Skip to content

Commit 89c993e

Browse files
JacobBarthelmehJacobBarthelmeh
committed
fix AES-CCM enc/dec for SECO (passes nonce directly)
1 parent b79879d commit 89c993e

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

wolfcrypt/src/port/caam/wolfcaam_aes.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,7 @@ static int wc_CAAM_AesAeadCommon(Aes* aes, const byte* in, byte* out, word32 sz,
104104

105105

106106
#if defined(HAVE_AESCCM)
107+
#ifndef WOLFSSL_SECO_CAAM
107108
/* B0 is [ reserved | adata | M | L ] [ nonce ] [ l(m) ]
108109
* Ctr is current counter
109110
*/
@@ -141,6 +142,7 @@ static word32 CreateB0CTR(byte* B0Ctr0, const byte* nonce, word32 nonceSz,
141142

142143
return 0;
143144
}
145+
#endif
144146

145147

146148
/* plaintext in ciphertext and mac out
@@ -150,7 +152,9 @@ int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
150152
const byte* nonce, word32 nonceSz, byte* authTag, word32 authTagSz,
151153
const byte* authIn, word32 authInSz)
152154
{
155+
#ifndef WOLFSSL_SECO_CAAM
153156
byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
157+
#endif
154158

155159
if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
156160
nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
@@ -162,9 +166,14 @@ int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
162166
return BAD_FUNC_ARG;
163167
}
164168

169+
#ifndef WOLFSSL_SECO_CAAM
165170
CreateB0CTR(B0Ctr0, nonce, nonceSz, authInSz, authTagSz, sz);
166171
return wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*AES_BLOCK_SIZE,
167172
authTag, authTagSz, authIn, authInSz, CAAM_ENC, CAAM_AESCCM);
173+
#else
174+
return wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
175+
authTag, authTagSz, authIn, authInSz, CAAM_ENC, CAAM_AESCCM);
176+
#endif
168177
}
169178

170179

@@ -176,7 +185,9 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
176185
word32 authTagSz, const byte* authIn, word32 authInSz)
177186
{
178187
int ret;
188+
#ifndef WOLFSSL_SECO_CAAM
179189
byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
190+
#endif
180191

181192
/* sanity check on arguments */
182193
if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
@@ -189,9 +200,14 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
189200
return BAD_FUNC_ARG;
190201
}
191202

203+
#ifndef WOLFSSL_SECO_CAAM
192204
CreateB0CTR(B0Ctr0, nonce, nonceSz, authInSz, authTagSz, sz);
193205
ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*AES_BLOCK_SIZE,
194206
(byte*)authTag, authTagSz, authIn, authInSz, CAAM_DEC, CAAM_AESCCM);
207+
#else
208+
ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
209+
(byte*)authTag, authTagSz, authIn, authInSz, CAAM_DEC, CAAM_AESCCM);
210+
#endif
195211

196212
if (ret != 0) {
197213
/* If the authTag check fails, don't keep the decrypted data.

0 commit comments

Comments
 (0)