mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixes with AES encryption

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-03-29 18:25:47 +02:00
parent 2f4cca19c4
commit 2e655d6341
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
3 changed files with 4 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/hsm/dkek.c
View file

@ -238,7 +238,7 @@ int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len)
if (kb_len < kb_len_pad) {
kb[kb_len] = 0x80;
}
int r = aes_encrypt(kenc, NULL, 32, HSM_AES_MODE_CBC, kb, kb_len_pad);
int r = aes_encrypt(kenc, NULL, 256, HSM_AES_MODE_CBC, kb, kb_len_pad);
if (r != HSM_OK)
return r;

5
src/hsm/hash_utils.c
View file

@ -103,12 +103,13 @@ int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, u
return HSM_EXEC_ERROR;
if (mode == HSM_AES_MODE_CBC)
return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
r = mbedtls_aes_setkey_enc(&aes, key, key_size); //CFB requires set_enc instead set_dec
return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
}
int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
return aes_encrypt(key, iv, 32, HSM_AES_MODE_CFB, data, len);
return aes_encrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
}
int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
return aes_decrypt(key, iv, 32, HSM_AES_MODE_CFB, data, len);
return aes_decrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
}

8
src/hsm/sc_hsm.c
View file

@ -1130,8 +1130,6 @@ static int cmd_key_gen() {
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
int key_size = file_read_uint16(fkey->data);
if (load_dkek() != HSM_OK)
return SW_EXEC_ERROR();
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
memcpy(kdata, file_read(fkey->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {
@ -1170,8 +1168,6 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
int key_size = file_read_uint16(fkey->data);
if (load_dkek() != HSM_OK)
return HSM_EXEC_ERROR;
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
memcpy(kdata, file_read(fkey->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {
@ -1384,8 +1380,6 @@ static int cmd_decrypt_asym() {
else if (P2(apdu) == ALGO_EC_DH) {
mbedtls_ecdh_context ctx;
int key_size = file_read_uint16(ef->data);
if (load_dkek() != HSM_OK)
return SW_EXEC_ERROR();
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
memcpy(kdata, file_read(ef->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {
@ -1440,8 +1434,6 @@ static int cmd_cipher_sym() {
return SW_WRONG_LENGTH();
}
int key_size = file_read_uint16(ef->data);
if (load_dkek() != HSM_OK)
return SW_EXEC_ERROR();
uint8_t kdata[32]; //maximum AES key size
memcpy(kdata, file_read(ef->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {