mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:04:24 +01:00
aes: xts: Enforce NIST SP 800-38E data unit size
NIST SP 800-38E requites the data unit size be limited to at most 2^20 AES blocks in size. Enforce this restriction.
This commit is contained in:
parent
5162b932a2
commit
0a8b02087a
@ -292,10 +292,16 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||||||
* defined by a data unit number. The data unit number must be
|
* defined by a data unit number. The data unit number must be
|
||||||
* provided by \p iv.
|
* provided by \p iv.
|
||||||
*
|
*
|
||||||
|
* NIST SP 800-38E limits the maximum size of a data unit to 2^20
|
||||||
|
* AES blocks. If the data unit is larger than this, this function
|
||||||
|
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
|
||||||
|
*
|
||||||
* \param ctx The AES XTS context to use for AES XTS operations.
|
* \param ctx The AES XTS context to use for AES XTS operations.
|
||||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||||
* #MBEDTLS_AES_DECRYPT.
|
* #MBEDTLS_AES_DECRYPT.
|
||||||
* \param length The length of a data unit in bytes.
|
* \param length The length of a data unit in bytes. This can be any
|
||||||
|
* length between 16 bytes and 2^24 bytes inclusive
|
||||||
|
* (between 1 and 2^20 block cipher blocks).
|
||||||
* \param iv The address of the data unit encoded as an array of 16
|
* \param iv The address of the data unit encoded as an array of 16
|
||||||
* bytes in little-endian format. For disk encryption, this
|
* bytes in little-endian format. For disk encryption, this
|
||||||
* is typically the index of the block device sector that
|
* is typically the index of the block device sector that
|
||||||
@ -309,7 +315,8 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
|
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
|
||||||
* smaller than an AES block in size (16 bytes).
|
* smaller than an AES block in size (16 bytes) or if \p
|
||||||
|
* length is larger than 2^20 blocks (16 MiB).
|
||||||
*/
|
*/
|
||||||
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
||||||
int mode,
|
int mode,
|
||||||
|
@ -1158,6 +1158,9 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||||||
if( length < 16 )
|
if( length < 16 )
|
||||||
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
||||||
|
|
||||||
|
/* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
|
||||||
|
if( length > ( 1 << 20 ) * 16 )
|
||||||
|
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
|
||||||
|
|
||||||
mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, iv, t_buf.u8 );
|
mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, iv, t_buf.u8 );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user