Merge pull request #1164 from daverodgman/update-2.28-restricted
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 00e4f2a..cff9cca 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -182,6 +182,23 @@
} \
output_copy = LOCAL_OUTPUT_COPY_OF_##output.buffer;
+/* Allocate a copy of the buffer output and set the pointer output_copy to
+ * point to the start of the copy.
+ *
+ * Assumptions:
+ * - psa_status_t status exists
+ * - An exit label is declared
+ * - output is the name of a pointer to the buffer to be copied
+ * - LOCAL_OUTPUT_DECLARE(output, output_copy) has previously been called
+ */
+#define LOCAL_OUTPUT_ALLOC_WITH_COPY(output, length, output_copy) \
+ status = psa_crypto_local_output_alloc_with_copy(output, length, \
+ &LOCAL_OUTPUT_COPY_OF_##output); \
+ if (status != PSA_SUCCESS) { \
+ goto exit; \
+ } \
+ output_copy = LOCAL_OUTPUT_COPY_OF_##output.buffer;
+
/* Free the local output copy allocated previously by LOCAL_OUTPUT_ALLOC()
* after first copying back its contents to the original buffer.
*
@@ -1466,14 +1483,14 @@
}
psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
+ uint8_t *data_external,
size_t data_size,
size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
-
+ LOCAL_OUTPUT_DECLARE(data_external, data);
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
@@ -1497,6 +1514,8 @@
return status;
}
+ LOCAL_OUTPUT_ALLOC(data_external, data_size, data);
+
psa_key_attributes_t attributes = {
.core = slot->attr
};
@@ -1504,8 +1523,12 @@
slot->key.data, slot->key.bytes,
data, data_size, data_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
unlock_status = psa_unlock_key_slot(slot);
+ LOCAL_OUTPUT_FREE(data_external, data);
return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -1565,7 +1588,7 @@
}
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
+ uint8_t *data_external,
size_t data_size,
size_t *data_length)
{
@@ -1573,6 +1596,7 @@
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot;
+ LOCAL_OUTPUT_DECLARE(data_external, data);
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
@@ -1593,6 +1617,8 @@
return status;
}
+ LOCAL_OUTPUT_ALLOC(data_external, data_size, data);
+
if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@@ -1608,6 +1634,7 @@
exit:
unlock_status = psa_unlock_key_slot(slot);
+ LOCAL_OUTPUT_FREE(data_external, data);
return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -2046,11 +2073,12 @@
}
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
- const uint8_t *data,
+ const uint8_t *data_external,
size_t data_length,
mbedtls_svc_key_id_t *key)
{
psa_status_t status;
+ LOCAL_INPUT_DECLARE(data_external, data);
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
size_t bits;
@@ -2064,6 +2092,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
+ LOCAL_INPUT_ALLOC(data_external, data_length, data);
+
status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes,
&slot, &driver);
if (status != PSA_SUCCESS) {
@@ -2105,6 +2135,7 @@
status = psa_finish_key_creation(slot, driver, key);
exit:
+ LOCAL_INPUT_FREE(data_external, data);
if (status != PSA_SUCCESS) {
psa_fail_key_creation(slot, driver);
}
@@ -2990,15 +3021,27 @@
psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- uint8_t *signature,
+ uint8_t *signature_external,
size_t signature_size,
size_t *signature_length)
{
- return psa_sign_internal(
- key, 1, alg, input, input_length,
- signature, signature_size, signature_length);
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_OUTPUT_DECLARE(signature_external, signature);
+
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_OUTPUT_ALLOC(signature_external, signature_size, signature);
+ status = psa_sign_internal(key, 1, alg, input, input_length, signature,
+ signature_size, signature_length);
+
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_OUTPUT_FREE(signature_external, signature);
+ return status;
}
psa_status_t psa_verify_message_builtin(
@@ -3037,14 +3080,27 @@
psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *input,
+ const uint8_t *input_external,
size_t input_length,
- const uint8_t *signature,
+ const uint8_t *signature_external,
size_t signature_length)
{
- return psa_verify_internal(
- key, 1, alg, input, input_length,
- signature, signature_length);
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(input_external, input);
+ LOCAL_INPUT_DECLARE(signature_external, signature);
+
+ LOCAL_INPUT_ALLOC(input_external, input_length, input);
+ LOCAL_INPUT_ALLOC(signature_external, signature_length, signature);
+ status = psa_verify_internal(key, 1, alg, input, input_length, signature,
+ signature_length);
+
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(input_external, input);
+ LOCAL_INPUT_FREE(signature_external, signature);
+
+ return status;
}
psa_status_t psa_sign_hash_builtin(
@@ -3097,15 +3153,28 @@
psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *hash,
+ const uint8_t *hash_external,
size_t hash_length,
- uint8_t *signature,
+ uint8_t *signature_external,
size_t signature_size,
size_t *signature_length)
{
- return psa_sign_internal(
- key, 0, alg, hash, hash_length,
- signature, signature_size, signature_length);
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(hash_external, hash);
+ LOCAL_OUTPUT_DECLARE(signature_external, signature);
+
+ LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
+ LOCAL_OUTPUT_ALLOC(signature_external, signature_size, signature);
+ status = psa_sign_internal(key, 0, alg, hash, hash_length, signature,
+ signature_size, signature_length);
+
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(hash_external, hash);
+ LOCAL_OUTPUT_FREE(signature_external, signature);
+
+ return status;
}
psa_status_t psa_verify_hash_builtin(
@@ -3157,14 +3226,27 @@
psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *hash,
