lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-05-17 17:41:17 +03:00
Code

Merge branch 'development-restricted' into mac_buffer_protection

Browse Source 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
This commit is contained in:
tom-daubney-arm 2024-02-22 15:26:06 +00:00 committed by GitHub
commit 5cd611d144
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 368 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

318
library/psa_crypto.c
View File

@ -2366,10 +2366,11 @@ exit:
}
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
@ -2382,6 +2383,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
return PSA_SUCCESS;
}
LOCAL_INPUT_ALLOC(input_external, input_length, input);
status = psa_driver_wrapper_hash_update(operation, input, input_length);
exit:
@ -2389,32 +2391,57 @@ exit:
psa_hash_abort(operation);
}
LOCAL_INPUT_FREE(input_external, input);
return status;
}
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
static psa_status_t psa_hash_finish_internal(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*hash_length = 0;
if (operation->id == 0) {
return PSA_ERROR_BAD_STATE;
}
psa_status_t status = psa_driver_wrapper_hash_finish(
status = psa_driver_wrapper_hash_finish(
operation, hash, hash_size, hash_length);
psa_hash_abort(operation);
return status;
}
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash_external,
size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_OUTPUT_DECLARE(hash_external, hash);
LOCAL_OUTPUT_ALLOC(hash_external, hash_size, hash);
status = psa_hash_finish_internal(operation, hash, hash_size, hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_OUTPUT_FREE(hash_external, hash);
return status;
}
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
const uint8_t *hash_external,
size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(hash_external, hash);
status = psa_hash_finish_internal(
operation,
actual_hash, sizeof(actual_hash),
&actual_hash_length);
@ -2428,6 +2455,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
goto exit;
}
LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@ -2437,36 +2465,55 @@ exit:
if (status != PSA_SUCCESS) {
psa_hash_abort(operation);
}
LOCAL_INPUT_FREE(hash_external, hash);
return status;
}
psa_status_t psa_hash_compute(psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *hash, size_t hash_size,
const uint8_t *input_external, size_t input_length,
uint8_t *hash_external, size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_OUTPUT_DECLARE(hash_external, hash);
*hash_length = 0;
if (!PSA_ALG_IS_HASH(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_driver_wrapper_hash_compute(alg, input, input_length,
hash, hash_size, hash_length);
LOCAL_INPUT_ALLOC(input_external, input_length, input);
LOCAL_OUTPUT_ALLOC(hash_external, hash_size, hash);
status = psa_driver_wrapper_hash_compute(alg, input, input_length,
hash, hash_size, hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_INPUT_FREE(input_external, input);
LOCAL_OUTPUT_FREE(hash_external, hash);
return status;
}
psa_status_t psa_hash_compare(psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length)
const uint8_t *input_external, size_t input_length,
const uint8_t *hash_external, size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_INPUT_DECLARE(hash_external, hash);
if (!PSA_ALG_IS_HASH(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
status = PSA_ERROR_INVALID_ARGUMENT;
return status;
}
psa_status_t status = psa_driver_wrapper_hash_compute(
LOCAL_INPUT_ALLOC(input_external, input_length, input);
status = psa_driver_wrapper_hash_compute(
alg, input, input_length,
actual_hash, sizeof(actual_hash),
&actual_hash_length);
@ -2477,12 +2524,18 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
exit:
mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
LOCAL_INPUT_FREE(input_external, input);
LOCAL_INPUT_FREE(hash_external, hash);
return status;
}
@ -4640,19 +4693,24 @@ static psa_status_t psa_aead_check_algorithm(psa_algorithm_t alg)
psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
const uint8_t *nonce_external,
size_t nonce_length,
const uint8_t *additional_data,
const uint8_t *additional_data_external,
size_t additional_data_length,
const uint8_t *plaintext,
const uint8_t *plaintext_external,
size_t plaintext_length,
uint8_t *ciphertext,
uint8_t *ciphertext_external,
size_t ciphertext_size,
size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
LOCAL_INPUT_DECLARE(nonce_external, nonce);
LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
LOCAL_INPUT_DECLARE(plaintext_external, plaintext);
LOCAL_OUTPUT_DECLARE(ciphertext_external, ciphertext);
*ciphertext_length = 0;
status = psa_aead_check_algorithm(alg);
@ -4670,6 +4728,11 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
.core = slot->attr
};
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length, additional_data);
