Merge remote-tracking branch 'upstream-public/pr/964' into development
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 1829f72..c8dd0f3 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -36,9 +36,13 @@
#define MBEDTLS_AES_ENCRYPT 1
#define MBEDTLS_AES_DECRYPT 0
+/* Error codes in range 0x0020-0x0022 */
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
+/* Error codes in range 0x0023-0x0023 */
+#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index d51bcde..4eb7b78 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -52,7 +52,7 @@
* GCM 2 0x0012-0x0014
* BLOWFISH 2 0x0016-0x0018
* THREADING 3 0x001A-0x001E
- * AES 2 0x0020-0x0022
+ * AES 2 0x0020-0x0022 0x0023-0x0023
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
diff --git a/library/aes.c b/library/aes.c
index 5860384..dba4a5f 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1235,9 +1235,11 @@
*/
int mbedtls_aes_self_test( int verbose )
{
- int ret = 0, i, j, u, v;
+ int ret = 0, i, j, u, mode;
+ unsigned int keybits;
unsigned char key[32];
unsigned char buf[64];
+ const unsigned char *aes_tests;
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
unsigned char iv[16];
#endif
@@ -1263,45 +1265,52 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ keybits = 128 + u * 64;
+ mode = i & 1;
if( verbose != 0 )
- mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( buf, 0, 16 );
- if( v == MBEDTLS_AES_DECRYPT )
+ if( mode == MBEDTLS_AES_DECRYPT )
{
- mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
-
- if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
+ aes_tests = aes_test_ecb_dec[u];
}
else
{
- mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+ ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ aes_tests = aes_test_ecb_enc[u];
+ }
- for( j = 0; j < 10000; j++ )
- mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ continue;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
- if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
+ for( j = 0; j < 10000; j++ )
+ {
+ ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
+ if( ret != 0 )
goto exit;
- }
+ }
+
+ if( memcmp( buf, aes_tests, 16 ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1318,55 +1327,64 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ keybits = 128 + u * 64;
+ mode = i & 1;
if( verbose != 0 )
- mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( iv , 0, 16 );
memset( prv, 0, 16 );
memset( buf, 0, 16 );
- if( v == MBEDTLS_AES_DECRYPT )
+ if( mode == MBEDTLS_AES_DECRYPT )
{
- mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
+ aes_tests = aes_test_cbc_dec[u];
}
else
{
- mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+ ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ aes_tests = aes_test_cbc_enc[u];
+ }
- for( j = 0; j < 10000; j++ )
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ continue;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
+
+ for( j = 0; j < 10000; j++ )
+ {
+ if( mode == MBEDTLS_AES_ENCRYPT )
{
unsigned char tmp[16];
- mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
-
memcpy( tmp, prv, 16 );
memcpy( prv, buf, 16 );
memcpy( buf, tmp, 16 );
}
- if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
+ ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
+ if( ret != 0 )
goto exit;
- }
+
+ }
+
+ if( memcmp( buf, aes_tests, 16 ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1384,45 +1402,52 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ keybits = 128 + u * 64;
+ mode = i & 1;
if( verbose != 0 )
- mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_cfb128_iv, 16 );
- memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
+ memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
offset = 0;
- mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+ ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ continue;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
- if( v == MBEDTLS_AES_DECRYPT )
+ if( mode == MBEDTLS_AES_DECRYPT )
{
memcpy( buf, aes_test_cfb128_ct[u], 64 );
- mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ aes_tests = aes_test_cfb128_pt;
}
else
{
memcpy( buf, aes_test_cfb128_pt, 64 );
- mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
+ aes_tests = aes_test_cfb128_ct[u];
+ }
- if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
+ if( ret != 0 )
+ goto exit;
- ret = 1;
- goto exit;
- }
+ if( memcmp( buf, aes_tests, 64 ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1440,51 +1465,41 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ mode = i & 1;
if( verbose != 0 )
mbedtls_printf( " AES-CTR-128 (%s): ",
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
memcpy( key, aes_test_ctr_key[u], 16 );
offset = 0;
- mbedtls_aes_setkey_enc( &ctx, key, 128 );
+ if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
+ goto exit;
- if( v == MBEDTLS_AES_DECRYPT )
