Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
diff --git a/library/gcm.c b/library/gcm.c
index 86d5fa2..d3e7732 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -241,7 +241,7 @@
uint64_t iv_bits;
GCM_VALIDATE_RET(ctx != NULL);
- GCM_VALIDATE_RET(iv != NULL);
+ GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
@@ -433,7 +433,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
GCM_VALIDATE_RET(ctx != NULL);
- GCM_VALIDATE_RET(iv != NULL);
+ GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
GCM_VALIDATE_RET(length == 0 || input != NULL);
GCM_VALIDATE_RET(length == 0 || output != NULL);
@@ -470,7 +470,7 @@
int diff;
GCM_VALIDATE_RET(ctx != NULL);
- GCM_VALIDATE_RET(iv != NULL);
+ GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
GCM_VALIDATE_RET(tag != NULL);
GCM_VALIDATE_RET(length == 0 || input != NULL);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e0b91c7..f333537 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -230,6 +230,8 @@
uint8_t *output_copy_name = NULL;
#define LOCAL_OUTPUT_ALLOC(output, length, output_copy) \
output_copy = output;
+#define LOCAL_OUTPUT_ALLOC_WITH_COPY(output, length, output_copy) \
+ output_copy = output;
#define LOCAL_OUTPUT_FREE(output, output_copy) \
output_copy = NULL;
#endif /* MBEDTLS_PSA_COPY_CALLER_BUFFERS */
@@ -2659,35 +2661,48 @@
}
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length)
{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(input_external, input);
+
if (operation->id == 0) {
- return PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_BAD_STATE;
+ return status;
}
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
if (input_length == 0) {
- return PSA_SUCCESS;
+ status = PSA_SUCCESS;
+ return status;
}
- psa_status_t status = psa_driver_wrapper_mac_update(operation,
- input, input_length);
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ status = psa_driver_wrapper_mac_update(operation, input, input_length);
+
if (status != PSA_SUCCESS) {
psa_mac_abort(operation);
}
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(input_external, input);
+
return status;
}
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
- uint8_t *mac,
+ uint8_t *mac_external,
size_t mac_size,
size_t *mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_OUTPUT_DECLARE(mac_external, mac);
+ LOCAL_OUTPUT_ALLOC(mac_external, mac_size, mac);
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
@@ -2727,22 +2742,24 @@
operation->mac_size = 0;
}
- if (mac_size > operation->mac_size) {
+ if ((mac != NULL) && (mac_size > operation->mac_size)) {
memset(&mac[operation->mac_size], '!',
mac_size - operation->mac_size);
}
abort_status = psa_mac_abort(operation);
+ LOCAL_OUTPUT_FREE(mac_external, mac);
return status == PSA_SUCCESS ? abort_status : status;
}
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
- const uint8_t *mac,
+ const uint8_t *mac_external,
size_t mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(mac_external, mac);
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
@@ -2759,11 +2776,13 @@
goto exit;
}
+ LOCAL_INPUT_ALLOC(mac_external, mac_length, mac);
status = psa_driver_wrapper_mac_verify_finish(operation,
mac, mac_length);
exit:
abort_status = psa_mac_abort(operation);
+ LOCAL_INPUT_FREE(mac_external, mac);
return status == PSA_SUCCESS ? abort_status : status;
}
@@ -2836,28 +2855,45 @@
psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- uint8_t *mac,
+ uint8_t *mac_external,
size_t mac_size,
size_t *mac_length)
{
- return psa_mac_compute_internal(key, alg,
- input, input_length,
- mac, mac_size, mac_length, 1);
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_OUTPUT_DECLARE(mac_external, mac);
+
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_OUTPUT_ALLOC(mac_external, mac_size, mac);
+ status = psa_mac_compute_internal(key, alg,
+ input, input_length,
+ mac, mac_size, mac_length, 1);
+
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_OUTPUT_FREE(mac_external, mac);
+
+ return status;
}
psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- const uint8_t *mac,
+ const uint8_t *mac_external,
size_t mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
size_t actual_mac_length;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_INPUT_DECLARE(mac_external, mac);
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
status = psa_mac_compute_internal(key, alg,
input, input_length,
actual_mac, sizeof(actual_mac),
@@ -2870,6 +2906,8 @@
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
+
+ LOCAL_INPUT_ALLOC(mac_external, mac_length, mac);
if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
@@ -2877,6 +2915,8 @@
exit:
mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_INPUT_FREE(mac_external, mac);
return status;
}
@@ -3315,17 +3355,20 @@
psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- const uint8_t *salt,
+ const uint8_t *salt_external,
size_t salt_length,
- uint8_t *output,
+ uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_INPUT_DECLARE(salt_external, salt);
+ LOCAL_OUTPUT_DECLARE(output_external, output);
(void) input;
(void) input_length;
@@ -3368,6 +3411,9 @@
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_INPUT_ALLOC(salt_external, salt_length, salt);
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error(
@@ -3418,22 +3464,29 @@
exit:
unlock_status = psa_unlock_key_slot(slot);
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_INPUT_FREE(salt_external, salt);
+ LOCAL_OUTPUT_FREE(output_external, output);
+
return (status == PSA_SUCCESS) ? unlock_status : status;
}
psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- const uint8_t *salt,
+ const uint8_t *salt_external,
size_t salt_length,
- uint8_t *output,
+ uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_INPUT_DECLARE(salt_external, salt);
+ LOCAL_OUTPUT_DECLARE(output_external, output);
(void) input;
(void) input_length;
@@ -3475,7 +3528,9 @@
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_INPUT_ALLOC(salt_external, salt_length, salt);
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error(
@@ -3525,9 +3580,59 @@
exit:
unlock_status = psa_unlock_key_slot(slot);
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_INPUT_FREE(salt_external, salt);
+ LOCAL_OUTPUT_FREE(output_external, output);
+
return (status == PSA_SUCCESS) ? unlock_status : status;
}
+static psa_status_t psa_generate_random_internal(uint8_t *output,
+ size_t output_size)
+{
+ GUARD_MODULE_INITIALIZED;
+
+ psa_status_t status;
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+
+ size_t output_length = 0;
+ status = mbedtls_psa_external_get_random(&global_data.rng,
+ output, output_size,
+ &output_length);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+ /* Breaking up a request into smaller chunks is currently not supported
+ * for the external RNG interface. */
+ if (output_length != output_size) {
+ status = PSA_ERROR_INSUFFICIENT_ENTROPY;
+ goto exit;
+ }
+ status = PSA_SUCCESS;
+
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+ while (output_size > 0) {
+ size_t request_size =
+ (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
+ MBEDTLS_PSA_RANDOM_MAX_REQUEST :
+ output_size);
+ int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output, request_size);
+ if (ret != 0) {
+ status = mbedtls_to_psa_error(ret);
+ goto exit;
+ }
+ output_size -= request_size;
+ output += request_size;
+ }
+ status = PSA_SUCCESS;
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+exit:
+ return status;
+}
/****************************************************************/
@@ -3621,14 +3726,15 @@
}
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
- uint8_t *iv,
+ uint8_t *iv_external,
size_t iv_size,
size_t *iv_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
+ LOCAL_OUTPUT_DECLARE(iv_external, iv);
+
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3650,33 +3756,40 @@
goto exit;
}
- status = psa_generate_random(local_iv, default_iv_length);
+ LOCAL_OUTPUT_ALLOC(iv_external, default_iv_length, iv);
+
+ status = psa_generate_random_internal(iv, default_iv_length);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_driver_wrapper_cipher_set_iv(operation,
- local_iv, default_iv_length);
+ iv, default_iv_length);
exit:
if (status == PSA_SUCCESS) {
- memcpy(iv, local_iv, default_iv_length);
*iv_length = default_iv_length;
operation->iv_set = 1;
} else {
*iv_length = 0;
psa_cipher_abort(operation);
+ if (iv != NULL) {
+ mbedtls_platform_zeroize(iv, default_iv_length);
+ }
}
+ LOCAL_OUTPUT_FREE(iv_external, iv);
return status;
}
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
- const uint8_t *iv,
+ const uint8_t *iv_external,
size_t iv_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(iv_external, iv);
+
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3692,6 +3805,8 @@
goto exit;
}
+ LOCAL_INPUT_ALLOC(iv_external, iv_length, iv);
+
status = psa_driver_wrapper_cipher_set_iv(operation,
iv,
iv_length);
@@ -3702,18 +3817,24 @@
} else {
psa_cipher_abort(operation);
}
+
+ LOCAL_INPUT_FREE(iv_external, iv);
+
return status;
}
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- uint8_t *output,
+ uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_OUTPUT_DECLARE(output_external, output);
+
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3724,6 +3845,9 @@
goto exit;
}
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
+
status = psa_driver_wrapper_cipher_update(operation,
input,
input_length,
@@ -3736,16 +3860,21 @@
psa_cipher_abort(operation);
}
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_OUTPUT_FREE(output_external, output);
+
return status;
}
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
- uint8_t *output,
+ uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ LOCAL_OUTPUT_DECLARE(output_external, output);
+
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3756,6 +3885,8 @@
goto exit;
}
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
+
status = psa_driver_wrapper_cipher_finish(operation,
output,
output_size,
@@ -3763,13 +3894,15 @@
exit:
if (status == PSA_SUCCESS) {
- return psa_cipher_abort(operation);
+ status = psa_cipher_abort(operation);
} else {
*output_length = 0;
(void) psa_cipher_abort(operation);
-
- return status;
}
+
+ LOCAL_OUTPUT_FREE(output_external, output);
+
+ return status;
}
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
@@ -3808,9 +3941,6 @@
LOCAL_INPUT_DECLARE(input_external, input);
LOCAL_OUTPUT_DECLARE(output_external, output);
- LOCAL_INPUT_ALLOC(input_external, input_length, input);
- LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
-
if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@@ -3839,12 +3969,15 @@
goto exit;
}
- status = psa_generate_random(local_iv, default_iv_length);
+ status = psa_generate_random_internal(local_iv, default_iv_length);
if (status != PSA_SUCCESS) {
goto exit;
}
}
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
+
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
@@ -3874,9 +4007,9 @@
psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- uint8_t *output,
+ uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
@@ -3885,6 +4018,9 @@
psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_OUTPUT_DECLARE(output_external, output);
+
if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@@ -3906,6 +4042,9 @@
goto exit;
}
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
+
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
@@ -3921,6 +4060,9 @@
*output_length = 0;
}
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_OUTPUT_FREE(output_external, output);
+
return status;
}
@@ -3931,19 +4073,24 @@
psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *nonce,
+ const uint8_t *nonce_external,
size_t nonce_length,
- const uint8_t *additional_data,
+ const uint8_t *additional_data_external,
size_t additional_data_length,
- const uint8_t *plaintext,
+ const uint8_t *plaintext_external,
size_t plaintext_length,
- uint8_t *ciphertext,
+ uint8_t *ciphertext_external,
size_t ciphertext_size,
size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ LOCAL_INPUT_DECLARE(nonce_external, nonce);
+ LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
+ LOCAL_INPUT_DECLARE(plaintext_external, plaintext);
+ LOCAL_OUTPUT_DECLARE(ciphertext_external, ciphertext);
+
*ciphertext_length = 0;
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
@@ -3960,6 +4107,11 @@
.core = slot->attr
};
+ LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
+ LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length, additional_data);
+ LOCAL_INPUT_ALLOC(plaintext_external, plaintext_length, plaintext);
+ LOCAL_OUTPUT_ALLOC(ciphertext_external, ciphertext_size, ciphertext);
+
status = psa_driver_wrapper_aead_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg,
@@ -3972,6 +4124,15 @@
memset(ciphertext, 0, ciphertext_size);
}
+/* Exit label is only used for buffer copying, prevent unused warnings. */
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(nonce_external, nonce);
+ LOCAL_INPUT_FREE(additional_data_external, additional_data);
+ LOCAL_INPUT_FREE(plaintext_external, plaintext);
+ LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext);
+
psa_unlock_key_slot(slot);
return status;
@@ -3979,19 +4140,24 @@
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *nonce,
+ const uint8_t *nonce_external,
size_t nonce_length,
- const uint8_t *additional_data,
+ const uint8_t *additional_data_external,
size_t additional_data_length,
- const uint8_t *ciphertext,
+ const uint8_t *ciphertext_external,
size_t ciphertext_length,
- uint8_t *plaintext,
+ uint8_t *plaintext_external,
size_t plaintext_size,
size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ LOCAL_INPUT_DECLARE(nonce_external, nonce);
+ LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
+ LOCAL_INPUT_DECLARE(ciphertext_external, ciphertext);
+ LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
+
*plaintext_length = 0;
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
@@ -4008,6 +4174,12 @@
.core = slot->attr
};
+ LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
+ LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length,
+ additional_data);
+ LOCAL_INPUT_ALLOC(ciphertext_external, ciphertext_length, ciphertext);
+ LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
+
status = psa_driver_wrapper_aead_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg,
@@ -4020,6 +4192,15 @@
memset(plaintext, 0, plaintext_size);
}
+/* Exit label is only used for buffer copying, prevent unused warnings. */
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(nonce_external, nonce);
+ LOCAL_INPUT_FREE(additional_data_external, additional_data);
+ LOCAL_INPUT_FREE(ciphertext_external, ciphertext);
+ LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
+
psa_unlock_key_slot(slot);
return status;
@@ -5342,7 +5523,7 @@
* some constant data such as zeros, which would result in the data
* being protected with a reproducible, easily knowable key.
*/
- psa_generate_random(output, output_size);
+ psa_generate_random_internal(output, output_size);
*output_length = output_size;
}
@@ -5359,7 +5540,6 @@
}
-
/****************************************************************/
/* Random generation */
/****************************************************************/
@@ -5428,44 +5608,21 @@
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
}
-psa_status_t psa_generate_random(uint8_t *output,
+psa_status_t psa_generate_random(uint8_t *output_external,
size_t output_size)
{
- GUARD_MODULE_INITIALIZED;
+ psa_status_t status;
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ LOCAL_OUTPUT_DECLARE(output_external, output);
+ LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
- size_t output_length = 0;
- psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng,
- output, output_size,
- &output_length);
- if (status != PSA_SUCCESS) {
- return status;
- }
- /* Breaking up a request into smaller chunks is currently not supported
- * for the external RNG interface. */
- if (output_length != output_size) {
- return PSA_ERROR_INSUFFICIENT_ENTROPY;
- }
- return PSA_SUCCESS;
+ status = psa_generate_random_internal(output, output_size);
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
- while (output_size > 0) {
- size_t request_size =
- (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
- MBEDTLS_PSA_RANDOM_MAX_REQUEST :
- output_size);
- int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
- output, request_size);
- if (ret != 0) {
- return mbedtls_to_psa_error(ret);
- }
- output_size -= request_size;
- output += request_size;
- }
- return PSA_SUCCESS;
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_OUTPUT_FREE(output_external, output);
+ return status;
}
/* Wrapper function allowing the classic API to use the PSA RNG.
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 545bb50..93a6b93 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -402,7 +402,11 @@
output_length);
} else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
- {
+ if (input_length == 0) {
+ /* There is no input, nothing to be done */
+ *output_length = 0;
+ status = PSA_SUCCESS;
+ } else {
status = mbedtls_to_psa_error(
mbedtls_cipher_update(&operation->ctx.cipher, input,
input_length, output, output_length));
diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py
index 92c9310..31f0dad 100755
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@@ -150,8 +150,12 @@
_buffer_name: Optional[str]) -> bool:
"""Whether the specified buffer argument to a PSA function should be copied.
