From 99b8ed7fda5b2aeec18f21c2ec88b2e2adc1f0d4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Feb 2021 10:33:32 +0100 Subject: [PATCH 01/51] psa: Prepare sign/verify code for software implementation split Signed-off-by: Ronald Cron --- library/psa_crypto.c | 50 ++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f304950e0a..fecfda6409 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3384,16 +3384,23 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; + psa_key_attributes_t attributes_struct = { + .core = slot->attr + }; + psa_key_attributes_t *attributes = &attributes_struct; + const uint8_t *key_buffer = slot->key.data; + size_t key_buffer_size = slot->key.bytes; + /* If the operation was not supported by any accelerator, try fallback. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation( slot->attr.type, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -3410,7 +3417,7 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -3423,10 +3430,10 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, ) { mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( slot->attr.type, - slot->attr.bits, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, &ecp ); if( status != PSA_SUCCESS ) goto exit; @@ -3496,15 +3503,22 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; + psa_key_attributes_t attributes_struct = { + .core = slot->attr + }; + psa_key_attributes_t *attributes = &attributes_struct; + const uint8_t *key_buffer = slot->key.data; + size_t key_buffer_size = slot->key.bytes; + #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation( slot->attr.type, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -3520,17 +3534,17 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( slot->attr.type, - slot->attr.bits, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, &ecp ); if( status != PSA_SUCCESS ) goto exit; From 1865993763eca47b2e74fce276055df9254c70fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 16:32:23 +0100 Subject: [PATCH 02/51] psa: sign/verify_hash: Wrap software implementation Wrap sign/verify_hash software implementation into psa_sign/verify_hash_internal() functions whose signature is that of a sign/verify_hash driver entry point. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 186 ++++++++++++++++++++++++------------------- 1 file changed, 106 insertions(+), 80 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fecfda6409..fb97b699ce 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3341,57 +3341,14 @@ cleanup: #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +static psa_status_t psa_sign_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; - *signature_length = signature_size; - /* Immediately reject a zero-length signature buffer. This guarantees - * that signature must be a valid pointer. (On the other hand, the hash - * buffer can in principle be empty since it doesn't actually have - * to be a hash.) */ - if( signature_size == 0 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_SIGN_HASH, - alg ); - if( status != PSA_SUCCESS ) - goto exit; - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Try any of the available accelerators first */ - status = psa_driver_wrapper_sign_hash( slot, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - psa_key_attributes_t attributes_struct = { - .core = slot->attr - }; - psa_key_attributes_t *attributes = &attributes_struct; - const uint8_t *key_buffer = slot->key.data; - size_t key_buffer_size = slot->key.bytes; - - /* If the operation was not supported by any accelerator, try fallback. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -3457,6 +3414,62 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, status = PSA_ERROR_NOT_SUPPORTED; } +exit: + return( status ); +} + +psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + *signature_length = signature_size; + /* Immediately reject a zero-length signature buffer. This guarantees + * that signature must be a valid pointer. (On the other hand, the hash + * buffer can in principle be empty since it doesn't actually have + * to be a hash.) */ + if( signature_size == 0 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_SIGN_HASH, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_sign_hash( slot, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + /* If the operation was not supported by any accelerator, try fallback. */ + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_sign_hash_internal( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length ); + exit: /* Fill the unused part of the output buffer (the whole buffer on error, * the trailing part on success) with something that isn't a valid mac @@ -3475,40 +3488,13 @@ exit: return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t psa_verify_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; - - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_VERIFY_HASH, - alg ); - if( status != PSA_SUCCESS ) - return( status ); - - /* Try any of the available accelerators first */ - status = psa_driver_wrapper_verify_hash( slot, - alg, - hash, - hash_length, - signature, - signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - psa_key_attributes_t attributes_struct = { - .core = slot->attr - }; - psa_key_attributes_t *attributes = &attributes_struct; - const uint8_t *key_buffer = slot->key.data; - size_t key_buffer_size = slot->key.bytes; #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) @@ -3568,6 +3554,46 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, status = PSA_ERROR_NOT_SUPPORTED; } +exit: + return( status ); +} + +psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, + alg ); + if( status != PSA_SUCCESS ) + return( status ); + + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_verify_hash( slot, + alg, + hash, + hash_length, + signature, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_verify_hash_internal( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length ); + exit: unlock_status = psa_unlock_key_slot( slot ); From 9f17aa48c2fae215c3edd8238d7a1f7b35185b6b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 17:07:25 +0100 Subject: [PATCH 03/51] psa: Change psa_driver_wrapper_sign/verify_hash signature Change psa_driver_wrapper_sign/verify_hash signature to that of a sign/verify_hash driver entry point. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 37 ++++++----- library/psa_crypto_driver_wrappers.c | 92 +++++++++++++--------------- library/psa_crypto_driver_wrappers.h | 23 +++---- 3 files changed, 72 insertions(+), 80 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fb97b699ce..b40be07144 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3449,22 +3449,21 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, goto exit; } + psa_key_attributes_t attributes = { + .core = slot->attr + }; + /* Try any of the available accelerators first */ - status = psa_driver_wrapper_sign_hash( slot, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ); + status = psa_driver_wrapper_sign_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; /* If the operation was not supported by any accelerator, try fallback. */ - psa_key_attributes_t attributes = { - .core = slot->attr - }; status = psa_sign_hash_internal( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, @@ -3575,20 +3574,20 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) return( status ); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + /* Try any of the available accelerators first */ - status = psa_driver_wrapper_verify_hash( slot, - alg, - hash, - hash_length, - signature, - signature_length ); + status = psa_driver_wrapper_verify_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; status = psa_verify_hash_internal( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 3cb75576e1..759708075c 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -57,21 +57,21 @@ #endif /* Start delegation functions */ -psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +psa_status_t psa_driver_wrapper_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { + (void)key_buffer_size; + #if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) { if( drv->asymmetric == NULL || drv->asymmetric->p_sign == NULL ) @@ -79,22 +79,18 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Key is defined in SE, but we have no way to exercise it */ return( PSA_ERROR_NOT_SUPPORTED ); } - return( drv->asymmetric->p_sign( drv_context, - psa_key_slot_get_slot_number( slot ), - alg, - hash, hash_length, - signature, signature_size, - signature_length ) ); + return( drv->asymmetric->p_sign( + drv_context, *( (psa_key_slot_number_t *)key_buffer ), + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } #endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) { @@ -102,9 +98,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_signature_sign_hash( &attributes, - slot->key.data, - slot->key.bytes, + status = test_transparent_signature_sign_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -120,9 +116,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_signature_sign_hash( &attributes, - slot->key.data, - slot->key.bytes, + return( test_opaque_signature_sign_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -138,7 +134,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)slot; + (void)attributes; + (void)key_buffer; (void)alg; (void)hash; (void)hash_length; @@ -150,20 +147,21 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } -psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +psa_status_t psa_driver_wrapper_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { + (void)key_buffer_size; + #if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) { if( drv->asymmetric == NULL || drv->asymmetric->p_verify == NULL ) @@ -171,21 +169,18 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Key is defined in SE, but we have no way to exercise it */ return( PSA_ERROR_NOT_SUPPORTED ); } - return( drv->asymmetric->p_verify( drv_context, - psa_key_slot_get_slot_number( slot ), - alg, - hash, hash_length, - signature, signature_length ) ); + return( drv->asymmetric->p_verify( + drv_context, *( (psa_key_slot_number_t *)key_buffer ), + alg, hash, hash_length, + signature, signature_length ) ); } #endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) { @@ -193,9 +188,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_signature_verify_hash( &attributes, - slot->key.data, - slot->key.bytes, + status = test_transparent_signature_verify_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -210,9 +205,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_signature_verify_hash( &attributes, - slot->key.data, - slot->key.bytes, + return( test_opaque_signature_verify_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -227,7 +222,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)slot; + (void)attributes; + (void)key_buffer; (void)alg; (void)hash; (void)hash_length; diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index ad16cddeab..22d22d61c2 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -28,20 +28,17 @@ /* * Signature functions */ -psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ); +psa_status_t psa_driver_wrapper_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ); +psa_status_t psa_driver_wrapper_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); /* * Key handling functions From 67b1eb309b7df1e07cd3b258820bc51196eb94a7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 17:37:27 +0100 Subject: [PATCH 04/51] psa: Export "internally" psa_sign/verify_hash_internal Export psa_sign/verify_hash_internal from psa_crypto.c to make it available to the driver wrapper. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 4 +-- library/psa_crypto_core.h | 76 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b40be07144..2f3d2e887e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3341,7 +3341,7 @@ cleanup: #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -static psa_status_t psa_sign_hash_internal( +psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -3487,7 +3487,7 @@ exit: return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -static psa_status_t psa_verify_hash_internal( +psa_status_t psa_verify_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 9f108681a0..ec7ac8049b 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -324,4 +324,80 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign an already-calculated hash with a private key. + * + * \note The signature of this function is that of a PSA driver + * sign_hash entry point. This function behaves as a sign_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] hash The hash or message to sign. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of the key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t psa_sign_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** + * \brief Verify the signature a hash or short message using a public key. + * + * \note The signature of this function is that of a PSA driver + * verify_hash entry point. This function behaves as a verify_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t psa_verify_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_CORE_H */ From 36f641bd16922e3911c060c2b7ea09de0ad88432 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Feb 2021 17:20:43 +0100 Subject: [PATCH 05/51] psa: Export "internally" mbedtls_md_info_from_psa() Export mbedtls_md_info_from_psa() from psa_crypto.c to make it available to psa_crypto_rsa/ecp.c. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 +- library/psa_crypto_core.h | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2f3d2e887e..2176d9f528 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1923,7 +1923,7 @@ exit: defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) +const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) { diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index ec7ac8049b..da690444c0 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -30,6 +30,8 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +#include + /** The data structure representing a key slot, containing key material * and metadata for one key. */ @@ -212,6 +214,15 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, */ psa_status_t mbedtls_to_psa_error( int ret ); +/** Get Mbed TLS MD information of a hash algorithm given its PSA identifier + * + * \param[in] alg PSA hash algorithm identifier + * + * \return The Mbed TLS MD information of the hash algorithm. \c NULL if the + * PSA hash algorithm is not supported. + */ +const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ); + /** Import a key in binary format. * * \note The signature of this function is that of a PSA driver From fce9df2cad62ce3ba88dd04e7bb1941fe343c504 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 18:06:03 +0100 Subject: [PATCH 06/51] psa: Call sign/verify hash software implementation as a driver Signed-off-by: Ronald Cron --- library/psa_crypto.c | 20 -------- library/psa_crypto_driver_wrappers.c | 76 +++++++++++++--------------- 2 files changed, 34 insertions(+), 62 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2176d9f528..6e9e191afc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3459,16 +3459,6 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, alg, hash, hash_length, signature, signature_size, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - /* If the operation was not supported by any accelerator, try fallback. */ - status = psa_sign_hash_internal( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_size, signature_length ); - exit: /* Fill the unused part of the output buffer (the whole buffer on error, * the trailing part on success) with something that isn't a valid mac @@ -3584,16 +3574,6 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, alg, hash, hash_length, signature, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - status = psa_verify_hash_internal( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_length ); - -exit: unlock_status = psa_unlock_key_slot( slot ); return( ( status == PSA_SUCCESS ) ? unlock_status : status ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 759708075c..7e42e48f98 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -65,7 +65,6 @@ psa_status_t psa_driver_wrapper_sign_hash( { (void)key_buffer_size; -#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -86,9 +85,7 @@ psa_status_t psa_driver_wrapper_sign_hash( } #endif /* PSA_CRYPTO_SE_C */ - /* Then try accelerator API */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -97,6 +94,7 @@ psa_status_t psa_driver_wrapper_sign_hash( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( attributes, key_buffer, @@ -111,9 +109,20 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( psa_sign_hash_internal( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( attributes, @@ -126,25 +135,12 @@ psa_status_t psa_driver_wrapper_sign_hash( signature_size, signature_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)attributes; - (void)key_buffer; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_verify_hash( @@ -155,7 +151,6 @@ psa_status_t psa_driver_wrapper_verify_hash( { (void)key_buffer_size; -#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -176,9 +171,7 @@ psa_status_t psa_driver_wrapper_verify_hash( } #endif /* PSA_CRYPTO_SE_C */ - /* Then try accelerator API */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -187,6 +180,7 @@ psa_status_t psa_driver_wrapper_verify_hash( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( attributes, key_buffer, @@ -200,9 +194,19 @@ psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + return( psa_verify_hash_internal( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( attributes, @@ -214,24 +218,12 @@ psa_status_t psa_driver_wrapper_verify_hash( signature, signature_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)attributes; - (void)key_buffer; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } /** Get the key buffer size for the key material of a generated key in the From a99bcc0e1738b9aaa7ac24c9fd36982ff4ef7df3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Feb 2021 16:49:34 +0100 Subject: [PATCH 07/51] psa: Change psa_rsa_sign/verify signature Change psa_rsa_sign/verify signature to that of a sign/verify_hash driver entry point before to move them to the psa_crypto_rsa.c RSA specific file. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 125 +++++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 58 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6e9e191afc..552c45f27a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3116,24 +3116,33 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_SUCCESS ); } -static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +static psa_status_t psa_rsa_sign( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); if( status != PSA_SUCCESS ) return( status ); + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + if( status != PSA_SUCCESS ) + goto exit; + if( signature_size < mbedtls_rsa_get_len( rsa ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) @@ -3167,31 +3176,48 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } if( ret == 0 ) *signature_length = mbedtls_rsa_get_len( rsa ); - return( mbedtls_to_psa_error( ret ) ); + status = mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); } -static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t psa_rsa_verify( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; if( signature_length != mbedtls_rsa_get_len( rsa ) ) - return( PSA_ERROR_INVALID_SIGNATURE ); + { + status = PSA_ERROR_INVALID_SIGNATURE; + goto exit; + } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) @@ -3225,16 +3251,24 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } /* Mbed TLS distinguishes "invalid padding" from "valid padding but * the rest of the signature is invalid". This has little use in * practice and PSA doesn't report this distinction. */ - if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) - return( PSA_ERROR_INVALID_SIGNATURE ); - return( mbedtls_to_psa_error( ret ) ); + status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? + PSA_ERROR_INVALID_SIGNATURE : + mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); } + #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ @@ -3353,23 +3387,10 @@ psa_status_t psa_sign_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - mbedtls_rsa_context *rsa = NULL; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_rsa_sign( rsa, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + return( psa_rsa_sign( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || @@ -3489,22 +3510,10 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { - mbedtls_rsa_context *rsa = NULL; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_rsa_verify( rsa, - alg, - hash, hash_length, - signature, signature_length ); - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - goto exit; + return( psa_rsa_verify( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || From 7bdbca33b24bb161372cd6535fa254262af17c77 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 13:34:54 +0100 Subject: [PATCH 08/51] psa: Move RSA sign/verify hash to the PSA RSA specific file Signed-off-by: Ronald Cron --- library/psa_crypto.c | 219 ++------------------------------------- library/psa_crypto_rsa.c | 206 ++++++++++++++++++++++++++++++++++++ library/psa_crypto_rsa.h | 75 ++++++++++++++ 3 files changed, 291 insertions(+), 209 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 552c45f27a..6d5256a38d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3071,207 +3071,6 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) -/* Decode the hash algorithm from alg and store the mbedtls encoding in - * md_alg. Verify that the hash length is acceptable. */ -static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, - size_t hash_length, - mbedtls_md_type_t *md_alg ) -{ - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - *md_alg = mbedtls_md_get_type( md_info ); - - /* The Mbed TLS RSA module uses an unsigned int for hash length - * parameters. Validate that it fits so that we don't risk an - * overflow later. */ -#if SIZE_MAX > UINT_MAX - if( hash_length > UINT_MAX ) - return( PSA_ERROR_INVALID_ARGUMENT ); -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - /* For PKCS#1 v1.5 signature, if using a hash, the hash length - * must be correct. */ - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && - alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) - { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( mbedtls_md_get_size( md_info ) != hash_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - /* PSS requires a hash internally. */ - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ - - return( PSA_SUCCESS ); -} - -static psa_status_t psa_rsa_sign( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_rsa_context *rsa = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_alg; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - return( status ); - - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); - if( status != PSA_SUCCESS ) - goto