diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index bfab50220..cc0eade24 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -67,17 +67,29 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { if (!wolfSSL_TI_CCMInit()) return 1; - if ((aes == NULL) || (key == NULL) || (iv == NULL)) + if ((aes == NULL) || (key == NULL)) return BAD_FUNC_ARG; if (!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION))) return BAD_FUNC_ARG; switch (len) { - case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT; break; - case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT; break; - case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT; break; - default: return BAD_FUNC_ARG; + #ifdef WOLFSSL_AES_128 + case 16: + break; + #endif + #ifdef WOLFSSL_AES_192 + case 24: + break; + #endif + #ifdef WOLFSSL_AES_256 + case 32: + break; + #endif + default: + return BAD_FUNC_ARG; } + aes->keylen = len; + aes->rounds = len / 4 + 6; XMEMCPY(aes->key, key, len); #ifdef WOLFSSL_AES_COUNTER @@ -92,10 +104,10 @@ static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, /* Processed aligned chunk to HW AES */ wolfSSL_TI_lockCCM(); ROM_AESReset(AES_BASE); - ROM_AESConfigSet(AES_BASE, (aes->keylen | dir | + ROM_AESConfigSet(AES_BASE, (aes->keylen-8 | dir | (mode == AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode))); ROM_AESIVSet(AES_BASE, (uint32_t *)aes->reg); - ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen); + ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen-8); if ((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC)) { /* if input and output same will overwrite input iv */ XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -104,7 +116,7 @@ static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, wolfSSL_TI_unlockCCM(); /* store iv for next call */ - if (mode == AES_CFG_MODE_CBC){ + if (mode == AES_CFG_MODE_CBC) { if (dir == AES_CFG_DIR_ENCRYPT) XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); else @@ -139,19 +151,19 @@ static int AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, while (sz > 0) { size = sz; in_p = in; out_p = out; - if (!IS_ALIGN16(in)){ + if (!IS_ALIGN16(in)) { size = sz > TI_BUFFSIZE ? TI_BUFFSIZE : sz; XMEMCPY(buff, in, size); in_p = (const byte *)buff; } - if (!IS_ALIGN16(out)){ + if (!IS_ALIGN16(out)) { size = sz > TI_BUFFSIZE ? TI_BUFFSIZE : sz; out_p = buff; } AesAlign16(aes, out_p, in_p, size, dir, mode); - if (!IS_ALIGN16(out)){ + if (!IS_ALIGN16(out)) { XMEMCPY(out, buff, size); } sz -= size; in += size; out += size; @@ -181,13 +193,13 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) tmp = (char *)aes->tmp; if (aes->left) { - if ((aes->left + sz) >= AES_BLOCK_SIZE){ + if ((aes->left + sz) >= AES_BLOCK_SIZE) { odd = AES_BLOCK_SIZE - aes->left; } else { odd = sz; } XMEMCPY(tmp+aes->left, in, odd); - if ((odd+aes->left) == AES_BLOCK_SIZE){ + if ((odd+aes->left) == AES_BLOCK_SIZE) { ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR); if (ret != 0) @@ -267,12 +279,12 @@ static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz, word32 *M, word32 *L) { (void) authInSz; - if ((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL)) + if ((aes == NULL) || (nonce == NULL) || (authTag== NULL) || (authIn == NULL)) return BAD_FUNC_ARG; - if ((inSz != 0) && ((out == NULL)||(in == NULL))) + if ((inSz != 0) && ((out == NULL) || (in == NULL))) return BAD_FUNC_ARG; - switch(authTagSz){ + switch (authTagSz) { case 4: *M = AES_CFG_CCM_M_4; break; case 6: @@ -291,7 +303,7 @@ static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz, return 1; } - switch(nonceSz){ + switch (nonceSz) { case 7: *L = AES_CFG_CCM_L_8; break; case 8: @@ -317,7 +329,7 @@ static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz, static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) { - if (mode == AES_CFG_MODE_CCM){ + if (mode == AES_CFG_MODE_CCM) { XMEMSET(aes->reg, 0, 16); switch (L) { case AES_CFG_CCM_L_8: @@ -342,7 +354,8 @@ static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, else { byte *b = (byte *)aes->reg; XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); - XMEMCPY(aes->reg, nonce, len); + if (nonce != NULL && len < AES_BLOCK_SIZE) + XMEMCPY(aes->reg, nonce, len); b[AES_BLOCK_SIZE-4] = 0; b[AES_BLOCK_SIZE-3] = 0; b[AES_BLOCK_SIZE-2] = 0; @@ -365,7 +378,7 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L); - if (ret != 0) { + if (ret == BAD_FUNC_ARG) { return ret; } @@ -415,11 +428,11 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, /* do