LOCAL_INPUT_ALLOC(plaintext_external, plaintext_length, plaintext);
LOCAL_OUTPUT_ALLOC(ciphertext_external, ciphertext_size, ciphertext);
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
@ -4688,6 +4751,11 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
}
exit:
LOCAL_INPUT_FREE(nonce_external, nonce);
LOCAL_INPUT_FREE(additional_data_external, additional_data);
LOCAL_INPUT_FREE(plaintext_external, plaintext);
LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext);
psa_unregister_read(slot);
return status;
@ -4695,19 +4763,24 @@ exit:
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
const uint8_t *nonce_external,
size_t nonce_length,
const uint8_t *additional_data,
const uint8_t *additional_data_external,
size_t additional_data_length,
const uint8_t *ciphertext,
const uint8_t *ciphertext_external,
size_t ciphertext_length,
uint8_t *plaintext,
uint8_t *plaintext_external,
size_t plaintext_size,
size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
LOCAL_INPUT_DECLARE(nonce_external, nonce);
LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
LOCAL_INPUT_DECLARE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
*plaintext_length = 0;
status = psa_aead_check_algorithm(alg);
@ -4725,6 +4798,12 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
.core = slot->attr
};
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length,
additional_data);
LOCAL_INPUT_ALLOC(ciphertext_external, ciphertext_length, ciphertext);
LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
@ -4743,6 +4822,11 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
}
exit:
LOCAL_INPUT_FREE(nonce_external, nonce);
LOCAL_INPUT_FREE(additional_data_external, additional_data);
LOCAL_INPUT_FREE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
psa_unregister_read(slot);
return status;
@ -4884,9 +4968,44 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
return psa_aead_setup(operation, 0, key, alg);
}
static psa_status_t psa_aead_set_nonce_internal(psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if (operation->nonce_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_aead_check_nonce_length(operation->alg, nonce_length);
if (status != PSA_SUCCESS) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
nonce_length);
exit:
if (status == PSA_SUCCESS) {
operation->nonce_set = 1;
} else {
psa_aead_abort(operation);
}
return status;
}
/* Generate a random nonce / IV for multipart AEAD operation */
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
uint8_t *nonce,
uint8_t *nonce_external,
size_t nonce_size,
size_t *nonce_length)
{
@ -4894,6 +5013,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
size_t required_nonce_size = 0;
LOCAL_OUTPUT_DECLARE(nonce_external, nonce);
LOCAL_OUTPUT_ALLOC(nonce_external, nonce_size, nonce);
*nonce_length = 0;
if (operation->id == 0) {
@ -4927,7 +5049,8 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
goto exit;
}
status = psa_aead_set_nonce(operation, local_nonce, required_nonce_size);
status = psa_aead_set_nonce_internal(operation, local_nonce,
required_nonce_size);
exit:
if (status == PSA_SUCCESS) {
@ -4937,42 +5060,30 @@ exit:
psa_aead_abort(operation);
}
LOCAL_OUTPUT_FREE(nonce_external, nonce);
return status;
}
/* Set the nonce for a multipart authenticated encryption or decryption
operation.*/
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
const uint8_t *nonce,
const uint8_t *nonce_external,
size_t nonce_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t status;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
LOCAL_INPUT_DECLARE(nonce_external, nonce);
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
if (operation->nonce_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_aead_check_nonce_length(operation->alg, nonce_length);
if (status != PSA_SUCCESS) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
nonce_length);
status = psa_aead_set_nonce_internal(operation, nonce, nonce_length);
/* Exit label is only needed for buffer copying, prevent unused warnings. */
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
if (status == PSA_SUCCESS) {
operation->nonce_set = 1;
} else {
psa_aead_abort(operation);
}
#endif
LOCAL_INPUT_FREE(nonce_external, nonce);
return status;
}
@ -5044,11 +5155,14 @@ exit:
/* Pass additional data to an active multipart AEAD operation. */
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_INPUT_ALLOC(input_external, input_length, input);
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
@ -5084,20 +5198,29 @@ exit:
psa_aead_abort(operation);
}
LOCAL_INPUT_FREE(input_external, input);
return status;
}
/* Encrypt or decrypt a message fragment in an active multipart AEAD
operation.*/
psa_status_t psa_aead_update(psa_aead_operation_t *operation,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length,
uint8_t *output,
uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_OUTPUT_DECLARE(output_external, output);
LOCAL_INPUT_ALLOC(input_external, input_length, input);
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
*output_length = 0;
if (operation->id == 0) {
@ -5144,6 +5267,9 @@ exit:
psa_aead_abort(operation);
}
LOCAL_INPUT_FREE(input_external, input);
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
@ -5163,15 +5289,21 @@ static psa_status_t psa_aead_final_checks(const psa_aead_operation_t *operation)
/* Finish encrypting a message in a multipart AEAD operation. */
psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
uint8_t *ciphertext,
uint8_t *ciphertext_external,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
uint8_t *tag_external,
size_t tag_size,
size_t *tag_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_OUTPUT_DECLARE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_DECLARE(tag_external, tag);
LOCAL_OUTPUT_ALLOC(ciphertext_external, ciphertext_size, ciphertext);
LOCAL_OUTPUT_ALLOC(tag_external, tag_size, tag);
*ciphertext_length = 0;
*tag_length = tag_size;
@ -5202,20 +5334,29 @@ exit:
psa_aead_abort(operation);
LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_FREE(tag_external, tag);
return status;
}
/* Finish authenticating and decrypting a message in a multipart AEAD
operation.*/
psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
uint8_t *plaintext,
uint8_t *plaintext_external,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
const uint8_t *tag_external,
size_t tag_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
LOCAL_INPUT_DECLARE(tag_external, tag);
LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
LOCAL_INPUT_ALLOC(tag_external, tag_length, tag);
*plaintext_length = 0;
status = psa_aead_final_checks(operation);
@ -5236,6 +5377,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
exit:
psa_aead_abort(operation);
LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
LOCAL_INPUT_FREE(tag_external, tag);
return status;
}
@ -5842,10 +5986,12 @@ static psa_status_t psa_key_derivation_pbkdf2_read(
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
uint8_t *output_external,
size_t output_length)
{
psa_status_t status;
LOCAL_OUTPUT_DECLARE(output_external, output);
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
if (operation->alg == 0) {
@ -5853,13 +5999,6 @@ psa_status_t psa_key_derivation_output_bytes(
return PSA_ERROR_BAD_STATE;
}
if (output_length > operation->capacity) {
operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
if (output_length == 0 && operation->capacity == 0) {
/* Edge case: this is a finished operation, and 0 bytes
* were requested. The right error in this case could
@ -5869,6 +6008,16 @@ psa_status_t psa_key_derivation_output_bytes(
* output_length > 0. */
return PSA_ERROR_INSUFFICIENT_DATA;
}
LOCAL_OUTPUT_ALLOC(output_external, output_length, output);
if (output_length > operation->capacity) {
operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
operation->capacity -= output_length;
#if defined(BUILTIN_ALG_ANY_HKDF)
@ -5902,7 +6051,10 @@ psa_status_t psa_key_derivation_output_bytes(
{
(void) kdf_alg;
return PSA_ERROR_BAD_STATE;
status = PSA_ERROR_BAD_STATE;
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
exit:
@ -5914,8 +6066,12 @@ exit:
psa_algorithm_t alg = operation->alg;
psa_key_derivation_abort(operation);
operation->alg = alg;
memset(output, '!', output_length);
if (output != NULL) {
memset(output, '!', output_length);
}
}
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
@ -6895,12 +7051,12 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg,
{
psa_status_t status = PSA_SUCCESS;
if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) {
status = psa_hash_compute(hash_alg, input, input_len, output,
PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len);
} else {
return psa_hash_compute(hash_alg, input, input_len, output,
PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len);
} else if (input_len > 0) {
memcpy(output, input, input_len);
*output_len = PSA_HASH_BLOCK_LENGTH(hash_alg);
}
*output_len = PSA_HASH_BLOCK_LENGTH(hash_alg);
return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
@ -7134,12 +7290,22 @@ static psa_status_t psa_key_derivation_input_integer_internal(
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
const uint8_t *data_external,
size_t data_length)
{
return psa_key_derivation_input_internal(operation, step,
PSA_KEY_TYPE_NONE,
data, data_length);
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(data_external, data);
LOCAL_INPUT_ALLOC(data_external, data_length, data);
status = psa_key_derivation_input_internal(operation, step,
PSA_KEY_TYPE_NONE,
data, data_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_INPUT_FREE(data_external, data);
return status;
}
psa_status_t psa_key_derivation_input_integer(

