mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-05 19:35:48 +03:00
Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28
[Backport 2.28] Copy buffers in AEAD
This commit is contained in:
David Horstmann
GitHub
@@ -241,7 +241,7 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
|
|||||||
uint64_t iv_bits;
|
uint64_t iv_bits;
|
||||||
|
|
||||||
GCM_VALIDATE_RET(ctx != NULL);
|
GCM_VALIDATE_RET(ctx != NULL);
|
||||||
GCM_VALIDATE_RET(iv != NULL);
|
GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
|
||||||
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
||||||
|
|
||||||
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
||||||
@@ -433,7 +433,7 @@ int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
|
|||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
GCM_VALIDATE_RET(ctx != NULL);
|
GCM_VALIDATE_RET(ctx != NULL);
|
||||||
GCM_VALIDATE_RET(iv != NULL);
|
GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
|
||||||
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
||||||
GCM_VALIDATE_RET(length == 0 || input != NULL);
|
GCM_VALIDATE_RET(length == 0 || input != NULL);
|
||||||
GCM_VALIDATE_RET(length == 0 || output != NULL);
|
GCM_VALIDATE_RET(length == 0 || output != NULL);
|
||||||
@@ -470,7 +470,7 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
|
|||||||
int diff;
|
int diff;
|
||||||
|
|
||||||
GCM_VALIDATE_RET(ctx != NULL);
|
GCM_VALIDATE_RET(ctx != NULL);
|
||||||
GCM_VALIDATE_RET(iv != NULL);
|
GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
|
||||||
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
||||||
GCM_VALIDATE_RET(tag != NULL);
|
GCM_VALIDATE_RET(tag != NULL);
|
||||||
GCM_VALIDATE_RET(length == 0 || input != NULL);
|
GCM_VALIDATE_RET(length == 0 || input != NULL);
|
||||||
|
|||||||
@@ -3931,19 +3931,24 @@ exit:
|
|||||||
|
|
||||||
psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
|
psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *nonce,
|
const uint8_t *nonce_external,
|
||||||
size_t nonce_length,
|
size_t nonce_length,
|
||||||
const uint8_t *additional_data,
|
const uint8_t *additional_data_external,
|
||||||
size_t additional_data_length,
|
size_t additional_data_length,
|
||||||
const uint8_t *plaintext,
|
const uint8_t *plaintext_external,
|
||||||
size_t plaintext_length,
|
size_t plaintext_length,
|
||||||
uint8_t *ciphertext,
|
uint8_t *ciphertext_external,
|
||||||
size_t ciphertext_size,
|
size_t ciphertext_size,
|
||||||
size_t *ciphertext_length)
|
size_t *ciphertext_length)
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_slot_t *slot;
|
psa_key_slot_t *slot;
|
||||||
|
|
||||||
|
LOCAL_INPUT_DECLARE(nonce_external, nonce);
|
||||||
|
LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
|
||||||
|
LOCAL_INPUT_DECLARE(plaintext_external, plaintext);
|
||||||
|
LOCAL_OUTPUT_DECLARE(ciphertext_external, ciphertext);
|
||||||
|
|
||||||
*ciphertext_length = 0;
|
*ciphertext_length = 0;
|
||||||
|
|
||||||
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
|
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
|
||||||
@@ -3960,6 +3965,11 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
|
|||||||
.core = slot->attr
|
.core = slot->attr
|
||||||
};
|
};
|
||||||
|
|
||||||
|
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
|
||||||
|
LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length, additional_data);
|
||||||
|
LOCAL_INPUT_ALLOC(plaintext_external, plaintext_length, plaintext);
|
||||||
|
LOCAL_OUTPUT_ALLOC(ciphertext_external, ciphertext_size, ciphertext);
|
||||||
|
|
||||||
status = psa_driver_wrapper_aead_encrypt(
|
status = psa_driver_wrapper_aead_encrypt(
|
||||||
&attributes, slot->key.data, slot->key.bytes,
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
alg,
|
alg,
|
||||||
@@ -3972,6 +3982,15 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
|
|||||||
memset(ciphertext, 0, ciphertext_size);
|
memset(ciphertext, 0, ciphertext_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Exit label is only used for buffer copying, prevent unused warnings. */
|
||||||
|
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
|
||||||
|
exit:
|
||||||
|
#endif
|
||||||
|
LOCAL_INPUT_FREE(nonce_external, nonce);
|
||||||
|
LOCAL_INPUT_FREE(additional_data_external, additional_data);
|
||||||
|
LOCAL_INPUT_FREE(plaintext_external, plaintext);
|
||||||
|
LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext);
|
||||||
|
|
||||||
psa_unlock_key_slot(slot);
|
psa_unlock_key_slot(slot);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
@@ -3979,19 +3998,24 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
|
|||||||
|
|
||||||
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
|
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *nonce,
|
const uint8_t *nonce_external,
|
||||||
size_t nonce_length,
|
size_t nonce_length,
|
||||||
const uint8_t *additional_data,
|
const uint8_t *additional_data_external,
|
||||||
size_t additional_data_length,