exit; - - if( signature_size < mbedtls_rsa_get_len( rsa ) ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - md_alg, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - if( ret == 0 ) - *signature_length = mbedtls_rsa_get_len( rsa ); - status = mbedtls_to_psa_error( ret ); - -exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - - return( status ); -} - -static psa_status_t psa_rsa_verify( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_rsa_context *rsa = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_alg; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); - if( status != PSA_SUCCESS ) - goto exit; - - if( signature_length != mbedtls_rsa_get_len( rsa ) ) - { - status = PSA_ERROR_INVALID_SIGNATURE; - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - md_alg, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Mbed TLS distinguishes "invalid padding" from "valid padding but - * the rest of the signature is invalid". This has little use in - * practice and PSA doesn't report this distinction. */ - status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? - PSA_ERROR_INVALID_SIGNATURE : - mbedtls_to_psa_error( ret ); - -exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - - return( status ); -} - -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const @@ -3387,10 +3186,11 @@ psa_status_t psa_sign_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - return( psa_rsa_sign( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return( mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || @@ -3510,10 +3310,11 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { - return( psa_rsa_verify( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return( mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index fa64001ed8..2886146708 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -319,6 +319,212 @@ static psa_status_t rsa_generate_key( } #endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ +/****************************************************************/ +/* Sign/verify hashes */ +/****************************************************************/ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + +/* Decode the hash algorithm from alg and store the mbedtls encoding in + * md_alg. Verify that the hash length is acceptable. */ +static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, + size_t hash_length, + mbedtls_md_type_t *md_alg ) +{ + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); + *md_alg = mbedtls_md_get_type( md_info ); + + /* The Mbed TLS RSA module uses an unsigned int for hash length + * parameters. Validate that it fits so that we don't risk an + * overflow later. */ +#if SIZE_MAX > UINT_MAX + if( hash_length > UINT_MAX ) + return( PSA_ERROR_INVALID_ARGUMENT ); +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + /* For PKCS#1 v1.5 signature, if using a hash, the hash length + * must be correct. */ + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && + alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) + { + if( md_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( mbedtls_md_get_size( md_info ) != hash_length ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + /* PSS requires a hash internally. */ + if( PSA_ALG_IS_RSA_PSS( alg ) ) + { + if( md_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ + + return( PSA_SUCCESS ); +} + +psa_status_t mbedtls_psa_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_md_type_t md_alg; + + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); + if( status != PSA_SUCCESS ) + return( status ); + + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + if( status != PSA_SUCCESS ) + goto exit; + + if( signature_size < mbedtls_rsa_get_len( rsa ) ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ); + ret = mbedtls_rsa_pkcs1_sign( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + md_alg, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + if( PSA_ALG_IS_RSA_PSS( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + ret = mbedtls_rsa_rsassa_pss_sign( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( ret == 0 ) + *signature_length = mbedtls_rsa_get_len( rsa ); + status = mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); +} + +psa_status_t mbedtls_psa_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_md_type_t md_alg; + + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + if( status != PSA_SUCCESS ) + goto exit; + + if( signature_length != mbedtls_rsa_get_len( rsa ) ) + { + status = PSA_ERROR_INVALID_SIGNATURE; + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ); + ret = mbedtls_rsa_pkcs1_verify( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + md_alg, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + if( PSA_ALG_IS_RSA_PSS( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + ret = mbedtls_rsa_rsassa_pss_verify( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Mbed TLS distinguishes "invalid padding" from "valid padding but + * the rest of the signature is invalid". This has little use in + * practice and PSA doesn't report this distinction. */ + status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? + PSA_ERROR_INVALID_SIGNATURE : + mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ + #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index 08182a7f24..bbf4e7d1e6 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -137,6 +137,81 @@ psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign an already-calculated hash with an RSA private key. + * + * \note The signature of this function is that of a PSA driver + * sign_hash entry point. This function behaves as a sign_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the RSA key to use for the + * operation. + * \param[in] key_buffer The buffer containing the RSA key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * an RSA key. + * \param[in] hash The hash or message to sign. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_RSA_KEY_PAIR, \c key_bits, + * \p alg) where \c key_bits is the bit-size of the RSA key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t mbedtls_psa_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** + * \brief Verify the signature a hash or short message using a public RSA key. + * + * \note The signature of this function is that of a PSA driver + * verify_hash entry point. This function behaves as a verify_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the RSA key to use for the + * operation. + * \param[in] key_buffer The buffer containing the RSA key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * an RSA key. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ From d2fb85479ab1cc3f56149c55cf24697cfd5998d6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 15:18:01 +0100 Subject: [PATCH 09/51] psa: Add RSA sign/verify hash support to the transparent test driver Signed-off-by: Ronald Cron --- library/psa_crypto_rsa.c | 144 ++++++++++++++++++++++++++++------ library/psa_crypto_rsa.h | 12 +++ tests/src/drivers/signature.c | 27 +++++++ 3 files changed, 161 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 2886146708..3e95d3adab 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -52,10 +52,24 @@ #define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) ) +#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) ) +#define BUILTIN_ALG_RSA_PSS 1 +#endif + #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(BUILTIN_ALG_RSA_PSS) || \ defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) @@ -131,9 +145,9 @@ exit: return( status ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(BUILTIN_ALG_RSA_PSS) || * defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ @@ -323,8 +337,7 @@ static psa_status_t rsa_generate_key( /* Sign/verify hashes */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ @@ -344,7 +357,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_ERROR_INVALID_ARGUMENT ); #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) /* For PKCS#1 v1.5 signature, if using a hash, the hash length * must be correct. */ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && @@ -355,21 +368,21 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, if( mbedtls_md_get_size( md_info ) != hash_length ) return( PSA_ERROR_INVALID_ARGUMENT ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#if defined(BUILTIN_ALG_RSA_PSS) /* PSS requires a hash internally. */ if( PSA_ALG_IS_RSA_PSS( alg ) ) { if( md_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ +#endif /* BUILTIN_ALG_RSA_PSS */ return( PSA_SUCCESS ); } -psa_status_t mbedtls_psa_rsa_sign_hash( +static psa_status_t rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -397,7 +410,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -412,8 +425,8 @@ psa_status_t mbedtls_psa_rsa_sign_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -427,7 +440,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ +#endif /* BUILTIN_ALG_RSA_PSS */ { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -444,7 +457,7 @@ exit: return( status ); } -psa_status_t mbedtls_psa_rsa_verify_hash( +static psa_status_t rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -472,7 +485,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -487,8 +500,8 @@ psa_status_t mbedtls_psa_rsa_verify_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -502,7 +515,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ +#endif /* BUILTIN_ALG_RSA_PSS */ { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -522,8 +535,8 @@ exit: return( status ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ +#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(BUILTIN_ALG_RSA_PSS) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) @@ -561,6 +574,36 @@ psa_status_t mbedtls_psa_rsa_generate_key( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +psa_status_t mbedtls_psa_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + return( rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +} + +psa_status_t mbedtls_psa_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + return( rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +} +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ @@ -603,6 +646,63 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( } #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ +#if defined(MBEDTLS_RSA_C) && \ + (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) + return( rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ +#if defined(MBEDTLS_RSA_C) && \ + (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) + return( rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index bbf4e7d1e6..41a90f78ec 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -233,6 +233,18 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); +psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_RSA_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index cea0351900..78b7ff9938 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" #include "test/drivers/signature.h" @@ -66,6 +67,19 @@ psa_status_t test_transparent_signature_sign_hash( psa_status_t status = PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { + return( mbedtls_transparent_test_driver_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) @@ -178,6 +192,19 @@ psa_status_t test_transparent_signature_verify_hash( psa_status_t status = PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) + { + return( mbedtls_transparent_test_driver_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) From d1cb91c603f87652134965a7d8aee71d8dcdd288 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Feb 2021 20:37:54 +0100 Subject: [PATCH 10/51] psa: Change psa_ecdsa_sign/verify signature Change psa_ecdsa_sign/verify signature to that of a sign/verify_hash driver entry point before to move them to the psa_crypto_ecp.c ECP specific file. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 119 +++++++++++++++++++++++-------------------- 1 file changed, 65 insertions(+), 54 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6d5256a38d..a9ce664798 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3073,20 +3073,28 @@ cleanup: #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -/* `ecp` cannot be const because `ecp->grp` needs to be non-const - * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() - * (even though these functions don't modify it). */ -static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) + +static psa_status_t psa_ecdsa_sign( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; mbedtls_mpi r, s; - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -3102,11 +3110,12 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s, - &ecp->d, hash, - hash_length, md_alg, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( + &ecp->grp, &r, &s, + &ecp->d, hash, + hash_length, md_alg, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ @@ -3124,29 +3133,49 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, signature + curve_bytes, curve_bytes ) ); - cleanup: mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); if( ret == 0 ) *signature_length = 2 * curve_bytes; + + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + return( mbedtls_to_psa_error( ret ) ); } -static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t psa_ecdsa_verify( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; mbedtls_mpi r, s; - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + + (void)alg; + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); if( signature_length != 2 * curve_bytes ) - return( PSA_ERROR_INVALID_SIGNATURE ); + { + ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + goto cleanup; + } MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, signature, @@ -3169,6 +3198,9 @@ static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp, cleanup: mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + return( mbedtls_to_psa_error( ret ) ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3207,21 +3239,11 @@ psa_status_t psa_sign_hash_internal( #endif ) { - mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - goto exit; - status = psa_ecdsa_sign( ecp, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + return( psa_ecdsa_sign( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, + signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3235,7 +3257,6 @@ psa_status_t psa_sign_hash_internal( status = PSA_ERROR_NOT_SUPPORTED; } -exit: return( status ); } @@ -3325,20 +3346,10 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { - mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - goto exit; - status = psa_ecdsa_verify( ecp, - hash, hash_length, - signature, signature_length ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - goto exit; + return( psa_ecdsa_verify( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || From 072722ccb0566790d099cdc27ded694bbae96cce Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 16:36:19 +0100 Subject: [PATCH 11/51] psa: Move ECDSA sign/verify to PSA ECP specific file Signed-off-by: Ronald Cron --- library/psa_crypto.c | 154 +++------------------------------------ library/psa_crypto_ecp.c | 140 +++++++++++++++++++++++++++++++++++ library/psa_crypto_ecp.h | 72 ++++++++++++++++++ 3 files changed, 222 insertions(+), 144 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a9ce664798..2d237a6e9d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3071,141 +3071,6 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - -static psa_status_t psa_ecdsa_sign( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_keypair *ecp = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t curve_bytes; - mbedtls_mpi r, s; - - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); - - curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - - if( signature_size < 2 * curve_bytes ) - { - ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - goto cleanup; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) - { - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( - &ecp->grp, &r, &s, - &ecp->d, hash, - hash_length, md_alg, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); - } - else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - { - (void) alg; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, - hash, hash_length, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); -cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - if( ret == 0 ) - *signature_length = 2 * curve_bytes; - - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - - return( mbedtls_to_psa_error( ret ) ); -} - -static psa_status_t psa_ecdsa_verify( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_keypair *ecp = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t curve_bytes; - mbedtls_mpi r, s; - - (void)alg; - - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); - - curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - - if( signature_length != 2 * curve_bytes ) - { - ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); - - /* Check whether the public part is loaded. If not, load it. */ - if( mbedtls_ecp_is_zero( &ecp->Q ) ) - { - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); - } - - ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length, - &ecp->Q, &r, &s ); - -cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - - return( mbedtls_to_psa_error( ret ) ); -} -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -3239,11 +3104,11 @@ psa_status_t psa_sign_hash_internal( #endif ) { - return( psa_ecdsa_sign( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, - signature_length ) ); + return( mbedtls_psa_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3346,10 +3211,11 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { - return( psa_ecdsa_verify( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return( mbedtls_psa_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 23ec6aceff..bd40f2ea9e 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -35,6 +35,7 @@ #define mbedtls_free free #endif +#include #include #include @@ -337,6 +338,145 @@ static psa_status_t ecp_generate_key( } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ +/****************************************************************/ +/* ECDSA sign/verify */ +/****************************************************************/ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; + mbedtls_mpi r, s; + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + + if( signature_size < 2 * curve_bytes ) + { + ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + goto cleanup; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) + { + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); + mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( + &ecp->grp, &r, &s, + &ecp->d, hash, + hash_length, md_alg, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE ) ); + } + else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + { + (void) alg; + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, + hash, hash_length, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE ) ); + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, + signature + curve_bytes, + curve_bytes ) ); +cleanup: + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + if( ret == 0 ) + *signature_length = 2 * curve_bytes; + + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + + return( mbedtls_to_psa_error( ret ) ); +} + +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; + mbedtls_mpi r, s; + + (void)alg; + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + + if( signature_length != 2 * curve_bytes ) + { + ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, + signature + curve_bytes, + curve_bytes ) ); + + /* Check whether the public part is loaded. If not, load it. */ + if( mbedtls_ecp_is_zero( &ecp->Q ) ) + { + MBEDTLS_MPI_CHK( + mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, + mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); + } + + ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length, + &ecp->Q, &r, &s ); + +cleanup: + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + + return( mbedtls_to_psa_error( ret ) ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 5c9b63c39d..72453e6686 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -146,6 +146,78 @@ psa_status_t mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign an already-calculated hash with ECDSA. + * + * \note The signature of this function is that of a PSA driver + * sign_hash entry point. This function behaves as a sign_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the ECC key to use for the + * operation. + * \param[in] key_buffer The buffer containing the ECC key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg Randomized or deterministic ECDSA algorithm. + * \param[in] hash The hash or message to sign. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits, + * \p alg) where \c key_bits is the bit-size of the ECC key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** + * \brief Verify an ECDSA hash or short message signature. + * + * \note The signature of this function is that of a PSA driver + * verify_hash entry point. This function behaves as a verify_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the ECC key to use for the + * operation. + * \param[in] key_buffer The buffer containing the ECC key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg Randomized or deterministic ECDSA algorithm. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ From 8a494f3ebdbe042a3982b4c193dc4eb2d3952aff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Feb 2021 09:49:51 +0100 Subject: [PATCH 12/51] psa: Post move adjustments to psa_sign/verify_hash_internal Signed-off-by: Ronald Cron --- library/psa_crypto.