Fix issue #198: AESNI breaks with messages shorter than 16 bytes

Legrandin · Legrandin · commit d1739c62b9b8 · 2018-08-17T17:49:59.000+02:00
diff --git a/lib/Crypto/SelfTest/Cipher/test_AES.py b/lib/Crypto/SelfTest/Cipher/test_AES.py
@@ -1265,16 +1265,39 @@ def runTest(self):
             self.assertEqual(SHA256.new(ct).hexdigest(), expected)
 
 
+class TestIncompleteBlocks(unittest.TestCase):
+
+    def __init__(self, use_aesni):
+        unittest.TestCase.__init__(self)
+        self.use_aesni = use_aesni
+
+    def runTest(self):
+        # Encrypt data with length not multiple of 16 bytes
+
+        cipher = AES.new(b'4'*16, AES.MODE_ECB, use_aesni=self.use_aesni)
+
+        for msg_len in range(1, 16):
+            self.assertRaises(ValueError, cipher.encrypt, b'1' * msg_len)
+            self.assertRaises(ValueError, cipher.encrypt, b'1' * (msg_len+16))
+            self.assertRaises(ValueError, cipher.decrypt, b'1' * msg_len)
+            self.assertRaises(ValueError, cipher.decrypt, b'1' * (msg_len+16))
+
+        self.assertEqual(cipher.encrypt(b''), b'')
+        self.assertEqual(cipher.decrypt(b''), b'')
+
+
 def get_tests(config={}):
     from Crypto.Util import _cpu_features
     from common import make_block_tests
 
     tests = make_block_tests(AES, "AES", test_data, {'use_aesni': False})
     tests += [ TestMultipleBlocks(False) ]
+    tests += [ TestIncompleteBlocks(False) ]
     if _cpu_features.have_aes_ni():
         # Run tests with AES-NI instructions if they are available.
         tests += make_block_tests(AES, "AESNI", test_data, {'use_aesni': True})
         tests += [ TestMultipleBlocks(True) ]
+        tests += [ TestIncompleteBlocks(True) ]
     else:
         print "Skipping AESNI tests"
     return tests
diff --git a/src/AESNI.c b/src/AESNI.c
@@ -222,7 +222,7 @@ static int AESNI_encrypt(const BlockBase *bb, const uint8_t *in, uint8_t *out, s
     }
 
     /** There are 7 blocks or fewer left **/
-    for (;data_len>0; data_len-=16, in+=16, out+=16) {
+    for (;data_len>=BLOCK_SIZE; data_len-=BLOCK_SIZE, in+=BLOCK_SIZE, out+=BLOCK_SIZE) {
         __m128i pt, data;
         unsigned i;
 
@@ -331,7 +331,7 @@ static int AESNI_decrypt(const BlockBase *bb, const uint8_t *in, uint8_t *out, s
     }
 
     /** There are 7 blocks or fewer left **/
-    for (;data_len>0; data_len-=16, in+=16, out+=16) {
+    for (;data_len>=BLOCK_SIZE; data_len-=BLOCK_SIZE, in+=BLOCK_SIZE, out+=BLOCK_SIZE) {
         __m128i ct, data;
         unsigned i;
 

Original file line number	Diff line number	Diff line change
`@@ -222,7 +222,7 @@ static int AESNI_encrypt(const BlockBase bb, const uint8_t in, uint8_t *out, s`
`222`	`222`	`}`
`223`	`223`
`224`	`224`	`/ There are 7 blocks or fewer left /`
`225`		`- for (;data_len>0; data_len-=16, in+=16, out+=16) {`
	`225`	`+ for (;data_len>=BLOCK_SIZE; data_len-=BLOCK_SIZE, in+=BLOCK_SIZE, out+=BLOCK_SIZE) {`
`226`	`226`	`__m128i pt, data;`
`227`	`227`	`unsigned i;`
`228`	`228`
`@@ -331,7 +331,7 @@ static int AESNI_decrypt(const BlockBase bb, const uint8_t in, uint8_t *out, s`
`331`	`331`	`}`
`332`	`332`
`333`	`333`	`/ There are 7 blocks or fewer left /`
`334`		`- for (;data_len>0; data_len-=16, in+=16, out+=16) {`
	`334`	`+ for (;data_len>=BLOCK_SIZE; data_len-=BLOCK_SIZE, in+=BLOCK_SIZE, out+=BLOCK_SIZE) {`
`335`	`335`	`__m128i ct, data;`
`336`	`336`	`unsigned i;`
`337`	`337`