*/
static portMUX_TYPE aes_spinlock = portMUX_INITIALIZER_UNLOCKED;
+static inline bool valid_key_length(const esp_aes_context *ctx)
+{
+ return ctx->key_bytes == 128/8 || ctx->key_bytes == 192/8 || ctx->key_bytes == 256/8;
+}
+
void esp_aes_acquire_hardware( void )
{
portENTER_CRITICAL(&aes_spinlock);
}
ctx->key_bytes = keybits / 8;
memcpy(ctx->key, key, ctx->key_bytes);
+ ctx->key_in_hardware = 0;
return 0;
}
*
* Call only while holding esp_aes_acquire_hardware().
*/
-static inline void esp_aes_setkey_hardware( esp_aes_context *ctx, int mode)
+static void esp_aes_setkey_hardware(esp_aes_context *ctx, int mode)
{
const uint32_t MODE_DECRYPT_BIT = 4;
unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT;
+ ctx->key_in_hardware = 0;
+
for (int i = 0; i < ctx->key_bytes/4; ++i) {
DPORT_REG_WRITE(AES_KEY_BASE + i * 4, *(((uint32_t *)ctx->key) + i));
+ ctx->key_in_hardware += 4;
}
DPORT_REG_WRITE(AES_MODE_REG, mode_reg_base + ((ctx->key_bytes / 8) - 2));
+
+ /* Fault injection check: all words of key data should have been written to hardware */
+ if (ctx->key_in_hardware < 16
+ || ctx->key_in_hardware != ctx->key_bytes) {
+ abort();
+ }
}
/* Run a single 16 byte block of AES, using the hardware engine.
*
* Call only while holding esp_aes_acquire_hardware().
*/
-static void esp_aes_block(const void *input, void *output)
+static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
{
const uint32_t *input_words = (const uint32_t *)input;
uint32_t i0, i1, i2, i3;
uint32_t *output_words = (uint32_t *)output;
+ /* If no key is written to hardware yet, either the user hasn't called
+ mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec - meaning we also don't
+ know which mode to use - or a fault skipped the
+ key write to hardware. Treat this as a fatal error and zero the output block.
+ */
+ if (ctx->key_in_hardware != ctx->key_bytes) {
+ bzero(output, 16);
+ return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+ }
+
/* Storing i0,i1,i2,i3 in registers not an array
helps a lot with optimisations at -Os level */
i0 = input_words[0];
Bypassing this check requires at least one additional fault.
*/
if(i0 == output_words[0] && i1 == output_words[1] && i2 == output_words[2] && i3 == output_words[3]) {
- // calling two zeroing functions to narrow the
- // window for a double-fault here
+ // calling zeroing functions to narrow the
+ // window for a double-fault of the abort step, here
memset(output, 0, 16);
mbedtls_platform_zeroize(output, 16);
+ abort();
}
+
+ return 0;
}
/*
const unsigned char input[16],
unsigned char output[16] )
{
+ int r;
+
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
- esp_aes_block(input, output);
+ r = esp_aes_block(ctx, input, output);
esp_aes_release_hardware();
- return 0;
+ return r;
}
void esp_aes_encrypt( esp_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
+ int r;
+
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT);
- esp_aes_block(input, output);
+ r = esp_aes_block(ctx, input, output);
esp_aes_release_hardware();
- return 0;
+ return r;
}
void esp_aes_decrypt( esp_aes_context *ctx,
esp_internal_aes_decrypt(ctx, input, output);
}
-
/*
* AES-ECB block encryption/decryption
*/
const unsigned char input[16],
unsigned char output[16] )
{
+ int r;
+
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, mode);
- esp_aes_block(input, output);
+ r = esp_aes_block(ctx, input, output);
esp_aes_release_hardware();
- return 0;
+ return r;
}
return ( ERR_ESP_AES_INVALID_INPUT_LENGTH );
}
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, mode);
if ( mode == ESP_AES_DECRYPT ) {
while ( length > 0 ) {
memcpy(temp, input_words, 16);
- esp_aes_block(input_words, output_words);
+ esp_aes_block(ctx, input_words, output_words);
for ( i = 0; i < 4; i++ ) {
output_words[i] = output_words[i] ^ iv_words[i];
output_words[i] = input_words[i] ^ iv_words[i];
}
- esp_aes_block(output_words, output_words);
+ esp_aes_block(ctx, output_words, output_words);
memcpy( iv_words, output_words, 16 );
input_words += 4;
int c;
size_t n = *iv_off;
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
if ( mode == ESP_AES_DECRYPT ) {
while ( length-- ) {
if ( n == 0 ) {
- esp_aes_block(iv, iv );
+ esp_aes_block(ctx, iv, iv );
}
c = *input++;
} else {
while ( length-- ) {
if ( n == 0 ) {
- esp_aes_block(iv, iv );
+ esp_aes_block(ctx, iv, iv );
}
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
unsigned char c;
unsigned char ov[17];
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
while ( length-- ) {
memcpy( ov, iv, 16 );
- esp_aes_block(iv, iv);
+ esp_aes_block(ctx, iv, iv);
if ( mode == ESP_AES_DECRYPT ) {
ov[16] = *input;
int c, i;
size_t n = *nc_off;
+ if (!valid_key_length(ctx)) {
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+ }
+
esp_aes_acquire_hardware();
+ ctx->key_in_hardware = 0;
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
while ( length-- ) {
if ( n == 0 ) {
- esp_aes_block(nonce_counter, stream_block);
+ esp_aes_block(ctx, nonce_counter, stream_block);
for ( i = 16; i > 0; i-- )
if ( ++nonce_counter[i - 1] != 0 ) {
projects / esp-idf / commitdiff