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2d237a6e9d..ecb00f0b0f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3077,8 +3077,6 @@ psa_status_t psa_sign_hash_internal( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -3114,15 +3112,22 @@ psa_status_t psa_sign_hash_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { - status = PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); } } else { - status = PSA_ERROR_NOT_SUPPORTED; - } + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; - return( status ); + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, @@ -3190,8 +3195,6 @@ psa_status_t psa_verify_hash_internal( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -3221,17 +3224,21 @@ psa_status_t psa_verify_hash_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; + return( PSA_ERROR_INVALID_ARGUMENT ); } } else { - status = PSA_ERROR_NOT_SUPPORTED; - } + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; -exit: - return( status ); + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, From b5399a8346bb5ce07e639e3cf8dc3598ecd3fb34 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 09:35:33 +0100 Subject: [PATCH 13/51] psa: Rework ECDSA sign/verify support in the transparent test driver Signed-off-by: Ronald Cron --- library/psa_crypto_ecp.c | 130 +++++++++++++++++-- library/psa_crypto_ecp.h | 12 ++ tests/src/drivers/signature.c | 235 ++++++++++------------------------ 3 files changed, 197 insertions(+), 180 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index bd40f2ea9e..15e5d02382 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -51,11 +51,25 @@ #define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ + defined(MBEDTLS_ECDSA_C) ) ) +#define BUILTIN_ALG_ECDSA 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \ + defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) ) +#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#endif + #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + defined(BUILTIN_ALG_ECDSA) || \ + defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, @@ -168,9 +182,9 @@ exit: } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + * defined(BUILTIN_ALG_ECDSA) || + * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -342,9 +356,9 @@ static psa_status_t ecp_generate_key( /* ECDSA sign/verify */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -psa_status_t mbedtls_psa_ecdsa_sign_hash( +#if defined(BUILTIN_ALG_ECDSA) || \ + defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) +static psa_status_t ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -374,7 +388,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( goto cleanup; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -388,7 +402,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( MBEDTLS_PSA_RANDOM_STATE ) ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, @@ -415,7 +429,7 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -psa_status_t mbedtls_psa_ecdsa_verify_hash( +static psa_status_t ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -474,8 +488,8 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(BUILTIN_ALG_ECDSA) || \ + * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -513,6 +527,38 @@ psa_status_t mbedtls_psa_ecp_generate_key( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + + return( ecdsa_sign_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +} + +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + return( ecdsa_verify_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ @@ -557,6 +603,62 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + +#if defined(MBEDTLS_ECDSA_C) + return( ecdsa_sign_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ +#if defined(MBEDTLS_ECDSA_C) + return( ecdsa_verify_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 72453e6686..0c2b92895f 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -239,6 +239,18 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ECP_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 78b7ff9938..47c6debc5b 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" @@ -45,7 +46,7 @@ test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_S psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) @@ -65,8 +66,6 @@ psa_status_t test_transparent_signature_sign_hash( return( PSA_SUCCESS ); } - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -77,86 +76,48 @@ psa_status_t test_transparent_signature_sign_hash( alg, hash, hash_length, signature, signature_size, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + PSA_ALG_IS_ECDSA( alg ) +#else + PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) +#endif + ) + { + return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ + { + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) - { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); - - /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ - mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; - if( signature_size < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, - hash, hash_length, md_alg ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); - if( status == PSA_SUCCESS ) - *signature_length = 2 * curve_bytes; -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_sign_hash( @@ -175,12 +136,13 @@ psa_status_t test_opaque_signature_sign_hash( (void) signature; (void) signature_size; (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) @@ -190,8 +152,6 @@ psa_status_t test_transparent_signature_verify_hash( if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( test_driver_signature_verify_hooks.forced_status ); - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -202,99 +162,42 @@ psa_status_t test_transparent_signature_verify_hash( alg, hash, hash_length, signature, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); + if( PSA_ALG_IS_ECDSA( alg ) ) + { + return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - - /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ - if( signature_length < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); - - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) ); + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); } - - MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, - &ecp.Q, &r, &s ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_verify_hash( From 4993c13cd338aede6b552820a18e926773e778e0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 17:49:22 +0100 Subject: [PATCH 14/51] tests: psa: Change test driver default forced return value Change signature test driver default forced return value from PSA_ERROR_NOT_SUPPORTED to PSA_SUCCESS to be able to run the PSA unit tests with hash signature and signature verification being handled by the transparent test driver. Signed-off-by: Ronald Cron --- tests/include/test/drivers/signature.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 8abcb111a7..e785151254 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -40,7 +40,7 @@ typedef struct { unsigned long hits; } test_driver_signature_hooks_t; -#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) { const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; From 8d5645a858891a686b0f1d23fffed4c812a52c4d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 18:09:33 +0100 Subject: [PATCH 15/51] tests: psa driver wrapper: Fix sign/verify unit test dependency In test_suite_psa_crypto_driver_wrappers test suite, the sign/verify tests with software fallback tests should be run only if the software fallback is available. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto_driver_wrappers.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 14f84c0236..8ac27a9029 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -2,6 +2,7 @@ sign_hash through transparent driver: calculate in driver ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: error @@ -14,6 +15,7 @@ verify_hash using private key through transparent driver: calculate in driver ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: error @@ -23,6 +25,7 @@ verify_hash using public key through transparent driver: calculate in driver ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: error From 17b3afcc336e94365b3fa9dc5b4ab7e0af6b8591 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 18:17:09 +0100 Subject: [PATCH 16/51] tests: psa: Test sign/verify hash by a transparent driver Test signature and signature verification by a transparent driver in all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1036a7cfd3..f6a1ac7536 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1371,7 +1371,17 @@ component_test_psa_crypto_config_basic() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" + loc_cflags="${loc_cflags} -I../tests/include -O2" + + make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" + unset loc_cflags msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" make test @@ -2139,7 +2149,17 @@ component_test_psa_crypto_drivers () { msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" + loc_cflags="${loc_cflags} -I../tests/include -O2" + + make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + unset loc_cflags msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" make test From a200ee6098f499b1ce1c4ad3143737ad4dd39367 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 17 Dec 2020 14:09:38 +0100 Subject: [PATCH 17/51] Move AEAD macros next to each other Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 91 ++++++++++++++++++++------------------ 1 file changed, 48 insertions(+), 43 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 3956834103..d52f85f3c8 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -283,6 +283,54 @@ (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \ 0) +/** The default nonce size for an AEAD algorithm, in bytes. + * + * This macro can be used to allocate a buffer of sufficient size to + * store the nonce output from #psa_aead_generate_nonce(). + * + * See also #PSA_AEAD_NONCE_MAX_SIZE. + * + * \note This is not the maximum size of nonce supported as input to + * #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(), + * just the default size that is generated by #psa_aead_generate_nonce(). + * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * + * \param key_type A symmetric key type that is compatible with + * algorithm \p alg. + * + * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \return The default nonce size for the specified key type and algorithm. + * If the key type or AEAD algorithm is not recognized, + * or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size for a key + * type and AEAD algorithm that it recognizes, but does not support. + */ +#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ + (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \ + (PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \ + PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \ + (key_type) == PSA_KEY_TYPE_CHACHA20 && \ + PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \ + 0) + +/** The maximum default nonce size among all supported pairs of key types and + * AEAD algorithms, in bytes. + * + * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() + * may return. + * + * \note This is not the maximum size of nonce supported as input to + * #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(), + * just the largest size that may be generated by + * #psa_aead_generate_nonce(). + */ +#define PSA_AEAD_NONCE_MAX_SIZE 12 + /** A sufficient output buffer size for psa_aead_update(). * * If the size of the output buffer is at least this large, it is @@ -643,49 +691,6 @@ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ 0) -/** The default nonce size for an AEAD algorithm, in bytes. - * - * This macro can be used to allocate a buffer of sufficient size to - * store the nonce output from #psa_aead_generate_nonce(). - * - * See also #PSA_AEAD_NONCE_MAX_SIZE. - * - * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(), - * #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by - * #psa_aead_generate_nonce(). - * - * \warning This macro may evaluate its arguments multiple times or - * zero times, so you should not pass arguments that contain - * side effects. - * - * \param key_type A symmetric key type that is compatible with algorithm \p alg. - * - * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true). - * - * \return The default nonce size for the specified key type and algorithm. - * If the key type or AEAD algorithm is not recognized, - * or the parameters are incompatible, return 0. - * An implementation can return either 0 or a correct size for a key type - * and AEAD algorithm that it recognizes, but does not support. - */ -#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ - (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \ - (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \ - PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \ - (key_type) == PSA_KEY_TYPE_CHACHA20 && \ - PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \ - 0) - -/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes. - * - * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return. - * - * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(), - * #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by - * #psa_aead_generate_nonce(). - */ -#define PSA_AEAD_NONCE_MAX_SIZE 12 - /** The default IV size for a cipher algorithm, in bytes. * * The IV that is generated as part of a call to #psa_cipher_encrypt() is always From 0687b2b2360e95183b50bd4f970045d4347fa264 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 6 May 2020 16:05:37 +0200 Subject: [PATCH 18/51] Add macros for output buffer sizes Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 50 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index d52f85f3c8..119acaaf56 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -141,6 +141,13 @@ (((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \ 0) +/** The maximum tag size for all supported AEAD algorithms, in bytes. + * + * See also #PSA_AEAD_TAG_LENGTH(\p alg). + */ +#define PSA_AEAD_TAG_MAX_SIZE \ + (PSA_ALG_AEAD_TAG_LENGTH_MASK >> PSA_AEAD_TAG_LENGTH_OFFSET) + /* The maximum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. * @@ -259,6 +266,24 @@ (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \ 0) +/** A sufficient output buffer size for psa_aead_encrypt(), for any of the + * supported key types and AEAD algorithms. + * + * If the size of the ciphertext buffer is at least this large, it is guaranteed + * that psa_aead_encrypt() will not fail due to an insufficient buffer size. + * + * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length). + * + * \param plaintext_length Size of the plaintext in bytes. + * + * \return A sufficient output buffer size for any of the + * supported key types and AEAD algorithms. + * + */ +#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \ + ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE) + + /** The maximum size of the output of psa_aead_decrypt(), in bytes. * * If the size of the plaintext buffer is at least this large, it is @@ -283,6 +308,23 @@ (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \ 0) +/** A sufficient output buffer size for psa_aead_decrypt(), for any of the + * supported key types and AEAD algorithms. + * + * If the size of the plaintext buffer is at least this large, it is guaranteed + * that psa_aead_decrypt() will not fail due to an insufficient buffer size. + * + * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length). + * + * \param ciphertext_length Size of the ciphertext in bytes. + * + * \return A sufficient output buffer size for any of the + * supported key types and AEAD algorithms. + * + */ +#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \ + (ciphertext_length) + /** The default nonce size for an AEAD algorithm, in bytes. * * This macro can be used to allocate a buffer of sufficient size to @@ -382,6 +424,14 @@ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \ 0) +/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the + * supported key types and AEAD algorithms. + * + * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg). + */ +#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE) + + /** A sufficient plaintext buffer size for psa_aead_verify(). * * If the size of the plaintext buffer is at least this large, it is From 8809fb64eb0bc4305ca392190a3a67dadc89b2d2 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 2 Jun 2020 14:27:06 +0200 Subject: [PATCH 19/51] Add and update size macros for ciphers and keys Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 56 +++++++++++++++++++++++++++++++++++++ include/psa/crypto_values.h | 3 ++ 2 files changed, 59 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 119acaaf56..b1d329c70b 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -785,4 +785,60 @@ */ #define PSA_CIPHER_IV_MAX_SIZE 16 +/** The maximum size of the output of psa_cipher_encrypt(), in bytes. + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_cipher_encrypt() will not fail due to an insufficient buffer size. + * Depending on the algorithm, the actual size of the output might be smaller. + * + * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE. + * + * \param key_type A symmetric key type that is compatible with algorithm + * alg. + * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * \param input_length Size of the input in bytes. + * + * \return A sufficient output size for the specified key type and + * algorithm. If the key type or cipher algorithm is not + * recognized, or the parameters are incompatible, + * return 0. An implementation can return either 0 or + * a correct size for a key type and cipher algorithm + * that it recognizes, but does not support. + */ +#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && PSA_KEY_TYPE_IS_SYMMETRIC(key_type) ? \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + (((input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) + 1) / \ + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) + 1) * \ + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ + (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) ) : \ + 0) + +/** The maximum size of the output of psa_cipher_decrypt(), in bytes. + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_cipher_decrypt() will not fail due to an insufficient buffer size. + * Depending on the algorithm, the actual size of the output might be smaller. + * + * See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE. + * + * \param key_type A symmetric key type that is compatible with algorithm + * alg. + * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * \param input_length Size of the input in bytes. + * + * \return A sufficient output size for the specified key type and + * algorithm. If the key type or cipher algorithm is not + * recognized, or the parameters are incompatible, + * return 0. An implementation can return either 0 or + * a correct size for a key type and cipher algorithm + * that it recognizes, but does not support. + */ +#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && PSA_KEY_TYPE_IS_SYMMETRIC(key_type) ? \ + (input_length) : \ + 0) + #endif /* PSA_CRYPTO_SIZES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 7002631a1a..a7bc5ae945 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -354,6 +354,9 @@ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \ ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC) +/** Whether a key type is symmetric. */ +#define PSA_KEY_TYPE_IS_SYMMETRIC(type) \ + (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC) /** Whether a key type is asymmetric: either a key pair or a public key. */ #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \ (((type) & PSA_KEY_TYPE_CATEGORY_MASK \ From ee6bb560a6029dd247866dc5021977b388ed9707 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 17 Jun 2020 10:11:11 +0200 Subject: [PATCH 20/51] Remove out of scope macros Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 22 ++++++++++++---------- include/psa/crypto_values.h | 3 --- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index b1d329c70b..3f3587c355 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -806,13 +806,14 @@ * a correct size for a key type and cipher algorithm * that it recognizes, but does not support. */ -#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) && PSA_KEY_TYPE_IS_SYMMETRIC(key_type) ? \ - (alg == PSA_ALG_CBC_PKCS7 ? \ - (((input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) + 1) / \ - PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) + 1) * \ - PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) ) : \ +#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && \ + ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + (((input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) + 1) / \ + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) + 1) * \ + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ + (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) ) : \ 0) /** The maximum size of the output of psa_cipher_decrypt(), in bytes. @@ -836,9 +837,10 @@ * a correct size for a key type and cipher algorithm * that it recognizes, but does not support. */ -#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) && PSA_KEY_TYPE_IS_SYMMETRIC(key_type) ? \ - (input_length) : \ +#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && \ + ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ + (input_length) : \ 0) #endif /* PSA_CRYPTO_SIZES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a7bc5ae945..7002631a1a 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -354,9 +354,6 @@ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \ ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC) -/** Whether a key type is symmetric. */ -#define PSA_KEY_TYPE_IS_SYMMETRIC(type) \ - (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC) /** Whether a key type is asymmetric: either a key pair or a public key. */ #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \ (((type) & PSA_KEY_TYPE_CATEGORY_MASK \ From fbd9f1e68377ededed41df52a84ed88dc3e59131 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 29 Jun 2020 10:38:39 +0200 Subject: [PATCH 21/51] Add and update macros for output buffer sizes Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 314 +++++++++++++++++++++++++++++++++++-- 1 file changed, 298 insertions(+), 16 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 3f3587c355..8473d7eae0 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -396,10 +396,25 @@ * to emit output without delay. However, hardware may not always be * capable of this. So for modes based on a block cipher, allow the * implementation to delay the output until it has a full block. */ -#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \ - (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ - PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \ - (input_length)) +#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \ + (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \ + (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \ + (input_length)) : \ + 0) + +/** A sufficient output buffer size for psa_aead_update(), for any of the + * supported key types and AEAD algorithms. + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_aead_update() will not fail due to an insufficient buffer size. + * + * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length). + * + * \param input_length Size of the input in bytes. + */ +#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \ + (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length))) /** A sufficient ciphertext buffer size for psa_aead_finish(). * @@ -429,8 +444,7 @@ * * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg). */ -#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE) - +#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) /** A sufficient plaintext buffer size for psa_aead_verify(). * @@ -455,6 +469,13 @@ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \ 0) +/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the + * supported key types and AEAD algorithms. + * + * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg). + */ +#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) + #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ (PSA_ALG_IS_RSA_OAEP(alg) ? \ 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \ @@ -549,6 +570,14 @@ ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \ 0) +/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any + * supported asymmetric encryption. + * + * See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg). + */ +#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \ + (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)) + /** Sufficient output buffer size for psa_asymmetric_decrypt(). * * This macro returns a sufficient buffer size for a plaintext produced using @@ -580,6 +609,14 @@ PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \ 0) +/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any + * supported asymmetric decryption. + * + * See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg). + */ +#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \ + (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)) + /* Maximum size of the ASN.1 encoding of an INTEGER with the specified * number of bits. * @@ -741,6 +778,144 @@ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ 0) +/** Sufficient output buffer size for psa_export_public_key(). + * + * This macro returns a compile-time constant if its arguments are + * compile-time constants. + * + * \warning This function can evaluate its arguments multiple times or + * zero times. Providing arguments that have side effects will + * result in implementation-specific behavior, and is non-portable. + * + * The following code illustrates how to allocate enough memory to export + * a public key by querying the key type and size at runtime. + * \code{c} + * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + * psa_status_t status; + * status = psa_get_key_attributes(key, &attributes); + * if (status != PSA_SUCCESS) + * handle_error(...); + * psa_key_type_t key_type = psa_get_key_type(&attributes); + * size_t key_bits = psa_get_key_bits(&attributes); + * size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits); + * psa_reset_key_attributes(&attributes); + * uint8_t *buffer = malloc(buffer_size); + * if (buffer == NULL) + * handle_error(...); + * size_t buffer_length; + * status = psa_export_public_key(key, buffer, buffer_size, &buffer_length); + * if (status != PSA_SUCCESS) + * handle_error(...); + * \endcode + * + * \param key_type A public key or key pair key type. + * \param key_bits The size of the key in bits. + * + * \return If the parameters are valid and supported, return + * a buffer size in bytes that guarantees that + * psa_export_public_key() will not fail with + * #PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are + * a valid combination that is not supported by the + * implementation, this macro must return either + * a sensible size or 0. If the parameters are not valid, + * the return value is unspecified. + * + * If the parameters are valid and supported, + * it is recommended that this macro returns the same + * result as + * #PSA_EXPORT_KEY_OUTPUT_SIZE( + * \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type), + * \p key_bits). + */ +#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ + ((key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + 0) + +/** Sufficient buffer size for exporting any asymmetric key pair. + * + * This macro must expand to a compile-time constant integer. This value must + * be a sufficient buffer size when calling psa_export_key() to export any + * asymmetric key pair that is supported by the implementation, regardless of + * the exact key type and key size. + * + * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). + */ +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ + (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS)) : \ + (PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ + PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS))) + +/** Sufficient buffer size for exporting any asymmetric public key. + * + * This macro must expand to a compile-time constant integer. This value must + * be a sufficient buffer size when calling psa_export_key() or + * psa_export_public_key() to export any asymmetric public key that is + * supported by the implementation, regardless of the exact key type and key + * size. + * + * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). + */ +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ + (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ + PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS)) : \ + (PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ + PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS))) + +/** Sufficient output buffer size for psa_raw_key_agreement(). + * + * This macro returns a compile-time constant if its arguments are + * compile-time constants. + * + * \warning This function can evaluate its arguments multiple times or + * zero times. Providing arguments that have side effects will + * result in implementation-specific behavior, and is non-portable. + * + * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE. + * + * \param key_type A supported key type. + * \param key_bits The size of the key in bits. + * + * \return If the parameters are valid and supported, return + * a buffer size in bytes that guarantees that + * psa_raw_key_agreement() will not fail with + * #PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are + * a valid combination that is not supported by + * the implementation, this macro must return either + * a sensible size or 0. If the parameters are not valid, + * the return value is unspecified. + */ +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \ + (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \ + 2 * PSA_BITS_TO_BYTES(key_bits) : \ + 0) + +/** Maximum size of the output from psa_raw_key_agreement(). + * + * This macro must expand to a compile-time constant integer. It is recommended + * that this value is the maximum size of the output any raw key agreement + * algorithm supported by the implementation, in bytes. The value must not be + * smaller than this maximum. + * + * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). + */ +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \ + (2 * PSA_BITS_TO_BYTES(key_bits)) + /** The default IV size for a cipher algorithm, in bytes. * * The IV that is generated as part of a call to #psa_cipher_encrypt() is always @@ -791,7 +966,11 @@ * that psa_cipher_encrypt() will not fail due to an insufficient buffer size. * Depending on the algorithm, the actual size of the output might be smaller. * - * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE. + * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length). + * + * \warning This function can evaluate its arguments multiple times or + * zero times. Providing arguments that have side effects will + * result in implementation-specific behavior, and is non-portable. * * \param key_type A symmetric key type that is compatible with algorithm * alg. @@ -806,23 +985,37 @@ * a correct size for a key type and cipher algorithm * that it recognizes, but does not support. */ -#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) && \ - ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ - (alg == PSA_ALG_CBC_PKCS7 ? \ - (((input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) + 1) / \ - PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) + 1) * \ - PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) ) : \ +#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && \ + ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ + (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg)) : \ + (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) ) : \ 0) +/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the + * supported key types and cipher algorithms. + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_cipher_encrypt() will not fail due to an insufficient buffer size. + * + * See also #PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length). + * + * \param input_length Size of the input in bytes. + * + */ +#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \ + (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \ + (input_length) + PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)) + /** The maximum size of the output of psa_cipher_decrypt(), in bytes. * * If the size of the output buffer is at least this large, it is guaranteed * that psa_cipher_decrypt() will not fail due to an insufficient buffer size. * Depending on the algorithm, the actual size of the output might be smaller. * - * See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE. + * See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(\p input_length). * * \param key_type A symmetric key type that is compatible with algorithm * alg. @@ -843,4 +1036,93 @@ (input_length) : \ 0) +/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the + * supported key types and cipher algorithms. + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_cipher_decrypt() will not fail due to an insufficient buffer size. + * + * See also #PSA_CIPHER_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length). + * + * \param input_length Size of the input in bytes. + */ +#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \ + (input_length) + +/** A sufficient output buffer size for psa_cipher_update(). + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_cipher_update() will not fail due to an insufficient buffer size. + * The actual size of the output might be smaller in any given call. + * + * See also #PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(\p input_length). + * + * \param key_type A symmetric key type that is compatible with algorithm + * alg. + * \param alg A cipher algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * \param input_length Size of the input in bytes. + * + * \return A sufficient output size for the specified key type and + * algorithm. If the key type or cipher algorithm is not + * recognized, or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size + * for a key type and cipher algorithm that it recognizes, + * but does not support. + */ +#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && \ + ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ + (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) : \ + 0) + +/** A sufficient output buffer size for psa_cipher_update(), for any of the + * supported key types and cipher algorithms. + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_cipher_update() will not fail due to an insufficient buffer size. + * + * See also #PSA_CIPHER_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length). + * + * \param input_length Size of the input in bytes. + */ +#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \ + ((input_length) + PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) + +/** A sufficient ciphertext buffer size for psa_cipher_finish(). + * + * If the size of the ciphertext buffer is at least this large, it is + * guaranteed that psa_cipher_finish() will not fail due to an insufficient + * ciphertext buffer size. The actual size of the output might be smaller in + * any given call. + * + * See also #PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE(). + * + * \param key_type A symmetric key type that is compatible with algorithm + * alg. + * \param alg A cipher algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * \return A sufficient output size for the specified key type and + * algorithm. If the key type or cipher algorithm is not + * recognized, or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size + * for a key type and cipher algorithm that it recognizes, + * but does not support. + */ +#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \ + (PSA_ALG_IS_CIPHER(alg) && \ + ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ + 0) : \ + 0) + +/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the + * supported key types and cipher algorithms. + * + * See also #PSA_CIPHER_FINISH_OUTPUT_SIZE(\p key_type, \p alg). + */ +#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \ + (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) + #endif /* PSA_CRYPTO_SIZES_H */ From e86bdcaa1173309b63991aeff7017591d7c7da26 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 7 Jan 2021 14:26:12 +0100 Subject: [PATCH 22/51] Fix size macros and its documentation Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 148 +++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 73 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8473d7eae0..53c4b9d5fb 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -145,8 +145,7 @@ * * See also #PSA_AEAD_TAG_LENGTH(\p alg). */ -#define PSA_AEAD_TAG_MAX_SIZE \ - (PSA_ALG_AEAD_TAG_LENGTH_MASK >> PSA_AEAD_TAG_LENGTH_OFFSET) +#define PSA_AEAD_TAG_MAX_SIZE 16 /* The maximum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. @@ -249,6 +248,10 @@ * insufficient buffer size. Depending on the algorithm, the actual size of * the ciphertext may be smaller. * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * * \param alg An AEAD algorithm * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -272,6 +275,9 @@ * If the size of the ciphertext buffer is at least this large, it is guaranteed * that psa_aead_encrypt() will not fail due to an insufficient buffer size. * + * \note This macro returns a compile-time constant if its arguments are + * compile-time constants. + * * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length). * * \param plaintext_length Size of the plaintext in bytes. @@ -291,6 +297,10 @@ * insufficient buffer size. Depending on the algorithm, the actual size of * the plaintext may be smaller. * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * * \param alg An AEAD algorithm * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -380,6 +390,10 @@ * insufficient buffer size. The actual size of the output may be smaller * in any given call. * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * * \param alg An AEAD algorithm * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -397,11 +411,9 @@ * capable of this. So for modes based on a block cipher, allow the * implementation to delay the output until it has a full block. */ #define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \ - (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \ - (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ - PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \ - (input_length)) : \ - 0) + (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \ + (input_length)) : \ /** A sufficient output buffer size for psa_aead_update(), for any of the * supported key types and AEAD algorithms. @@ -573,10 +585,12 @@ /** A sufficient output buffer size for psa_asymmetric_encrypt(), for any * supported asymmetric encryption. * + * This macro assumes that RSA is the only supported asymmetric encryption. + * * See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg). */ #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \ - (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)) + (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)) /** Sufficient output buffer size for psa_asymmetric_decrypt(). * @@ -612,10 +626,12 @@ /** A sufficient output buffer size for psa_asymmetric_decrypt(), for any * supported asymmetric decryption. * + * This macro assumes that RSA is the only supported asymmetric encryption. + * * See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg). */ #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \ - (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)) + (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)) /* Maximum size of the ASN.1 encoding of an INTEGER with the specified * number of bits. @@ -783,9 +799,9 @@ * This macro returns a compile-time constant if its arguments are * compile-time constants. * - * \warning This function can evaluate its arguments multiple times or - * zero times. Providing arguments that have side effects will - * result in implementation-specific behavior, and is non-portable. + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. * * The following code illustrates how to allocate enough memory to export * a public key by querying the key type and size at runtime. @@ -793,19 +809,16 @@ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; * psa_status_t status; * status = psa_get_key_attributes(key, &attributes); - * if (status != PSA_SUCCESS) - * handle_error(...); + * if (status != PSA_SUCCESS) handle_error(...); * psa_key_type_t key_type = psa_get_key_type(&attributes); * size_t key_bits = psa_get_key_bits(&attributes); * size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits); * psa_reset_key_attributes(&attributes); * uint8_t *buffer = malloc(buffer_size); - * if (buffer == NULL) - * handle_error(...); + * if (buffer == NULL) handle_error(...); * size_t buffer_length; * status = psa_export_public_key(key, buffer, buffer_size, &buffer_length); - * if (status != PSA_SUCCESS) - * handle_error(...); + * if (status != PSA_SUCCESS) handle_error(...); * \endcode * * \param key_type A public key or key pair key type. @@ -827,10 +840,9 @@ * \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type), * \p key_bits). */ -#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ - ((key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ - (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ - PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ +#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ + (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ 0) /** Sufficient buffer size for exporting any asymmetric key pair. @@ -842,17 +854,11 @@ * * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ - (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ - (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS)) : \ - (PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_MAX_KEY_BITS))) +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) /** Sufficient buffer size for exporting any asymmetric public key. * @@ -864,26 +870,20 @@ * * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ - (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ - (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS)) : \ - (PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_MAX_KEY_BITS))) +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \ + PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) /** Sufficient output buffer size for psa_raw_key_agreement(). * * This macro returns a compile-time constant if its arguments are * compile-time constants. * - * \warning This function can evaluate its arguments multiple times or - * zero times. Providing arguments that have side effects will - * result in implementation-specific behavior, and is non-portable. + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. * * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE. * @@ -899,9 +899,10 @@ * a sensible size or 0. If the parameters are not valid, * the return value is unspecified. */ +/* FFDH is not yet supported in PSA. */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \ - 2 * PSA_BITS_TO_BYTES(key_bits) : \ + PSA_BITS_TO_BYTES(key_bits) : \ 0) /** Maximum size of the output from psa_raw_key_agreement(). @@ -914,7 +915,7 @@ * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \ - (2 * PSA_BITS_TO_BYTES(key_bits)) + (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)) /** The default IV size for a cipher algorithm, in bytes. * @@ -968,9 +969,9 @@ * * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length). * - * \warning This function can evaluate its arguments multiple times or - * zero times. Providing arguments that have side effects will - * result in implementation-specific behavior, and is non-portable. + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. * * \param key_type A symmetric key type that is compatible with algorithm * alg. @@ -981,18 +982,16 @@ * \return A sufficient output size for the specified key type and * algorithm. If the key type or cipher algorithm is not * recognized, or the parameters are incompatible, - * return 0. An implementation can return either 0 or - * a correct size for a key type and cipher algorithm - * that it recognizes, but does not support. + * return 0. */ -#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) && \ - ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ - (alg == PSA_ALG_CBC_PKCS7 ? \ - PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ - (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg)) : \ - (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) ) : \ - 0) +#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ + (input_length) + PSA_CIPHER_IV_LENGTH((key_type), \ + (alg))) : \ + (PSA_ALG_IS_CIPHER(alg) ? \ + (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \ + 0)) /** A sufficient output buffer size for psa_cipher_encrypt(), for any of the * supported key types and cipher algorithms. @@ -1070,10 +1069,14 @@ * for a key type and cipher algorithm that it recognizes, * but does not support. */ -#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) && \ - ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ - (input_length) + PSA_CIPHER_IV_LENGTH(key_type, alg) : \ +#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) ? \ + (((alg) == PSA_ALG_CBC_PKCS7 || \ + (alg) == PSA_ALG_CBC_NO_PADDING || \ + (alg) == PSA_ALG_ECB_NO_PADDING) ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ + input_length) : \ + (input_length)) : \ 0) /** A sufficient output buffer size for psa_cipher_update(), for any of the @@ -1109,12 +1112,11 @@ * for a key type and cipher algorithm that it recognizes, * but does not support. */ -#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \ - (PSA_ALG_IS_CIPHER(alg) && \ - ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ - (alg == PSA_ALG_CBC_PKCS7 ? \ - PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ - 0) : \ +#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \ + (PSA_ALG_IS_CIPHER(alg) ? \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ + 0) : \ 0) /** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the From ceface2247a6b8e91756ecc741fc1a8bbeb8e4fe Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 21 Jan 2021 12:26:17 +0100 Subject: [PATCH 23/51] Add test for ouput buffer size macros Signed-off-by: gabor-mezei-arm --- tests/src/psa_exercise_key.c | 33 +++- tests/suites/test_suite_psa_crypto.function | 192 ++++++++++++++++++-- 2 files changed, 203 insertions(+), 22 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 9f80d7b65a..408227d87c 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -467,7 +467,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); @@ -509,7 +509,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, @@ -518,6 +518,15 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( status = psa_raw_key_agreement( alg, key, public_key, public_key_length, output, sizeof( output ), &output_length ); + if ( status == PSA_SUCCESS ) + { + TEST_ASSERT( output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type, + key_bits ) ); + TEST_ASSERT( output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); + } + exit: /* * Key