lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Add check for pake operation buffer overflow

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
2023-02-27 11:49:35 +01:00
parent e3ef3a15cd
commit 4dc83d40af
3 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/proposed/psa-driver-interface.md
View File

@ -458,6 +458,10 @@ For `PSA_ALG_JPAKE` the following steps are available for input operation:
* `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key * `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key
* `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key * `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key
The core has checked that input_length is smaller than PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
where primitive is the JPAKE algorithm primitive and step the PSA API level input step.
Thus no risk of integer overflow while checking operation buffer overflow.
### PAKE driver get implicit key ### PAKE driver get implicit key
``` ```

15
library/psa_crypto_pake.c
View File

@ -430,11 +430,26 @@ static psa_status_t mbedtls_psa_pake_input_internal(
3, /* named_curve */ 3, /* named_curve */
0, 23 /* secp256r1 */ 0, 23 /* secp256r1 */
}; };
if (operation->buffer_length + sizeof(ecparameters) > sizeof(operation->buffer)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(operation->buffer + operation->buffer_length, memcpy(operation->buffer + operation->buffer_length,
ecparameters, sizeof(ecparameters)); ecparameters, sizeof(ecparameters));
operation->buffer_length += sizeof(ecparameters); operation->buffer_length += sizeof(ecparameters);
} }
/*
* The core has checked that input_length is smaller than
* PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
* where primitive is the JPAKE algorithm primitive and step
* the PSA API level input step. Thus no risk of integer overflow here.
*/
if (operation->buffer_length + input_length + 1 > sizeof(operation->buffer)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
/* Write the length byte */ /* Write the length byte */
operation->buffer[operation->buffer_length] = (uint8_t) input_length; operation->buffer[operation->buffer_length] = (uint8_t) input_length;
operation->buffer_length += 1; operation->buffer_length += 1;

6
library/psa_crypto_pake.h
View File

@ -96,6 +96,12 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
* entry point as defined in the PSA driver interface specification for * entry point as defined in the PSA driver interface specification for
* transparent drivers. * transparent drivers.
* *
* \note The core has checked that input_length is smaller than
PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
where primitive is the JPAKE algorithm primitive and step
the PSA API level input step. Thus no risk of integer overflow while
checking operation buffer overflow.
*
* \param[in,out] operation Active PAKE operation. * \param[in,out] operation Active PAKE operation.
* \param step The driver step for which the input is provided. * \param step The driver step for which the input is provided.
* \param[in] input Buffer containing the input in the format * \param[in] input Buffer containing the input in the format