lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error

Browse Source 
Psa cipher and mac abort on error
This commit is contained in:
Dave Rodgman
2021-06-25 15:39:59 +01:00
committed by GitHub
parent 918708b824 90d1cb83a0
commit 63ad854de8
2 changed files with 167 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
library/psa_crypto.c
View File

@ -2088,34 +2088,54 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( !PSA_ALG_IS_HASH( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
* directly zeroes the int-sized dummy member of the context union. */
memset( &operation->ctx, 0, sizeof( operation->ctx ) );
return( psa_driver_wrapper_hash_setup( operation, alg ) );
status = psa_driver_wrapper_hash_setup( operation, alg );
exit:
if( status != PSA_SUCCESS )
psa_hash_abort( operation );
return status;
}
psa_status_t psa_hash_update( psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
if( input_length == 0 )
return( PSA_SUCCESS );
psa_status_t status = psa_driver_wrapper_hash_update( operation,
input, input_length );
status = psa_driver_wrapper_hash_update( operation, input, input_length );
exit:
if( status != PSA_SUCCESS )
psa_hash_abort( operation );
@ -2147,13 +2167,24 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
operation,
actual_hash, sizeof( actual_hash ),
&actual_hash_length );
if( status != PSA_SUCCESS )
return( status );
goto exit;
if( actual_hash_length != hash_length )
return( PSA_ERROR_INVALID_SIGNATURE );
{
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
return( PSA_ERROR_INVALID_SIGNATURE );
return( PSA_SUCCESS );
status = PSA_ERROR_INVALID_SIGNATURE;
exit:
if( status != PSA_SUCCESS )
psa_hash_abort(operation);
return( status );
}
psa_status_t psa_hash_compute( psa_algorithm_t alg,
@ -2275,11 +2306,14 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_get_and_lock_key_slot_with_policy(
key,
@ -2287,7 +2321,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
alg );
if( status != PSA_SUCCESS )
return( status );
goto exit;
psa_key_attributes_t attributes = {
.core = slot->attr
@ -2368,29 +2402,37 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
/* Set the output length and content to a safe default, such that in
* case the caller misses an error check, the output would be an
* unachievable MAC. */
*mac_length = mac_size;
if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( ! operation->is_sign )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
* once all the error checks are done. */
if( operation->mac_size == 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( mac_size < operation->mac_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
status = psa_driver_wrapper_mac_sign_finish( operation,
mac, operation->mac_size,
mac_length );
exit:
/* In case of success, set the potential excess room in the output buffer
* to an invalid value, to avoid potentially leaking a longer MAC.
* In case of error, set the output length and content to a safe default,
@ -2420,21 +2462,27 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->is_sign )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->mac_size != mac_length )
{
status = PSA_ERROR_INVALID_SIGNATURE;
goto cleanup;
goto exit;
}
status = psa_driver_wrapper_mac_verify_finish( operation,
mac, mac_length );
cleanup:
exit:
abort_status = psa_mac_abort( operation );
return( status == PSA_SUCCESS ? abort_status : status );
@ -3184,18 +3232,24 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT );
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* The requested algorithm must be one that can be processed by cipher. */
if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Fetch key material from key storage. */
status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
@ -3265,12 +3319,14 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
if( operation->id == 0 )
{
return( PSA_ERROR_BAD_STATE );
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->iv_set || ! operation->iv_required )
{
return( PSA_ERROR_BAD_STATE );
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( iv_size < operation->default_iv_length )
@ -3306,18 +3362,28 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->iv_set || ! operation->iv_required )
return( PSA_ERROR_BAD_STATE );
{
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
return( PSA_ERROR_INVALID_ARGUMENT );
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_cipher_set_iv( operation,
iv,
iv_length );
exit:
if( status == PSA_SUCCESS )
operation->iv_set = 1;
else
@ -3336,11 +3402,14 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
if( operation->id == 0 )
{
return( PSA_ERROR_BAD_STATE );
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->iv_required && ! operation->iv_set )
{
return( PSA_ERROR_BAD_STATE );
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_driver_wrapper_cipher_update( operation,
@ -3349,6 +3418,8 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
output,
output_size,
output_length );
exit:
if( status != PSA_SUCCESS )
psa_cipher_abort( operation );
@ -3364,17 +3435,22 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
if( operation->id == 0 )
{
return( PSA_ERROR_BAD_STATE );
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->iv_required && ! operation->iv_set )
{
return( PSA_ERROR_BAD_STATE );
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_driver_wrapper_cipher_finish( operation,
output,
output_size,
output_length );
exit:
if( status == PSA_SUCCESS )
return( psa_cipher_abort( operation ) );
else