cx_aes_siv: Add new function to reset AES hw copro

LedgerHQ · Oct 9, 2024 · a2e8062 · a2e8062
1 parent b23f770
commit a2e8062
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 1 deletion.
diff --git a/include/cx_stubs.h b/include/cx_stubs.h
@@ -145,3 +145,4 @@
 #define _NR_cx_cmac_start 0x8d
 #define _NR_cx_cmac_update 0x8e
 #define _NR_cx_cmac_finish 0x8f
+#define _NR_cx_aes_siv_reset 0x90
diff --git a/lib_cxng/cx.export b/lib_cxng/cx.export
@@ -148,3 +148,4 @@ cx_cipher_reset
 cx_cmac_start
 cx_cmac_update
 cx_cmac_finish
+cx_aes_siv_reset
diff --git a/lib_cxng/include/lcx_aes_siv.h b/lib_cxng/include/lcx_aes_siv.h
@@ -55,6 +55,17 @@ typedef struct _cx_aes_siv_context {
  */
 WARN_UNUSED_RESULT cx_err_t cx_aes_siv_init(cx_aes_siv_context_t *ctx);
 
+/**
+ * @brief Reset the AES-SIV context and HW used.
+ * @details The cipher context must be initialized beforehand.
+ * This function must be called after calls to #cx_aes_siv_finish or
+ * #cx_aes_siv_update.
+ *
+ * @param[in] ctx Pointer to the AES-SIV context.
+ * @return Error code.
+ */
+WARN_UNUSED_RESULT cx_err_t cx_aes_siv_reset(cx_aes_siv_context_t *ctx);
+
 /**
  * @brief Sets the key to compute AES-SIV.
  *

diff --git a/lib_cxng/src/cx_aes_siv.c b/lib_cxng/src/cx_aes_siv.c
@@ -22,6 +22,19 @@ cx_err_t cx_aes_siv_init(cx_aes_siv_context_t *ctx)
  return error;
 }
 
+cx_err_t cx_aes_siv_reset(cx_aes_siv_context_t *ctx)
+{
+ cx_err_t error = CX_INVALID_PARAMETER_VALUE;
+ if (ctx->cipher_ctx == NULL) {
+ goto end;
+ }
+ CX_CHECK(ctx->cipher_ctx->cipher_info->base->ctx_reset());
+ cx_cipher_reset(ctx->cipher_ctx);
+
+end:
+ return error;
+}
+
 cx_err_t cx_aes_siv_set_key(cx_aes_siv_context_t *ctx, const uint8_t *key, size_t key_bitlen)
 {
  // AES SIV uses two keys of either 128, 192 or 256 bits each
@@ -161,6 +174,7 @@ cx_err_t cx_aes_siv_encrypt(cx_aes_siv_context_t *ctx,
  CX_CHECK(cx_aes_siv_finish(ctx, input, in_len, tag));
  CX_CHECK(cx_aes_siv_update(ctx, input, output, in_len));
 end:
+ error = cx_aes_siv_reset(ctx);
  return error;
 }
 
@@ -175,11 +189,12 @@ cx_err_t cx_aes_siv_decrypt(cx_aes_siv_context_t *ctx,
  cx_err_t error;
  CX_CHECK(cx_aes_siv_start(ctx, CX_DECRYPT, tag, CX_AES_BLOCK_SIZE));
  CX_CHECK(cx_aes_siv_update(ctx, input, output, in_len));
- cx_cipher_reset(ctx->cipher_ctx);
+ CX_CHECK(cx_aes_siv_reset(ctx));
  CX_CHECK(cx_aes_siv_update_aad(ctx, aad, aad_len));
  CX_CHECK(cx_aes_siv_finish(ctx, output, in_len, tag));
 
 end:
+ error = cx_aes_siv_reset(ctx);
  return error;
 }
 

diff --git a/src/cx_stubs.S b/src/cx_stubs.S
@@ -160,6 +160,7 @@ CX_TRAMPOLINE _NR_cx_cipher_reset cx_cipher_reset
 CX_TRAMPOLINE _NR_cx_cmac_start cx_cmac_start
 CX_TRAMPOLINE _NR_cx_cmac_update cx_cmac_update
 CX_TRAMPOLINE _NR_cx_cmac_finish cx_cmac_finish
+CX_TRAMPOLINE _NR_cx_aes_siv_reset cx_aes_siv_reset
 
 .thumb_func
 cx_trampoline_helper: