From 420ac840ff785a370c0bde3845a9f86758b8ca06 Mon Sep 17 00:00:00 2001 From: Cao Sen Miao Date: Tue, 24 Oct 2023 11:31:33 +0800 Subject: [PATCH] fix(flash_encryption): Fix the issue that XTS_AES Plain text memory size wrong --- components/hal/esp32c2/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/hal/esp32c3/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/hal/esp32c6/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/hal/esp32s2/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/hal/esp32s3/include/hal/spi_flash_encrypted_ll.h | 4 +++- components/soc/esp32c6/include/soc/Kconfig.soc_caps.in | 2 +- components/soc/esp32c6/include/soc/soc_caps.h | 2 +- components/soc/esp32h2/include/soc/Kconfig.soc_caps.in | 2 +- components/soc/esp32h2/include/soc/soc_caps.h | 2 +- components/soc/esp32p4/include/soc/Kconfig.soc_caps.in | 2 +- components/soc/esp32p4/include/soc/soc_caps.h | 2 +- 13 files changed, 27 insertions(+), 13 deletions(-) diff --git a/components/hal/esp32c2/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32c2/include/hal/spi_flash_encrypted_ll.h index 6717fc87c0..8d59c99148 100644 --- a/components/hal/esp32c2/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32c2/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/system_reg.h" #include "soc/xts_aes_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -84,7 +85,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(XTS_AES_PLAIN_MEM + plaintext_offs), buffer, size); } diff --git a/components/hal/esp32c3/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32c3/include/hal/spi_flash_encrypted_ll.h index 1196d16c12..8857e1f915 100644 --- a/components/hal/esp32c3/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32c3/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/system_reg.h" #include "soc/xts_aes_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -84,7 +85,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(XTS_AES_PLAIN_MEM + plaintext_offs), buffer, size); } diff --git a/components/hal/esp32c6/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32c6/include/hal/spi_flash_encrypted_ll.h index 5e05cd6aba..20c303344a 100644 --- a/components/hal/esp32c6/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32c6/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/hp_system_reg.h" #include "soc/xts_aes_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -84,7 +85,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(XTS_AES_PLAIN_MEM(0) + plaintext_offs), buffer, size); } diff --git a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h index 5e05cd6aba..20c303344a 100644 --- a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/hp_system_reg.h" #include "soc/xts_aes_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -84,7 +85,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(XTS_AES_PLAIN_MEM(0) + plaintext_offs), buffer, size); } diff --git a/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h index 398839abaf..de642b56d6 100644 --- a/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32p4/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/hp_system_reg.h" #include "soc/spi_mem_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -88,7 +89,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(SPI_MEM_XTS_PLAIN_BASE_REG(0) + plaintext_offs), buffer, size); } diff --git a/components/hal/esp32s2/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32s2/include/hal/spi_flash_encrypted_ll.h index 34d38742cf..529fb99007 100644 --- a/components/hal/esp32s2/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32s2/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/system_reg.h" #include "soc/hwcrypto_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -93,7 +94,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(AES_XTS_PLAIN_BASE + plaintext_offs), buffer, size); } diff --git a/components/hal/esp32s3/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32s3/include/hal/spi_flash_encrypted_ll.h index cac478ee51..dae3528dd9 100644 --- a/components/hal/esp32s3/include/hal/spi_flash_encrypted_ll.h +++ b/components/hal/esp32s3/include/hal/spi_flash_encrypted_ll.h @@ -17,6 +17,7 @@ #include "soc/system_reg.h" #include "soc/hwcrypto_reg.h" #include "soc/soc.h" +#include "soc/soc_caps.h" #include "hal/assert.h" #ifdef __cplusplus @@ -84,7 +85,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size) */ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size) { - uint32_t plaintext_offs = (address % 64); + uint32_t plaintext_offs = (address % SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); + HAL_ASSERT(plaintext_offs + size <= SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX); memcpy((void *)(AES_XTS_PLAIN_BASE + plaintext_offs), buffer, size); } diff --git a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in index cb4f3353cd..fbca618fb7 100644 --- a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in @@ -1113,7 +1113,7 @@ config SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY config SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX int - default 32 + default 64 config SOC_FLASH_ENCRYPTION_XTS_AES bool diff --git a/components/soc/esp32c6/include/soc/soc_caps.h b/components/soc/esp32c6/include/soc/soc_caps.h index 74f1670767..d82e4dba85 100644 --- a/components/soc/esp32c6/include/soc/soc_caps.h +++ b/components/soc/esp32c6/include/soc/soc_caps.h @@ -455,7 +455,7 @@ #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 1 /*-------------------------- Flash Encryption CAPS----------------------------*/ -#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (32) +#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 82c436d287..110397316c 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1093,7 +1093,7 @@ config SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY config SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX int - default 32 + default 64 config SOC_FLASH_ENCRYPTION_XTS_AES bool diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 6df8be0068..f267085e02 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -448,7 +448,7 @@ #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 1 /*-------------------------- Flash Encryption CAPS----------------------------*/ -#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (32) +#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1 diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 37bf739736..04d59467ba 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -1069,7 +1069,7 @@ config SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY config SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX int - default 32 + default 64 config SOC_FLASH_ENCRYPTION_XTS_AES bool diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 35685464f6..82ffb8d876 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -479,7 +479,7 @@ #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 1 /*-------------------------- Flash Encryption CAPS----------------------------*/ -#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (32) +#define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX (64) #define SOC_FLASH_ENCRYPTION_XTS_AES 1 #define SOC_FLASH_ENCRYPTION_XTS_AES_128 1