From 5f3a938d9542bfa93f82f926586bd0e715df08da Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 13 Sep 2023 16:28:12 +0530 Subject: [PATCH] Fix psa_key_derivation_setup_kdf Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 83 ++++++++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 26 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8baa6b6f5..3ca89fbe8b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6075,27 +6075,39 @@ static psa_status_t psa_key_derivation_setup_kdf( if (!is_kdf_alg_supported(kdf_alg)) { return PSA_ERROR_NOT_SUPPORTED; } + psa_status_t status = PSA_SUCCESS; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256); + return PSA_SUCCESS; + } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if (UINT_MAX > UINT32_MAX) + operation->capacity = UINT32_MAX * PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, + 128U, + PSA_ALG_CMAC); +#else + operation->capacity = UINT32_MAX; +#endif + return PSA_SUCCESS; + } +#endif - /* All currently supported key derivation algorithms (apart from - * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); size_t hash_size = PSA_HASH_LENGTH(hash_alg); - if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { - hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); - } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { - hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); - } else { - if (hash_size == 0) { - return PSA_ERROR_NOT_SUPPORTED; - } + if (hash_size == 0) { + return PSA_ERROR_NOT_SUPPORTED; + } - /* Make sure that hash_alg is a supported hash algorithm. Otherwise - * we might fail later, which is somewhat unfriendly and potentially - * risk-prone. */ - psa_status_t status = psa_hash_try_support(hash_alg); - if (status != PSA_SUCCESS) { - return status; - } + /* Make sure that hash_alg is a supported hash algorithm. Otherwise + * we might fail later, which is somewhat unfriendly and potentially + * risk-prone. */ + status = psa_hash_try_support(hash_alg); + if (status != PSA_SUCCESS) { + return status; } if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || @@ -6103,16 +6115,35 @@ static psa_status_t psa_key_derivation_setup_kdf( !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { return PSA_ERROR_NOT_SUPPORTED; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) - if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) || - (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS)) { + if (PSA_ALG_IS_HKDF(kdf_alg)) { + operation->capacity = 255 * hash_size; + } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { operation->capacity = hash_size; - } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ - operation->capacity = 255 * hash_size; - return PSA_SUCCESS; + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { + operation->capacity = 255 * hash_size; + } +#endif + if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) { + operation->capacity = UINT_MAX; + } + if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { + /* Master Secret consists of 2-byte version number + * and a 46-byte random value */ + operation->capacity = 48U; + } + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if (UINT_MAX > UINT32_MAX) + operation->capacity = UINT32_MAX * hash_size; +#else + operation->capacity = UINT32_MAX; +#endif + } + return status; } static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)