12
tests/scripts/generate_psa_wrappers.py
View File

@ -142,9 +142,13 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
_buffer_name: Optional[str]) -> bool:
"""Whether the specified buffer argument to a PSA function should be copied.
"""
# Proof-of-concept: just instrument one function for now
if function_name.startswith('psa_aead'):
return True
if function_name == 'psa_cipher_encrypt':
return True
if function_name in ('psa_key_derivation_output_bytes',
'psa_key_derivation_input_bytes'):
return True
if function_name in ('psa_import_key',
'psa_export_key',
'psa_export_public_key'):
@ -154,6 +158,12 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
'psa_sign_hash',
'psa_verify_hash'):
return True
if function_name in ('psa_hash_update',
'psa_hash_finish',
'psa_hash_verify',
'psa_hash_compute',
'psa_hash_compare'):
return True
if function_name in ('psa_mac_update',
'psa_mac_sign_finish',
'psa_mac_verify_finish',

112
tests/src/psa_test_wrappers.c
View File

@ -70,7 +70,19 @@ psa_status_t mbedtls_test_wrap_psa_aead_decrypt(
size_t arg9_plaintext_size,
size_t *arg10_plaintext_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length);
MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length);
MBEDTLS_TEST_MEMORY_POISON(arg6_ciphertext, arg7_ciphertext_length);
MBEDTLS_TEST_MEMORY_POISON(arg8_plaintext, arg9_plaintext_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_decrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg6_ciphertext, arg7_ciphertext_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg8_plaintext, arg9_plaintext_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -98,7 +110,19 @@ psa_status_t mbedtls_test_wrap_psa_aead_encrypt(
size_t arg9_ciphertext_size,
size_t *arg10_ciphertext_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length);
MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length);
MBEDTLS_TEST_MEMORY_POISON(arg6_plaintext, arg7_plaintext_length);
MBEDTLS_TEST_MEMORY_POISON(arg8_ciphertext, arg9_ciphertext_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_encrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg6_plaintext, arg7_plaintext_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg8_ciphertext, arg9_ciphertext_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -122,7 +146,15 @@ psa_status_t mbedtls_test_wrap_psa_aead_finish(
size_t arg5_tag_size,
size_t *arg6_tag_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_ciphertext, arg2_ciphertext_size);
MBEDTLS_TEST_MEMORY_POISON(arg4_tag, arg5_tag_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_finish)(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_ciphertext, arg2_ciphertext_size);
MBEDTLS_TEST_MEMORY_UNPOISON(arg4_tag, arg5_tag_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -133,7 +165,13 @@ psa_status_t mbedtls_test_wrap_psa_aead_generate_nonce(
size_t arg2_nonce_size,
size_t *arg3_nonce_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_nonce, arg2_nonce_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_generate_nonce)(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_nonce, arg2_nonce_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -153,7 +191,13 @@ psa_status_t mbedtls_test_wrap_psa_aead_set_nonce(
const uint8_t *arg1_nonce,
size_t arg2_nonce_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_nonce, arg2_nonce_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_set_nonce)(arg0_operation, arg1_nonce, arg2_nonce_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_nonce, arg2_nonce_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -166,7 +210,15 @@ psa_status_t mbedtls_test_wrap_psa_aead_update(
size_t arg4_output_size,
size_t *arg5_output_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
