Fix optional parameter handling in crypto service
The psa_crypto api mandates that the optional 'salt' parameter passed
to psa_asymmetric_encrypt/decrypt should be NULL if there is no
salt. This fix modifies packed-c encoding to omit the salt TLV
if not needed. Deserialization logic is also made more tolerant
to a missing or zero length salt parameter. A new test case
is added to cover an asymmetric encrypt/decrypt with a salt.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I08d23ea11a8e75bd880367dcb380805ce921033f
diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.c b/components/service/crypto/provider/mbedcrypto/crypto_provider.c
index 389e8bc..1b2fffd 100644
--- a/components/service/crypto/provider/mbedcrypto/crypto_provider.c
+++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.c
@@ -421,9 +421,12 @@
if (plaintext_buffer) {
+ /* Salt is an optional parameter */
+ uint8_t *salt = (salt_len) ? salt_buffer : NULL;
+
psa_status = psa_asymmetric_decrypt(id, alg,
ciphertext_buffer, ciphertext_len,
- salt_buffer, salt_len,
+ salt, salt_len,
plaintext_buffer, max_decrypt_size, &plaintext_len);
if (psa_status == PSA_SUCCESS) {
@@ -500,9 +503,12 @@
if (ciphertext_buffer) {
+ /* Salt is an optional parameter */
+ uint8_t *salt = (salt_len) ? salt_buffer : NULL;
+
psa_status = psa_asymmetric_encrypt(id, alg,
plaintext_buffer, plaintext_len,
- salt_buffer, salt_len,
+ salt, salt_len,
ciphertext_buffer, max_encrypt_size, &ciphertext_len);
if (psa_status == PSA_SUCCESS) {