Skip to content

Commit e604d95

Browse files
dgarskedgarske
committed
Cleanup the AES CTR IV.
1 parent bfe4428 commit e604d95

File tree

2 files changed

+12
-10
lines changed

2 files changed

+12
-10
lines changed

include/encrypt.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ int aes_init(void);
6565
void aes_set_iv(uint8_t *nonce, uint32_t address);
6666
#endif /* ENCRYPT_WITH_CHACHA */
6767

68-
/* Internal read/write functions (not exported in the libwolfboot API) */
68+
/* external flash encryption read/write functions */
6969
int ext_flash_encrypt_write(uintptr_t address, const uint8_t *data, int len);
7070
int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len);
7171

src/libwolfboot.c

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1600,13 +1600,14 @@ int aes_init(void)
16001600
/* register AES crypto callback */
16011601
wc_CryptoCb_RegisterDevice(devId, wc_tsip_AesCipher, NULL);
16021602

1603-
/* AES_ENCRYPTION is used for both directions in CTR */
1604-
/* unwrapped key never leaves TSIP and is referenced by tsip_keyIdx */
1603+
/* AES_ENCRYPTION is used for both directions in CTR
1604+
* IV is set later with "wc_AesSetIV" */
16051605
wc_AesSetKeyDirect(&aes_enc, enc_key->encrypted_user_key,
1606-
ENCRYPT_KEY_SIZE, enc_key->initial_vector, AES_ENCRYPTION);
1606+
ENCRYPT_KEY_SIZE, NULL, AES_ENCRYPTION);
16071607
wc_AesSetKeyDirect(&aes_dec, enc_key->encrypted_user_key,
1608-
ENCRYPT_KEY_SIZE, enc_key->initial_vector, AES_ENCRYPTION);
1608+
ENCRYPT_KEY_SIZE, NULL, AES_ENCRYPTION);
16091609

1610+
/* set IV nonce use in aes_set_iv */
16101611
XMEMCPY(encrypt_iv_nonce, enc_key->initial_vector, ENCRYPT_NONCE_SIZE);
16111612
encrypt_initialized = 1;
16121613
}
@@ -1619,7 +1620,6 @@ int aes_init(void)
16191620
ENCRYPT_TMP_SECRET_OFFSET);
16201621
#endif
16211622
uint8_t ff[ENCRYPT_KEY_SIZE];
1622-
uint8_t iv_buf[ENCRYPT_NONCE_SIZE];
16231623
uint8_t* stored_nonce;
16241624

16251625
#ifdef NVM_FLASH_WRITEONCE
@@ -1641,11 +1641,13 @@ int aes_init(void)
16411641
if (XMEMCMP(key, ff, ENCRYPT_KEY_SIZE) == 0)
16421642
return -1;
16431643

1644+
/* AES_ENCRYPTION is used for both directions in CTR
1645+
* IV is set later with "wc_AesSetIV" */
1646+
wc_AesSetKeyDirect(&aes_enc, key, ENCRYPT_KEY_SIZE, NULL, AES_ENCRYPTION);
1647+
wc_AesSetKeyDirect(&aes_dec, key, ENCRYPT_KEY_SIZE, NULL, AES_ENCRYPTION);
1648+
1649+
/* set IV nonce use in aes_set_iv */
16441650
XMEMCPY(encrypt_iv_nonce, stored_nonce, ENCRYPT_NONCE_SIZE);
1645-
XMEMCPY(iv_buf, stored_nonce, ENCRYPT_NONCE_SIZE);
1646-
/* AES_ENCRYPTION is used for both directions in CTR */
1647-
wc_AesSetKeyDirect(&aes_enc, key, ENCRYPT_KEY_SIZE, iv_buf, AES_ENCRYPTION);
1648-
wc_AesSetKeyDirect(&aes_dec, key, ENCRYPT_KEY_SIZE, iv_buf, AES_ENCRYPTION);
16491651
encrypt_initialized = 1;
16501652
#endif
16511653
return 0;

0 commit comments

Comments
 (0)