diff options
author | Summer Qin <summer.qin@arm.com> | 2018-07-02 14:19:42 +0800 |
---|---|---|
committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2019-03-22 20:09:28 +0100 |
commit | e7dbc357e4f927150836fae68da133dd7de4da2f (patch) | |
tree | 70999faa5d2625ca670b31fa1b5a51879b035ab2 /core | |
parent | fcd21d9eaa85eea432685af2d565477f7ca4a526 (diff) |
core: add encrypt key length in AES encrypt API
Adds size of expanded AES encryption key to crypto_aes_expand_enc_key()
and crypto_aes_enc_block() to make the functions more safe to call.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/crypto/aes-gcm-sw.c | 9 | ||||
-rw-r--r-- | core/include/crypto/crypto.h | 24 | ||||
-rw-r--r-- | core/lib/libtomcrypt/src/tee_ltc_provider.c | 11 |
3 files changed, 36 insertions, 8 deletions
diff --git a/core/crypto/aes-gcm-sw.c b/core/crypto/aes-gcm-sw.c index 5c59bf16..b651d5e0 100644 --- a/core/crypto/aes-gcm-sw.c +++ b/core/crypto/aes-gcm-sw.c @@ -79,12 +79,17 @@ void __weak internal_aes_gcm_encrypt_block(const struct internal_aes_gcm_key *ek, const void *src, void *dst) { - crypto_aes_enc_block(ek->data, ek->rounds, src, dst); + size_t ek_len = sizeof(ek->data); + + crypto_aes_enc_block(ek->data, ek_len, ek->rounds, src, dst); } TEE_Result __weak internal_aes_gcm_expand_enc_key(const void *key, size_t key_len, struct internal_aes_gcm_key *ek) { - return crypto_aes_expand_enc_key(key, key_len, ek->data, &ek->rounds); + size_t ek_len = sizeof(ek->data); + + return crypto_aes_expand_enc_key(key, key_len, ek->data, ek_len, + &ek->rounds); } diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h index 54a5f74f..a57d9cc1 100644 --- a/core/include/crypto/crypto.h +++ b/core/include/crypto/crypto.h @@ -316,9 +316,27 @@ void crypto_rng_add_event(enum crypto_rng_src sid, unsigned int *pnum, */ TEE_Result crypto_rng_read(void *buf, size_t len); +/* + * crypto_aes_expand_enc_key() - Expand an AES key + * @key: AES key buffer + * @key_len: Size of the the @key buffer in bytes + * @enc_key: Expanded AES encryption key buffer + * @enc_keylen: Size of the @enc_key buffer in bytes + * @rounds: Number of rounds to be used during encryption + */ TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, - void *enc_key, unsigned int *rounds); -void crypto_aes_enc_block(const void *enc_key, unsigned int rounds, - const void *src, void *dst); + void *enc_key, size_t enc_keylen, + unsigned int *rounds); + +/* + * crypto_aes_enc_block() - Encrypt an AES block + * @enc_key: Expanded AES encryption key + * @enc_keylen: Size of @enc_key in bytes + * @rounds: Number of rounds + * @src: Source buffer of one AES block (16 bytes) + * @dst: Destination buffer of one AES block (16 bytes) + */ +void crypto_aes_enc_block(const void *enc_key, size_t enc_keylen, + unsigned int rounds, const void *src, void *dst); #endif /* __CRYPTO_CRYPTO_H */ diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index cae91b7d..75373fac 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -1441,10 +1441,14 @@ TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, #endif TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, - void *enc_key, unsigned int *rounds) + void *enc_key, size_t enc_keylen, + unsigned int *rounds) { symmetric_key skey; + if (enc_keylen < sizeof(skey.rijndael.eK)) + return TEE_ERROR_BAD_PARAMETERS; + if (aes_setup(key, key_len, 0, &skey)) return TEE_ERROR_BAD_PARAMETERS; @@ -1453,11 +1457,12 @@ TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, return TEE_SUCCESS; } -void crypto_aes_enc_block(const void *enc_key, unsigned int rounds, - const void *src, void *dst) +void crypto_aes_enc_block(const void *enc_key, size_t enc_keylen __maybe_unused, + unsigned int rounds, const void *src, void *dst) { symmetric_key skey; + assert(enc_keylen >= sizeof(skey.rijndael.eK)); memcpy(skey.rijndael.eK, enc_key, sizeof(skey.rijndael.eK)); skey.rijndael.Nr = rounds; if (aes_ecb_encrypt(src, dst, &skey)) |