"""
- # Proof-of-concept: just instrument one function for now
- if function_name == 'psa_cipher_encrypt':
+ #pylint: disable=too-many-return-statements
+ if function_name.startswith('psa_aead'):
+ return True
+ if function_name in {'psa_cipher_encrypt', 'psa_cipher_decrypt',
+ 'psa_cipher_update', 'psa_cipher_finish',
+ 'psa_cipher_generate_iv', 'psa_cipher_set_iv'}:
return True
if function_name in ('psa_key_derivation_output_bytes',
'psa_key_derivation_input_bytes'):
@@ -174,6 +178,17 @@
if function_name in ('psa_key_derivation_key_agreement',
'psa_raw_key_agreement'):
return True
+ if function_name == 'psa_generate_random':
+ return True
+ if function_name in ('psa_mac_update',
+ 'psa_mac_sign_finish',
+ 'psa_mac_verify_finish',
+ 'psa_mac_compute',
+ 'psa_mac_verify'):
+ return True
+ if function_name in ('psa_asymmetric_encrypt',
+ 'psa_asymmetric_decrypt'):
+ return True
return False
def _write_function_call(self, out: typing_util.Writable,
diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index efb9f89..3aa8020 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -66,7 +66,19 @@
size_t arg9_plaintext_size,
size_t *arg10_plaintext_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg6_ciphertext, arg7_ciphertext_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg8_plaintext, arg9_plaintext_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_decrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg6_ciphertext, arg7_ciphertext_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg8_plaintext, arg9_plaintext_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -84,7 +96,19 @@
size_t arg9_ciphertext_size,
size_t *arg10_ciphertext_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg6_plaintext, arg7_plaintext_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg8_ciphertext, arg9_ciphertext_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_aead_encrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg6_plaintext, arg7_plaintext_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg8_ciphertext, arg9_ciphertext_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -100,7 +124,17 @@
size_t arg7_output_size,
size_t *arg8_output_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_asymmetric_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -116,7 +150,17 @@
size_t arg7_output_size,
size_t *arg8_output_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_asymmetric_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -138,7 +182,15 @@
size_t arg5_output_size,
size_t *arg6_output_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_cipher_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -191,7 +243,13 @@
size_t arg2_output_size,
size_t *arg3_output_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_output, arg2_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_cipher_finish)(arg0_operation, arg1_output, arg2_output_size, arg3_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_output, arg2_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -202,7 +260,13 @@
size_t arg2_iv_size,
size_t *arg3_iv_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_iv, arg2_iv_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_cipher_generate_iv)(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_iv, arg2_iv_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -212,7 +276,13 @@
const uint8_t *arg1_iv,
size_t arg2_iv_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_iv, arg2_iv_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_cipher_set_iv)(arg0_operation, arg1_iv, arg2_iv_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_iv, arg2_iv_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -225,7 +295,15 @@
size_t arg4_output_size,
size_t *arg5_output_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg3_output, arg4_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_cipher_update)(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg3_output, arg4_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -302,7 +380,13 @@
uint8_t *arg0_output,
size_t arg1_output_size)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg0_output, arg1_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg0_output, arg1_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -572,7 +656,15 @@
size_t arg5_mac_size,
size_t *arg6_mac_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_mac, arg5_mac_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_mac_compute)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_mac, arg5_mac_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -583,7 +675,13 @@
size_t arg2_mac_size,
size_t *arg3_mac_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_mac, arg2_mac_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_mac_sign_finish)(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_mac, arg2_mac_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -603,7 +701,13 @@
const uint8_t *arg1_input,
size_t arg2_input_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_mac_update)(arg0_operation, arg1_input, arg2_input_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -616,7 +720,15 @@
const uint8_t *arg4_mac,
size_t arg5_mac_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_mac, arg5_mac_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_mac_verify)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_mac, arg5_mac_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -626,7 +738,13 @@
const uint8_t *arg1_mac,
size_t arg2_mac_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_mac, arg2_mac_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_mac_verify_finish)(arg0_operation, arg1_mac, arg2_mac_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_mac, arg2_mac_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 75f5490..0394735 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -983,14 +983,6 @@
/* When generating the IV fails, it should call abort too */
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
- /*
- * Check that the output buffer is still in the same state.
- * This will fail if the output buffer is used by the core to pass the IV
- * it generated to the driver (and is not restored).
- */
- for (size_t i = 0; i < 16; i++) {
- TEST_EQUAL(output[i], 0xa5);
- }
/* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update(&operation,