{ + int ret; + if (sz > 0) + ret = AesXtsEncryptUpdate(xaes, out, in, sz, i); + else + ret = 0; + ForceZero(i, AES_BLOCK_SIZE); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(i, AES_BLOCK_SIZE); +#endif + return ret; +} + #endif /* WOLFSSL_AESXTS_STREAM */ @@ -13284,8 +13308,9 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, byte* i, word32 iSz) /* Block-streaming AES-XTS * - * Note that sz must be greater than AES_BLOCK_SIZE in each call, and must be a - * multiple of AES_BLOCK_SIZE in all but the final call. + * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple + * of AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate(). + * wc_AesXtsDecryptFinal() can handle any length >= AES_BLOCK_SIZE. * * xaes AES keys to use for block encrypt/decrypt * out output buffer to hold plain text @@ -13295,7 +13320,7 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, byte* i, word32 iSz) * * returns 0 on success */ -int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, +static int AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte *i) { int ret; @@ -13353,6 +13378,29 @@ int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, return ret; } +int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, + byte *i) +{ + if (sz & ((word32)AES_BLOCK_SIZE - 1U)) + return BAD_FUNC_ARG; + return AesXtsDecryptUpdate(xaes, out, in, sz, i); +} + +int wc_AesXtsDecryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz, + byte *i) +{ + int ret; + if (sz > 0) + ret = AesXtsDecryptUpdate(xaes, out, in, sz, i); + else + ret = 0; + ForceZero(i, AES_BLOCK_SIZE); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(i, AES_BLOCK_SIZE); +#endif + return ret; +} + #endif /* WOLFSSL_AESXTS_STREAM */ #endif /* !WOLFSSL_ARMASM || WOLFSSL_ARMASM_NO_HW_CRYPTO */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index e5e47bbcf7..81553be03b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10028,7 +10028,7 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10084,6 +10084,13 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, i_copy); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, sizeof(c1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* WOLFSSL_AESXTS_STREAM */ @@ -10123,7 +10130,14 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf, pp, sizeof(pp), i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), i_copy); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10177,7 +10191,7 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf, cipher, sizeof(pp), i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10232,7 +10246,7 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf, c1, sizeof(c1), i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10329,7 +10343,7 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10373,7 +10387,7 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10457,7 +10471,10 @@ static wc_test_ret_t aes_xts_128_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, i_copy); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10517,7 +10534,10 @@ static wc_test_ret_t aes_xts_128_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, i_copy); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, @@ -10726,7 +10746,7 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10782,6 +10802,13 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, i_copy); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, sizeof(c1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* WOLFSSL_AESXTS_STREAM */ @@ -10821,7 +10848,14 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf, pp, sizeof(pp), i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), i_copy); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10875,7 +10909,7 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf, cipher, sizeof(pp), i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -10930,7 +10964,7 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf, c1, sizeof(c1), i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11027,7 +11061,7 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11071,7 +11105,7 @@ static wc_test_ret_t aes_xts_192_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11155,7 +11189,10 @@ static wc_test_ret_t aes_xts_192_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, i_copy); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11215,7 +11252,10 @@ static wc_test_ret_t aes_xts_192_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, i_copy); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, @@ -11412,7 +11452,7 @@ static wc_test_ret_t aes_xts_256_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncryptUpdate(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy); + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11453,6 +11493,13 @@ static wc_test_ret_t aes_xts_256_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, i_copy); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, sizeof(c1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* WOLFSSL_AESXTS_STREAM */ @@ -11509,7 +11556,7 @@ static wc_test_ret_t aes_xts_256_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecryptUpdate(aes, buf, c1, sizeof(c1), i_copy); + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11608,7 +11655,10 @@ static wc_test_ret_t aes_xts_256_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, i_copy); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11667,7 +11717,10 @@ static wc_test_ret_t aes_xts_256_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (k = 0; k < j; k += AES_BLOCK_SIZE) { - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, (j - k) < AES_BLOCK_SIZE*2 ? j - k : AES_BLOCK_SIZE, i_copy); + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, i_copy); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, i_copy); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 772e6e8ebb..38bc8c32ce 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -681,6 +681,12 @@ WOLFSSL_API int wc_AesXtsEncryptUpdate(XtsAes* aes, byte* out, WOLFSSL_API int wc_AesXtsDecryptUpdate(XtsAes* aes, byte* out, const byte* in, word32 sz, byte *i); +WOLFSSL_API int wc_AesXtsEncryptFinal(XtsAes* aes, byte* out, + const byte* in, word32 sz, byte *i); + +WOLFSSL_API int wc_AesXtsDecryptFinal(XtsAes* aes, byte* out, + const byte* in, word32 sz, byte *i); + #endif /* WOLFSSL_AESXTS_STREAM */ WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);