@@ -5167,6 +5167,8 @@ static int wp11_token_write_seed_dhuk(void* storage, WP11_Token* token)
51675167 Aes aes ;
51685168 byte iv [WP11_SEED_DHUK_IV_SZ ];
51695169 byte wrappedSeed [PIN_SEED_SZ ];
5170+ /* Single buffer: big-endian word32 length + IV + encrypted seed */
5171+ byte buf [sizeof (word32 ) + WP11_SEED_DHUK_IV_SZ + PIN_SEED_SZ ];
51705172
51715173 WP11_Lock_LockRW (& token -> rngLock );
51725174 ret = wc_RNG_GenerateBlock (& token -> rng , iv , sizeof (iv ));
@@ -5189,12 +5191,17 @@ static int wp11_token_write_seed_dhuk(void* storage, WP11_Token* token)
51895191 if (ret != 0 )
51905192 return ret ;
51915193
5192- ret = wp11_storage_write_word32 (storage , WP11_SEED_WRAPPED_SZ );
5193- if (ret == 0 )
5194- ret = wp11_storage_write_fixed_array (storage , iv , WP11_SEED_DHUK_IV_SZ );
5195- if (ret == 0 )
5196- ret = wp11_storage_write (storage , wrappedSeed , (int )WP11_SEED_WRAPPED_SZ );
5197- return ret ;
5194+ /* Assemble length (big-endian) + IV + encrypted seed into one buffer */
5195+ buf [0 ] = (byte )(WP11_SEED_WRAPPED_SZ >> 24 );
5196+ buf [1 ] = (byte )(WP11_SEED_WRAPPED_SZ >> 16 );
5197+ buf [2 ] = (byte )(WP11_SEED_WRAPPED_SZ >> 8 );
5198+ buf [3 ] = (byte )(WP11_SEED_WRAPPED_SZ >> 0 );
5199+ XMEMCPY (buf + sizeof (word32 ), iv , WP11_SEED_DHUK_IV_SZ );
5200+ XMEMCPY (buf + sizeof (word32 ) + WP11_SEED_DHUK_IV_SZ , wrappedSeed ,
5201+ PIN_SEED_SZ );
5202+
5203+ /* Single write to avoid multiple flash size-update round-trips */
5204+ return wp11_storage_write (storage , buf , (int )sizeof (buf ));
51985205}
51995206
52005207static int wp11_token_read_seed_dhuk (void * storage , WP11_Token * token )
@@ -5204,19 +5211,32 @@ static int wp11_token_read_seed_dhuk(void* storage, WP11_Token* token)
52045211 byte iv [WP11_SEED_DHUK_IV_SZ ];
52055212 word32 wrappedLen ;
52065213 byte wrappedSeed [PIN_SEED_SZ ];
5214+ /* Single buffer: big-endian word32 length + IV + encrypted seed */
5215+ byte buf [sizeof (word32 ) + WP11_SEED_DHUK_IV_SZ + PIN_SEED_SZ ];
52075216
5208- ret = wp11_storage_read_word32 (storage , & wrappedLen );
5209- if (ret != 0 )
5210- return ret ;
5211- if (wrappedLen != WP11_SEED_WRAPPED_SZ )
5212- return BUFFER_E ;
5213- ret = wp11_storage_read_fixed_array (storage , iv , WP11_SEED_DHUK_IV_SZ );
5214- if (ret != 0 )
5215- return ret ;
5216- ret = wp11_storage_read (storage , wrappedSeed , PIN_SEED_SZ );
5217+ /* Single read to mirror the single write */
5218+ ret = wp11_storage_read (storage , buf , (int )sizeof (buf ));
52175219 if (ret != 0 )
52185220 return ret ;
52195221
5222+ /* Parse length (big-endian word32) from the first 4 bytes */
5223+ wrappedLen = ((word32 )buf [0 ] << 24 ) |
5224+ ((word32 )buf [1 ] << 16 ) |
5225+ ((word32 )buf [2 ] << 8 ) |
5226+ ((word32 )buf [3 ] << 0 );
5227+ if (wrappedLen != WP11_SEED_WRAPPED_SZ ) {
5228+ return BUFFER_E ; /* This size check will likely catch if an older style
5229+ * token was read without DHUK wrapping. Treating it
5230+ * as a failure rather than continuing on to avoid
5231+ * using an unwrapped key when it is assumed that the
5232+ * seed was wrapped. */
5233+ }
5234+
5235+ /* Extract IV and encrypted seed from the buffer */
5236+ XMEMCPY (iv , buf + sizeof (word32 ), WP11_SEED_DHUK_IV_SZ );
5237+ XMEMCPY (wrappedSeed , buf + sizeof (word32 ) + WP11_SEED_DHUK_IV_SZ ,
5238+ PIN_SEED_SZ );
5239+
52205240 ret = wc_AesInit (& aes , NULL , WOLFSSL_STM32U5_DHUK_DEVID );
52215241 if (ret != 0 )
52225242 return ret ;
0 commit comments