aes-ccm */ AesAuthSetIv(aes, nonce, nonceSz, L, mode); ROM_AESReset(AES_BASE); - ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT | + ROM_AESConfigSet(AES_BASE, (aes->keylen-8 | AES_CFG_DIR_ENCRYPT | AES_CFG_CTR_WIDTH_128 | mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))); ROM_AESIVSet(AES_BASE, aes->reg); - ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen); + ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen-8); ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz, (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag); if (ret == false) { @@ -451,10 +464,9 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, byte *nonce_a, *nonce_save = NULL; word32 tmpTag[4]; - ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L); - if (ret != 0) { + if (ret == BAD_FUNC_ARG) { return ret; } @@ -503,14 +515,14 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, /* do aes-ccm */ AesAuthSetIv(aes, nonce, nonceSz, L, mode); ROM_AESReset(AES_BASE); - ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT | + ROM_AESConfigSet(AES_BASE, (aes->keylen-8 | AES_CFG_DIR_DECRYPT | AES_CFG_CTR_WIDTH_128 | mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))); ROM_AESIVSet(AES_BASE, aes->reg); - ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen); + ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen-8); ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz, (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag); - if ((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){ + if ((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)) { XMEMSET(out, 0, inSz); ret = false; } else { diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c index 92b2fe996..0077e96da 100644 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -62,8 +62,10 @@ #define SHAMD5_ALGO_SHA224 4 #endif -static int hashInit(wolfssl_TI_Hash *hash) { - if (!wolfSSL_TI_CCMInit())return 1; +static int hashInit(wolfssl_TI_Hash *hash) +{ + if (!wolfSSL_TI_CCMInit()) + return 1; hash->used = 0; hash->msg = 0; hash->len = 0; @@ -115,8 +117,13 @@ static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 return 0; } -static int hashCopy(wolfssl_TI_Hash *src, wolfssl_TI_Hash *dst) { - XMEMCPY(dst, src, sizeof(wolfssl_TI_Hash)); +static int hashCopy(wolfssl_TI_Hash *src, wolfssl_TI_Hash *dst) +{ + /* only copy hash, zero the rest of the struct to avoid double-free */ + dst->msg = NULL; + dst->used = 0; + dst->len = 0; + XMEMCPY(dst->hash, src->hash, sizeof(dst->hash)); return 0; } @@ -194,11 +201,12 @@ WOLFSSL_API int wc_Md5GetHash(Md5* md5, byte* hash) return hashGetHash((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE); } -WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst) { +WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst) +{ return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); } -WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash) +WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte* hash) { return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE); } @@ -239,11 +247,12 @@ WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash) return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE); } -WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst) { +WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst) +{ return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); } -WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash) +WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte* hash) { return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE); } @@ -284,7 +293,12 @@ WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash) return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE); } -WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash) +WOLFSSL_API int wc_Sha224Copy(Sha224* src, Sha224* dst) +{ + return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); +} + +WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte* hash) { return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE); } @@ -326,7 +340,12 @@ WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash) return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE); } -WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash) +WOLFSSL_API int wc_Sha256Copy(Sha256* src, Sha256* dst) +{ + return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); +} + +WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte* hash) { return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE); }