lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge branch 'development-restricted' into mac_buffer_protection

Browse Source 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
This commit is contained in:
tom-daubney-arm
2024-02-22 15:26:06 +00:00
committed by GitHub
parent 03f1ea3624 cf3457ef26
commit 5cd611d144
4 changed files with 368 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
library/psa_crypto.c
View File

@ -2366,10 +2366,11 @@ exit:
}
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
@ -2382,6 +2383,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
return PSA_SUCCESS;
}
LOCAL_INPUT_ALLOC(input_external, input_length, input);
status = psa_driver_wrapper_hash_update(operation, input, input_length);
exit:
@ -2389,32 +2391,57 @@ exit:
psa_hash_abort(operation);
}
LOCAL_INPUT_FREE(input_external, input);
return status;
}
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
static psa_status_t psa_hash_finish_internal(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*hash_length = 0;
if (operation->id == 0) {
return PSA_ERROR_BAD_STATE;
}
psa_status_t status = psa_driver_wrapper_hash_finish(
status = psa_driver_wrapper_hash_finish(
operation, hash, hash_size, hash_length);
psa_hash_abort(operation);
return status;
}
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash_external,
size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_OUTPUT_DECLARE(hash_external, hash);
LOCAL_OUTPUT_ALLOC(hash_external, hash_size, hash);
status = psa_hash_finish_internal(operation, hash, hash_size, hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_OUTPUT_FREE(hash_external, hash);
return status;
}
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
const uint8_t *hash_external,
size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(hash_external, hash);
status = psa_hash_finish_internal(
operation,
actual_hash, sizeof(actual_hash),
&actual_hash_length);
@ -2428,6 +2455,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
goto exit;
}
LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@ -2437,36 +2465,55 @@ exit:
if (status != PSA_SUCCESS) {
psa_hash_abort(operation);
}
LOCAL_INPUT_FREE(hash_external, hash);
return status;
}
psa_status_t psa_hash_compute(psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *hash, size_t hash_size,
const uint8_t *input_external, size_t input_length,
uint8_t *hash_external, size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_OUTPUT_DECLARE(hash_external, hash);
*hash_length = 0;
if (!PSA_ALG_IS_HASH(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_driver_wrapper_hash_compute(alg, input, input_length,
hash, hash_size, hash_length);
LOCAL_INPUT_ALLOC(input_external, input_length, input);
LOCAL_OUTPUT_ALLOC(hash_external, hash_size, hash);
status = psa_driver_wrapper_hash_compute(alg, input, input_length,
hash, hash_size, hash_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_INPUT_FREE(input_external, input);
LOCAL_OUTPUT_FREE(hash_external, hash);
return status;
}
psa_status_t psa_hash_compare(psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length)
const uint8_t *input_external, size_t input_length,
const uint8_t *hash_external, size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_INPUT_DECLARE(hash_external, hash);
if (!PSA_ALG_IS_HASH(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
status = PSA_ERROR_INVALID_ARGUMENT;
return status;
}
psa_status_t status = psa_driver_wrapper_hash_compute(
LOCAL_INPUT_ALLOC(input_external, input_length, input);
status = psa_driver_wrapper_hash_compute(
alg, input, input_length,
actual_hash, sizeof(actual_hash),
&actual_hash_length);
@ -2477,12 +2524,18 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
exit:
mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
LOCAL_INPUT_FREE(input_external, input);
LOCAL_INPUT_FREE(hash_external, hash);
return status;
}
@ -4640,19 +4693,24 @@ static psa_status_t psa_aead_check_algorithm(psa_algorithm_t alg)
psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
const uint8_t *nonce_external,
size_t nonce_length,
const uint8_t *additional_data,
const uint8_t *additional_data_external,
size_t additional_data_length,
const uint8_t *plaintext,
const uint8_t *plaintext_external,
size_t plaintext_length,
uint8_t *ciphertext,
uint8_t *ciphertext_external,
size_t ciphertext_size,
size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
LOCAL_INPUT_DECLARE(nonce_external, nonce);
LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
LOCAL_INPUT_DECLARE(plaintext_external, plaintext);
LOCAL_OUTPUT_DECLARE(ciphertext_external, ciphertext);
*ciphertext_length = 0;
status = psa_aead_check_algorithm(alg);
@ -4670,6 +4728,11 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
.core = slot->attr
};
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length, additional_data);
