Merge pull request #1157 from Ryan-Everett-arm/key-management-buffer-protection-backport

[Backport] Key management buffer protection
2025-09-07 22:27:01 -04:00 · 2024-02-02 17:43:34 +00:00 · 2024-02-02 17:43:34 +00:00 · 8f7a5f6682
commit 8f7a5f6682
parent 3e7ef37e07 081803d6ec
4 changed files with 40 additions and 10 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -1483,14 +1483,14 @@ psa_status_t psa_export_key_internal(
 }

 psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
-                            uint8_t *data,
+                            uint8_t *data_external,
                            size_t data_size,
                            size_t *data_length)
 {
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_key_slot_t *slot;
-
+    LOCAL_OUTPUT_DECLARE(data_external, data);
    /* Reject a zero-length output buffer now, since this can never be a
     * valid key representation. This way we know that data must be a valid
     * pointer and we can do things like memset(data, ..., data_size). */
@ -1514,6 +1514,8 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
        return status;
    }

+    LOCAL_OUTPUT_ALLOC(data_external, data_size, data);
+
    psa_key_attributes_t attributes = {
        .core = slot->attr
    };
@ -1521,8 +1523,12 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
                                           slot->key.data, slot->key.bytes,
                                           data, data_size, data_length);

+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
    unlock_status = psa_unlock_key_slot(slot);

+    LOCAL_OUTPUT_FREE(data_external, data);
    return (status == PSA_SUCCESS) ? unlock_status : status;
 }

@ -1582,7 +1588,7 @@ psa_status_t psa_export_public_key_internal(
 }

 psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
-                                   uint8_t *data,
+                                   uint8_t *data_external,
                                   size_t data_size,
                                   size_t *data_length)
 {
@ -1590,6 +1596,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_key_attributes_t attributes;
    psa_key_slot_t *slot;
+    LOCAL_OUTPUT_DECLARE(data_external, data);

    /* Reject a zero-length output buffer now, since this can never be a
     * valid key representation. This way we know that data must be a valid
@ -1610,6 +1617,8 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
        return status;
    }

+    LOCAL_OUTPUT_ALLOC(data_external, data_size, data);
+
    if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
        status = PSA_ERROR_INVALID_ARGUMENT;
        goto exit;
@ -1625,6 +1634,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
 exit:
    unlock_status = psa_unlock_key_slot(slot);

+    LOCAL_OUTPUT_FREE(data_external, data);
    return (status == PSA_SUCCESS) ? unlock_status : status;
 }

@ -2063,11 +2073,12 @@ rsa_exit:
 }

 psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
-                            const uint8_t *data,
+                            const uint8_t *data_external,
                            size_t data_length,
                            mbedtls_svc_key_id_t *key)
 {
    psa_status_t status;
+    LOCAL_INPUT_DECLARE(data_external, data);
    psa_key_slot_t *slot = NULL;
    psa_se_drv_table_entry_t *driver = NULL;
    size_t bits;
@ -2081,6 +2092,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
        return PSA_ERROR_INVALID_ARGUMENT;
    }

+    LOCAL_INPUT_ALLOC(data_external, data_length, data);
+
    status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes,
                                    &slot, &driver);
    if (status != PSA_SUCCESS) {
@ -2122,6 +2135,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,

    status = psa_finish_key_creation(slot, driver, key);
 exit:
+    LOCAL_INPUT_FREE(data_external, data);
    if (status != PSA_SUCCESS) {
        psa_fail_key_creation(slot, driver);
    }
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@ -17,16 +17,10 @@

 #include <psa/crypto.h>

-#include "test/psa_test_wrappers.h"
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/psa_util.h"
 #endif

-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
-    && defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
-#include "test/psa_memory_poisoning_wrappers.h"
-#endif

 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)

--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@ -153,6 +153,10 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
        # Proof-of-concept: just instrument one function for now
        if function_name == 'psa_cipher_encrypt':
            return True
+        if function_name in ('psa_import_key',
+                             'psa_export_key',
+                             'psa_export_public_key'):
+            return True
        if function_name in ('psa_sign_message',
                             'psa_verify_message',
                             'psa_sign_hash',
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@ -261,7 +261,13 @@ psa_status_t mbedtls_test_wrap_psa_export_key(
    size_t arg2_data_size,
    size_t *arg3_data_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_export_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }

@ -272,7 +278,13 @@ psa_status_t mbedtls_test_wrap_psa_export_public_key(
    size_t arg2_data_size,
    size_t *arg3_data_length)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_export_public_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }

@ -392,7 +404,13 @@ psa_status_t mbedtls_test_wrap_psa_import_key(
    size_t arg2_data_length,
    mbedtls_svc_key_id_t *arg3_key)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    psa_status_t status = (psa_import_key)(arg0_attributes, arg1_data, arg2_data_length, arg3_key);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_length);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
    return status;
 }