Fix aead set random IV

Author: padelsbach

scripts/test-wp-cs.sh

@@ -284,9 +284,9 @@ openssl version -a || true
 if [ "${AM_BWRAPPED-}" != "yes" ]; then
     # Perform the build only if not in the bubble
     printf "Cleaning up previous builds\n"
-    ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean
+    ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean || exit 1
     printf "Building wolfProvider\n"
-    ${SCRIPT_DIR}/build-wolfprovider.sh
+    ${SCRIPT_DIR}/build-wolfprovider.sh || exit 1
 
     printf "OPENSSL_BIN: $OPENSSL_BIN\n"
     $OPENSSL_BIN version -a || true
@@ -321,4 +321,3 @@ else
     printf "$FAIL tests failed.\n"
     exit 1
 fi
-

src/wp_aes_aead.c

@@ -666,8 +666,8 @@ static int wp_aead_set_ctx_params(wp_AeadCtx* ctx, const OSSL_PARAM params[])
             ok = wp_aead_set_param_tls1_iv_fixed(ctx, params);
         }
         else if (ok && (ctx->mode == EVP_CIPH_GCM_MODE) &&
-                 (XMEMCMP(params->key, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED,
-                  sizeof(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) == 0)) {
+                 (XMEMCMP(params->key, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV,
+                  sizeof(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV)) == 0)) {
             ok = wp_aead_set_param_tls1_iv_rand(ctx, params);
         }
 
@@ -925,7 +925,12 @@ static int wp_aesgcm_set_rand_iv(wp_AeadCtx *ctx, unsigned char *in,
         XMEMCPY(ctx->origIv, ctx->iv, ctx->ivLen);
 #endif
         XMEMCPY(ctx->iv + ctx->ivLen - inLen, in, inLen);
+#ifdef WOLFSSL_AESGCM_STREAM
+        /* Stream update initializes AES-GCM when IV state is buffered. */
+        ctx->ivState = IV_STATE_BUFFERED;
+#else
         ctx->ivState = IV_STATE_COPIED;
+#endif
     }
 
     WOLFPROV_LEAVE(WP_LOG_COMP_AES, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);

test/test_aestag.c

@@ -669,6 +669,215 @@ static int test_aes_tag_dec_ossh_multi(const EVP_CIPHER *cipher,
     return err;
 }
 