+ len = aes_test_ctr_len[u];
+
+ if( mode == MBEDTLS_AES_DECRYPT )
{
- len = aes_test_ctr_len[u];
memcpy( buf, aes_test_ctr_ct[u], len );
-
- mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
-
- if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ aes_tests = aes_test_ctr_pt[u];
}
else
{
- len = aes_test_ctr_len[u];
memcpy( buf, aes_test_ctr_pt[u], len );
+ aes_tests = aes_test_ctr_ct[u];
+ }
- mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
+ ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
+ stream_block, buf, buf );
+ if( ret != 0 )
+ goto exit;
- if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ if( memcmp( buf, aes_tests, len ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1498,6 +1513,9 @@
ret = 0;
exit:
+ if( ret != 0 && verbose != 0 )
+ mbedtls_printf( "failed\n" );
+
mbedtls_aes_free( &ctx );
return( ret );
diff --git a/library/error.c b/library/error.c
index 23e4953..151ca4e 100644
--- a/library/error.c
+++ b/library/error.c
@@ -520,6 +520,8 @@
mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
+ if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
+ mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" );
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
diff --git a/library/gcm.c b/library/gcm.c
index 2b49fa6..294a86d 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -46,6 +46,7 @@
#endif
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -748,34 +749,48 @@
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
- mbedtls_gcm_init( &ctx );
-
for( j = 0; j < 3; j++ )
{
int key_len = 128 + 64 * j;
for( i = 0; i < MAX_TESTS; i++ )
{
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
- key_len, i, "enc" );
+ key_len, i, "enc" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ break;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
- pt_len[i],
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i],
- pt[pt_index[i]], buf, 16, tag_buf );
+ pt_len[i],
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i],
+ pt[pt_index[i]], buf, 16, tag_buf );
+ if( ret != 0 )
+ goto exit;
- if( ret != 0 ||
- memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
- memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+ memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
@@ -783,26 +798,31 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
- key_len, i, "dec" );
+ key_len, i, "dec" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ if( ret != 0 )
+ goto exit;
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
- pt_len[i],
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i],
- ct[j * 6 + i], buf, 16, tag_buf );
+ pt_len[i],
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i],
+ ct[j * 6 + i], buf, 16, tag_buf );
- if( ret != 0 ||
- memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+ if( ret != 0 )
+ goto exit;
+
+ if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
@@ -810,66 +830,51 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
- key_len, i, "enc" );
+ key_len, i, "enc" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ if( ret != 0 )
+ goto exit;
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i] );
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i] );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
if( pt_len[i] > 32 )
{
size_t rest_len = pt_len[i] - 32;
ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
buf + 32 );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
else
{
ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
- if( ret != 0 ||
- memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+ if( ret != 0 )
+ goto exit;
+
+ if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
@@ -877,80 +882,75 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
- key_len, i, "dec" );
+ key_len, i, "dec" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ if( ret != 0 )
+ goto exit;
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
iv[iv_index[i]], iv_len[i],
additional[add_index[i]], add_len[i] );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
if( pt_len[i] > 32 )
{
size_t rest_len = pt_len[i] - 32;
ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
- buf + 32 );
+ buf + 32 );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
else
{
- ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
+ ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],
+ buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
- if( ret != 0 ||
- memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+ if( ret != 0 )
+ goto exit;
+
+ if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
-
}
}
if( verbose != 0 )
mbedtls_printf( "\n" );
- return( 0 );
+ ret = 0;
+
+exit:
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ mbedtls_printf( "failed\n" );
+ mbedtls_gcm_free( &ctx );
+ }
+
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */