commit 0e2315859fd46cedff76869b0600109d2aee44bb
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 20 00:11:07 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:22:51 2018 +0300
tree 936f9ea46e4df6667b84fffd363ca7d57176c2e9
parent 05d69890ee67641d0cffd30880dd82636cccb6ab

psa_export_key: fix asymmetric key in larger buffer

Exporting an asymmetric key only worked if the target buffer had
exactly the right size, because psa_export_key uses
mbedtls_pk_write_key_der or mbedtls_pk_write_pubkey_der and these
functions write to the end of the buffer, which psa_export_key did not
correct for. Fix this by moving the data to the beginning of the
buffer if necessary.

Add non-regression tests.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5609f42..c552b53 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -629,6 +629,17 @@
                 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
             if( ret < 0 )
                 return( mbedtls_to_psa_error( ret ) );
+            /* The mbedtls_pk_xxx functions write to the end of the buffer.
+             * Move the data to the beginning and erase remaining data
+             * at the original location. */
+            if( 2 * (size_t) ret <= data_size )
+            {
+                memcpy( data, data + data_size - ret, ret );
+            }
+            else if( (size_t) ret < data_size )
+            {
+                memmove( data, data + data_size - ret, ret );
+            }
             *data_length = ret;
             return( PSA_SUCCESS );
         }