Merge pull request #10470 from JacobBarthelmeh/tropic

LinuxJedi · web-flow · commit 8574fa995f99 · 2026-05-21T13:59:48.000-07:00
fix for tropic port AES key length used
diff --git a/wolfcrypt/src/port/tropicsquare/tropic01.c b/wolfcrypt/src/port/tropicsquare/tropic01.c
@@ -314,6 +314,17 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
 #if !defined(NO_AES)
     #ifdef HAVE_AESGCM
             if (info->cipher.type == WC_CIPHER_AES_GCM) {
+                word32 keyLen = info->cipher.enc
+                    ? info->cipher.aesgcm_enc.aes->keylen
+                    : info->cipher.aesgcm_dec.aes->keylen;
+                if (keyLen != AES_128_KEY_SIZE &&
+                    keyLen != AES_192_KEY_SIZE &&
+                    keyLen != AES_256_KEY_SIZE) {
+                    WOLFSSL_MSG_EX(
+                        "TROPIC01: CryptoCB: invalid AES key length %u",
+                        keyLen);
+                    return BAD_FUNC_ARG;
+                }
                 ret = Tropic01_GetKeyAES(
                         lt_key,
                         TROPIC01_AES_KEY_RMEM_SLOT,
@@ -339,7 +350,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
                 }
                 if (info->cipher.enc) {
                     ret = wc_AesSetKey(info->cipher.aesgcm_enc.aes, lt_key,
-                                WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION);
+                                keyLen, lt_iv, AES_ENCRYPTION);
                     ForceZero(lt_key, sizeof(lt_key));
                     ForceZero(lt_iv, sizeof(lt_iv));
                     if (ret != 0) {
@@ -367,7 +378,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
                 }
                 else {
                     ret = wc_AesSetKey(info->cipher.aesgcm_dec.aes, lt_key,
-                                WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION);
+                                keyLen, lt_iv, AES_DECRYPTION);
                     ForceZero(lt_key, sizeof(lt_key));
                     ForceZero(lt_iv, sizeof(lt_iv));
                     if (ret != 0) {
@@ -397,6 +408,14 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
 #endif /* HAVE_AESGCM */
     #ifdef HAVE_AES_CBC
         if (info->cipher.type == WC_CIPHER_AES_CBC) {
+            word32 keyLen = info->cipher.aescbc.aes->keylen;
+            if (keyLen != AES_128_KEY_SIZE &&
+                keyLen != AES_192_KEY_SIZE &&
+                keyLen != AES_256_KEY_SIZE) {
+                WOLFSSL_MSG_EX(
+                    "TROPIC01: CryptoCB: invalid AES key length %u", keyLen);
+                return BAD_FUNC_ARG;
+            }
             ret = Tropic01_GetKeyAES(
                         lt_key,
                         TROPIC01_AES_KEY_RMEM_SLOT,
@@ -420,7 +439,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
             }
             if (info->cipher.enc) {
                 ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key,
-                                WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION);
+                                keyLen, lt_iv, AES_ENCRYPTION);
                 ForceZero(lt_key, sizeof(lt_key));
                 ForceZero(lt_iv, sizeof(lt_iv));
                 if (ret != 0) {
@@ -443,7 +462,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
             else {
 
                 ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key,
-                                WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION);
+                                keyLen, lt_iv, AES_DECRYPTION);
                 ForceZero(lt_key, sizeof(lt_key));
                 ForceZero(lt_iv, sizeof(lt_iv));
                 if (ret != 0) {
