search

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
https://www.wolfssl.com
GNU General Public License v2.0
2.34k stars 831 forks source link

AesCtr could not handle arbitrary plaintext/ciphertext length #898

Closed zhou0 closed 7 years ago

zhou0 commented 7 years ago

the wc_AesCtrEncrypt function , prototype void wc_AesCtrEncrypt(Aes aes, byte out, const byte* in, word32 sz) does not work correctly if the last parameter is not a multiple of 16.

I

kaleb-himes commented 7 years ago

Hi zhou0,

I apologize my previous statement is inaccurate since you are using the stream cipher. The AesCtrEncrypt API should work with a non-standard length input and I just tested this with the attached simple program (change the .txt to .c to compile).

Could you send me a simple test case like the one I attached to reproduce the issue you are seeing?

Warmest Regards,

Kaleb

aesctr-nonstandard-blocksize-test.txt

kaleb-himes commented 7 years ago

Hi zhou0,

Have you tried running the wolfcrypt test application (wolf-root)/wolfcrypt/test/test.c to make sure the crypto is working properly? There is a test case in that application that tests the wc_AesCtrEncrypt API with a non-standard input size.

Warm Regards,

Kaleb

zhou0 commented 7 years ago

@kaleb-himes In my application, i do an AesCtr encryption and a decryption, but the result plaint texts dont match. the test program does not cover this. first, the test case only tests for encryption but not for decryption. second, you should use AES_DECRYPTION as the fifth parameter in the 2nd wc_AesSetKeyDirect call.

kaleb-himes commented 7 years ago

Hi zhou0,

I see the confusion now.

AES CTR MODE does the same operation for encryption and decryption. If you pass in encrypted data it gets decrypted. If you pass in plain text data it gets encrypted. The example is not incorrect, you should NOT set AES_DECRYPTION for the 5th argument when using AES CTR MODE. AES_DECRYPTION is only used with BLOCK ENCRYPTION MODES. See comment in test.c here

I have updated the example from yesterday to show how this should work and included a case of using AES_DECRYPTION for the fifth argument to show that the result is indeed incorrect when AES CTR MODE is used in this way.

test.txt

kaleb-himes commented 7 years ago

Hi zhou0,

Thank you again for opening this issue as it gave us the opportunity to update our documentation.

I have updated the documentation section covering the wc_AesSetKeyDirect API to include a note about using this API in AES COUNTER MODE:

wc_AesSetKeyDirect

...

dir - Cipher direction. Set AES_ENCRYPTION to encrypt, or AES_DECRYPTION to decrypt. (See enum in wolfssl/wolfcrypt/aes.h) (NOTE: If using wc_AesSetKeyDirect with Aes Counter mode (Stream cipher) only use AES_ENCRYPTION for both encrypting and decrypting)

...

This will be updated the on the website the next time we upload our documentation. Thanks again for your question and let us know if anything else comes up!

Warmest Regards,

Kaleb

zhou0 commented 7 years ago

@kaleb-himes Problem solved. Thank you!