Skip to content

AES reject-no-key guard and RSA-PSS hash-binding test (F-6151, F-6157) #10762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
julek-wolfssl wants to merge 7 commits into
base: master
Choose a base branch
from
+324 −1
Open

AES reject-no-key guard and RSA-PSS hash-binding test (F-6151, F-6157) #10762

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8c60e8b
AES: reject mode operations when no key has been set (F-6151)
julek-wolfssl Jun 23, 2026
7f3fb69
RSA-PSS: test signature-to-message hash binding (F-6157)
julek-wolfssl Jun 23, 2026
8f6f7d4
AES: track key-set state with a dedicated flag (F-6151)
julek-wolfssl Jun 23, 2026
a45766c
AES: rename key-set flag and set it on every key install (F-6151)
julek-wolfssl Jun 23, 2026
0dd8d77
AES: reject no-key use on PIC32MZ and RISC-V backends (F-6151)
julek-wolfssl Jun 24, 2026
ecd3a61
test: skip AES no-key test under FIPS and selftest (F-6151)
julek-wolfssl Jun 24, 2026
8460187
RSA-PSS test: use ret-independent failure code for tamper check (F-6157)
julek-wolfssl Jun 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 114 additions & 1 deletion wolfcrypt/src/aes.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4228,6 +4228,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,

rk = aes->key;
aes->keylen = keylen;
aes->keyInstalled = 1;
aes->rounds = keylen/4 + 6;
XMEMCPY(rk, userKey, keylen);
#if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2)
Expand Down Expand Up @@ -4309,6 +4310,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
#endif

aes->keylen = keylen;
aes->keyInstalled = 1;
aes->rounds = keylen/4 + 6;
XMEMCPY(aes->key, userKey, keylen);

Expand Down Expand Up @@ -4393,6 +4395,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
#endif

aes->keylen = keylen;
aes->keyInstalled = 1;
aes->rounds = keylen/4 + 6;
XMEMCPY(aes->key, userKey, keylen);
ret = nrf51_aes_set_key(userKey);
Expand Down Expand Up @@ -4452,6 +4455,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
#endif

aes->keylen = keylen;
aes->keyInstalled = 1;
aes->rounds = keylen/4 + 6;

XMEMCPY(aes->key, userKey, keylen);
Expand Down Expand Up @@ -4514,6 +4518,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
}

aes->keylen = keylen;
aes->keyInstalled = 1;
aes->rounds = keylen/4 + 6;
XMEMCPY(aes->key, userKey, keylen);

Expand Down Expand Up @@ -4579,6 +4584,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,

aes->keylen = (int)keylen;
aes->rounds = (keylen/4) + 6;
aes->keyInstalled = 1;

#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
AES_set_key_AARCH32(userKey, keylen, (byte*)aes->key, dir);
Expand Down Expand Up @@ -4631,6 +4637,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;
aes->keyInstalled = 1;
if (iv != NULL)
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
else
Expand Down Expand Up @@ -4691,6 +4698,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,

aes->keylen = (int)keylen;
aes->rounds = (keylen/4) + 6;
aes->keyInstalled = 1;

AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);

Expand Down Expand Up @@ -4736,6 +4744,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;
aes->keyInstalled = 1;
if (iv != NULL)
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
else
Expand Down Expand Up @@ -4871,7 +4880,10 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
const byte* iv, int dir)
{
return wc_Psoc6_Aes_SetKey(aes, userKey, keylen, iv, dir);
int ret = wc_Psoc6_Aes_SetKey(aes, userKey, keylen, iv, dir);
if (ret == 0 && aes != NULL)
aes->keyInstalled = 1;
return ret;
}

#if defined(WOLFSSL_AES_DIRECT)
Expand Down Expand Up @@ -5188,6 +5200,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;
aes->keyInstalled = 1;
if (iv != NULL)
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
else
Expand Down Expand Up @@ -5304,6 +5317,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
* reads it as the source of truth for the configured key size. */
aes->keylen = (int)keylen;
aes->rounds = (keylen / 4) + 6;
aes->keyInstalled = 1;
#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \
defined(WOLFSSL_AES_CTS)
Expand Down Expand Up @@ -5333,6 +5347,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)

aes->keylen = (int)keylen;
aes->rounds = (keylen/4) + 6;
aes->keyInstalled = 1;
ret = wc_AesSetIV(aes, iv);
if (ret != 0)
return ret;
Expand Down Expand Up @@ -6599,6 +6614,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int ret;

if (aes == NULL || aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

if (sz == 0)
return 0;

Expand Down Expand Up @@ -6629,6 +6649,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
int ret;
byte scratch[WC_AES_BLOCK_SIZE];

if (aes == NULL || aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

if (sz == 0)
return 0;

Expand Down Expand Up @@ -6699,12 +6724,20 @@ int wc_AesSetIV(Aes* aes, const byte* iv)

int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}
return wc_Psoc6_Aes_CbcEncrypt(aes, out, in, sz);
}

#if defined(HAVE_AES_DECRYPT)
int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}
return wc_Psoc6_Aes_CbcDecrypt(aes, out, in, sz);
}
#endif /* HAVE_AES_DECRYPT */
Expand Down Expand Up @@ -6760,6 +6793,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
/* fall-through when unavailable */
}
#endif

/* Software/HW key schedule required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}
Comment thread
julek-wolfssl marked this conversation as resolved.

#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
/* if async and byte count above threshold */
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES &&
Expand Down Expand Up @@ -6970,6 +7010,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
/* fall-through when unavailable */
}
#endif

/* Software/HW key schedule required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
/* if async and byte count above threshold */
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES &&
Expand Down Expand Up @@ -7425,6 +7472,12 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
}
#endif

/* Software/HW key schedule required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

/* consume any unused bytes left in aes->tmp */
processed = min(aes->left, sz);
xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
Expand Down Expand Up @@ -10423,6 +10476,12 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
}
#endif

/* Software/HW key schedule (and hash subkey H) required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
/* if async and byte count above threshold */
/* only 12-byte IV is supported in HW */
Expand Down Expand Up @@ -11173,6 +11232,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
}
#endif

/* Software/HW key schedule (and hash subkey H) required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
/* if async and byte count above threshold */
/* only 12-byte IV is supported in HW */
Expand Down Expand Up @@ -14449,6 +14514,10 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

return wc_Psoc6_Aes_EcbEncrypt(aes, out, in, sz);
}
Expand All @@ -14460,6 +14529,10 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

return wc_Psoc6_Aes_EcbDecrypt(aes, out, in, sz);
}
Expand Down Expand Up @@ -14497,6 +14570,12 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
return DCPAesEcbEncrypt(aes, out, in, sz);
#endif

/* Software key schedule required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

VECTOR_REGISTERS_PUSH;

#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM)
Expand Down Expand Up @@ -14592,6 +14671,12 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
return DCPAesEcbDecrypt(aes, out, in, sz);
#endif

/* Software key schedule required from here on. */
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

VECTOR_REGISTERS_PUSH;

#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM)
Expand Down Expand Up @@ -14694,12 +14779,20 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)

int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}
return wc_Psoc6_Aes_CfbEncrypt(aes, out, in, sz);
}

#ifdef HAVE_AES_DECRYPT
int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}
return wc_Psoc6_Aes_CfbDecrypt(aes, out, in, sz);
}
#endif /* HAVE_AES_DECRYPT */
Expand Down Expand Up @@ -14732,6 +14825,10 @@ static WARN_UNUSED_RESULT int AesCfbEncrypt_C(Aes* aes, byte* out,
if (sz == 0) {
return 0;
}
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

if (aes->left > 0) {
/* consume any unused bytes left in aes->tmp */
Expand Down Expand Up @@ -14807,6 +14904,10 @@ static WARN_UNUSED_RESULT int AesCfbDecrypt_C(Aes* aes, byte* out,
if (sz == 0) {
return 0;
}
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

if (aes->left > 0) {
/* consume any unused bytes left in aes->tmp */
Expand Down Expand Up @@ -14951,6 +15052,10 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8(
if (sz == 0) {
return 0;
}
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

VECTOR_REGISTERS_PUSH;

Expand Down Expand Up @@ -15011,6 +15116,10 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
if (sz == 0) {
return 0;
}
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

VECTOR_REGISTERS_PUSH;

Expand Down Expand Up @@ -15169,6 +15278,10 @@ static WARN_UNUSED_RESULT int AesOfbCrypt_C(Aes* aes, byte* out, const byte* in,
if (sz == 0) {
return 0;
}
if (aes->keyInstalled == 0) {
WOLFSSL_MSG("AES key not set");
return BAD_FUNC_ARG;
}

if (aes->left > 0) {
/* consume any unused bytes left in aes->tmp */
Expand Down
Loading
Loading