lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #7331 from mprse/ec-jpake-fix2

Browse Source 
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
This commit is contained in:
Paul Elliott
2023-04-17 16:31:09 +01:00
committed by GitHub
parent f54762e498 7921a03425
commit 4359badbb2
5 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/proposed/psa-driver-interface.md
View File

@ -474,7 +474,8 @@ For `PSA_ALG_JPAKE` the following steps are available for input operation:
* `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key
* `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key
The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE.
The core checks that `input_length` is not greater than `PSA_PAKE_INPUT_SIZE(alg, prim, step)` and
the driver can rely on that.
### PAKE driver get implicit key

10
include/psa/crypto_extra.h
View File

@ -1937,6 +1937,9 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
*
* This macro must expand to a compile-time constant integer.
*
* The value of this macro must be at least as large as the largest value
* returned by PSA_PAKE_OUTPUT_SIZE()
*
* See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p step).
*/
#define PSA_PAKE_OUTPUT_MAX_SIZE 65
@ -1946,6 +1949,9 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
*
* This macro must expand to a compile-time constant integer.
*
* The value of this macro must be at least as large as the largest value
* returned by PSA_PAKE_INPUT_SIZE()
*
* See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p step).
*/
#define PSA_PAKE_INPUT_MAX_SIZE 65
@ -1958,7 +1964,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
/** Returns a suitable initializer for a PAKE operation object of type
* psa_pake_operation_t.
*/
#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \
#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \
{ 0 }, { { 0 } } }
struct psa_pake_cipher_suite_s {
@ -2104,6 +2110,8 @@ struct psa_pake_operation_s {
unsigned int MBEDTLS_PRIVATE(id);
/* Algorithm of the PAKE operation */
psa_algorithm_t MBEDTLS_PRIVATE(alg);
/* A primitive of type compatible with algorithm */
psa_pake_primitive_t MBEDTLS_PRIVATE(primitive);
/* Stage of the PAKE operation: waiting for the setup, collecting inputs
* or computing. */
uint8_t MBEDTLS_PRIVATE(stage);

7
library/psa_crypto.c
View File

@ -7316,6 +7316,8 @@ psa_status_t psa_pake_setup(
memset(&operation->data.inputs, 0, sizeof(operation->data.inputs));
operation->alg = cipher_suite->algorithm;
operation->primitive = PSA_PAKE_PRIMITIVE(cipher_suite->type,
cipher_suite->family, cipher_suite->bits);
operation->data.inputs.cipher_suite = *cipher_suite;
#if defined(PSA_WANT_ALG_JPAKE)
@ -7900,6 +7902,9 @@ psa_status_t psa_pake_input(
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID;
const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg,
operation->primitive,
step);
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = psa_pake_complete_inputs(operation);
@ -7913,7 +7918,7 @@ psa_status_t psa_pake_input(
goto exit;
}
if (input_length == 0 || input_length > PSA_PAKE_INPUT_MAX_SIZE) {
if (input_length == 0 || input_length > max_input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}

6
tests/suites/test_suite_psa_crypto_pake.data
View File

@ -82,10 +82,14 @@ PSA PAKE: invalid first input step
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE
PSA PAKE: input buffer too large
PSA PAKE: input buffer too large #1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT
PSA PAKE: input buffer too large #2
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE_2:PSA_ERROR_INVALID_ARGUMENT
PSA PAKE: invalid output
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT

6
tests/suites/test_suite_psa_crypto_pake.function
View File

@ -17,6 +17,7 @@ typedef enum {
ERR_INJECT_UNKNOWN_STEP,
ERR_INJECT_INVALID_FIRST_STEP,
ERR_INJECT_WRONG_BUFFER_SIZE,
ERR_INJECT_WRONG_BUFFER_SIZE_2,
ERR_INJECT_VALID_OPERATION_AFTER_FAILURE,
ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1,
ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2,
@ -670,6 +671,11 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg,
output_buffer, size_zk_public + 1),
ERR_INJECT_WRONG_BUFFER_SIZE);
SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation,
PSA_PAKE_STEP_ZK_PROOF,
output_buffer, size_zk_proof + 1),
ERR_INJECT_WRONG_BUFFER_SIZE_2);
SETUP_CONDITIONAL_CHECK_STEP(
(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC,
output_buffer, size_zk_public + 1),