diff --git a/components/mbedtls/port/aes/block/esp_aes.c b/components/mbedtls/port/aes/block/esp_aes.c index aa349c3163..515c4f3f38 100644 --- a/components/mbedtls/port/aes/block/esp_aes.c +++ b/components/mbedtls/port/aes/block/esp_aes.c @@ -28,6 +28,7 @@ #include #include "mbedtls/aes.h" #include "mbedtls/platform_util.h" +#include "esp_log.h" #include "aes/esp_aes.h" #include "soc/hwcrypto_periph.h" #include @@ -40,6 +41,7 @@ #include "esp_private/periph_ctrl.h" +static const char *TAG = "esp-aes"; /* AES uses a spinlock mux not a lock as the underlying block operation only takes 208 cycles (to write key & compute block), +600 cycles for DPORT protection but +3400 cycles again if you use a full sized lock. @@ -113,6 +115,26 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output) return 0; } +static int esp_aes_validate_input(esp_aes_context *ctx, const unsigned char *input, + const unsigned char *output ) +{ + if (!ctx) { + ESP_LOGD(TAG, "No AES context supplied"); + return -1; + } + if (!input) { + ESP_LOGD(TAG, "No input supplied"); + return -1; + } + if (!output) { + ESP_LOGD(TAG, "No output supplied"); + return -1; + } + + return 0; +} + + void esp_aes_encrypt(esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) @@ -129,6 +151,10 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx, { int r; + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + if (!valid_key_length(ctx)) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -158,6 +184,10 @@ int esp_internal_aes_decrypt(esp_aes_context *ctx, { int r; + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + if (!valid_key_length(ctx)) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -180,6 +210,10 @@ int esp_aes_crypt_ecb(esp_aes_context *ctx, { int r; + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + if (!valid_key_length(ctx)) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -204,6 +238,15 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx, const unsigned char *input, unsigned char *output ) { + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!iv) { + ESP_LOGD(TAG, "No IV supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + uint32_t *output_words = (uint32_t *)output; const uint32_t *input_words = (const uint32_t *)input; uint32_t *iv_words = (uint32_t *)iv; @@ -274,6 +317,20 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx, int c; size_t n = *iv_off; + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!iv) { + ESP_LOGE(TAG, "No IV supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!iv_off) { + ESP_LOGE(TAG, "No IV offset supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + if (!valid_key_length(ctx)) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -326,6 +383,15 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx, unsigned char c; unsigned char ov[17]; + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!iv) { + ESP_LOGE(TAG, "No IV supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + if (!valid_key_length(ctx)) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -369,8 +435,27 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx, unsigned char *output ) { int c, i; - size_t n = *nc_off; + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!stream_block) { + ESP_LOGE(TAG, "No stream supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!nonce_counter) { + ESP_LOGE(TAG, "No nonce supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!nc_off) { + ESP_LOGE(TAG, "No nonce offset supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + size_t n = *nc_off; if (!valid_key_length(ctx)) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -416,8 +501,17 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx, int ret = 0; size_t n; - if (ctx == NULL || iv_off == NULL || iv == NULL || - input == NULL || output == NULL ) { + if (esp_aes_validate_input(ctx, input, output)) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!iv) { + ESP_LOGE(TAG, "No IV supplied"); + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } + + if (!iv_off) { + ESP_LOGE(TAG, "No IV offset supplied"); return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c index 2e5f5d6da4..8347a4a08e 100644 --- a/components/mbedtls/port/aes/dma/esp_aes.c +++ b/components/mbedtls/port/aes/dma/esp_aes.c @@ -606,7 +606,7 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx, int r; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!valid_key_length(ctx)) { @@ -640,7 +640,7 @@ int esp_internal_aes_decrypt(esp_aes_context *ctx, int r; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!valid_key_length(ctx)) { @@ -676,7 +676,7 @@ int esp_aes_crypt_ecb(esp_aes_context *ctx, int r; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!valid_key_length(ctx)) { @@ -705,12 +705,12 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx, { int r = 0; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } /* For CBC input length should be multiple of @@ -758,12 +758,12 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx, size_t block_bytes = length - (length % AES_BLOCK_BYTES); if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } @@ -846,17 +846,17 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx, size_t n; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!iv_off) { ESP_LOGE(TAG, "No IV offset supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!valid_key_length(ctx)) { @@ -931,17 +931,17 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx, size_t stream_bytes = 0; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!iv_off) { ESP_LOGE(TAG, "No IV offset supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } n = *iv_off; @@ -992,7 +992,7 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx, size_t n; if (esp_aes_validate_input(ctx, input, output)) { - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!stream_block) { @@ -1002,12 +1002,12 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx, if (!nonce_counter) { ESP_LOGE(TAG, "No nonce supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } if (!nc_off) { ESP_LOGE(TAG, "No nonce offset supplied"); - return -1; + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } n = *nc_off; diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index 6a5627b7c3..0952b37091 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -24,6 +24,7 @@ #include "esp_log.h" #include "mbedtls/aes.h" +#include "mbedtls/gcm.h" #include "esp_heap_caps.h" #include "soc/soc_memory_layout.h" @@ -340,12 +341,12 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, if (!ctx) { ESP_LOGE(TAG, "No AES context supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } /* Initialize AES-GCM context */ @@ -401,12 +402,12 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx, if (!ctx) { ESP_LOGE(TAG, "No AES context supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if ( (aad_len > 0) && !aad) { ESP_LOGE(TAG, "No aad supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if (ctx->gcm_state != ESP_AES_GCM_STATE_START) { @@ -435,21 +436,21 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, if (!output_length) { ESP_LOGE(TAG, "No output length supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } *output_length = input_length; if (!ctx) { ESP_LOGE(TAG, "No GCM context supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if (!input) { ESP_LOGE(TAG, "No input supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if (!output) { ESP_LOGE(TAG, "No output supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if ( output > input && (size_t) ( output - input ) < input_length ) { @@ -611,7 +612,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, In practice, e.g. with mbedtls the length of aad will always be short */ if (aad_len > LLDESC_MAX_NUM_PER_DESC) { - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } /* IV and AD are limited to 2^32 bits, so 2^29 bytes */ /* IV is not allowed to be zero length */ @@ -623,17 +624,17 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, if (!ctx) { ESP_LOGE(TAG, "No AES context supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } if ( (aad_len > 0) && !aad) { ESP_LOGE(TAG, "No aad supplied"); - return -1; + return MBEDTLS_ERR_GCM_BAD_INPUT; } /* Initialize AES-GCM context */ diff --git a/components/mbedtls/port/include/aes/esp_aes_gcm.h b/components/mbedtls/port/include/aes/esp_aes_gcm.h index 0336ca49d4..192f251b73 100644 --- a/components/mbedtls/port/include/aes/esp_aes_gcm.h +++ b/components/mbedtls/port/include/aes/esp_aes_gcm.h @@ -18,10 +18,6 @@ extern "C" { #endif - -#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ -#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function.*/ - typedef enum { ESP_AES_GCM_STATE_INIT, ESP_AES_GCM_STATE_START,