Fixes with AES encryption
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
@@ -238,7 +238,7 @@ int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len)
|
|||||||
if (kb_len < kb_len_pad) {
|
if (kb_len < kb_len_pad) {
|
||||||
kb[kb_len] = 0x80;
|
kb[kb_len] = 0x80;
|
||||||
}
|
}
|
||||||
int r = aes_encrypt(kenc, NULL, 32, HSM_AES_MODE_CBC, kb, kb_len_pad);
|
int r = aes_encrypt(kenc, NULL, 256, HSM_AES_MODE_CBC, kb, kb_len_pad);
|
||||||
if (r != HSM_OK)
|
if (r != HSM_OK)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|||||||
@@ -103,12 +103,13 @@ int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, u
|
|||||||
return HSM_EXEC_ERROR;
|
return HSM_EXEC_ERROR;
|
||||||
if (mode == HSM_AES_MODE_CBC)
|
if (mode == HSM_AES_MODE_CBC)
|
||||||
return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
|
return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
|
||||||
|
r = mbedtls_aes_setkey_enc(&aes, key, key_size); //CFB requires set_enc instead set_dec
|
||||||
return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
|
return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
|
int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
|
||||||
return aes_encrypt(key, iv, 32, HSM_AES_MODE_CFB, data, len);
|
return aes_encrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
|
||||||
}
|
}
|
||||||
int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
|
int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
|
||||||
return aes_decrypt(key, iv, 32, HSM_AES_MODE_CFB, data, len);
|
return aes_decrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
|
||||||
}
|
}
|
||||||
@@ -1130,8 +1130,6 @@ static int cmd_key_gen() {
|
|||||||
|
|
||||||
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
|
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
|
||||||
int key_size = file_read_uint16(fkey->data);
|
int key_size = file_read_uint16(fkey->data);
|
||||||
if (load_dkek() != HSM_OK)
|
|
||||||
return SW_EXEC_ERROR();
|
|
||||||
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
|
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
|
||||||
memcpy(kdata, file_read(fkey->data+2), key_size);
|
memcpy(kdata, file_read(fkey->data+2), key_size);
|
||||||
if (dkek_decrypt(kdata, key_size) != 0) {
|
if (dkek_decrypt(kdata, key_size) != 0) {
|
||||||
@@ -1170,8 +1168,6 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
|
|||||||
|
|
||||||
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
|
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
|
||||||
int key_size = file_read_uint16(fkey->data);
|
int key_size = file_read_uint16(fkey->data);
|
||||||
if (load_dkek() != HSM_OK)
|
|
||||||
return HSM_EXEC_ERROR;
|
|
||||||
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
|
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
|
||||||
memcpy(kdata, file_read(fkey->data+2), key_size);
|
memcpy(kdata, file_read(fkey->data+2), key_size);
|
||||||
if (dkek_decrypt(kdata, key_size) != 0) {
|
if (dkek_decrypt(kdata, key_size) != 0) {
|
||||||
@@ -1384,8 +1380,6 @@ static int cmd_decrypt_asym() {
|
|||||||
else if (P2(apdu) == ALGO_EC_DH) {
|
else if (P2(apdu) == ALGO_EC_DH) {
|
||||||
mbedtls_ecdh_context ctx;
|
mbedtls_ecdh_context ctx;
|
||||||
int key_size = file_read_uint16(ef->data);
|
int key_size = file_read_uint16(ef->data);
|
||||||
if (load_dkek() != HSM_OK)
|
|
||||||
return SW_EXEC_ERROR();
|
|
||||||
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
|
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
|
||||||
memcpy(kdata, file_read(ef->data+2), key_size);
|
memcpy(kdata, file_read(ef->data+2), key_size);
|
||||||
if (dkek_decrypt(kdata, key_size) != 0) {
|
if (dkek_decrypt(kdata, key_size) != 0) {
|
||||||
@@ -1440,8 +1434,6 @@ static int cmd_cipher_sym() {
|
|||||||
return SW_WRONG_LENGTH();
|
return SW_WRONG_LENGTH();
|
||||||
}
|
}
|
||||||
int key_size = file_read_uint16(ef->data);
|
int key_size = file_read_uint16(ef->data);
|
||||||
if (load_dkek() != HSM_OK)
|
|
||||||
return SW_EXEC_ERROR();
|
|
||||||
uint8_t kdata[32]; //maximum AES key size
|
uint8_t kdata[32]; //maximum AES key size
|
||||||
memcpy(kdata, file_read(ef->data+2), key_size);
|
memcpy(kdata, file_read(ef->data+2), key_size);
|
||||||
if (dkek_decrypt(kdata, key_size) != 0) {
|
if (dkek_decrypt(kdata, key_size) != 0) {
|
||||||
|
|||||||
Reference in New Issue
Block a user