attributes may have been returned by psa_get_key_attributes() @@ -625,6 +634,8 @@ int mbedtls_test_psa_exported_key_sanity_check( if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; TEST_EQUAL( p, end ); + + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } else #endif /* MBEDTLS_RSA_C */ @@ -634,6 +645,8 @@ int mbedtls_test_psa_exported_key_sanity_check( { /* Just the secret value */ TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); + + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } else #endif /* MBEDTLS_ECP_C */ @@ -658,6 +671,12 @@ int mbedtls_test_psa_exported_key_sanity_check( if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) goto exit; TEST_EQUAL( p, end ); + + + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); } else #endif /* MBEDTLS_RSA_C */ @@ -665,6 +684,12 @@ int mbedtls_test_psa_exported_key_sanity_check( #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) { + + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); + if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) { /* The representation of an ECC Montgomery public key is @@ -785,8 +810,8 @@ static int exercise_export_public_key( mbedtls_svc_key_id_t key ) public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( psa_get_key_type( &attributes ) ); - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, - psa_get_key_bits( &attributes ) ); + exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, + psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); PSA_ASSERT( psa_export_public_key( key, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7ae672573e..c6563b3646 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -613,7 +613,10 @@ void import_export( data_t *data, reexported, reexported_length ); PSA_ASSERT( psa_destroy_key( key2 ) ); } - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, psa_get_key_bits( &got_attributes ) ) ); + TEST_ASSERT( exported_length <= + PSA_EXPORT_KEY_OUTPUT_SIZE( type, + psa_get_key_bits( &got_attributes ) ) ); + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); destroy: /* Destroy the key */ @@ -674,6 +677,10 @@ void import_export_public_key( data_t *data, bits = psa_get_key_bits( &attributes ); TEST_ASSERT( expected_public_key->len <= PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) ); + TEST_ASSERT( expected_public_key->len <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) ); + TEST_ASSERT( expected_public_key->len <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); ASSERT_COMPARE( expected_public_key->x, expected_public_key->len, exported, exported_length ); } @@ -2399,19 +2406,29 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } - output_buffer_size = ( (size_t) input->len + - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + TEST_ASSERT( output_buffer_size <= + PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_ALLOC( output, output_buffer_size ); PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); total_output_length += function_output_length; + status = psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); total_output_length += function_output_length; TEST_EQUAL( status, expected_status ); @@ -2467,8 +2484,9 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } - output_buffer_size = ( (size_t) input->len + - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + TEST_ASSERT( output_buffer_size <= + PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_ALLOC( output, output_buffer_size ); TEST_ASSERT( first_part_size <= input->len ); @@ -2476,7 +2494,12 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, output, output_buffer_size, &function_output_length ) ); TEST_ASSERT( function_output_length == output1_length ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) ); total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_update( &operation, input->x + first_part_size, input->len - first_part_size, @@ -2484,11 +2507,22 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, output_buffer_size - total_output_length, &function_output_length ) ); TEST_ASSERT( function_output_length == output2_length ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, + alg, + input->len - first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); total_output_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation ) ); @@ -2540,8 +2574,9 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } - output_buffer_size = ( (size_t) input->len + - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + TEST_ASSERT( output_buffer_size <= + PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_ALLOC( output, output_buffer_size ); TEST_ASSERT( first_part_size <= input->len ); @@ -2550,7 +2585,12 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output, output_buffer_size, &function_output_length ) ); TEST_ASSERT( function_output_length == output1_length ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_update( &operation, input->x + first_part_size, input->len - first_part_size, @@ -2558,11 +2598,22 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output_buffer_size - total_output_length, &function_output_length ) ); TEST_ASSERT( function_output_length == output2_length ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, + alg, + input->len - first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); total_output_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation ) ); @@ -2611,19 +2662,29 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } - output_buffer_size = ( (size_t) input->len + - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + TEST_ASSERT( output_buffer_size <= + PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_ALLOC( output, output_buffer_size ); PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); total_output_length += function_output_length; + status = psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); total_output_length += function_output_length; TEST_EQUAL( status, expected_status ); @@ -2682,23 +2743,37 @@ void cipher_verify_output( int alg_arg, int key_type_arg, iv, iv_size, &iv_length ) ); } - output1_size = ( (size_t) input->len + - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + TEST_ASSERT( output1_size <= + PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_ALLOC( output1, output1_size ); PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len, output1, output1_size, &output1_length ) ); + TEST_ASSERT( output1_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) ); + TEST_ASSERT( output1_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); + PSA_ASSERT( psa_cipher_finish( &operation1, output1 + output1_length, output1_size - output1_length, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); output1_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation1 ) ); output2_size = output1_length; + TEST_ASSERT( output2_size <= + PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) ); + TEST_ASSERT( output2_size <= + PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) ); ASSERT_ALLOC( output2, output2_size ); if( iv_length > 0 ) @@ -2710,11 +2785,20 @@ void cipher_verify_output( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length, output2, output2_size, &output2_length ) ); + TEST_ASSERT( output2_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, output1_length ) ); + TEST_ASSERT( output2_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length ) ); + function_output_length = 0; PSA_ASSERT( psa_cipher_finish( &operation2, output2 + output2_length, output2_size - output2_length, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); output2_length += function_output_length; @@ -2776,8 +2860,9 @@ void cipher_verify_output_multipart( int alg_arg, &iv_length ) ); } - output1_buffer_size = ( (size_t) input->len + - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + TEST_ASSERT( output1_buffer_size <= + PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_ALLOC( output1, output1_buffer_size ); TEST_ASSERT( first_part_size <= input->len ); @@ -2785,6 +2870,10 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size, output1, output1_buffer_size, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); output1_length += function_output_length; PSA_ASSERT( psa_cipher_update( &operation1, @@ -2792,17 +2881,31 @@ void cipher_verify_output_multipart( int alg_arg, input->len - first_part_size, output1, output1_buffer_size, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, + alg, + input->len - first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) ); output1_length += function_output_length; PSA_ASSERT( psa_cipher_finish( &operation1, output1 + output1_length, output1_buffer_size - output1_length, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); output1_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation1 ) ); output2_buffer_size = output1_length; + TEST_ASSERT( output2_buffer_size <= + PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) ); + TEST_ASSERT( output2_buffer_size <= + PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) ); ASSERT_ALLOC( output2, output2_buffer_size ); if( iv_length > 0 ) @@ -2814,6 +2917,10 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, output2, output2_buffer_size, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); output2_length += function_output_length; PSA_ASSERT( psa_cipher_update( &operation2, @@ -2821,12 +2928,22 @@ void cipher_verify_output_multipart( int alg_arg, output1_length - first_part_size, output2, output2_buffer_size, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, + alg, + output1_length - first_part_size ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) ); output2_length += function_output_length; PSA_ASSERT( psa_cipher_finish( &operation2, output2 + output2_length, output2_buffer_size - output2_length, &function_output_length ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); + TEST_ASSERT( function_output_length <= + PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); output2_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation2 ) ); @@ -2898,6 +3015,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, TEST_EQUAL( input_data->len, PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) ); + TEST_ASSERT( input_data->len <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) ); + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, @@ -2942,6 +3062,8 @@ void aead_encrypt( int key_type_arg, data_t *key_data, * should be exact. */ TEST_EQUAL( output_size, PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) ); + TEST_ASSERT( output_size <= + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); ASSERT_ALLOC( output_data, output_size ); PSA_ASSERT( psa_crypto_init( ) ); @@ -3001,11 +3123,15 @@ void aead_decrypt( int key_type_arg, data_t *key_data, psa_status_t status = PSA_ERROR_GENERIC_ERROR; output_size = input_data->len - tag_length; - /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE - * should be exact. */ if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) + { + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ TEST_EQUAL( output_size, PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) ); + TEST_ASSERT( output_size <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } ASSERT_ALLOC( output_data, output_size ); PSA_ASSERT( psa_crypto_init( ) ); @@ -3374,7 +3500,9 @@ void asymmetric_encrypt( int key_type_arg, /* Determine the maximum output length */ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); + output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); + TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE ); ASSERT_ALLOC( output, output_size ); /* Encrypt the input */ @@ -3446,9 +3574,15 @@ void asymmetric_encrypt_decrypt( int key_type_arg, /* Determine the maximum ciphertext length */ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); + output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); + TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE ); ASSERT_ALLOC( output, output_size ); + output2_size = input_data->len; + TEST_ASSERT( output2_size <= + PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) ); + TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE ); ASSERT_ALLOC( output2, output2_size ); /* We test encryption by checking that encrypt-then-decrypt gives back @@ -3496,14 +3630,12 @@ void asymmetric_decrypt( int key_type_arg, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; + size_t key_bits; unsigned char *output = NULL; size_t output_size = 0; size_t output_length = ~0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - output_size = expected_data->len; - ASSERT_ALLOC( output, output_size ); - PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); @@ -3513,6 +3645,14 @@ void asymmetric_decrypt( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + /* Determine the maximum ciphertext length */ + output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); + TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE ); + ASSERT_ALLOC( output, output_size ); + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, @@ -3910,6 +4050,14 @@ void derive_output( int alg_arg, PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, &keys[i] ) ); + + if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) + { + PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) ); + TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <= + PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ); + } + PSA_ASSERT( psa_key_derivation_input_key( &operation, steps[i], keys[i] ) ); break; @@ -4295,6 +4443,7 @@ void raw_key_agreement( int alg_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char *output = NULL; size_t output_length = ~0; + size_t key_bits; ASSERT_ALLOC( output, expected_output->len ); PSA_ASSERT( psa_crypto_init( ) ); @@ -4306,12 +4455,19 @@ void raw_key_agreement( int alg_arg, our_key_data->x, our_key_data->len, &our_key ) ); + PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + PSA_ASSERT( psa_raw_key_agreement( alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len, &output_length ) ); ASSERT_COMPARE( output, output_length, expected_output->x, expected_output->len ); + TEST_ASSERT( output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) ); + TEST_ASSERT( output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); exit: mbedtls_free( output ); From c6f2480854e11878fa8f3be4433772ef9c8953c1 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 15 Feb 2021 15:56:29 +0100 Subject: [PATCH 24/51] Fix documentation Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 121 ++++++++++++------------------------- 1 file changed, 39 insertions(+), 82 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 53c4b9d5fb..5483586400 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -65,8 +65,6 @@ * * \return The hash size for the specified hash algorithm. * If the hash algorithm is not recognized, return 0. - * An implementation may return either 0 or the correct size - * for a hash algorithm that it recognizes, but does not support. */ #define PSA_HASH_LENGTH(alg) \ ( \ @@ -91,9 +89,8 @@ * * Maximum size of a hash. * - * This macro must expand to a compile-time constant integer. This value - * should be the maximum size of a hash supported by the implementation, - * in bytes, and must be no smaller than this maximum. + * This macro expands to a compile-time constant integer. This value + * is the maximum size of a hash in bytes. */ /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for @@ -110,9 +107,8 @@ * * Maximum size of a MAC. * - * This macro must expand to a compile-time constant integer. This value - * should be the maximum size of a MAC supported by the implementation, - * in bytes, and must be no smaller than this maximum. + * This macro expands to a compile-time constant integer. This value + * is the maximum size of a MAC in bytes. */ /* All non-HMAC MACs have a maximum size that's smaller than the * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */ @@ -132,9 +128,6 @@ * tag that can be distinguished from the rest of * the ciphertext, return 0. * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. */ #define PSA_AEAD_TAG_LENGTH(alg) \ (PSA_ALG_IS_AEAD(alg) ? \ @@ -211,7 +204,7 @@ */ #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128 -/** The maximum size of a block cipher supported by the implementation. */ +/** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 /** The size of the output of psa_mac_sign_finish(), in bytes. @@ -260,9 +253,6 @@ * \return The AEAD ciphertext size for the specified * algorithm. * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. */ #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \ (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \ @@ -309,9 +299,6 @@ * \return The AEAD ciphertext size for the specified * algorithm. * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. */ #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \ @@ -324,6 +311,9 @@ * If the size of the plaintext buffer is at least this large, it is guaranteed * that psa_aead_decrypt() will not fail due to an insufficient buffer size. * + * \note This macro returns a compile-time constant if its arguments are + * compile-time constants. + * * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length). * * \param ciphertext_length Size of the ciphertext in bytes. @@ -359,8 +349,6 @@ * \return The default nonce size for the specified key type and algorithm. * If the key type or AEAD algorithm is not recognized, * or the parameters are incompatible, return 0. - * An implementation can return either 0 or a correct size for a key - * type and AEAD algorithm that it recognizes, but does not support. */ #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \ @@ -402,9 +390,6 @@ * \return A sufficient output buffer size for the specified * algorithm. * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. */ /* For all the AEAD modes defined in this specification, it is possible * to emit output without delay. However, hardware may not always be @@ -442,9 +427,6 @@ * \return A sufficient ciphertext buffer size for the * specified algorithm. * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. */ #define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ @@ -472,9 +454,6 @@ * \return A sufficient plaintext buffer size for the * specified algorithm. * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. */ #define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ @@ -524,9 +503,8 @@ * a buffer size in bytes that guarantees that * psa_sign_hash() will not fail with * #PSA_ERROR_BUFFER_TOO_SMALL. - * If the parameters are a valid combination that is not supported - * by the implementation, this macro shall return either a - * sensible size or 0. + * If the parameters are a valid combination that is not supported, + * return either a sensible size or 0. * If the parameters are not valid, the * return value is unspecified. */ @@ -542,9 +520,8 @@ * * Maximum size of an asymmetric signature. * - * This macro must expand to a compile-time constant integer. This value - * should be the maximum size of a signature supported by the implementation, - * in bytes, and must be no smaller than this maximum. + * This macro expands to a compile-time constant integer. This value + * is the maximum size of a signature in bytes. */ #define PSA_SIGNATURE_MAX_SIZE \ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \ @@ -571,9 +548,8 @@ * a buffer size in bytes that guarantees that * psa_asymmetric_encrypt() will not fail with * #PSA_ERROR_BUFFER_TOO_SMALL. - * If the parameters are a valid combination that is not supported - * by the implementation, this macro shall return either a - * sensible size or 0. + * If the parameters are a valid combination that is not supported, + * return either a sensible size or 0. * If the parameters are not valid, the * return value is unspecified. */ @@ -585,10 +561,9 @@ /** A sufficient output buffer size for psa_asymmetric_encrypt(), for any * supported asymmetric encryption. * - * This macro assumes that RSA is the only supported asymmetric encryption. - * * See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg). */ +/* This macro assumes that RSA is the only supported asymmetric encryption. */ #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)) @@ -612,9 +587,8 @@ * a buffer size in bytes that guarantees that * psa_asymmetric_decrypt() will not fail with * #PSA_ERROR_BUFFER_TOO_SMALL. - * If the parameters are a valid combination that is not supported - * by the implementation, this macro shall return either a - * sensible size or 0. + * If the parameters are a valid combination that is not supported, + * return either a sensible size or 0. * If the parameters are not valid, the * return value is unspecified. */ @@ -778,11 +752,9 @@ * a buffer size in bytes that guarantees that * psa_export_key() or psa_export_public_key() will not fail with * #PSA_ERROR_BUFFER_TOO_SMALL. - * If the parameters are a valid combination that is not supported - * by the implementation, this macro shall return either a - * sensible size or 0. - * If the parameters are not valid, the - * return value is unspecified. + * If the parameters are a valid combination that is not supported, + * return either a sensible size or 0. + * If the parameters are not valid, the return value is unspecified. */ #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ @@ -827,15 +799,14 @@ * \return If the parameters are valid and supported, return * a buffer size in bytes that guarantees that * psa_export_public_key() will not fail with - * #PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are - * a valid combination that is not supported by the - * implementation, this macro must return either - * a sensible size or 0. If the parameters are not valid, + * #PSA_ERROR_BUFFER_TOO_SMALL. + * If the parameters are a valid combination that is not + * supported, return either a sensible size or 0. + * If the parameters are not valid, * the return value is unspecified. * * If the parameters are valid and supported, - * it is recommended that this macro returns the same - * result as + * return the same result as * #PSA_EXPORT_KEY_OUTPUT_SIZE( * \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type), * \p key_bits). @@ -847,10 +818,9 @@ /** Sufficient buffer size for exporting any asymmetric key pair. * - * This macro must expand to a compile-time constant integer. This value must - * be a sufficient buffer size when calling psa_export_key() to export any - * asymmetric key pair that is supported by the implementation, regardless of - * the exact key type and key size. + * This macro expands to a compile-time constant integer. This value is + * a sufficient buffer size when calling psa_export_key() to export any + * asymmetric key pair, regardless of the exact key type and key size. * * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ @@ -862,11 +832,10 @@ /** Sufficient buffer size for exporting any asymmetric public key. * - * This macro must expand to a compile-time constant integer. This value must - * be a sufficient buffer size when