From 6adbb2a351a469336b52ef98485af714e0d35cb0 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jan 2024 18:10:32 +0000 Subject: [PATCH 1/7] Implement safe buffer copying in asymm. encryption Use local copy buffer macros to implement safe copy mechanism in asymmetric encryption API. Signed-off-by: Thomas Daubney --- library/psa_crypto.c | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 57844c5b76..c52a47729e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3283,11 +3283,11 @@ exit: psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, - const uint8_t *input, + const uint8_t *input_external, size_t input_length, - const uint8_t *salt, + const uint8_t *salt_external, size_t salt_length, - uint8_t *output, + uint8_t *output_external, size_t output_size, size_t *output_length) { @@ -3295,6 +3295,9 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; psa_key_attributes_t attributes; + LOCAL_INPUT_DECLARE(input_external, input); + LOCAL_INPUT_DECLARE(salt_external, salt); + LOCAL_OUTPUT_DECLARE(output_external, output); (void) input; (void) input_length; @@ -3323,6 +3326,9 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, .core = slot->attr }; + LOCAL_INPUT_ALLOC(input_external, input_length, input); + LOCAL_INPUT_ALLOC(salt_external, salt_length, salt); + LOCAL_OUTPUT_ALLOC(output_external, output_size, output); status = psa_driver_wrapper_asymmetric_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, salt, salt_length, @@ -3330,16 +3336,20 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, exit: unlock_status = psa_unregister_read(slot); + LOCAL_INPUT_FREE(input_external, input); + LOCAL_INPUT_FREE(salt_external, salt); + LOCAL_OUTPUT_FREE(output_external, output); + return (status == PSA_SUCCESS) ? unlock_status : status; } psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, - const uint8_t *input, + const uint8_t *input_external, size_t input_length, - const uint8_t *salt, + const uint8_t *salt_external, size_t salt_length, - uint8_t *output, + uint8_t *output_external, size_t output_size, size_t *output_length) { @@ -3348,6 +3358,10 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_key_slot_t *slot; psa_key_attributes_t attributes; + LOCAL_INPUT_DECLARE(input_external, input); + LOCAL_INPUT_DECLARE(salt_external, salt); + LOCAL_OUTPUT_DECLARE(output_external, output); + (void) input; (void) input_length; (void) salt; @@ -3374,6 +3388,9 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, .core = slot->attr }; + LOCAL_INPUT_ALLOC(input_external, input_length, input); + LOCAL_INPUT_ALLOC(salt_external, salt_length, salt); + LOCAL_OUTPUT_ALLOC(output_external, output_size, output); status = psa_driver_wrapper_asymmetric_decrypt( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, salt, salt_length, @@ -3382,6 +3399,10 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, exit: unlock_status = psa_unregister_read(slot); + LOCAL_INPUT_FREE(input_external, input); + LOCAL_INPUT_FREE(salt_external, salt); + LOCAL_OUTPUT_FREE(output_external, output); + return (status == PSA_SUCCESS) ? unlock_status : status; } From 27b48a312fef15e4fc76637255cab7a41975b521 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 30 Jan 2024 14:04:47 +0000 Subject: [PATCH 2/7] Generate test wrappers Signed-off-by: Thomas Daubney --- tests/scripts/generate_psa_wrappers.py | 3 +++ tests/src/psa_test_wrappers.c | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index 3cdafed167..912ede1c2f 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -154,6 +154,9 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): 'psa_sign_hash', 'psa_verify_hash'): return True + if function_name in ('psa_asymmetric_encrypt', + 'pas_asymmetric_decrypt'): + return True return False def _write_function_call(self, out: typing_util.Writable, diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index bb1409e10b..c6b084fe4f 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -221,7 +221,17 @@ psa_status_t mbedtls_test_wrap_psa_asymmetric_encrypt( size_t arg7_output_size, size_t *arg8_output_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); + MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length); + MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_asymmetric_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); + MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length); + MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } From 54e6b412bd5eea18367970528fc7eceb19e7ed69 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 31 Jan 2024 16:56:17 +0000 Subject: [PATCH 3/7] Generate all test wrappers One was missed due to a typo Signed-off-by: Thomas Daubney --- tests/scripts/generate_psa_wrappers.py | 2 +- tests/src/psa_test_wrappers.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index 912ede1c2f..5d4d41bde1 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -155,7 +155,7 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): 'psa_verify_hash'): return True if function_name in ('psa_asymmetric_encrypt', - 'pas_asymmetric_decrypt'): + 'psa_asymmetric_decrypt'): return True return False diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index c6b084fe4f..4406500636 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -205,7 +205,17 @@ psa_status_t mbedtls_test_wrap_psa_asymmetric_decrypt( size_t arg7_output_size, size_t *arg8_output_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); + MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length); + MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_asymmetric_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); + MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length); + MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } From 6e99bb203fa710333d3498adb2b1fdb5e01aadcd Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 6 Feb 2024 15:27:49 +0000 Subject: [PATCH 4/7] Add buffer copying to psa_generate_random() Signed-off-by: David Horstmann --- library/psa_crypto.c | 98 +++++++++++++++++++++++++++----------------- 1 file changed, 60 insertions(+), 38 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5b7a838a50..16e3447fa7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4190,6 +4190,54 @@ psa_status_t mbedtls_psa_verify_hash_abort( * defined( MBEDTLS_ECP_RESTARTABLE ) */ } +static psa_status_t psa_generate_random_internal(uint8_t *output, + size_t output_size) +{ + GUARD_MODULE_INITIALIZED; + + psa_status_t status; + +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + + size_t output_length = 0; + status = mbedtls_psa_external_get_random(&global_data.rng, + output, output_size, + &output_length); + if (status != PSA_SUCCESS) { + goto exit; + } + /* Breaking up a request into smaller chunks is currently not supported + * for the external RNG interface. */ + if (output_length != output_size) { + status = PSA_ERROR_INSUFFICIENT_ENTROPY; + goto exit; + } + status = PSA_SUCCESS; + +#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + + while (output_size > 0) { + size_t request_size = + (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? + MBEDTLS_PSA_RANDOM_MAX_REQUEST : + output_size); + int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, + output, request_size); + if (ret != 0) { + status = mbedtls_to_psa_error(ret); + goto exit; + } + output_size -= request_size; + output += request_size; + } + status = PSA_SUCCESS; +#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + +exit: + return status; +} + + /****************************************************************/ /* Symmetric cryptography */ /****************************************************************/ @@ -4308,7 +4356,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, goto exit; } - status = psa_generate_random(local_iv, default_iv_length); + status = psa_generate_random_internal(local_iv, default_iv_length); if (status != PSA_SUCCESS) { goto exit; } @@ -4497,7 +4545,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, goto exit; } - status = psa_generate_random(local_iv, default_iv_length); + status = psa_generate_random_internal(local_iv, default_iv_length); if (status != PSA_SUCCESS) { goto exit; } @@ -5003,7 +5051,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, goto exit; } - status = psa_generate_random(local_nonce, required_nonce_size); + status = psa_generate_random_internal(local_nonce, required_nonce_size); if (status != PSA_SUCCESS) { goto exit; } @@ -7517,7 +7565,7 @@ exit: * some constant data such as zeros, which would result in the data * being protected with a reproducible, easily knowable key. */ - psa_generate_random(output, output_size); + psa_generate_random_internal(output, output_size); *output_length = output_size; } @@ -7527,7 +7575,6 @@ exit: } - /****************************************************************/ /* Random generation */ /****************************************************************/ @@ -7596,44 +7643,19 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng) #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } -psa_status_t psa_generate_random(uint8_t *output, +psa_status_t psa_generate_random(uint8_t *output_external, size_t output_size) { - GUARD_MODULE_INITIALIZED; + psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + LOCAL_OUTPUT_DECLARE(output_external, output); + LOCAL_OUTPUT_ALLOC(output_external, output_size, output); - size_t output_length = 0; - psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng, - output, output_size, - &output_length); - if (status != PSA_SUCCESS) { - return status; - } - /* Breaking up a request into smaller chunks is currently not supported - * for the external RNG interface. */ - if (output_length != output_size) { - return PSA_ERROR_INSUFFICIENT_ENTROPY; - } - return PSA_SUCCESS; + status = psa_generate_random_internal(output, output_size); -#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - - while (output_size > 0) { - size_t request_size = - (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? - MBEDTLS_PSA_RANDOM_MAX_REQUEST : - output_size); - int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, - output, request_size); - if (ret != 0) { - return mbedtls_to_psa_error(ret); - } - output_size -= request_size; - output += request_size; - } - return PSA_SUCCESS; -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +exit: + LOCAL_OUTPUT_FREE(output_external, output); + return status; } /* Wrapper function allowing the classic API to use the PSA RNG. From 075c5fb76fd7e5f92e44fc25d61c44654962c49b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 6 Feb 2024 15:44:08 +0000 Subject: [PATCH 5/7] Generate test wrappers for psa_generate_random() Signed-off-by: David Horstmann --- tests/scripts/generate_psa_wrappers.py | 2 ++ tests/src/psa_test_wrappers.c | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index cdc798db9e..a6c340cc1f 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -163,6 +163,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): 'psa_hash_verify', 'psa_hash_compute', 'psa_hash_compare'): + + if function_name == 'psa_generate_random': return True return False diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 5f0a3dd08c..fa9a8d6f02 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -542,7 +542,13 @@ psa_status_t mbedtls_test_wrap_psa_generate_random( uint8_t *arg0_output, size_t arg1_output_size) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg0_output, arg1_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg0_output, arg1_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } From e097bbdcf3f4d489adea1b0dec425b0cf9d2a84b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 28 Feb 2024 14:17:10 +0000 Subject: [PATCH 6/7] Add missing guards around exit label Signed-off-by: David Horstmann --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 16e3447fa7..e0ae088b76 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7653,7 +7653,9 @@ psa_status_t psa_generate_random(uint8_t *output_external, status = psa_generate_random_internal(output, output_size); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) exit: +#endif LOCAL_OUTPUT_FREE(output_external, output); return status; } From 7581363122d7e441c5db79c324a25e75e1025b00 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 28 Feb 2024 15:16:44 +0000 Subject: [PATCH 7/7] Fix incorrect conflict resolution A return statement was missing in the wrapper generation script. Signed-off-by: David Horstmann --- tests/scripts/generate_psa_wrappers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index a6c340cc1f..852fd6e7fa 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -163,7 +163,7 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): 'psa_hash_verify', 'psa_hash_compute', 'psa_hash_compare'): - + return True if function_name == 'psa_generate_random': return True return False