+ const uint8_t *hash_external,
size_t hash_length,
- const uint8_t *signature,
+ const uint8_t *signature_external,
size_t signature_length)
{
- return psa_verify_internal(
- key, 0, alg, hash, hash_length,
- signature, signature_length);
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ LOCAL_INPUT_DECLARE(hash_external, hash);
+ LOCAL_INPUT_DECLARE(signature_external, signature);
+
+ LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
+ LOCAL_INPUT_ALLOC(signature_external, signature_length, signature);
+ status = psa_verify_internal(key, 0, alg, hash, hash_length, signature,
+ signature_length);
+
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(hash_external, hash);
+ LOCAL_INPUT_FREE(signature_external, signature);
+
+ return status;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
@@ -5783,6 +5865,39 @@
return PSA_SUCCESS;
}
+psa_status_t psa_crypto_local_output_alloc_with_copy(uint8_t *output, size_t output_len,
+ psa_crypto_local_output_t *local_output)
+{
+ psa_status_t status;
+ *local_output = PSA_CRYPTO_LOCAL_OUTPUT_INIT;
+
+ if (output_len == 0) {
+ return PSA_SUCCESS;
+ }
+ local_output->buffer = mbedtls_calloc(output_len, 1);
+ if (local_output->buffer == NULL) {
+ /* Since we dealt with the zero-length case above, we know that
+ * a NULL return value means a failure of allocation. */
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ local_output->length = output_len;
+ local_output->original = output;
+
+ status = psa_crypto_copy_input(output, output_len,
+ local_output->buffer, local_output->length);
+ if (status != PSA_SUCCESS) {
+ goto error;
+ }
+
+ return PSA_SUCCESS;
+
+error:
+ mbedtls_free(local_output->buffer);
+ local_output->buffer = NULL;
+ local_output->length = 0;
+ return status;
+}
+
psa_status_t psa_crypto_local_output_free(psa_crypto_local_output_t *local_output)
{
psa_status_t status;
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 4731064..ae8af09 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -560,6 +560,25 @@
psa_status_t psa_crypto_local_output_alloc(uint8_t *output, size_t output_len,
psa_crypto_local_output_t *local_output);
+/** Allocate a local copy of an output buffer and copy the contents into it.
+ *
+ * \note This allocates and copies a buffer
+ * whose contents will be copied back to the
+ * original in a future call to
+ * psa_crypto_local_output_free().
+ *
+ * \param[in] output Pointer to output buffer.
+ * \param[in] output_len Length of the output buffer.
+ * \param[out] local_output Pointer to a psa_crypto_local_output_t struct to
+ * populate with the local output copy.
+ * \return #PSA_SUCCESS, if the buffer was successfully
+ * copied.
+ * \return #PSA_ERROR_INSUFFICIENT_MEMORY, if a copy of
+ * the buffer cannot be allocated.
+ */
+psa_status_t psa_crypto_local_output_alloc_with_copy(uint8_t *output, size_t output_len,
+ psa_crypto_local_output_t *local_output);
+
/** Copy from a local copy of an output buffer back to the original, then
* free the local copy.
*
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 5648738..e60c966 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -17,16 +17,10 @@
#include <psa/crypto.h>
-#include "test/psa_test_wrappers.h"
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#endif
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
-#include "test/psa_memory_poisoning_wrappers.h"
-#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py
index d35598d..d7970c0 100755
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@@ -153,6 +153,15 @@
# Proof-of-concept: just instrument one function for now
if function_name == 'psa_cipher_encrypt':
return True
+ if function_name in ('psa_import_key',
+ 'psa_export_key',
+ 'psa_export_public_key'):
+ return True
+ if function_name in ('psa_sign_message',
+ 'psa_verify_message',
+ 'psa_sign_hash',
+ 'psa_verify_hash'):
+ return True
return False
def _write_function_call(self, out: typing_util.Writable,
diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index 56bbef0..c074e8d 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -261,7 +261,13 @@
size_t arg2_data_size,
size_t *arg3_data_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_export_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -272,7 +278,13 @@
size_t arg2_data_size,
size_t *arg3_data_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_export_public_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -392,7 +404,13 @@
size_t arg2_data_length,
mbedtls_svc_key_id_t *arg3_key)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_import_key)(arg0_attributes, arg1_data, arg2_data_length, arg3_key);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -602,7 +620,15 @@
size_t arg5_signature_size,
size_t *arg6_signature_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_hash, arg3_hash_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_sign_hash)(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_hash, arg3_hash_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -616,7 +642,15 @@
size_t arg5_signature_size,
size_t *arg6_signature_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_sign_message)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -629,7 +663,15 @@
const uint8_t *arg4_signature,
size_t arg5_signature_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_hash, arg3_hash_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_verify_hash)(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_hash, arg3_hash_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@@ -642,7 +684,15 @@
const uint8_t *arg4_signature,
size_t arg5_signature_length)
{
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_verify_message)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}