calling psa_export_key() or - * psa_export_public_key() to export any asymmetric public key that is - * supported by the implementation, regardless of the exact key type and key - * size. + * This macro expands to a compile-time constant integer. This value is + * a sufficient buffer size when calling psa_export_key() or + * psa_export_public_key() to export any asymmetric public key, + * regardless of the exact key type and key size. * * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ @@ -893,10 +862,10 @@ * \return If the parameters are valid and supported, return * a buffer size in bytes that guarantees that * psa_raw_key_agreement() will not fail with - * #PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are - * a valid combination that is not supported by - * the implementation, this macro must return either - * a sensible size or 0. If the parameters are not valid, + * #PSA_ERROR_BUFFER_TOO_SMALL. + * If the parameters are a valid combination that + * is not supported, return either a sensible size or 0. + * If the parameters are not valid, * the return value is unspecified. */ /* FFDH is not yet supported in PSA. */ @@ -907,10 +876,8 @@ /** Maximum size of the output from psa_raw_key_agreement(). * - * This macro must expand to a compile-time constant integer. It is recommended - * that this value is the maximum size of the output any raw key agreement - * algorithm supported by the implementation, in bytes. The value must not be - * smaller than this maximum. + * This macro expands to a compile-time constant integer. This value is the + * maximum size of the output any raw key agreement algorithm, in bytes. * * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). */ @@ -940,8 +907,6 @@ * If the algorithm does not use an IV, return 0. * If the key type or cipher algorithm is not recognized, * or the parameters are incompatible, return 0. - * An implementation can return either 0 or a correct size for a key type - * and cipher algorithm that it recognizes, but does not support. */ #define PSA_CIPHER_IV_LENGTH(key_type, alg) \ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \ @@ -1025,9 +990,7 @@ * \return A sufficient output size for the specified key type and * algorithm. If the key type or cipher algorithm is not * recognized, or the parameters are incompatible, - * return 0. An implementation can return either 0 or - * a correct size for a key type and cipher algorithm - * that it recognizes, but does not support. + * return 0. */ #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ (PSA_ALG_IS_CIPHER(alg) && \ @@ -1065,9 +1028,6 @@ * \return A sufficient output size for the specified key type and * algorithm. If the key type or cipher algorithm is not * recognized, or the parameters are incompatible, return 0. - * An implementation can return either 0 or a correct size - * for a key type and cipher algorithm that it recognizes, - * but does not support. */ #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \ (PSA_ALG_IS_CIPHER(alg) ? \ @@ -1108,9 +1068,6 @@ * \return A sufficient output size for the specified key type and * algorithm. If the key type or cipher algorithm is not * recognized, or the parameters are incompatible, return 0. - * An implementation can return either 0 or a correct size - * for a key type and cipher algorithm that it recognizes, - * but does not support. */ #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \ (PSA_ALG_IS_CIPHER(alg) ? \ From cbc135599ee68956f21497ec5f8723bc571f3b9c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Mar 2021 17:22:09 +0100 Subject: [PATCH 25/51] psa: wrapper: Remove unnecessary compiler warning workarounds Signed-off-by: Ronald Cron --- library/psa_crypto_driver_wrappers.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7e42e48f98..6cf23cef9a 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -63,8 +63,6 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - (void)key_buffer_size; - /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -149,8 +147,6 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - (void)key_buffer_size; - /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; From 566899eefae1eae26eb971b68ae535b2d06b124a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Mar 2021 08:56:17 +0100 Subject: [PATCH 26/51] psa: Remove outdated comments Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ecb00f0b0f..3ba056d245 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3165,7 +3165,6 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, .core = slot->attr }; - /* Try any of the available accelerators first */ status = psa_driver_wrapper_sign_hash( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, @@ -3262,7 +3261,6 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, .core = slot->attr }; - /* Try any of the available accelerators first */ status = psa_driver_wrapper_verify_hash( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, From 9103d490e8955c2b9723a266af000fc99eeb8f85 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Mar 2021 11:26:03 +0100 Subject: [PATCH 27/51] psa: ecdsa: Rework deterministic support check Move the check that ECDSA is supported from the caller of the function responsible for Mbed TLS ECDSA signatures to this function, namely mbedtls_psa_ecdsa_sign_hash(). This makes the caller code more readable and is more aligned with what is expected from a sign_hash() PSA driver entry point. Add a negative test case where a deterministic ECDSA signature is requested while the library does not support deterministic ECDSA. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 8 +------- library/psa_crypto_ecp.c | 9 ++++++--- tests/suites/test_suite_psa_crypto.data | 4 ++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ba056d245..7a2b65d640 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3094,13 +3094,7 @@ psa_status_t psa_sign_hash_internal( { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - PSA_ALG_IS_ECDSA( alg ) -#else - PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) -#endif - ) + if( PSA_ALG_IS_ECDSA( alg ) ) { return( mbedtls_psa_ecdsa_sign_hash( attributes, diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 15e5d02382..9cce3af6a1 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -388,9 +388,9 @@ static psa_status_t ecdsa_sign_hash( goto cleanup; } -#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) + if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) ) { +#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); @@ -400,9 +400,12 @@ static psa_status_t ecdsa_sign_hash( hash_length, md_alg, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); +#else + ret = MBEDTLS_ERR_ECP_INVALID_KEY; + goto cleanup; +#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ } else -#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c981e98a8e..ab3b5a19b2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1972,6 +1972,10 @@ PSA sign: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +PSA sign: deterministic ECDSA not supported +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_INVALID_ARGUMENT + PSA sign/verify: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" From bb9cbc7a23c117437e3ef58076da76601053caf4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Mar 2021 17:09:00 +0100 Subject: [PATCH 28/51] psa: ecdsa: Prefer NOT_SUPPORTED error code When ECDSA is not supported by the library, prefer to return NOT_SUPPORTED than INVALID_ARGUMENT when asked for an ECDSA signature. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 9 +++++---- library/psa_crypto_ecp.c | 2 +- tests/suites/test_suite_psa_crypto.data | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7a2b65d640..3b5e33d6a8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3090,10 +3090,10 @@ psa_status_t psa_sign_hash_internal( else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { if( PSA_ALG_IS_ECDSA( alg ) ) { return( mbedtls_psa_ecdsa_sign_hash( @@ -3103,14 +3103,15 @@ psa_status_t psa_sign_hash_internal( signature, signature_size, signature_length ) ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { + (void)attributes; (void)key_buffer; (void)key_buffer_size; (void)alg; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 9cce3af6a1..75ab1690dd 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -401,7 +401,7 @@ static psa_status_t ecdsa_sign_hash( mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); #else - ret = MBEDTLS_ERR_ECP_INVALID_KEY; + ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; goto cleanup; #endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ab3b5a19b2..809fc04410 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1969,12 +1969,12 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDT sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign: invalid algorithm for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_INVALID_ARGUMENT +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED PSA sign/verify: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C From fb91a48616c40cde9ac8819e7708b42be9a38ed0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 5 Mar 2021 14:17:51 +0000 Subject: [PATCH 29/51] Fix memsan build with clang 11 Memsan build was reporting a false positive use of uninitialised memory in x509_crt.c on a struct filled by an _stat function call. According to the man pages, the element reported has to be filled in by the call, so to be safe, and keep memsan happy, zero the struct first. Signed-off-by: Paul Elliott --- ChangeLog.d/fix_memsan_build_clang11.txt | 2 ++ library/x509_crt.c | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix_memsan_build_clang11.txt diff --git a/ChangeLog.d/fix_memsan_build_clang11.txt b/ChangeLog.d/fix_memsan_build_clang11.txt new file mode 100644 index 0000000000..3f5cc058f8 --- /dev/null +++ b/ChangeLog.d/fix_memsan_build_clang11.txt @@ -0,0 +1,2 @@ +Changes + * Fix memsan build false positive in x509_crt.c with clang 11 diff --git a/library/x509_crt.c b/library/x509_crt.c index a623c57a6c..0aa4f4c21f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1629,6 +1629,8 @@ cleanup: } #endif /* MBEDTLS_THREADING_C */ + memset( &sb, 0, sizeof( sb ) ); + while( ( entry = readdir( dir ) ) != NULL ) { snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, From 286a36e17d918920cbdb41a885886df36179b9c9 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Fri, 5 Mar 2021 15:54:21 +0100 Subject: [PATCH 30/51] Fix size macros Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 5483586400..2a822d7f4d 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -352,10 +352,10 @@ */ #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \ - (PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \ - PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \ + (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \ + PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \ (key_type) == PSA_KEY_TYPE_CHACHA20 && \ - PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \ + PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \ 0) /** The maximum default nonce size among all supported pairs of key types and @@ -1050,7 +1050,7 @@ * \param input_length Size of the input in bytes. */ #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \ - ((input_length) + PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) + (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length)) /** A sufficient ciphertext buffer size for psa_cipher_finish(). * From 9c3b5077e606f1fa58f768a2c632088055b7729a Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 10 Mar 2021 15:57:44 +0100 Subject: [PATCH 31/51] Update PSA_CIPHER_ENCRYPT_OUTPUT_SIZE Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 2a822d7f4d..b5fb47ddb1 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -952,8 +952,8 @@ #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ (alg == PSA_ALG_CBC_PKCS7 ? \ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ - (input_length) + PSA_CIPHER_IV_LENGTH((key_type), \ - (alg))) : \ + (input_length) + 1) + \ + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \ (PSA_ALG_IS_CIPHER(alg) ? \ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \ 0)) From ea32d556233c2891544dda32b1386567d5928498 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 9 Dec 2020 14:34:47 +0000 Subject: [PATCH 32/51] Add printf warning flags to CMake Build Add extra printf warning flags into the cmake build, only adding those that are supported by each version of the compiler Signed-off-by: Paul Elliott --- CMakeLists.txt | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fdaa2f134d..c56fb776a7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -179,6 +179,9 @@ if(CMAKE_COMPILER_IS_GNU) execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings") + if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral") + endif() if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla") endif() @@ -194,6 +197,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") endif() endif() + if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) + # Cannot use -Wformat-truncation=2 as this fails on mbedtls_snprintf (unknown buffer size) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") + endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") @@ -204,7 +211,7 @@ if(CMAKE_COMPILER_IS_GNU) endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") From 4e589701d81ab288b7ad932788813689d261aa54 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 9 Dec 2020 14:38:01 +0000 Subject: [PATCH 33/51] Declare mbedtls_debug_print_msg as printf-like We were not getting any warnings on printf format errors, as we do not explicitly use printf anywhere in the code. Thankfully there is a way to mark a function as having printf behaviour so that its inputs can be checked in the same way as printf would be. Signed-off-by: Paul Elliott --- include/mbedtls/debug.h | 21 ++++++++++++++++++++- library/debug.c | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index ab5b037034..cd522f5893 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -80,6 +80,25 @@ #endif /* MBEDTLS_DEBUG_C */ +/** + * \def MBEDTLS_PRINTF_ATTRIBUTE + * + * Mark a function as having printf attributes, and thus enable checking + * via -wFormat and other flags. This does nothing in windows builds as the + * windows compiler does not support it. + * + * Module: library/debug.c + * Caller: + * + * This module provides debugging functions. + */ +#if (defined(_WIN32) || defined(_WIN64)) +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) +#else +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ + __attribute__((format (printf, string_index, first_to_check))) +#endif + #ifdef __cplusplus extern "C" { #endif @@ -118,7 +137,7 @@ void mbedtls_debug_set_threshold( int threshold ); */ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, const char *file, int line, - const char *format, ... ); + const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); /** * \brief Print the return value of a function to the debug output. This diff --git a/library/debug.c b/library/debug.c index c3384be359..e91d1ad1da 100644 --- a/library/debug.c +++ b/library/debug.c @@ -74,6 +74,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, #endif } +MBEDTLS_PRINTF_ATTRIBUTE(5, 6) void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *format, ... ) From dd9e8f6dd065bb21928674d94c075ab14a57f2ca Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 9 Dec 2020 14:53:24 +0000 Subject: [PATCH 34/51] Fix potential buffer overflow in printf Printf could potentially produce 2 64 bit numbers here when there is only space for one, thus causing a buffer overflow. This was caught by the new warning flags. Signed-off-by: Paul Elliott --- library/psa_its_file.c | 1 + tests/suites/test_suite_psa_its.function | 1 + 2 files changed, 2 insertions(+) diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 2fbff20ef9..8dff7834de 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -51,6 +51,7 @@ #define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_FILENAME_LENGTH \ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \ + 16 + /*UID (64-bit number in hex)*/ \ 16 + /*UID (64-bit number in hex)*/ \ sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \ 1 /*terminating null byte*/ ) diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 330846a02c..fb9ce07036 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -16,6 +16,7 @@ #define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_FILENAME_LENGTH \ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \ + 16 + /*UID (64-bit number in hex)*/ \ 16 + /*UID (64-bit number in hex)*/ \ sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \ 1 /*terminating null byte*/ ) From 9f352117740746133393bec3be86c2672e931b6c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 9 Dec 2020 14:55:45 +0000 Subject: [PATCH 35/51] Fixes for invalid printf format specifiers Fixes for printf format specifiers, where they have been flagged as invalid sizes by coverity, and new build flags to enable catching these errors when building using CMake. Note that this patch uses %zu, which requires C99 or later. Signed-off-by: Paul Elliott --- library/ssl_cli.c | 34 ++++++------- library/ssl_msg.c | 122 +++++++++++++++++++++++----------------------- library/ssl_srv.c | 28 +++++------ library/ssl_tls.c | 14 +++--- 4 files changed, 99 insertions(+), 99 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a8331d9bb3..b4ba88c885 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, - ( "sending session ticket of length %d", tlen ) ); + ( "sending session ticket of length %zu", tlen ) ); memcpy( p, ssl->session_negotiate->ticket, tlen ); @@ -905,7 +905,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( t >> 8 ); *p++ = (unsigned char)( t ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lld", (long long) t ) ); #else if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); @@ -1114,7 +1114,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) for( i = 0; i < n; i++ ) *p++ = ssl->session_negotiate->id[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %zu", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); /* @@ -1182,7 +1182,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)", - ciphersuites[i], ciphersuite_info->name ) ); + (unsigned int)ciphersuites[i], ciphersuite_info->name ) ); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1197,7 +1197,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + ( "client hello, got %zu ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -1420,7 +1420,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* olen unused if all extensions are disabled */ ((void) olen); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %zu", ext_len ) ); if( ext_len > 0 ) @@ -2167,10 +2167,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (uint32_t) buf[2] << 24 ) | - ( (uint32_t) buf[3] << 16 ) | - ( (uint32_t) buf[4] << 8 ) | - ( (uint32_t) buf[5] ) ) ); + ( (unsigned long) buf[2] << 24 ) | + ( (unsigned long) buf[3] << 16 ) | + ( (unsigned long) buf[4] << 8 ) | + ( (unsigned long) buf[5] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); @@ -2253,7 +2253,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->handshake->ciphersuite_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "ciphersuite info for %04x not found", i ) ); + ( "ciphersuite info for %04x not found", (unsigned int)i ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2261,7 +2261,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); /* @@ -2304,7 +2304,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned int)i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); @@ -2373,7 +2373,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ext = buf + 40 + n; MBEDTLS_SSL_DEBUG_MSG( 2, - ( "server hello, total extension length: %d", ext_len ) ); + ( "server hello, total extension length: %zu", ext_len ) ); while( ext_len ) { @@ -2537,7 +2537,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) default: MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %d (ignoring)", ext_id ) ); + ( "unknown extension found: %u (ignoring)", ext_id ) ); } ext_len -= 4 + ext_size; @@ -2628,7 +2628,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %zu < %u", ssl->handshake->dhm_ctx.len * 8, ssl->conf->dhm_min_bitlen ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); @@ -4347,7 +4347,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", ticket_len ) ); /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 72f09bb42a..26e19a6c0d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -283,8 +283,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) } ssl->handshake->retransmit_timeout = new_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", - ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout ) ); return( 0 ); } @@ -292,8 +292,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) { ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", - ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout ) ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -764,7 +764,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, " "including %d bytes of padding", rec->data_len, 0 ) ); @@ -842,7 +842,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, dynamic_iv_is_explicit ? dynamic_iv_len : 0 ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, " "including 0 bytes of padding", rec->data_len ) ); @@ -945,8 +945,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " - "including %d bytes of IV and %d bytes of padding", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, " + "including %zu bytes of IV and %zu bytes of padding", rec->data_len, transform->ivlen, padlen + 1 ) ); @@ -1366,7 +1366,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, { if( rec->data_len < dynamic_iv_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < explicit_iv_len (%zu) ", rec->data_len, dynamic_iv_len ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -1385,7 +1385,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* Check that there's space for the authentication tag. */ if( rec->data_len < transform->taglen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < taglen (%zu) ", rec->data_len, transform->taglen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -1488,7 +1488,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( rec->data_len < minlen + transform->ivlen || rec->data_len < minlen + transform->maclen + 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < max( ivlen(%zu), maclen (%zu) " "+ 1 ) ( + expl IV )", rec->data_len, transform->ivlen, transform->maclen ) ); @@ -1554,7 +1554,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ if( rec->data_len % transform->ivlen != