From 1e2fb8f244a7df338a6978c41f415066b11d78e8 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Tue, 6 Feb 2024 14:51:14 -0500 Subject: [PATCH] Fixup places where it should be CCM instead of GCM. Fixes https://github.com/wolfSSL/wolfssl/issues/7216 --- src/keys.c | 28 ++++++++++++++-------------- wolfssl/internal.h | 6 ++++-- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/src/keys.c b/src/keys.c index a8f4238b57..30768979be 100644 --- a/src/keys.c +++ b/src/keys.c @@ -672,7 +672,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; break; @@ -690,7 +690,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -708,7 +708,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1069,7 +1069,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1087,7 +1087,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1105,7 +1105,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; if (opts != NULL) @@ -1125,7 +1125,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; if (opts != NULL) @@ -1145,7 +1145,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1165,7 +1165,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1185,7 +1185,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1205,7 +1205,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1330,7 +1330,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_NONCE_SZ; + specs->iv_size = AESCCM_NONCE_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; break; @@ -1348,7 +1348,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_NONCE_SZ; + specs->iv_size = AESCCM_NONCE_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1440,7 +1440,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = SM4_KEY_SIZE; specs->block_size = SM4_BLOCK_SIZE; - specs->iv_size = GCM_IMP_IV_SZ; + specs->iv_size = CCM_IMP_IV_SZ; specs->aead_mac_size = SM4_CCM_AUTH_SZ; break; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c2d412986a..34bfc53047 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1731,10 +1731,12 @@ enum Misc { AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ AEAD_NONCE_SZ = 12, - AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ + AESGCM_IMP_IV_SZ = 4, /* Size of GCM AEAD implicit IV */ + AESCCM_IMP_IV_SZ = 4, /* Size of CCM AEAD implicit IV */ AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, - GCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ + GCM_IMP_IV_SZ = 4, /* Size of GCM AEAD implicit IV */ + CCM_IMP_IV_SZ = 4, /* Size of CCM AEAD implicit IV */ GCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ GCM_NONCE_SZ = GCM_EXP_IV_SZ + GCM_IMP_IV_SZ,