From 2535d0e53758823ff9e2eef4ec683264630532e0 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 28 Mar 2022 17:37:53 +0200
Subject: [PATCH] Adding generic aes encryption/decryption.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/hash_utils.c | 30 ++++++++++++++++++++++++++++++
 src/hsm/hash_utils.h |  6 ++++++
 src/hsm/sc_hsm.h     |  2 ++
 3 files changed, 38 insertions(+)

diff --git a/src/hsm/hash_utils.c b/src/hsm/hash_utils.c
index 28228f0..9659174 100644
--- a/src/hsm/hash_utils.c
+++ b/src/hsm/hash_utils.c
@@ -18,7 +18,9 @@
 #include <pico/unique_id.h>
 #include "mbedtls/md.h"
 #include "mbedtls/sha256.h"
+#include "mbedtls/aes.h"
 #include "hash_utils.h"
+#include "sc_hsm.h"
 
 void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) {
     uint8_t o1[32];
@@ -71,3 +73,31 @@ void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_
     mbedtls_md_finish(&ctx, output);
     mbedtls_md_free(&ctx);   
 }
+
+int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, uint8_t *data, int len) {
+    mbedtls_aes_context aes;
+    mbedtls_aes_init(&aes);
+    uint8_t tmp_iv[IV_SIZE];
+    size_t iv_offset = 0;
+    memset(tmp_iv, 0, IV_SIZE);
+    if (iv)
+        memcpy(tmp_iv, iv, IV_SIZE);
+    int r = mbedtls_aes_setkey_enc(&aes, key, key_size);
+    if (r != 0)
+        return HSM_EXEC_ERROR;
+    return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, len, &iv_offset, tmp_iv, data, data);
+}
+
+int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, uint8_t *data, int len) {
+    mbedtls_aes_context aes;
+    mbedtls_aes_init(&aes);
+    uint8_t tmp_iv[IV_SIZE];
+    size_t iv_offset = 0;
+    memset(tmp_iv, 0, IV_SIZE);
+    if (iv)
+        memcpy(tmp_iv, iv, IV_SIZE);
+    int r = mbedtls_aes_setkey_enc(&aes, key, key_size);
+    if (r != 0)
+        return HSM_EXEC_ERROR;
+    return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
+}
\ No newline at end of file
diff --git a/src/hsm/hash_utils.h b/src/hsm/hash_utils.h
index cb0b067..0f15eb8 100644
--- a/src/hsm/hash_utils.h
+++ b/src/hsm/hash_utils.h
@@ -18,9 +18,15 @@
 #ifndef _HASH_UTILS_H_
 #define _HASH_UTILS_H_
 
+#include "stdlib.h"
+#include "pico/stdlib.h"
+#include "mbedtls/md.h"
+
 extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]);
 extern void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]);
 extern void hash256(const uint8_t *input, size_t len, uint8_t output[32]);
 extern void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output);
+extern int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, uint8_t *data, int len);
+extern int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, uint8_t *data, int len);
 
 #endif
diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h
index 20113c9..ff6a07d 100644
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@@ -60,6 +60,8 @@ extern const uint8_t sc_hsm_aid[];
 #define HSM_ERR_BLOCKED                     -1004
 #define HSM_NO_LOGIN                        -1005
 #define HSM_EXEC_ERROR                      -1006
+#define HSM_WRONG_LENGTH                    -1007
+#define HSM_WRONG_DATA                      -1008
 
 #define ALGO_RSA_RAW			0x20		/* RSA signature with external padding */
 #define ALGO_RSA_DECRYPT		0x21		/* RSA decrypt */