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) %% ivlen (%zu) != 0", rec->data_len, transform->ivlen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } @@ -1624,7 +1624,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DEBUG_ALL) if( rec->data_len < transform->maclen + padlen + 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < maclen (%zu) + padlen (%zu)", rec->data_len, transform->maclen, padlen + 1 ) ); @@ -1653,8 +1653,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " - "should be no more than %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %zu, " + "should be no more than %zu", padlen, transform->ivlen ) ); #endif correct = 0; @@ -1890,7 +1890,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) memcpy( msg_pre, ssl->out_msg, len_pre ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %zu, ", ssl->out_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", @@ -1911,7 +1911,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) ssl->out_msglen = out_buf_len - ssl->transform_out->ctx_deflate.avail_out - bytes_written; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %zu, ", ssl->out_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", @@ -1942,7 +1942,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) memcpy( msg_pre, ssl->in_msg, len_pre ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %zu, ", ssl->in_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", @@ -1963,7 +1963,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->in_msglen = in_buf_len - ssl->transform_in->ctx_inflate.avail_out - header_bytes; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %zu, ", ssl->in_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", @@ -2042,7 +2042,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->in_left != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %zu", ssl->next_record_offset ) ); memmove( ssl->in_hdr, ssl->in_hdr + ssl->next_record_offset, @@ -2052,7 +2052,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) ssl->next_record_offset = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu", ssl->in_left, nb_want ) ); /* @@ -2094,7 +2094,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) else timeout = ssl->conf->read_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) ); if( ssl->f_recv_timeout != NULL ) ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, @@ -2153,7 +2153,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) else #endif { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu", ssl->in_left, nb_want ) ); while( ssl->in_left < nb_want ) @@ -2177,7 +2177,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu", ssl->in_left, nb_want ) ); MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); @@ -2190,8 +2190,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %lu were requested", - ret, (unsigned long)len ) ); + ( "f_recv returned %d bytes but only %zu were requested", + ret, len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2230,7 +2230,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) while( ssl->out_left > 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %zu, out_left: %zu", mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); buf = ssl->out_hdr - ssl->out_left; @@ -2244,8 +2244,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %lu bytes were sent", - ret, (unsigned long)ssl->out_left ) ); + ( "f_send returned %d bytes but only %zu bytes were sent", + ret, ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2286,14 +2286,14 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) /* Allocate space for current message */ if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", sizeof( mbedtls_ssl_flight_item ) ) ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", ssl->out_msglen ) ); mbedtls_free( msg ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } @@ -2922,8 +2922,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Now write the potentially updated record content type. */ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " - "version = [%d:%d], msglen = %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, " + "version = [%u:%u], msglen = %zu", ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], len ) ); @@ -3119,7 +3119,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %zu", ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -3127,7 +3127,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" - " %d, type = %d, hslen = %d", + " %zu, type = %u, hslen = %zu", ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -3163,7 +3163,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " - "message_seq = %d, start_of_flight = %d", + "message_seq = %u, start_of_flight = %u", recv_msg_seq, ssl->handshake->in_flight_start_seq ) ); @@ -3176,7 +3176,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) else { MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " - "message_seq = %d, expected = %d", + "message_seq = %u, expected = %u", recv_msg_seq, ssl->handshake->in_msg_seq ) ); } @@ -3746,8 +3746,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " - "version = [%d:%d], msglen = %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, " + "version = [%d:%d], msglen = %zu", rec->type, major_ver, minor_ver, rec->data_len ) ); @@ -3790,8 +3790,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, if( rec_epoch != ssl->in_epoch ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " - "expected %d, received %d", - ssl->in_epoch, rec_epoch ) ); + "expected %u, received %lu", + ssl->in_epoch, (unsigned long) rec_epoch ) ); /* Records from the next epoch are considered for buffering * (concretely: early Finished messages). */ @@ -4325,31 +4325,31 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) { /* If we can't buffer a future message because * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", - (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n", + msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); goto exit; } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n", - (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n", + msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); } if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n", - (unsigned) msg_len, - (unsigned) reassembly_buf_sz, + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %d (already %zu bytes buffered) -- fail\n", + msg_len, + reassembly_buf_sz, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + hs->buffering.total_bytes_buffered ) ); ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; goto exit; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %zu", msg_len ) ); hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz ); @@ -4395,7 +4395,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) frag_off = ssl_get_hs_frag_off( ssl ); frag_len = ssl_get_hs_frag_len( ssl ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %zu, length = %zu", frag_off, frag_len ) ); memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); @@ -4622,15 +4622,15 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - hs->buffering.total_bytes_buffered ) ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", - (unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n", + rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); return( 0 ); } /* Buffer record */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u", - ssl->in_epoch + 1 ) ); + ssl->in_epoch + 1U ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len ); /* ssl_parse_record_header() only considers records @@ -4903,7 +4903,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen != 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %zu", ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -4939,12 +4939,12 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) /* Note: Standard allows for more than one 2 byte alert to be packed in a single message, but Mbed TLS doesn't currently support this. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %zu", ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]", ssl->in_msg[0], ssl->in_msg[1] ) ); /* @@ -5771,7 +5771,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " - "maximum fragment length: %d > %d", + "maximum fragment length: %zu > %zu", len, max_len ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e33b828add..d72ded4485 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -298,13 +298,13 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " match sig %d and hash %d", + " match sig %u and hash %u", sig_cur, md_cur ) ); } else { MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " - "hash alg %d not supported", md_cur ) ); + "hash alg %u not supported", md_cur ) ); } } @@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, /* Remember the client asked us to send a new ticket */ ssl->handshake->new_session_ticket = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", len ) ); if( len == 0 ) return( 0 ); @@ -1048,7 +1048,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", - suite_id, suite_info->name ) ); + (unsigned int)suite_id, suite_info->name ) ); if( suite_info->min_minor_ver > ssl->minor_ver || suite_info->max_minor_ver < ssl->minor_ver ) @@ -1116,7 +1116,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %d", sig_type ) ); + "for signature algorithm %u", sig_type ) ); return( 0 ); } } @@ -1247,7 +1247,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) sess_len = ( buf[2] << 8 ) | buf[3]; chal_len = ( buf[4] << 8 ) | buf[5]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u", ciph_len, sess_len, chal_len ) ); /* @@ -1629,7 +1629,7 @@ read_record_header: if( cli_msg_seq != ssl->handshake->in_msg_seq ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: " - "%d (expected %d)", cli_msg_seq, + "%u (expected %u)", cli_msg_seq, ssl->handshake->in_msg_seq ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } @@ -2073,7 +2073,7 @@ read_record_header: #endif /* MBEDTLS_SSL_DTLS_SRTP */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)", ext_id ) ); } @@ -2274,7 +2274,7 @@ have_ciphersuite: else { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm " - "%d - should not happen", sig_alg ) ); + "%u - should not happen", sig_alg ) ); } } #endif @@ -2826,7 +2826,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( t >> 8 ); *p++ = (unsigned char)( t ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lld", (long long) t ) ); #else if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); @@ -2914,7 +2914,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len ); p += ssl->session_negotiate->id_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); @@ -2926,7 +2926,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", - ssl->session_negotiate->compression ) ); + (unsigned int)ssl->session_negotiate->compression ) ); /* Do not write the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -2995,7 +2995,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %zu", ext_len ) ); if( ext_len > 0 ) { @@ -3502,7 +3502,7 @@ curve_matching_done: md_alg = MBEDTLS_MD_NONE; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", md_alg ) ); /* * 2.2: Compute the hash to be signed diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 336cbea37e..eb22b21445 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -961,7 +961,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); if( cipher_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", ciphersuite_info->cipher ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -969,7 +969,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); if( md_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", ciphersuite_info->mac ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2215,7 +2215,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) n = crt->raw.len; if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %d", i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } @@ -2708,7 +2708,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, if( ssl->session_negotiate->verify_result != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", - ssl->session_negotiate->verify_result ) ); + (unsigned int) ssl->session_negotiate->verify_result ) ); } else { @@ -2831,7 +2831,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); if( chain == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", sizeof( mbedtls_x509_crt ) ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -3858,7 +3858,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, ssl->in_buf = mbedtls_calloc( 1, in_buf_len ); if( ssl->in_buf == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", in_buf_len ) ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } @@ -3869,7 +3869,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, ssl->out_buf = mbedtls_calloc( 1, out_buf_len ); if( ssl->out_buf == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", out_buf_len ) ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } From 6f21e11265d860579c233f247b743bbe744289f9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 9 Dec 2020 17:46:27 +0000 Subject: [PATCH 36/51] Add Changelog entry Signed-off-by: Paul Elliott --- ChangeLog.d/fix-printf-specifiers.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 ChangeLog.d/fix-printf-specifiers.txt diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt new file mode 100644 index 0000000000..72d08c0c89 --- /dev/null +++ b/ChangeLog.d/fix-printf-specifiers.txt @@ -0,0 +1,10 @@ +Bugfix + * Add printf function attributes to mbedtls_debug_print_msg because we were + not actually getting any printf format specifier warnings prior to this. + Also add extra printf compiler warning flags to builds. +Requirement Changes + * Use %zu for print of type size_t in new work, however please do not use + them in backports, and preferably not in code that needs to be + backported. + + From 9e3256aead6ed18ac1da1a34f29b22780b007aee Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 17 Dec 2020 18:17:32 +0000 Subject: [PATCH 37/51] Adding printf format warning flags to makefiles Add printf format warning flags that are supported by GCC 3.0 or later to the makefiles Signed-off-by: Paul Elliott --- library/Makefile | 2 +- programs/Makefile | 4 ++-- tests/Makefile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/Makefile b/library/Makefile index 903dc0df0b..6bb9c1781d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -2,7 +2,7 @@ # Also see "include/mbedtls/config.h" CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= # Include ../include for public headers and . for private headers. diff --git a/programs/Makefile b/programs/Makefile index e0a324f1e7..90338755b3 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -3,8 +3,8 @@ # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -WARNING_CXXFLAGS ?= -Wall -Wextra +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= MBEDTLS_TEST_PATH:=../tests/src diff --git a/tests/Makefile b/tests/Makefile index d11d904415..d250d717ac 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -3,7 +3,7 @@ # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= # Include public header files from ../include, test-specific header files From f8d733e49a330f9c7970cb2d7c35786becfa1a98 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 17 Dec 2020 18:23:31 +0000 Subject: [PATCH 38/51] Correct include guard for function __attribute Signed-off-by: Paul Elliott --- include/mbedtls/debug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index cd522f5893..ff8aec0abf 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -92,7 +92,7 @@ * * This module provides debugging functions. */ -#if (defined(_WIN32) || defined(_WIN64)) +#if defined(__GNUC__) #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #else #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ From 3a5a107fa7ae1d3287dafe1ad21dbf5d6dadc7b5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 17 Dec 2020 18:33:40 +0000 Subject: [PATCH 39/51] Correct fix for potential truncation This was a false positive caused by the compiler seeing the %08lx specifiers and judging the output on that, rather than the numbers being fed in. Given these are going to be maximum 32 bit numbers, then better to use %08x, which keeps -Wformat-truncation=2 happy as well. Signed-off-by: Paul Elliott --- library/psa_its_file.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 8dff7834de..7798da615c 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -47,11 +47,10 @@ #define PSA_ITS_STORAGE_PREFIX "" #endif -#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx" +#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x" #define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_FILENAME_LENGTH \ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \ - 16 + /*UID (64-bit number in hex)*/ \ 16 + /*UID (64-bit number in hex)*/ \ sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \ 1 /*terminating null byte*/ ) @@ -88,8 +87,8 @@ static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename ) mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH, "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s", PSA_ITS_STORAGE_PREFIX, - (unsigned long) ( uid >> 32 ), - (unsigned long) ( uid & 0xffffffff ), + (unsigned) ( uid >> 32 ), + (unsigned) ( uid & 0xffffffff ), PSA_ITS_STORAGE_SUFFIX ); } From 21c62a2aede0014e266c9bd9add0734c5a68c0da Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 17 Dec 2020 18:38:04 +0000 Subject: [PATCH 40/51] Raise level of -Wformat-truncation to 2 This was not possible earlier due to warnings, however now this seems to be ok. Signed-off-by: Paul Elliott --- CMakeLists.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c56fb776a7..2ab2e01ebf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -198,8 +198,7 @@ if(CMAKE_COMPILER_IS_GNU) endif() endif() if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) - # Cannot use -Wformat-truncation=2 as this fails on mbedtls_snprintf (unknown buffer size) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") From 3891caf1cee92af55f82f094345df68cf7fa24c8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 17 Dec 2020 18:42:40 +0000 Subject: [PATCH 41/51] Misc review requested fixes Style fixes and cast certain defines to size_t Signed-off-by: Paul Elliott --- library/ssl_cli.c | 2 +- library/ssl_msg.c | 34 +++++++++++++++++----------------- library/ssl_srv.c | 14 +++++++------- library/ssl_tls.c | 8 ++++---- 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b4ba88c885..01ce9d7607 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2304,7 +2304,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned int)i ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 26e19a6c0d..5f971e837a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -623,9 +623,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d", - (unsigned) rec->data_len, - MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %zu too large, maximum %zu", + rec->data_len, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2699,9 +2699,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: " - "size %u, maximum %u", - (unsigned) ssl->out_msglen, - (unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + "size %zu, maximum %zu", + ssl->out_msglen, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2728,9 +2728,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " - "size %u, maximum %u", - (unsigned) ( hs_len ), - (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); + "size %zu, maximum %zu", + hs_len, + (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -4325,24 +4325,24 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) { /* If we can't buffer a future message because * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n", - msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- ignore\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); goto exit; } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n", - msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); } if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %d (already %zu bytes buffered) -- fail\n", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %zu (already %zu bytes buffered) -- fail\n", msg_len, reassembly_buf_sz, - MBEDTLS_SSL_DTLS_MAX_BUFFERING, + (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; goto exit; @@ -4622,8 +4622,8 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - hs->buffering.total_bytes_buffered ) ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n", - rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- ignore\n", + rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); return( 0 ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index d72ded4485..b41d385bc4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -299,12 +299,12 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" " match sig %u and hash %u", - sig_cur, md_cur ) ); + (unsigned) sig_cur, (unsigned) md_cur ) ); } else { MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " - "hash alg %u not supported", md_cur ) ); + "hash alg %u not supported", (unsigned) md_cur ) ); } } @@ -1048,7 +1048,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", - (unsigned int)suite_id, suite_info->name ) ); + (unsigned int) suite_id, suite_info->name ) ); if( suite_info->min_minor_ver > ssl->minor_ver || suite_info->max_minor_ver < ssl->minor_ver ) @@ -1116,7 +1116,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %u", sig_type ) ); + "for signature algorithm %u", (unsigned) sig_type ) ); return( 0 ); } } @@ -2274,7 +2274,7 @@ have_ciphersuite: else { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm " - "%u - should not happen", sig_alg ) ); + "%u - should not happen", (unsigned) sig_alg ) ); } } #endif @@ -2926,7 +2926,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", - (unsigned int)ssl->session_negotiate->compression ) ); + (unsigned int) ssl->session_negotiate->compression ) ); /* Do not write the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -3502,7 +3502,7 @@ curve_matching_done: md_alg = MBEDTLS_MD_NONE; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", md_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) ); /* * 2.2: Compute the hash to be signed diff --git a/library/ssl_tls.c b/library/ssl_tls.c index eb22b21445..747025afb8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -970,7 +970,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, if( md_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", - ciphersuite_info->mac ) ); + (unsigned) ciphersuite_info->mac ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2215,8 +2215,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) n = crt->raw.len; if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %d", - i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %zu", + i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } @@ -2707,7 +2707,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_DEBUG_C) if( ssl->session_negotiate->verify_result != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", (unsigned int) ssl->session_negotiate->verify_result ) ); } else From abb3af7826af4a4ebd0aaf669e27c3ad4628dafe Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 18 Dec 2020 16:43:22 +0000 Subject: [PATCH 42/51] Invert gate on printf attribute Inverted the logic without thinking. Signed-off-by: Paul Elliott --- include/mbedtls/debug.