+static int test_aes_tag_enc_ossh_iv_params(const EVP_CIPHER *cipher,
+    unsigned char *key, unsigned char *iv, int ivFixedSetArg,
+    unsigned char *aad, unsigned char *msg, int len, unsigned char *enc,
+    unsigned char *tag, unsigned char *ivInv, size_t ivInvLen)
+{
+    int err;
+    EVP_CIPHER_CTX *encCtx;
+    unsigned int tagLen = 16;
+
+    err = (encCtx = EVP_CIPHER_CTX_new()) == NULL;
+    if (err == 0) {
+       err = EVP_CipherInit(encCtx, cipher, NULL, iv, 1) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED,
+                                 ivFixedSetArg, iv) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CipherInit(encCtx, NULL, key, NULL, -1) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, (int)ivInvLen,
+                                 ivInv) != 1;
+    }
+    if (err == 0) {
+       err = EVP_Cipher(encCtx, NULL, aad, (int)strlen((char *)aad)) <= 0;
+    }
+    if (err == 0) {
+       err = EVP_Cipher(encCtx, enc, msg, len) != len;
+    }
+    if (err == 0) {
+       err = EVP_Cipher(encCtx, NULL, NULL, 0) < 0;
+    }
+    if (err == 0) {
+       err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG, tagLen,
+                                 tag) != 1;
+    }
+
+    EVP_CIPHER_CTX_free(encCtx);
+    return err;
+}
+
+static int test_aes_tag_dec_ossh_set_iv_inv(const EVP_CIPHER *cipher,
+    unsigned char *key, unsigned char *iv, int ivFixedSetArg,
+    unsigned char *aad, unsigned char *msg, int len, unsigned char *enc,
+    unsigned char *tag, unsigned char *dec, unsigned char *ivInv,
+    size_t ivInvLen)
+{
+    int err;
+    EVP_CIPHER_CTX *decCtx;
+    unsigned int tagLen = 16;
+
+    err = (decCtx = EVP_CIPHER_CTX_new()) == NULL;
+    if (err == 0) {
+       err = EVP_CipherInit(decCtx, cipher, NULL, iv, 0) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED,
+                                 ivFixedSetArg, iv) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CipherInit(decCtx, NULL, key, NULL, -1) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_INV,
+                                 (int)ivInvLen, ivInv) != 1;
+    }
+    if (err == 0) {
+       err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG, tagLen,
+                                 tag) != 1;
+    }
+    if (err == 0) {
+        err = EVP_Cipher(decCtx, NULL, aad, (int)strlen((char *)aad)) <= 0;
+    }
+    if (err == 0) {
+       err = EVP_Cipher(decCtx, dec, enc, len) != len;
+    }
+    if (err == 0) {
+       err = EVP_Cipher(decCtx, NULL, NULL, 0) < 0;
+    }
+    if ((err == 0) && (dec != NULL) && (msg != NULL) && (memcmp(dec, msg,
+            len) != 0)) {
+        err = 1;
+    }
+
+    EVP_CIPHER_CTX_free(decCtx);
+    return err;
+}
+
+static int test_aes_tag_set_iv_inv(void *data, const char *cipher,
+                                   int keyLen)
+{
+    int err = 0;
+    unsigned char msg[] = "Test pattern";
+    unsigned char key[32];
+    unsigned char iv[12];
+    unsigned char aad[] = "AAD";
+    unsigned char enc[sizeof(msg)];
+    unsigned char tag[AES_BLOCK_SIZE];
+    unsigned char dec[sizeof(msg)];
+    unsigned char ivInv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
+    EVP_CIPHER* ocipher;
+    EVP_CIPHER* wcipher;
+
+    (void)data;
+
+    ocipher = EVP_CIPHER_fetch(osslLibCtx, cipher, "");
+    wcipher = EVP_CIPHER_fetch(wpLibCtx, cipher, "");
+
+    if (RAND_bytes(key, keyLen) == 0) {
+        err = 1;
+    }
+    if ((err == 0) && (RAND_bytes(iv, sizeof(iv)) == 0)) {
+        err = 1;
+    }
+
+    if (err == 0) {
+        PRINT_MSG("Encrypt with OpenSSL (SET_IV_INV)");
+        err = test_aes_tag_enc_ossh_iv_params(ocipher, key, iv, -1, aad, msg,
+                                              sizeof(msg), enc, tag, ivInv,
+                                              sizeof(ivInv));
+    }
+    if (err == 0) {
+        PRINT_MSG("Decrypt with wolfprovider (SET_IV_INV)");
+        err = test_aes_tag_dec_ossh_set_iv_inv(wcipher, key, iv, -1, aad, msg,
+                                               sizeof(msg), enc, tag, dec,
+                                               ivInv, sizeof(ivInv));
+    }
+    if (err == 0) {
+        PRINT_MSG("Encrypt with wolfprovider (SET_IV_INV)");
+        err = test_aes_tag_enc_ossh_iv_params(wcipher, key, iv, -1, aad, msg,
+                                              sizeof(msg), enc, tag, ivInv,
+                                              sizeof(ivInv));
+    }
+    if (err == 0) {
+        PRINT_MSG("Decrypt with OpenSSL (SET_IV_INV)");
+        err = test_aes_tag_dec_ossh_set_iv_inv(ocipher, key, iv, -1, aad, msg,
+                                               sizeof(msg), enc, tag, dec,
+                                               ivInv, sizeof(ivInv));
+    }
+
+    EVP_CIPHER_free(wcipher);
+    EVP_CIPHER_free(ocipher);
+
+    return err;
+}
+
+static int test_aes_tag_set_iv_fixed(void *data, const char *cipher,
+                                     int keyLen)
+{
+    int err = 0;
+    unsigned char msg[] = "Test pattern";
+    unsigned char key[32];
+    unsigned char iv[12];
+    unsigned char aad[] = "AAD";
+    unsigned char enc[sizeof(msg)];
+    unsigned char tag[AES_BLOCK_SIZE];
+    unsigned char dec[sizeof(msg)];
+    unsigned char ivInv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
+    EVP_CIPHER* ocipher;
+    EVP_CIPHER* wcipher;
+
+    (void)data;
+
+    ocipher = EVP_CIPHER_fetch(osslLibCtx, cipher, "");
+    wcipher = EVP_CIPHER_fetch(wpLibCtx, cipher, "");
+
+    if (RAND_bytes(key, keyLen) == 0) {
+        err = 1;
+    }
+    if ((err == 0) && (RAND_bytes(iv, sizeof(iv)) == 0)) {
+        err = 1;
+    }
+
+    if (err == 0) {
+        PRINT_MSG("Encrypt with OpenSSL (TLS1_IV_FIXED)");
+        err = test_aes_tag_enc_ossh_iv_params(ocipher, key, iv,
+                                              EVP_GCM_TLS_FIXED_IV_LEN, aad,
+                                              msg, sizeof(msg), enc, tag,
+                                              ivInv, sizeof(ivInv));
+    }
+    if (err == 0) {
+        PRINT_MSG("Decrypt with wolfprovider (TLS1_IV_FIXED)");
+        err = test_aes_tag_dec_ossh_set_iv_inv(wcipher, key, iv,
+                                               EVP_GCM_TLS_FIXED_IV_LEN, aad,
+                                               msg, sizeof(msg), enc, tag, dec,
+                                               ivInv, sizeof(ivInv));
+    }
+    if (err == 0) {
+        PRINT_MSG("Encrypt with wolfprovider (TLS1_IV_FIXED)");
+        err = test_aes_tag_enc_ossh_iv_params(wcipher, key, iv,
+                                              EVP_GCM_TLS_FIXED_IV_LEN, aad,
+                                              msg, sizeof(msg), enc, tag,
+                                              ivInv, sizeof(ivInv));
+    }
+    if (err == 0) {
+        PRINT_MSG("Decrypt with OpenSSL (TLS1_IV_FIXED)");
+        err = test_aes_tag_dec_ossh_set_iv_inv(ocipher, key, iv,
+                                               EVP_GCM_TLS_FIXED_IV_LEN, aad,
+                                               msg, sizeof(msg), enc, tag, dec,
+                                               ivInv, sizeof(ivInv));
+    }
+
+    EVP_CIPHER_free(wcipher);
+    EVP_CIPHER_free(ocipher);
+
+    return err;
+}
+
 static int test_aes_tag_fixed(void *data, const char *cipher,
                               int keyLen, int ivFixedLen, int ivLen)
 {
@@ -1042,6 +1251,20 @@ int test_aes128_gcm_tls(void *data)
                             EVP_GCM_TLS_FIXED_IV_LEN, 0);
 }
 
+/******************************************************************************/
+
+int test_aes128_gcm_set_iv_inv(void *data)
+{
+    return test_aes_tag_set_iv_inv(data, "AES-128-GCM", 16);
+}
+
+/******************************************************************************/
+
+int test_aes128_gcm_set_iv_fixed(void *data)
+{
+    return test_aes_tag_set_iv_fixed(data, "AES-128-GCM", 16);
+}
+
 #endif /* WP_HAVE_AESGCM */
 
 /******************************************************************************/
@@ -1092,4 +1315,3 @@ int test_aes128_ccm_tls(void *data)
 }
 
 #endif /* WP_HAVE_AESCCM */
-

test/unit.c

@@ -266,6 +266,8 @@ TEST_CASE test_case[] = {
     TEST_DECL(test_aes256_gcm, NULL),
     TEST_DECL(test_aes128_gcm_fixed, NULL),
     TEST_DECL(test_aes128_gcm_tls, NULL),
+    TEST_DECL(test_aes128_gcm_set_iv_inv, NULL),
+    TEST_DECL(test_aes128_gcm_set_iv_fixed, NULL),
 #endif
 #ifdef WP_HAVE_AESCCM
     TEST_DECL(test_aes128_ccm, NULL),
@@ -813,4 +815,3 @@ int main(int argc, char* argv[])
 
     return err;
 }
-

test/unit.h

@@ -193,6 +193,8 @@ int test_aes192_gcm(void *data);
 int test_aes256_gcm(void *data);
 int test_aes128_gcm_fixed(void *data);
 int test_aes128_gcm_tls(void *data);
+int test_aes128_gcm_set_iv_inv(void *data);
+int test_aes128_gcm_set_iv_fixed(void *data);
 
 #endif /* WP_HAVE_AESGCM */