Update share as word-wise

will-v-pi · will-v-pi · commit c2a114547edb · 2025-01-20T11:17:37.000Z
diff --git a/bintool/mbedtls_wrapper.h b/bintool/mbedtls_wrapper.h
@@ -38,22 +38,24 @@ typedef struct iv {
     uint8_t bytes[16];
 } iv_t; /**< Convenience typedef */
 
+typedef struct aes_key {
+    /** An array 32 bytes key data. */
+    union {
+        uint8_t bytes[32];
+        uint32_t words[8];
+    };
+} aes_key_t; /**< Convenience typedef */
+
 typedef struct aes_key_share {
+    /** An array 128 bytes key data, 1 word from each share at a time. */
     union {
-        struct {
-            /** A 4-way share of the 256-bit value. */
-            uint8_t bytes_a[32];
-            uint8_t bytes_b[32];
-            uint8_t bytes_c[32];
-            uint8_t bytes_d[32];
-        };
         uint8_t bytes[128];
+        uint32_t words[32];
     };
 } aes_key_share_t; /**< Convenience typedef */
 
 typedef signature_t public_t;
 typedef message_digest_t private_t;
-typedef message_digest_t aes_key_t;
 
 void mb_sha256_buffer(const uint8_t *data, size_t len, message_digest_t *digest_out);
 void mb_aes256_buffer(const uint8_t *data, size_t len, uint8_t *data_out, const aes_key_t *key, iv_t *iv);
diff --git a/main.cpp b/main.cpp
@@ -4724,13 +4724,16 @@ bool encrypt_command::execute(device_map &devices) {
     auto aes_file = get_file_idx(ios::in|ios::binary, 2);
     aes_file->exceptions(std::iostream::failbit | std::iostream::badbit);
 
-    // Key is stored as a 4-way share, ie X = A ^ B ^ C ^ D
     aes_key_share_t aes_key_share;
     aes_file->read((char*)aes_key_share.bytes, sizeof(aes_key_share.bytes));
 
     aes_key_t aes_key;
-    for (int i=0; i < sizeof(aes_key); i++) {
-        aes_key.bytes[i] = aes_key_share.bytes_a[i] ^ aes_key_share.bytes_b[i] ^ aes_key_share.bytes_c[i] ^ aes_key_share.bytes_d[i];
+    // Key is stored as a 4-way share of each word, ie X[0] = A[0] ^ B[0] ^ C[0] ^ D[0], stored as A[0], B[0], C[0], D[0]
+    for (int i=0; i < count_of(aes_key.words); i++) {
+        aes_key.words[i] = aes_key_share.words[i*4]
+                         ^ aes_key_share.words[i*4 + 1]
+                         ^ aes_key_share.words[i*4 + 2]
+                         ^ aes_key_share.words[i*4 + 3];
     }
 
     private_t private_key = {};