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index ff8aec0abf..168f70dd04 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -93,10 +93,10 @@ * This module provides debugging functions. */ #if defined(__GNUC__) -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#else #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((format (printf, string_index, first_to_check))) +#else +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif #ifdef __cplusplus From 3949065aef9e513bf0fc3f03d342967d2085e925 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 18 Dec 2020 17:52:26 +0000 Subject: [PATCH 43/51] Fix incorrect case in changelog entry Signed-off-by: Paul Elliott --- ChangeLog.d/fix-printf-specifiers.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt index 72d08c0c89..4fc575ae50 100644 --- a/ChangeLog.d/fix-printf-specifiers.txt +++ b/ChangeLog.d/fix-printf-specifiers.txt @@ -2,7 +2,7 @@ Bugfix * Add printf function attributes to mbedtls_debug_print_msg because we were not actually getting any printf format specifier warnings prior to this. Also add extra printf compiler warning flags to builds. -Requirement Changes +Requirement changes * Use %zu for print of type size_t in new work, however please do not use them in backports, and preferably not in code that needs to be backported. From d48d5c6615231fb8e831be6e2a1747eea75a8ba5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 7 Jan 2021 14:47:05 +0000 Subject: [PATCH 44/51] Fix size_t and longlong specifiers for MinGW MinGW and older windows compilers cannot cope with %zu or %lld (there is a workaround for MinGW, but it involves linking more code, there is no workaround for Windows compilers prior to 2013). Attempt to work around this by defining printf specifiers for size_t per platform for the compilers that cannot use the C99 specifiers. Signed-off-by: Paul Elliott --- include/mbedtls/debug.h | 28 ++++++++++ library/ssl_cli.c | 19 +++---- library/ssl_msg.c | 111 +++++++++++++++++++++++++--------------- library/ssl_srv.c | 10 ++-- library/ssl_tls.c | 9 ++-- 5 files changed, 120 insertions(+), 57 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 168f70dd04..c19503fb3a 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -99,6 +99,34 @@ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif +/** + * \def MBEDTLS_PRINTF_SIZET + * + * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers + * and MinGW we need to define the printf specifier for size_t + * and long long per platform. + * + * Module: library/debug.c + * Caller: + * + * This module provides debugging functions. + */ +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) + #ifdef _WIN32 + #include + #ifdef _WIN64 + #define MBEDTLS_PRINTF_SIZET PRIuPTR + #define MBEDTLS_PRINTF_LONGLONG "I128d" + #else + #define MBEDTLS_PRINTF_SIZET PRIuPTR + #define MBEDTLS_PRINTF_LONGLONG "I64d" + #endif + #endif +#else + #define MBEDTLS_PRINTF_SIZET "zu" + #define MBEDTLS_PRINTF_LONGLONG "lld" +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 01ce9d7607..55a8e61341 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, - ( "sending session ticket of length %zu", tlen ) ); + ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) ); memcpy( p, ssl->session_negotiate->ticket, tlen ); @@ -905,7 +905,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( t >> 8 ); *p++ = (unsigned char)( t ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lld", (long long) t ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t ) ); #else if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); @@ -1114,7 +1115,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) for( i = 0; i < n; i++ ) *p++ = ssl->session_negotiate->id[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %zu", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); /* @@ -1197,7 +1198,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %zu ciphersuites (excluding SCSVs)", n ) ); + ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -1420,7 +1421,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* olen unused if all extensions are disabled */ ((void) olen); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %zu", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) ); if( ext_len > 0 ) @@ -2261,7 +2262,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); /* @@ -2373,7 +2374,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ext = buf + 40 + n; MBEDTLS_SSL_DEBUG_MSG( 2, - ( "server hello, total extension length: %zu", ext_len ) ); + ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) ); while( ext_len ) { @@ -2628,7 +2629,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %zu < %u", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", ssl->handshake->dhm_ctx.len * 8, ssl->conf->dhm_min_bitlen ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); @@ -4347,7 +4348,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", ticket_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) ); /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5f971e837a..54a7be011a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -623,7 +623,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %zu too large, maximum %zu", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET + " too large, maximum %" MBEDTLS_PRINTF_SIZET, rec->data_len, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -764,7 +765,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, " + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", rec->data_len, 0 ) ); @@ -842,7 +843,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, dynamic_iv_is_explicit ? dynamic_iv_len : 0 ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, " + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including 0 bytes of padding", rec->data_len ) ); @@ -945,8 +946,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, " - "including %zu bytes of IV and %zu bytes of padding", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including %" MBEDTLS_PRINTF_SIZET + " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", rec->data_len, transform->ivlen, padlen + 1 ) ); @@ -1366,7 +1368,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, { if( rec->data_len < dynamic_iv_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < explicit_iv_len (%zu) ", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", rec->data_len, dynamic_iv_len ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -1385,7 +1388,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* Check that there's space for the authentication tag. */ if( rec->data_len < transform->taglen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < taglen (%zu) ", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", rec->data_len, transform->taglen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -1488,7 +1492,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( rec->data_len < minlen + transform->ivlen || rec->data_len < minlen + transform->maclen + 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < max( ivlen(%zu), maclen (%zu) " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET + "), maclen (%" MBEDTLS_PRINTF_SIZET ") " "+ 1 ) ( + expl IV )", rec->data_len, transform->ivlen, transform->maclen ) ); @@ -1554,7 +1560,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ if( rec->data_len % transform->ivlen != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) %% ivlen (%zu) != 0", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", rec->data_len, transform->ivlen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } @@ -1624,7 +1631,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DEBUG_ALL) if( rec->data_len < transform->maclen + padlen + 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < maclen (%zu) + padlen (%zu)", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") < maclen (%" MBEDTLS_PRINTF_SIZET + ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", rec->data_len, transform->maclen, padlen + 1 ) ); @@ -1653,8 +1662,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %zu, " - "should be no more than %zu", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", " + "should be no more than %" MBEDTLS_PRINTF_SIZET, padlen, transform->ivlen ) ); #endif correct = 0; @@ -1890,7 +1899,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) memcpy( msg_pre, ssl->out_msg, len_pre ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %zu, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->out_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", @@ -1911,7 +1920,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) ssl->out_msglen = out_buf_len - ssl->transform_out->ctx_deflate.avail_out - bytes_written; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %zu, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->out_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", @@ -1942,7 +1951,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) memcpy( msg_pre, ssl->in_msg, len_pre ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %zu, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->in_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", @@ -1963,7 +1972,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->in_msglen = in_buf_len - ssl->transform_in->ctx_inflate.avail_out - header_bytes; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %zu, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->in_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", @@ -2042,7 +2051,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->in_left != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %" + MBEDTLS_PRINTF_SIZET, ssl->next_record_offset ) ); memmove( ssl->in_hdr, ssl->in_hdr + ssl->next_record_offset, @@ -2052,7 +2062,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) ssl->next_record_offset = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, ssl->in_left, nb_want ) ); /* @@ -2153,7 +2164,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) else #endif { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, ssl->in_left, nb_want ) ); while( ssl->in_left < nb_want ) @@ -2177,7 +2189,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, ssl->in_left, nb_want ) ); MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); @@ -2190,7 +2203,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %zu were requested", + ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested", ret, len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2230,7 +2243,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) while( ssl->out_left > 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %zu, out_left: %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET + ", out_left: %" MBEDTLS_PRINTF_SIZET, mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); buf = ssl->out_hdr - ssl->out_left; @@ -2244,7 +2258,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %zu bytes were sent", + ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent", ret, ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2286,14 +2300,15 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) /* Allocate space for current message */ if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", sizeof( mbedtls_ssl_flight_item ) ) ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", + ssl->out_msglen ) ); mbedtls_free( msg ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } @@ -2699,7 +2714,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: " - "size %zu, maximum %zu", + "size %" MBEDTLS_PRINTF_SIZET + ", maximum %" MBEDTLS_PRINTF_SIZET, ssl->out_msglen, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -2728,7 +2744,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " - "size %zu, maximum %zu", + "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, hs_len, (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2923,7 +2939,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, " - "version = [%u:%u], msglen = %zu", + "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], len ) ); @@ -3119,7 +3135,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %zu", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -3127,7 +3143,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" - " %zu, type = %u, hslen = %zu", + " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -3747,7 +3763,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, " - "version = [%d:%d], msglen = %zu", + "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, rec->type, major_ver, minor_ver, rec->data_len ) ); @@ -4325,21 +4341,31 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) { /* If we can't buffer a future message because * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- ignore\n", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); goto exit; } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- attempt to make space by freeing buffered future messages\n", msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); } if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %zu (already %zu bytes buffered) -- fail\n", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET + " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed" + " the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- fail\n", msg_len, reassembly_buf_sz, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, @@ -4349,7 +4375,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET, msg_len ) ); hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz ); @@ -4395,7 +4421,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) frag_off = ssl_get_hs_frag_off( ssl ); frag_len = ssl_get_hs_frag_len( ssl ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %zu, length = %zu", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET + ", length = %" MBEDTLS_PRINTF_SIZET, frag_off, frag_len ) ); memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); @@ -4622,7 +4649,10 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - hs->buffering.total_bytes_buffered ) ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- ignore\n", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, hs->buffering.total_bytes_buffered ) ); return( 0 ); @@ -4903,7 +4933,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen != 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %zu", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -4939,7 +4969,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) /* Note: Standard allows for more than one 2 byte alert to be packed in a single message, but Mbed TLS doesn't currently support this. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %zu", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -5771,7 +5801,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " - "maximum fragment length: %zu > %zu", + "maximum fragment length: %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, len, max_len ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b41d385bc4..807fb187b0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, /* Remember the client asked us to send a new ticket */ ssl->handshake->new_session_ticket = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) ); if( len == 0 ) return( 0 ); @@ -2826,7 +2826,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( t >> 8 ); *p++ = (unsigned char)( t ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lld", (long long) t ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t ) ); #else if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); @@ -2914,7 +2915,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len ); p += ssl->session_negotiate->id_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); @@ -2995,7 +2996,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %zu", ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len ) ); if( ext_len > 0 ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 747025afb8..ef031d2839 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2215,7 +2215,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) n = crt->raw.len; if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %zu", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } @@ -2831,7 +2832,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); if( chain == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", sizeof( mbedtls_x509_crt ) ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -3858,7 +3859,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, ssl->in_buf = mbedtls_calloc( 1, in_buf_len ); if( ssl->in_buf == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", in_buf_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } @@ -3869,7 +3870,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, ssl->out_buf = mbedtls_calloc( 1, out_buf_len ); if( ssl->out_buf == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", out_buf_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } From 48438c758abb3fc7ef27b05fa0d081a3d781f8e4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Jan 2021 17:05:25 +0000 Subject: [PATCH 45/51] Fix incorrect long long specifier for win64 Signed-off-by: Paul Elliott --- include/mbedtls/debug.h | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index c19503fb3a..acc85ded74 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -112,16 +112,9 @@ * This module provides debugging functions. */ #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) - #ifdef _WIN32 - #include - #ifdef _WIN64 - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I128d" - #else - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" - #endif - #endif + #include + #define MBEDTLS_PRINTF_SIZET PRIuPTR + #define MBEDTLS_PRINTF_LONGLONG "I64d" #else #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" From 61d2209e42625acceed1f3a6598f585ac65d3f77 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Jan 2021 17:06:31 +0000 Subject: [PATCH 46/51] Fix missed invalid specifier in PSA Crypto build Signed-off-by: Paul Elliott --- programs/ssl/ssl_client2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d0758bcf46..3937981387 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1667,7 +1667,7 @@ int main( int argc, char *argv[] ) PSA_ALG_SHA_256 ) ) != 0 ) { mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret ); + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } } From aa5e132df7df6e10c1ec13121de31de9e155a8a7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 5 Mar 2021 15:52:25 +0000 Subject: [PATCH 47/51] Improve include guards for format attribute Signed-off-by: Paul Elliott --- include/mbedtls/debug.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index acc85ded74..dd20ba0875 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -84,18 +84,22 @@ * \def MBEDTLS_PRINTF_ATTRIBUTE * * Mark a function as having printf attributes, and thus enable checking - * via -wFormat and other flags. This does nothing in windows builds as the - * windows compiler does not support it. + * via -wFormat and other flags. This does nothing on builds with compilers + * that do not support the format attribute * * Module: library/debug.c * Caller: * * This module provides debugging functions. */ -#if defined(__GNUC__) +#if defined(__has_attribute) +#if __has_attribute(format) #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((format (printf, string_index, first_to_check))) -#else +#else /* __has_attribute(format) */ +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) +#endif /* __has_attribute(format) */ +#else /* defined(__has_attribute) */ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif @@ -115,10 +119,10 @@ #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else +#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif +#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */ #ifdef __cplusplus extern "C" { From 9907e2c334d05628e8bef0bc8433f1ec102a79a4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 10 Mar 2021 17:14:10 +0000 Subject: [PATCH 48/51] Improve wording of ChangeLog entry Signed-off-by: Paul Elliott --- ChangeLog.d/fix-printf-specifiers.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt index 4fc575ae50..4867721bf3 100644 --- a/ChangeLog.d/fix-printf-specifiers.txt +++ b/ChangeLog.d/fix-printf-specifiers.txt @@ -1,10 +1,10 @@ Bugfix - * Add printf function attributes to mbedtls_debug_print_msg because we were - not actually getting any printf format specifier warnings prior to this. - Also add extra printf compiler warning flags to builds. + * Add printf function attributes to mbedtls_debug_print_msg to ensure we + get printf format specifier warnings. +Changes + * Add extra printf compiler warning flags to builds. Requirement changes - * Use %zu for print of type size_t in new work, however please do not use - them in backports, and preferably not in code that needs to be - backported. - - + * The library now uses the %zu format specifier with the printf() family of + functions, so requires a toolchain that supports it. This change does not + affect the maintained LTS branches, so when contributing changes please + bear this in mind and do not add them to backported code. From b74499071747d2d72cd65dd1ce4cf7e3b4831d4a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 10 Mar 2021 18:14:58 +0000 Subject: [PATCH 49/51] Fix missed size_t printf Code was missed due to rework moving duplicated code into a function Signed-off-by: Paul Elliott --- library/ssl_tls.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ef031d2839..e367fbd9cd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -283,7 +283,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", in_buf_new_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, + in_buf_new_len ) ); modified = 1; } } @@ -304,7 +305,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", out_buf_new_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, + out_buf_new_len ) ); modified = 1; } } From 5699101ac9b5e8c19b3b2a0679b8d52f56f4d3d6 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 10 Mar 2021 16:43:14 +0100 Subject: [PATCH 50/51] Update PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE Signed-off-by: gabor-mezei-arm --- include/psa/crypto_sizes.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index b5fb47ddb1..a87492f838 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -971,7 +971,8 @@ */ #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \ - (input_length) + PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)) + (input_length) + 1) + \ + PSA_CIPHER_IV_MAX_SIZE) /** The maximum size of the output of psa_cipher_decrypt(), in bytes. * From 437035bfe3f67caac725c3ec1ed6a977bd5bc406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 11 Mar 2021 17:32:16 +0100 Subject: [PATCH 51/51] Fix revert of PSA_AEAD_UPDATE_OUTPUT_SIZE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Both the original change, and its incomplete revert were introduced in #3386. Signed-off-by: Bence Szépkúti --- include/psa/crypto_sizes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index a87492f838..9bb7a05a98 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -398,7 +398,7 @@ #define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \ - (input_length)) : \ + (input_length)) /** A sufficient output buffer size for psa_aead_update(), for any of the * supported key types and AEAD algorithms.