MBEDTLS_TEST_MEMORY_POISON(arg3_output, arg4_output_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_update)(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg3_output, arg4_output_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -176,7 +228,13 @@ psa_status_t mbedtls_test_wrap_psa_aead_update_ad(
const uint8_t *arg1_input,
size_t arg2_input_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_update_ad)(arg0_operation, arg1_input, arg2_input_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -189,7 +247,15 @@ psa_status_t mbedtls_test_wrap_psa_aead_verify(
const uint8_t *arg4_tag,
size_t arg5_tag_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_plaintext, arg2_plaintext_size);
MBEDTLS_TEST_MEMORY_POISON(arg4_tag, arg5_tag_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_verify)(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_plaintext, arg2_plaintext_size);
MBEDTLS_TEST_MEMORY_UNPOISON(arg4_tag, arg5_tag_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -514,7 +580,15 @@ psa_status_t mbedtls_test_wrap_psa_hash_compare(
const uint8_t *arg3_hash,
size_t arg4_hash_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_hash_compare)(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -527,7 +601,15 @@ psa_status_t mbedtls_test_wrap_psa_hash_compute(
size_t arg4_hash_size,
size_t *arg5_hash_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_hash_compute)(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -538,7 +620,13 @@ psa_status_t mbedtls_test_wrap_psa_hash_finish(
size_t arg2_hash_size,
size_t *arg3_hash_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_hash, arg2_hash_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_hash_finish)(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_hash, arg2_hash_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -557,7 +645,13 @@ psa_status_t mbedtls_test_wrap_psa_hash_update(
const uint8_t *arg1_input,
size_t arg2_input_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_hash_update)(arg0_operation, arg1_input, arg2_input_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -567,7 +661,13 @@ psa_status_t mbedtls_test_wrap_psa_hash_verify(
const uint8_t *arg1_hash,
size_t arg2_hash_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_hash, arg2_hash_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_hash_verify)(arg0_operation, arg1_hash, arg2_hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_hash, arg2_hash_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -612,7 +712,13 @@ psa_status_t mbedtls_test_wrap_psa_key_derivation_input_bytes(
const uint8_t *arg2_data,
size_t arg3_data_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg2_data, arg3_data_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_key_derivation_input_bytes)(arg0_operation, arg1_step, arg2_data, arg3_data_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_data, arg3_data_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -654,7 +760,13 @@ psa_status_t mbedtls_test_wrap_psa_key_derivation_output_bytes(
uint8_t *arg1_output,
size_t arg2_output_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_output, arg2_output_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_key_derivation_output_bytes)(arg0_operation, arg1_output, arg2_output_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_output, arg2_output_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}

4
tests/suites/test_suite_psa_crypto.function
View File

@ -5131,7 +5131,9 @@ void aead_multipart_generate_nonce(int key_type_arg, data_t *key_data,
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
/* Some tests try to get more than the maximum nonce length,
* so allocate double. */
uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE * 2];
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_status = expected_status_arg;