You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ut...@apache.org on 2019/06/14 10:08:40 UTC
[mynewt-core] 02/04: [STM32] Fix crypto driver IV/nonce handling

This is an automated email from the ASF dual-hosted git repository.

utzig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git

commit 8608902f884a24a87d82c6054d5dbd00c1ed4a43
Author: Fabio Utzig <ut...@apache.org>
AuthorDate: Tue May 28 12:21:42 2019 -0300

    [STM32] Fix crypto driver IV/nonce handling
---
 hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c | 30 +++++++++++++++++++----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c b/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c
index ca1c424..b81e075 100644
--- a/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c
+++ b/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c
@@ -65,11 +65,16 @@ stm32_has_support(struct crypto_dev *crypto, uint8_t op, uint16_t algo,
 
 static uint32_t
 stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo,
-        uint16_t mode, const uint8_t *key, uint16_t keylen, const uint8_t *iv,
+        uint16_t mode, const uint8_t *key, uint16_t keylen, uint8_t *iv,
         const uint8_t *inbuf, uint8_t *outbuf, uint32_t len)
 {
     HAL_StatusTypeDef status;
     uint32_t sz = 0;
+    uint8_t i;
+    uint8_t iv_save[AES_BLOCK_LEN];
+    unsigned int inc;
+    unsigned int carry;
+    unsigned int v;
 
     if (!stm32_has_support(crypto, op, algo, mode, keylen)) {
         return 0;
@@ -106,9 +111,16 @@ stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo,
         if (op == CRYPTO_OP_ENCRYPT) {
             status = HAL_CRYP_AESCBC_Encrypt(&g_hcryp, (uint8_t *)inbuf, len,
                     outbuf, HAL_MAX_DELAY);
+            if (status == HAL_OK) {
+                memcpy(iv, &outbuf[len-AES_BLOCK_LEN], AES_BLOCK_LEN);
+            }
         } else {
+            memcpy(iv_save, &inbuf[len-AES_BLOCK_LEN], AES_BLOCK_LEN);
             status = HAL_CRYP_AESCBC_Decrypt(&g_hcryp, (uint8_t *)inbuf, len,
                     outbuf, HAL_MAX_DELAY);
+            if (status == HAL_OK) {
+                memcpy(iv, iv_save, AES_BLOCK_LEN);
+            }
         }
         break;
     case CRYPTO_MODE_CTR:
@@ -119,18 +131,26 @@ stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo,
             status = HAL_CRYP_AESCTR_Decrypt(&g_hcryp, (uint8_t *)inbuf, len,
                     outbuf, HAL_MAX_DELAY);
         }
+        if (status == HAL_OK) {
+            inc = (len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
+            carry = 0;
+            for (i = AES_BLOCK_LEN; (inc != 0 || carry != 0) && i > 0; --i) {
+                v = carry + (uint8_t)inc + iv[i - 1];
+                iv[i - 1] = (uint8_t)v;
+                inc >>= 8;
+                carry = v >> 8;
+            }
+        }
         break;
     default:
         sz = 0;
         goto out;
     }
 
-    if (status != HAL_OK) {
-        sz = 0;
+    if (status == HAL_OK) {
+        sz = len;
     }
 
-    /* XXX update IV/nonce if OK */
-
 out:
     os_mutex_release(&gmtx);
     return sz;