search

espressif / esp-wolfssl

WolfSSL port for ESP-IDF & ESP8266_RTOS_SDK
38 stars 13 forks source link

wc_AesCfbEncrypt results in LoadProhibited #9

Closed portasynthinca3 closed 3 years ago

portasynthinca3 commented 3 years ago

I'm trying to encrypt and decrypt some data using AES-128 in CFB mode. Most of the time I'm getting very weird exceptions like this:

Guru Meditation Error: Core  1 panic'ed (LoadProhibited). Exception was unhandled.

Core  1 register dump:
PC      : 0x400da2c7  PS      : 0x00060130  A0      : 0x800d2c91  A1      : 0x3ffd3730  
A2      : 0x3ffb3874  A3      : 0x3ffd37c0  A4      : 0x3ffd3780  A5      : 0x00000033  
A6      : 0x00000001  A7      : 0x3ffb397c  A8      : 0xfa6f0b8d  A9      : 0xfa6f0b7d  
A10     : 0x4016d6a8  A11     : 0x00000005  A12     : 0x3f4006f8  A13     : 0x3ffb4934  
A14     : 0x0000000a  A15     : 0x3ffb4988  SAR     : 0x00000004  EXCCAUSE: 0x0000001c  
EXCVADDR: 0xfa6f0b8d  LBEG    : 0x400014fd  LEND    : 0x4000150d  LCOUNT  : 0xfffffffd  

Backtrace:0x400da2c4:0x3ffd3730 0x400d2c8e:0x3ffd3750 0x400d2e10:0x3ffd3780 0x400d2e89:0x3ffd3830 0x4008787d:0x3ffd38a0

After poking the source code a bit and examining objdumps, I have found that this line of code at aes.c:7102 doesn't evaluate properly for some reason:

tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;

The value ends up in A8, after which it is being dereferenced which causes the exception. In the particular register dump above it is equal to 0xfa6f0b8d. However, this piece of code just before the function call prints a sane result:

// 0x3ffb3874 0x3ffb397c 16 0 0x3ffb398c
ESP_LOGI("AES-DBG", "%p %p %i %i %p",
        &aes,
        aes.tmp,
        AES_BLOCK_SIZE,
        aes.left,
        (uint8_t*)aes.tmp + AES_BLOCK_SIZE - aes.left);

These two calculations are separated by a function call and two if statements, neither of which manipulate the aes structure:

int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
    byte*  tmp = NULL;
    byte*  reg = NULL;

    if (aes == NULL || out == NULL || in == NULL) {
        return BAD_FUNC_ARG;
    }

    if (aes->left && sz) {
        reg = (byte*)aes->reg + AES_BLOCK_SIZE - aes->left;
    }

    /* consume any unused bytes left in aes->tmp */
    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;

I having trouble wrapping my head around this issue

AdityaHPatwardhan commented 3 years ago

Hi @portasynthinca3 , can you provide some sample code to test the issue ?

Also I would like to note that there is update in the licensing for esp-wolfssl component as mentioned in https://github.com/espressif/esp-wolfssl#licensing.

mahavirj commented 3 years ago

Closing due to lack of update, please feel to reopen with more information