lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge branch 'development-restricted' into buffer_protection_for_cipher

Browse Source 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
This commit is contained in:
Gábor Mezei
2024-03-04 15:38:05 +00:00
committed by GitHub
parent 0b04116cc8 2bb537ec61
commit 716cf2d4e0
3 changed files with 120 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
library/psa_crypto.c
View File

@ -3379,11 +3379,11 @@ exit:
psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length,
const uint8_t *salt,
const uint8_t *salt_external,
size_t salt_length,
uint8_t *output,
uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
@ -3391,6 +3391,9 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_INPUT_DECLARE(salt_external, salt);
LOCAL_OUTPUT_DECLARE(output_external, output);
(void) input;
(void) input_length;
@ -3419,6 +3422,9 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
.core = slot->attr
};
LOCAL_INPUT_ALLOC(input_external, input_length, input);
LOCAL_INPUT_ALLOC(salt_external, salt_length, salt);
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
status = psa_driver_wrapper_asymmetric_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
@ -3426,16 +3432,20 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
exit:
unlock_status = psa_unregister_read(slot);
LOCAL_INPUT_FREE(input_external, input);
LOCAL_INPUT_FREE(salt_external, salt);
LOCAL_OUTPUT_FREE(output_external, output);
return (status == PSA_SUCCESS) ? unlock_status : status;
}
psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length,
const uint8_t *salt,
const uint8_t *salt_external,
size_t salt_length,
uint8_t *output,
uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
@ -3444,6 +3454,10 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_INPUT_DECLARE(salt_external, salt);
LOCAL_OUTPUT_DECLARE(output_external, output);
(void) input;
(void) input_length;
(void) salt;
@ -3470,6 +3484,9 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
.core = slot->attr
};
LOCAL_INPUT_ALLOC(input_external, input_length, input);
LOCAL_INPUT_ALLOC(salt_external, salt_length, salt);
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
status = psa_driver_wrapper_asymmetric_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
@ -3478,6 +3495,10 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
exit:
unlock_status = psa_unregister_read(slot);
LOCAL_INPUT_FREE(input_external, input);
LOCAL_INPUT_FREE(salt_external, salt);
LOCAL_OUTPUT_FREE(output_external, output);
return (status == PSA_SUCCESS) ? unlock_status : status;
}
@ -4233,6 +4254,54 @@ psa_status_t mbedtls_psa_verify_hash_abort(
* defined( MBEDTLS_ECP_RESTARTABLE ) */
}
static psa_status_t psa_generate_random_internal(uint8_t *output,
size_t output_size)
{
GUARD_MODULE_INITIALIZED;
psa_status_t status;
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
size_t output_length = 0;
status = mbedtls_psa_external_get_random(&global_data.rng,
output, output_size,
&output_length);
if (status != PSA_SUCCESS) {
goto exit;
}
/* Breaking up a request into smaller chunks is currently not supported
* for the external RNG interface. */
if (output_length != output_size) {
status = PSA_ERROR_INSUFFICIENT_ENTROPY;
goto exit;
}
status = PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
while (output_size > 0) {
size_t request_size =
(output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
MBEDTLS_PSA_RANDOM_MAX_REQUEST :
output_size);
int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, request_size);
if (ret != 0) {
status = mbedtls_to_psa_error(ret);
goto exit;
}
output_size -= request_size;
output += request_size;
}
status = PSA_SUCCESS;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
exit:
return status;
}
/****************************************************************/
/* Symmetric cryptography */
/****************************************************************/
@ -4354,7 +4423,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
LOCAL_OUTPUT_ALLOC(iv_external, default_iv_length, iv);
status = psa_generate_random(iv, default_iv_length);
status = psa_generate_random_internal(local_iv, default_iv_length);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -4565,7 +4634,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
goto exit;
}
status = psa_generate_random(local_iv, default_iv_length);
status = psa_generate_random_internal(local_iv, default_iv_length);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -5083,7 +5152,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
goto exit;
}
status = psa_generate_random(local_nonce, required_nonce_size);
status = psa_generate_random_internal(local_nonce, required_nonce_size);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -7597,7 +7666,7 @@ exit:
* some constant data such as zeros, which would result in the data
* being protected with a reproducible, easily knowable key.
*/
psa_generate_random(output, output_size);
psa_generate_random_internal(output, output_size);
*output_length = output_size;
}
@ -7607,7 +7676,6 @@ exit:
}
/****************************************************************/
/* Random generation */
/****************************************************************/
@ -7676,44 +7744,21 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng)
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
}
psa_status_t psa_generate_random(uint8_t *output,
psa_status_t psa_generate_random(uint8_t *output_external,
size_t output_size)
{
GUARD_MODULE_INITIALIZED;
psa_status_t status;
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
LOCAL_OUTPUT_DECLARE(output_external, output);
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
size_t output_length = 0;
psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng,
output, output_size,
&output_length);
if (status != PSA_SUCCESS) {
return status;
}
/* Breaking up a request into smaller chunks is currently not supported
* for the external RNG interface. */
if (output_length != output_size) {
return PSA_ERROR_INSUFFICIENT_ENTROPY;
}
return PSA_SUCCESS;
status = psa_generate_random_internal(output, output_size);
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
while (output_size > 0) {
size_t request_size =
(output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
MBEDTLS_PSA_RANDOM_MAX_REQUEST :
output_size);
int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, request_size);
if (ret != 0) {
return mbedtls_to_psa_error(ret);
}
output_size -= request_size;
output += request_size;
}
return PSA_SUCCESS;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
#endif
LOCAL_OUTPUT_FREE(output_external, output);
return status;
}
/* Wrapper function allowing the classic API to use the PSA RNG.