wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for STM32 AES GCM decrypt to support partial (not multiple of 4) for auth tag calculation.

Browse Source
This commit is contained in:
David Garske
2021-04-12 16:57:57 -07:00
parent acf1a9833b
commit 89e4bae8d2
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
wolfcrypt/src/aes.c
View File

@ -7456,7 +7456,11 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
/* for cases where hardware cannot be used for authTag calculate it */
/* if IV is not 12 calculate GHASH using software */
if (ivSz != GCM_NONCE_MID_SZ || sz == 0 || partial != 0
if (ivSz != GCM_NONCE_MID_SZ
#ifndef CRYP_HEADERWIDTHUNIT_BYTE
/* or harware that does not support partial block */
|| sz == 0 || partial != 0
#endif
#ifndef STM32_AESGCM_PARTIAL
/* or authIn is not a multiple of 4 */
|| authPadSz != authInSz
@ -7515,6 +7519,18 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
HAL_CRYP_Init(&hcryp);
/* GCM payload phase - can handle partial blocks */
#ifdef CRYP_HEADERWIDTHUNIT_BYTE
{
/* clear remainder of partial input (for 32-bit uint) */
word32 remain = (partial & 3);
if (remain > 0)
remain = 4 - remain;
while (sz > 0 && remain > 0) {
((byte*)in)[sz + remain - 1] = 0;
remain--;
}
}
#endif
status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
(blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
if (status == HAL_OK && !tagComputed) {