From 86ce01cac2ab33e77a333b2a67a6beab408830ad Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 19 Mar 2023 19:42:37 +0100 Subject: [PATCH] Added AES XTS via AES_EXT command. Note that it requires 32 bytes or 64 bytes key length. Signed-off-by: Pol Henarejos --- src/hsm/cmd_cipher_sym.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index a24bdb4..599f2d6 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -536,6 +536,37 @@ int cmd_cipher_sym() { } } } + else if (memcmp(oid, OID_IEEE_ALG, oid_len) == 0) { + if (oid_len != 9) { + return SW_WRONG_DATA(); + } + uint8_t aes_algo = oid[8], mode = (algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT); + int r = 0; + uint8_t tmp_iv[16]; + memset(tmp_iv, 0, sizeof(tmp_iv)); + if (iv == NULL || iv_len == 0) { + iv = tmp_iv; + iv_len = sizeof(tmp_iv); + } + if ((aes_algo == 0x01 && key_size != 32) || (aes_algo == 0x02 && key_size != 64)) { + return SW_WRONG_DATA(); + } + mbedtls_aes_xts_context ctx; + mbedtls_aes_xts_init(&ctx); + if (algo == ALGO_EXT_CIPHER_ENCRYPT) { + r = mbedtls_aes_xts_setkey_enc(&ctx, kdata, key_size * 8); + } + else if (algo == ALGO_EXT_CIPHER_DECRYPT) { + r = mbedtls_aes_xts_setkey_dec(&ctx, kdata, key_size * 8); + } + mbedtls_platform_zeroize(kdata, sizeof(kdata)); + r = mbedtls_aes_crypt_xts(&ctx, mode, enc_len, iv, enc, res_APDU); + mbedtls_aes_xts_free(&ctx); + if (r != 0) { + return SW_EXEC_ERROR(); + } + res_APDU_size = enc_len; + } } else { mbedtls_platform_zeroize(kdata, sizeof(kdata));