LOCAL_INPUT_ALLOC(plaintext_external, plaintext_length, plaintext);
LOCAL_OUTPUT_ALLOC(ciphertext_external, ciphertext_size, ciphertext);
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
@ -4688,6 +4751,11 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
}
exit:
LOCAL_INPUT_FREE(nonce_external, nonce);
LOCAL_INPUT_FREE(additional_data_external, additional_data);
LOCAL_INPUT_FREE(plaintext_external, plaintext);
LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext);
psa_unregister_read(slot);
return status;
@ -4695,19 +4763,24 @@ exit:
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
const uint8_t *nonce_external,
size_t nonce_length,
const uint8_t *additional_data,
const uint8_t *additional_data_external,
size_t additional_data_length,
const uint8_t *ciphertext,
const uint8_t *ciphertext_external,
size_t ciphertext_length,
uint8_t *plaintext,
uint8_t *plaintext_external,
size_t plaintext_size,
size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
LOCAL_INPUT_DECLARE(nonce_external, nonce);
LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
LOCAL_INPUT_DECLARE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
*plaintext_length = 0;
status = psa_aead_check_algorithm(alg);
@ -4725,6 +4798,12 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
.core = slot->attr
};
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length,
additional_data);
LOCAL_INPUT_ALLOC(ciphertext_external, ciphertext_length, ciphertext);
LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
@ -4743,6 +4822,11 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
}
exit:
LOCAL_INPUT_FREE(nonce_external, nonce);
LOCAL_INPUT_FREE(additional_data_external, additional_data);
LOCAL_INPUT_FREE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
psa_unregister_read(slot);
return status;
@ -4884,9 +4968,44 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
return psa_aead_setup(operation, 0, key, alg);
}
static psa_status_t psa_aead_set_nonce_internal(psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if (operation->nonce_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_aead_check_nonce_length(operation->alg, nonce_length);
if (status != PSA_SUCCESS) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
nonce_length);
exit:
if (status == PSA_SUCCESS) {
operation->nonce_set = 1;
} else {
psa_aead_abort(operation);
}
return status;
}
/* Generate a random nonce / IV for multipart AEAD operation */
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
uint8_t *nonce,
uint8_t *nonce_external,
size_t nonce_size,
size_t *nonce_length)
{
@ -4894,6 +5013,9 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
size_t required_nonce_size = 0;
LOCAL_OUTPUT_DECLARE(nonce_external, nonce);
LOCAL_OUTPUT_ALLOC(nonce_external, nonce_size, nonce);
*nonce_length = 0;
if (operation->id == 0) {
@ -4927,7 +5049,8 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
goto exit;
}
status = psa_aead_set_nonce(operation, local_nonce, required_nonce_size);
status = psa_aead_set_nonce_internal(operation, local_nonce,
required_nonce_size);
exit:
if (status == PSA_SUCCESS) {
@ -4937,42 +5060,30 @@ exit:
psa_aead_abort(operation);
}
LOCAL_OUTPUT_FREE(nonce_external, nonce);
return status;
}
/* Set the nonce for a multipart authenticated encryption or decryption
operation.*/
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
const uint8_t *nonce,
const uint8_t *nonce_external,
size_t nonce_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t status;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
LOCAL_INPUT_DECLARE(nonce_external, nonce);
LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
if (operation->nonce_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_aead_check_nonce_length(operation->alg, nonce_length);
if (status != PSA_SUCCESS) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
nonce_length);
status = psa_aead_set_nonce_internal(operation, nonce, nonce_length);
/* Exit label is only needed for buffer copying, prevent unused warnings. */
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
if (status == PSA_SUCCESS) {
operation->nonce_set = 1;
} else {
psa_aead_abort(operation);
}
#endif
LOCAL_INPUT_FREE(nonce_external, nonce);
return status;
}
@ -5044,11 +5155,14 @@ exit:
/* Pass additional data to an active multipart AEAD operation. */
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_INPUT_ALLOC(input_external, input_length, input);
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
@ -5084,20 +5198,29 @@ exit:
psa_aead_abort(operation);
}
LOCAL_INPUT_FREE(input_external, input);
return status;
}
/* Encrypt or decrypt a message fragment in an active multipart AEAD
operation.*/
psa_status_t psa_aead_update(psa_aead_operation_t *operation,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length,
uint8_t *output,
uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_OUTPUT_DECLARE(output_external, output);
LOCAL_INPUT_ALLOC(input_external, input_length, input);
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
*output_length = 0;
if (operation->id == 0) {
@ -5144,6 +5267,9 @@ exit:
psa_aead_abort(operation);
}
LOCAL_INPUT_FREE(input_external, input);
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
@ -5163,15 +5289,21 @@ static psa_status_t psa_aead_final_checks(const psa_aead_operation_t *operation)
/* Finish encrypting a message in a multipart AEAD operation. */
psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
uint8_t *ciphertext,
uint8_t *ciphertext_external,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
uint8_t *tag_external,
size_t tag_size,
size_t *tag_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_OUTPUT_DECLARE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_DECLARE(tag_external, tag);
LOCAL_OUTPUT_ALLOC(ciphertext_external, ciphertext_size, ciphertext);
LOCAL_OUTPUT_ALLOC(tag_external, tag_size, tag);
*ciphertext_length = 0;
*tag_length = tag_size;
@ -5202,20 +5334,29 @@ exit:
psa_aead_abort(operation);
LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext);
LOCAL_OUTPUT_FREE(tag_external, tag);
return status;
}
/* Finish authenticating and decrypting a message in a multipart AEAD
operation.*/
psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
uint8_t *plaintext,
uint8_t *plaintext_external,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
const uint8_t *tag_external,
size_t tag_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
LOCAL_INPUT_DECLARE(tag_external, tag);
LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
LOCAL_INPUT_ALLOC(tag_external, tag_length, tag);
*plaintext_length = 0;
status = psa_aead_final_checks(operation);
@ -5236,6 +5377,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
exit:
psa_aead_abort(operation);
LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
LOCAL_INPUT_FREE(tag_external, tag);
return status;
}
@ -5842,10 +5986,12 @@ static psa_status_t psa_key_derivation_pbkdf2_read(
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
uint8_t *output_external,
size_t output_length)
{
psa_status_t status;
LOCAL_OUTPUT_DECLARE(output_external, output);
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
if (operation->alg == 0) {
@ -5853,13 +5999,6 @@ psa_status_t psa_key_derivation_output_bytes(
return PSA_ERROR_BAD_STATE;
}
if (output_length > operation->capacity) {
operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
if (output_length == 0 && operation->capacity == 0) {
/* Edge case: this is a finished operation, and 0 bytes
* were requested. The right error in this case could
@ -5869,6 +6008,16 @@ psa_status_t psa_key_derivation_output_bytes(
* output_length > 0. */
return PSA_ERROR_INSUFFICIENT_DATA;
}
LOCAL_OUTPUT_ALLOC(output_external, output_length, output);
if (output_length > operation->capacity) {
operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
operation->capacity -= output_length;
#if defined(BUILTIN_ALG_ANY_HKDF)
@ -5902,7 +6051,10 @@ psa_status_t psa_key_derivation_output_bytes(
{
(void) kdf_alg;
return PSA_ERROR_BAD_STATE;
status = PSA_ERROR_BAD_STATE;
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
exit:
@ -5914,8 +6066,12 @@ exit:
psa_algorithm_t alg = operation->alg;
psa_key_derivation_abort(operation);
operation->alg = alg;
memset(output, '!', output_length);
if (output != NULL) {
memset(output, '!', output_length);
}
}
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
@ -6895,12 +7051,12 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg,
{
psa_status_t status = PSA_SUCCESS;
if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) {
status = psa_hash_compute(hash_alg, input, input_len, output,
PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len);
} else {
return psa_hash_compute(hash_alg, input, input_len, output,
PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len);
} else if (input_len > 0) {
memcpy(output, input, input_len);
*output_len = PSA_HASH_BLOCK_LENGTH(hash_alg);
}
*output_len = PSA_HASH_BLOCK_LENGTH(hash_alg);
return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
@ -7134,12 +7290,22 @@ static psa_status_t psa_key_derivation_input_integer_internal(
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
const uint8_t *data_external,
size_t data_length)
{
return psa_key_derivation_input_internal(operation, step,
PSA_KEY_TYPE_NONE,
data, data_length);
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(data_external, data);
LOCAL_INPUT_ALLOC(data_external, data_length, data);
status = psa_key_derivation_input_internal(operation, step,
PSA_KEY_TYPE_NONE,
data, data_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_INPUT_FREE(data_external, data);
return status;
}
psa_status_t psa_key_derivation_input_integer(