From a9261e34ad171f7e1d2f2bc0520a68e4230da984 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 15 May 2026 17:15:35 +0200 Subject: [PATCH] Small tweaks Signed-off-by: Pol Henarejos --- src/crypto_utils.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/crypto_utils.c b/src/crypto_utils.c index 99f3bd9..8ac8a7e 100644 --- a/src/crypto_utils.c +++ b/src/crypto_utils.c @@ -120,26 +120,27 @@ int decrypt_with_aad(const uint8_t key[32], const uint8_t *in_buf, size_t in_len const uint8_t *tag = in_buf + in_len - 16; mbedtls_gcm_context gcm; - mbedtls_gcm_init(&gcm); uint8_t kenc[32]; if (version == PIN_KDF_V2) { pin_derive_kenc2(key, kenc); - } else if (version == PIN_KDF_V1) { + } + else if (version == PIN_KDF_V1) { pin_derive_kenc(key, kenc); } else { - mbedtls_gcm_free(&gcm); return PICOKEYS_WRONG_DATA; } - int rc = mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, kenc, 256); + mbedtls_gcm_init(&gcm); + int ret = mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, kenc, 256); mbedtls_platform_zeroize(kenc, sizeof(kenc)); - if (rc != 0) { - return rc; + if (ret != 0) { + return ret; } - rc = mbedtls_gcm_auth_decrypt(&gcm, in_len - 16 - 12, nonce, 12, pico_serial_hash, sizeof(pico_serial_hash), tag, 16, ct, out_buf); + MBEDTLS_MPI_CHK(mbedtls_gcm_auth_decrypt(&gcm, in_len - 16 - 12, nonce, 12, pico_serial_hash, sizeof(pico_serial_hash), tag, 16, ct, out_buf)); + cleanup: mbedtls_gcm_free(&gcm); - return rc; + return ret; } // Old functions, kept for compatibility. NOT SECURE, use the new ones above.