XAES-256-GCM #2652
XAES-256-GCM #2652
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
|
||
| #if 1 // AES-GCM with HMAC-SHA256 as a key-deriving PRF | ||
| struct aead_hmac_aes_256_gcm_ctx { //size: 1256 bytes | ||
| HMAC_CTX hmac_ctx; |
There was a problem hiding this comment.
warning: field has incomplete type 'HMAC_CTX' (aka 'struct hmac_ctx_st') [clang-diagnostic-error]
HMAC_CTX hmac_ctx;
^Additional context
include/openssl/base.h:377: forward declaration of 'struct hmac_ctx_st'
typedef struct hmac_ctx_st HMAC_CTX;
^| struct aead_hmac_aes_256_gcm_ctx *hmac_aes_ctx = | ||
| (struct aead_hmac_aes_256_gcm_ctx *)&ctx->state; | ||
|
|
||
| if (!HMAC_Init_ex(&hmac_aes_ctx->hmac_ctx, key, key_len, EVP_sha256(), NULL)) { |
There was a problem hiding this comment.
warning: call to undeclared function 'EVP_sha256'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
if (!HMAC_Init_ex(&hmac_aes_ctx->hmac_ctx, key, key_len, EVP_sha256(), NULL)) {
^| struct aead_hmac_aes_256_gcm_ctx *hmac_aes_ctx = | ||
| (struct aead_hmac_aes_256_gcm_ctx *)&ctx->state; | ||
|
|
||
| if (!HMAC_Init_ex(&hmac_aes_ctx->hmac_ctx, key, key_len, EVP_sha256(), NULL)) { |
There was a problem hiding this comment.
warning: call to undeclared function 'HMAC_Init_ex'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
if (!HMAC_Init_ex(&hmac_aes_ctx->hmac_ctx, key, key_len, EVP_sha256(), NULL)) {
^
crypto/fipsmodule/cipher/e_aes.c
Outdated
| // K_U[0:32] := HMAC-SHA256_K(0x0001|"X"|0x00|N[: 12]) | ||
| uint8_t gcm_key[(256 >> 3)] = {0}; | ||
| HMAC_CTX *hctx = &hmac_aes_ctx->hmac_ctx; | ||
| unsigned int out_len; |
There was a problem hiding this comment.
warning: variable 'out_len' is not initialized [cppcoreguidelines-init-variables]
| unsigned int out_len; | |
| unsigned int out_len = 0; |
| uint8_t gcm_key[(256 >> 3)] = {0}; | ||
| HMAC_CTX *hctx = &hmac_aes_ctx->hmac_ctx; | ||
| unsigned int out_len; | ||
| if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL) || |
There was a problem hiding this comment.
warning: call to undeclared function 'HMAC_Init_ex'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL) ||
^| HMAC_CTX *hctx = &hmac_aes_ctx->hmac_ctx; | ||
| unsigned int out_len; | ||
| if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL) || | ||
| !HMAC_Update(hctx, M1, AES_BLOCK_SIZE) || |
There was a problem hiding this comment.
warning: call to undeclared function 'HMAC_Update'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
!HMAC_Update(hctx, M1, AES_BLOCK_SIZE) ||
^Additional context
crypto/fipsmodule/cipher/e_aes.c:2139: did you mean 'SHA1_Update'?
!HMAC_Update(hctx, M1, AES_BLOCK_SIZE) ||
^include/openssl/sha.h:79: 'SHA1_Update' declared here
OPENSSL_EXPORT int SHA1_Update(SHA_CTX *sha, const void *data, size_t len);
^| unsigned int out_len; | ||
| if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL) || | ||
| !HMAC_Update(hctx, M1, AES_BLOCK_SIZE) || | ||
| !HMAC_Final(hctx, gcm_key, &out_len) || |
There was a problem hiding this comment.
warning: call to undeclared function 'HMAC_Final'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
!HMAC_Final(hctx, gcm_key, &out_len) ||
^Additional context
crypto/fipsmodule/cipher/e_aes.c:2140: did you mean 'SHA1_Final'?
!HMAC_Final(hctx, gcm_key, &out_len) ||
^include/openssl/sha.h:84: 'SHA1_Final' declared here
OPENSSL_EXPORT int SHA1_Final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *sha);
^| @@ -99,7 +87,7 @@ int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len, | |||
| // We have to verify that all the CMAC services actually succeed before | |||
| // updating the indicator state, so we lock the state here. | |||
| FIPS_service_indicator_lock_state(); | |||
There was a problem hiding this comment.
warning: call to undeclared function 'FIPS_service_indicator_lock_state'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
FIPS_service_indicator_lock_state();
^| #endif | ||
|
|
||
| struct cmac_ctx_st { | ||
| EVP_CIPHER_CTX cipher_ctx; |
There was a problem hiding this comment.
warning: field has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st') [clang-diagnostic-error]
EVP_CIPHER_CTX cipher_ctx;
^Additional context
include/openssl/base.h:363: forward declaration of 'evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
^| EVP_CIPHER_CTX cipher_ctx; | ||
| // k1 and k2 are the CMAC subkeys. See | ||
| // https://tools.ietf.org/html/rfc4493#section-2.3 | ||
| uint8_t k1[AES_BLOCK_SIZE]; |
There was a problem hiding this comment.
warning: use of undeclared identifier 'AES_BLOCK_SIZE' [clang-diagnostic-error]
uint8_t k1[AES_BLOCK_SIZE];
^
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2652 +/- ##
==========================================
- Coverage 78.75% 78.69% -0.06%
==========================================
Files 663 665 +2
Lines 113346 114178 +832
Branches 15946 16057 +111
==========================================
+ Hits 89264 89858 +594
- Misses 23304 23549 +245
+ Partials 778 771 -7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| // k1 and k2 are the CMAC subkeys. See | ||
| // https://tools.ietf.org/html/rfc4493#section-2.3 | ||
| uint8_t k1[AES_BLOCK_SIZE]; | ||
| uint8_t k2[AES_BLOCK_SIZE]; |
There was a problem hiding this comment.
warning: use of undeclared identifier 'AES_BLOCK_SIZE' [clang-diagnostic-error]
uint8_t k2[AES_BLOCK_SIZE];
^| uint8_t k1[AES_BLOCK_SIZE]; | ||
| uint8_t k2[AES_BLOCK_SIZE]; | ||
| // Last (possibly partial) scratch | ||
| uint8_t block[AES_BLOCK_SIZE]; |
There was a problem hiding this comment.
warning: use of undeclared identifier 'AES_BLOCK_SIZE' [clang-diagnostic-error]
uint8_t block[AES_BLOCK_SIZE];
^|
|
||
| BM_NAMESPACE::ScopedEVP_AEAD_CTX aead_ctx; | ||
| size_t cmac_out_len1, cmac_out_len2; | ||
|
|
There was a problem hiding this comment.
warning: variable 'cmac_out_len1' is not initialized [cppcoreguidelines-init-variables]
| size_t cmac_out_len1 = 0, cmac_out_len2; |
|
|
||
| BM_NAMESPACE::ScopedEVP_AEAD_CTX aead_ctx; | ||
| size_t cmac_out_len1, cmac_out_len2; | ||
|
|
There was a problem hiding this comment.
warning: variable 'cmac_out_len2' is not initialized [cppcoreguidelines-init-variables]
| size_t cmac_out_len1, cmac_out_len2 = 0; |
| BM_memset(tag, 0, overhead_len); | ||
|
|
||
| size_t tag_len; | ||
|
|
There was a problem hiding this comment.
warning: variable 'tag_len' is not initialized [cppcoreguidelines-init-variables]
| size_t tag_len = 0; |
| static_cast<uint8_t *>(align_pointer(in2_storage.get(), kAlignment)); | ||
|
|
||
| size_t in2_len; | ||
| size_t out_len; |
There was a problem hiding this comment.
warning: variable 'in2_len' is not initialized [cppcoreguidelines-init-variables]
| size_t out_len; | |
| size_t in2_len = 0; |
|
|
||
| size_t in2_len; | ||
| size_t out_len; | ||
| EVP_AEAD_CTX_seal(aead_ctx.get(), out, &out_len, chunk_len + overhead_len, |
There was a problem hiding this comment.
warning: variable 'out_len' is not initialized [cppcoreguidelines-init-variables]
| EVP_AEAD_CTX_seal(aead_ctx.get(), out, &out_len, chunk_len + overhead_len, | |
| size_t out_len = 0; |
| return false; | ||
| } | ||
| std::memcpy(cmac_ctx2.get()->block, cmac_cmt_msg22.data()+16, AES_BLOCK_SIZE); | ||
| if (!CMAC_Final(cmac_ctx2.get(), key_cmt.data() + (key_len/2), &cmac_out_len2) || |
There was a problem hiding this comment.
warning: no member named 'memcpy' in namespace 'std'; did you mean simply 'memcpy'? [clang-diagnostic-error]
| if (!CMAC_Final(cmac_ctx2.get(), key_cmt.data() + (key_len/2), &cmac_out_len2) || | |
| memcpy(cmac_ctx2.get()->block, cmac_cmt_msg22.data()+16, AES_BLOCK_SIZE); |
Additional context
/usr/include/string.h:42: 'memcpy' declared here
extern void *memcpy (void *__restrict __dest, const void *__restrict __src,
^
Issues:
Resolves #ISSUE-NUMBER1
Addresses #ISSUE-NUMBER2
Description of changes:
Describe AWS-LC’s current behavior and how your code changes that behavior. If there are no issues this pr is resolving, explain why this change is necessary.
Call-outs:
Point out areas that need special attention or support during the review process. Discuss architecture or design changes.
Testing:
How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.