Zeroize critical buffers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-05-28 17:11:23 +02:00 · 2026-05-08 19:43:46 +02:00
parent 5838d6f443
commit 525b87cd72
3 changed files with 37 additions and 5 deletions
--- a/src/apdu.c
+++ b/src/apdu.c
@@ -45,6 +45,9 @@ int process_apdu(void) {
        }
        chain_used = (size_t)(chain_ptr - chain_buf);
        if (chain_used + apdu.nc >= sizeof(chain_buf)) {
            memset(chain_buf, 0, sizeof(chain_buf));
            chain_ptr = NULL;
            is_chaining = false;
            return SW_CLA_NOT_SUPPORTED();
        }
        memcpy(chain_ptr, apdu.data, apdu.nc);
@@ -57,6 +60,8 @@ int process_apdu(void) {
            memmove(apdu.data + (chain_ptr - chain_buf), apdu.data, apdu.nc);
            memcpy(apdu.data, chain_buf, chain_ptr - chain_buf);
            apdu.nc += (uint16_t)(chain_ptr - chain_buf);
            memset(chain_buf, 0, sizeof(chain_buf));
            chain_ptr = NULL;
            is_chaining = false;
        }
    }
--- a/src/crypto_utils.c
+++ b/src/crypto_utils.c
@@ -95,6 +95,7 @@ int encrypt_with_aad(const uint8_t key[32], const uint8_t *in_buf, size_t in_len
        pin_derive_kenc(key, kenc);
    }
    else {
        mbedtls_gcm_free(&gcm);
        return PICOKEYS_WRONG_DATA;
    }
    int rc = mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, kenc, 256);
@@ -127,6 +128,7 @@ int decrypt_with_aad(const uint8_t key[32], const uint8_t *in_buf, size_t in_len
        pin_derive_kenc(key, kenc);
    }
    else {
        mbedtls_gcm_free(&gcm);
        return PICOKEYS_WRONG_DATA;
    }
    int rc = mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, kenc, 256);
@@ -196,12 +198,20 @@ int aes_encrypt(const uint8_t *key, const uint8_t *iv, uint16_t key_size, int mo
    }
    int r = mbedtls_aes_setkey_enc(&aes, key, key_size);
    if (r != 0) {
        mbedtls_aes_free(&aes);
        mbedtls_platform_zeroize(tmp_iv, sizeof(tmp_iv));
        return PICOKEYS_EXEC_ERROR;
    }
    int rc = 0;
    if (mode == PICOKEYS_AES_MODE_CBC) {
-        return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, len, tmp_iv, data, data);
+        rc = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, len, tmp_iv, data, data);
    }
-    return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, len, &iv_offset, tmp_iv, data, data);
+    else {
        rc = mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, len, &iv_offset, tmp_iv, data, data);
    }
    mbedtls_aes_free(&aes);
    mbedtls_platform_zeroize(tmp_iv, sizeof(tmp_iv));
    return rc;
 }
 int aes_decrypt(const uint8_t *key, const uint8_t *iv, uint16_t key_size, int mode, uint8_t *data, uint16_t len) {
@@ -215,13 +225,26 @@ int aes_decrypt(const uint8_t *key, const uint8_t *iv, uint16_t key_size, int mo
    }
    int r = mbedtls_aes_setkey_dec(&aes, key, key_size);
    if (r != 0) {
        mbedtls_aes_free(&aes);
        mbedtls_platform_zeroize(tmp_iv, sizeof(tmp_iv));
        return PICOKEYS_EXEC_ERROR;
    }
    int rc = 0;
    if (mode == PICOKEYS_AES_MODE_CBC) {
-        return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
+        rc = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
    }
-    r = mbedtls_aes_setkey_enc(&aes, key, key_size); //CFB requires set_enc instead set_dec
+    else {
-    return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
+        r = mbedtls_aes_setkey_enc(&aes, key, key_size); //CFB requires set_enc instead set_dec
        if (r != 0) {
            mbedtls_aes_free(&aes);
            mbedtls_platform_zeroize(tmp_iv, sizeof(tmp_iv));
            return PICOKEYS_EXEC_ERROR;
        }
        rc = mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
    }
    mbedtls_aes_free(&aes);
    mbedtls_platform_zeroize(tmp_iv, sizeof(tmp_iv));
    return rc;
 }
 int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, uint16_t len) {
--- a/src/fs/otp.c
+++ b/src/fs/otp.c
@@ -475,6 +475,7 @@ static void otp_invalidate_key(uint16_t row, uint16_t len) {
        if (inval) {
            memset(inval, 0xFF, len * 2);
            otp_write_data_raw(row, inval, len * 2);
            mbedtls_platform_zeroize(inval, len * 2);
            free(inval);
        }
    }
@@ -489,6 +490,7 @@ static otp_ret_t otp_chaff(uint16_t row, uint16_t len) {
            chaff[i] ^= 0xFF;
        }
        otp_ret_t ret = otp_write_data_raw(row + 32, chaff, len * 2);
        mbedtls_platform_zeroize(chaff, len * 2);
        free(chaff);
        return ret;
    }
@@ -506,6 +508,7 @@ static otp_ret_t otp_migrate_key(uint16_t new_row, uint16_t old_row, uint16_t le
                otp_chaff(new_row, len);
                otp_invalidate_key(old_row, 32);
            }
            mbedtls_platform_zeroize(new_key, len);
            free(new_key);
            return ret;
        }
@@ -539,6 +542,7 @@ void otp_init_files(void) {
 #ifdef PICO_RP2350
        otp_chaff(OTP_KEY_1, 32);
 #endif
        mbedtls_platform_zeroize(mkek, sizeof(mkek));
        write_otp[0] = OTP_KEY_1;
    }
    OTP_READ(OTP_KEY_1, otp_key_1);