|
size_t additional_data_length,
|
||||||
const uint8_t *ciphertext,
|
const uint8_t *ciphertext_external,
|
||||||
size_t ciphertext_length,
|
size_t ciphertext_length,
|
||||||
uint8_t *plaintext,
|
uint8_t *plaintext_external,
|
||||||
size_t plaintext_size,
|
size_t plaintext_size,
|
||||||
size_t *plaintext_length)
|
size_t *plaintext_length)
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_slot_t *slot;
|
psa_key_slot_t *slot;
|
||||||
|
|
||||||
|
LOCAL_INPUT_DECLARE(nonce_external, nonce);
|
||||||
|
LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
|
||||||
|
LOCAL_INPUT_DECLARE(ciphertext_external, ciphertext);
|
||||||
|
LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
|
||||||
|
|
||||||
*plaintext_length = 0;
|
*plaintext_length = 0;
|
||||||
|
|
||||||
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
|
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
|
||||||
@@ -4008,6 +4032,12 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
|
|||||||
.core = slot->attr
|
.core = slot->attr
|
||||||
};
|
};
|
||||||
|
|
||||||
|
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
|
||||||
|
LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length,
|
||||||
|
additional_data);
|
||||||
|
LOCAL_INPUT_ALLOC(ciphertext_external, ciphertext_length, ciphertext);
|
||||||
|
LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
|
||||||
|
|
||||||
status = psa_driver_wrapper_aead_decrypt(
|
status = psa_driver_wrapper_aead_decrypt(
|
||||||
&attributes, slot->key.data, slot->key.bytes,
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
alg,
|
alg,
|
||||||
@@ -4020,6 +4050,15 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
|
|||||||
memset(plaintext, 0, plaintext_size);
|
memset(plaintext, 0, plaintext_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Exit label is only used for buffer copying, prevent unused warnings. */
|
||||||
|
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
|
||||||
|
exit:
|
||||||
|
#endif
|
||||||
|
LOCAL_INPUT_FREE(nonce_external, nonce);
|
||||||
|
LOCAL_INPUT_FREE(additional_data_external, additional_data);
|
||||||
|
LOCAL_INPUT_FREE(ciphertext_external, ciphertext);
|
||||||
|
LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
|
||||||
|
|
||||||
psa_unlock_key_slot(slot);
|
psa_unlock_key_slot(slot);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
|
|||||||
@@ -150,7 +150,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
|
|||||||
_buffer_name: Optional[str]) -> bool:
|
_buffer_name: Optional[str]) -> bool:
|
||||||
"""Whether the specified buffer argument to a PSA function should be copied.
|
"""Whether the specified buffer argument to a PSA function should be copied.
|
||||||
"""
|
"""
|
||||||
# Proof-of-concept: just instrument one function for now
|
if function_name.startswith('psa_aead'):
|
||||||
|
return True
|
||||||
if function_name == 'psa_cipher_encrypt':
|
if function_name == 'psa_cipher_encrypt':
|
||||||
return True
|
return True
|
||||||
if function_name in ('psa_key_derivation_output_bytes',
|
if function_name in ('psa_key_derivation_output_bytes',
|
||||||
|
|||||||
@@ -66,7 +66,19 @@ psa_status_t mbedtls_test_wrap_psa_aead_decrypt(
|
|||||||
size_t arg9_plaintext_size,
|
size_t arg9_plaintext_size,
|
||||||
size_t *arg10_plaintext_length)
|
size_t *arg10_plaintext_length)
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg6_ciphertext, arg7_ciphertext_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg8_plaintext, arg9_plaintext_size);
|
||||||
|
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
|
||||||
psa_status_t status = (psa_aead_decrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length);
|
psa_status_t status = (psa_aead_decrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length);
|
||||||
|
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg6_ciphertext, arg7_ciphertext_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg8_plaintext, arg9_plaintext_size);
|
||||||
|
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -84,7 +96,19 @@ psa_status_t mbedtls_test_wrap_psa_aead_encrypt(
|
|||||||
size_t arg9_ciphertext_size,
|
size_t arg9_ciphertext_size,
|
||||||
size_t *arg10_ciphertext_length)
|
size_t *arg10_ciphertext_length)
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg6_plaintext, arg7_plaintext_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_POISON(arg8_ciphertext, arg9_ciphertext_size);
|
||||||
|
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
|
||||||
psa_status_t status = (psa_aead_encrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length);
|
psa_status_t status = (psa_aead_encrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length);
|
||||||
|
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg6_plaintext, arg7_plaintext_length);
|
||||||
|
MBEDTLS_TEST_MEMORY_UNPOISON(arg8_ciphertext, arg9_ciphertext_size);
|
||||||
|
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user