TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fba59211869f562d5b27110815bf9007d4fda87a^! / . / include / mbedtls / aes.h
commitfba59211869f562d5b27110815bf9007d4fda87a[log] [tgz]
authorAndrzej Kurek <andrzej.kurek@arm.com>Fri Aug 07 21:02:25 2020 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>Sat Aug 08 19:06:44 2020 -0400
tree8a5eef1c00384d7ba5d0a6d1a7136a45e6f06139
parent9df2b416b908b7ce206386a04980ac9f6c66b57c [diff] [blame]
aes: validate keys using crc before encryption/decryption

CRC is calculated when the key is set. This commit also adds new tests
for ecb encryption and decryption, simulating a fault injection after the key is set.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index cb7d726..5fb020f 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h

@@ -90,6 +90,9 @@
 #if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
     uint32_t frk[8];            /*!< Fake AES round keys. */
 #endif
+#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
+    uint16_t crc;               /*!< CRC-16 of the set key */
+#endif
 #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
     uint32_t buf[44];           /*!< Unaligned data buffer */
 #else /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */