eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move buffer size checks up to psa_crypto layer

Browse source 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-06-24 20:37:32 +01:00
parent c2b7144da0
commit ed68d7464d
3 changed files with 23 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

16
library/psa_crypto.c
View file

@ -3749,8 +3749,11 @@ exit:
return( status ); return( status );
} }
static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation,
size_t output_size )
{ {
size_t finish_output_size;
if( operation->id == 0 || !operation->nonce_set ) if( operation->id == 0 || !operation->nonce_set )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
@ -3758,6 +3761,13 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation )
operation->body_remaining != 0 ) ) operation->body_remaining != 0 ) )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
finish_output_size = operation->is_encrypt ?
PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) :
PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg );
if( output_size < finish_output_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
@ -3775,7 +3785,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
*ciphertext_length = 0; *ciphertext_length = 0;
*tag_length = tag_size; *tag_length = tag_size;
status = psa_aead_final_checks( operation ); status = psa_aead_final_checks( operation, ciphertext_size );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
@ -3816,7 +3826,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
*plaintext_length = 0; *plaintext_length = 0;
status = psa_aead_final_checks( operation ); status = psa_aead_final_checks( operation, plaintext_size );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;

16
library/psa_crypto_aead.c
View file

@ -603,21 +603,11 @@ psa_status_t mbedtls_psa_aead_update(
mbedtls_psa_aead_verify() */ mbedtls_psa_aead_verify() */
static psa_status_t mbedtls_psa_aead_finish_checks( static psa_status_t mbedtls_psa_aead_finish_checks(
mbedtls_psa_aead_operation_t *operation, mbedtls_psa_aead_operation_t *operation,
size_t output_size,
size_t tag_size ) size_t tag_size )
{ {
size_t finish_output_size;
if( tag_size < operation->tag_length ) if( tag_size < operation->tag_length )
return ( PSA_ERROR_BUFFER_TOO_SMALL ); return ( PSA_ERROR_BUFFER_TOO_SMALL );
finish_output_size = operation->is_encrypt ?
PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) :
PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg );
if( output_size < finish_output_size )
return ( PSA_ERROR_BUFFER_TOO_SMALL );
return ( PSA_SUCCESS ); return ( PSA_SUCCESS );
} }
@ -634,8 +624,7 @@ psa_status_t mbedtls_psa_aead_finish(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t finish_output_size = 0; size_t finish_output_size = 0;
status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, status = mbedtls_psa_aead_finish_checks( operation, tag_size );
tag_size );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return status; return status;
@ -690,8 +679,7 @@ psa_status_t mbedtls_psa_aead_verify(
int do_tag_check = 1; int do_tag_check = 1;
uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, status = mbedtls_psa_aead_finish_checks( operation, tag_length );
tag_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return status; return status;

18
library/psa_crypto_aead.h
View file

@ -477,12 +477,10 @@ psa_status_t mbedtls_psa_aead_update(
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* Success. * Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL * \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small. * The size of the \p tag buffer is too small.
* #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
* #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
* required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type, * buffer size.
* \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
* determine the required \p tag buffer size.
*/ */
psa_status_t mbedtls_psa_aead_finish( psa_status_t mbedtls_psa_aead_finish(
mbedtls_psa_aead_operation_t *operation, mbedtls_psa_aead_operation_t *operation,
@ -551,10 +549,10 @@ psa_status_t mbedtls_psa_aead_finish(
* The calculations were successful, but the authentication tag is * The calculations were successful, but the authentication tag is
* not correct. * not correct.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL * \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small. * The size of the \p tag buffer is too small.
* #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
* #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
* required buffer size. * buffer size.
*/ */
psa_status_t mbedtls_psa_aead_verify( psa_status_t mbedtls_psa_aead_verify(
mbedtls_psa_aead_operation_t *operation, mbedtls_psa_aead_operation_t *operation,