Change psa_crypto_output_copy_free() to use psa_crypto_copy_output()
rather than calling memcpy directly as was erroneously done previously.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This tied input and output buffers together in
awkward pairs, which made the API more difficult
to use.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we are internal rather than user-facing,
PSA_ERROR_CORRUPTION_DETECTED makes more sense than
PSA_ERROR_BUFFER_TOO_SMALL. Whilst it really is a buffer that is too
small, this error code is intended to indicate that a user-supplied
buffer is too small, not an internal one.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Zero-length buffers should be represented in the
psa_crypto_buffer_copy_t struct as NULL if it was created in
psa_crypto_alloc_and_copy(), so reject non-NULL zero-length buffers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
If we have a copy buffer but no original to copy back to, there is not
much sensible we can do. The psa_crypto_buffer_copy_t state is invalid.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since it is implementation-dependent whether
malloc(0) returns NULL or a pointer, explicitly
represent zero-length buffers as NULL in the
buffer-copy struct, so as to have a uniform
behaviour.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Pacify Clang >=15 which complained:
```
include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation]
* \retval #PSA_SUCCESS
~~~~~~~~~~~~~~~~~~~^
```
This commit performs the following systematic replacement:
```
perl -i -0777 -p -e 's/([\\@])(retval +\S+)\n(?! *\*? *([^\n \\*\/]|\\[cp]\b))/$1$2 ${1}emptydescription\n/g' $(git ls-files '*.[hc]' '*.function' '*.jinja')
```
i.e. add an `\emptydescription` argument to `\retval` commands (or
`@retval`, which we don't normally used) that are followed by a single word,
unless the next line looks like it contains text which would be the
description.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.
This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.
The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.
Fixes#5735.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In psa_asymmetric_encrypt/decrypt(), always return
PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key
and the algorithm is not a PSA algorithm we know
about, whether RSA is supported or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Align the execution of cipher one-shot APIs with
that of cipher multi-part APIs: always exit
through the exit-labelled section.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
