Skip to content

Commit 73ce9aa

Browse files
gilles-peskine-armgilles-peskine-arm
committed
Stop using intermediate heap buffers for hash, MAC and XOF
PSA hash, MAC and XOF functions no longer use intermediate buffers on the heap for their inputs and outputs, even when MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is disabled. Fixes #795. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
1 parent 9c49425 commit 73ce9aa

2 files changed

Lines changed: 27 additions & 114 deletions

File tree

ChangeLog.d/psa-buffer-copying.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
Features
2+
* PSA hash, MAC and XOF functions no longer use intermediate buffers on
3+
the heap for their inputs and outputs, even when
4+
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is disabled. Fixes #795.

core/psa_crypto.c

Lines changed: 23 additions & 114 deletions
Original file line numberDiff line numberDiff line change
@@ -2266,7 +2266,6 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
22662266
size_t input_length)
22672267
{
22682268
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2269-
LOCAL_INPUT_DECLARE(input_external, input);
22702269

22712270
if (operation->id == 0) {
22722271
status = PSA_ERROR_BAD_STATE;
@@ -2279,22 +2278,19 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
22792278
return PSA_SUCCESS;
22802279
}
22812280

2282-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
2283-
status = psa_driver_wrapper_hash_update(operation, input, input_length);
2281+
status = psa_driver_wrapper_hash_update(operation, input_external, input_length);
22842282

22852283
exit:
22862284
if (status != PSA_SUCCESS) {
22872285
psa_hash_abort(operation);
22882286
}
2289-
2290-
LOCAL_INPUT_FREE(input_external, input);
22912287
return status;
22922288
}
22932289

2294-
static psa_status_t psa_hash_finish_internal(psa_hash_operation_t *operation,
2295-
uint8_t *hash,
2296-
size_t hash_size,
2297-
size_t *hash_length)
2290+
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
2291+
uint8_t *hash,
2292+
size_t hash_size,
2293+
size_t *hash_length)
22982294
{
22992295
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
23002296

@@ -2310,34 +2306,15 @@ static psa_status_t psa_hash_finish_internal(psa_hash_operation_t *operation,
23102306
return status;
23112307
}
23122308

2313-
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
2314-
uint8_t *hash_external,
2315-
size_t hash_size,
2316-
size_t *hash_length)
2317-
{
2318-
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2319-
LOCAL_OUTPUT_DECLARE(hash_external, hash);
2320-
2321-
LOCAL_OUTPUT_ALLOC(hash_external, hash_size, hash);
2322-
status = psa_hash_finish_internal(operation, hash, hash_size, hash_length);
2323-
2324-
#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
2325-
exit:
2326-
#endif
2327-
LOCAL_OUTPUT_FREE(hash_external, hash);
2328-
return status;
2329-
}
2330-
23312309
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
23322310
const uint8_t *hash_external,
23332311
size_t hash_length)
23342312
{
23352313
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
23362314
size_t actual_hash_length;
23372315
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2338-
LOCAL_INPUT_DECLARE(hash_external, hash);
23392316

2340-
status = psa_hash_finish_internal(
2317+
status = psa_hash_finish(
23412318
operation,
23422319
actual_hash, sizeof(actual_hash),
23432320
&actual_hash_length);
@@ -2351,8 +2328,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
23512328
goto exit;
23522329
}
23532330

2354-
LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
2355-
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
2331+
if (mbedtls_ct_memcmp(hash_external, actual_hash, actual_hash_length) != 0) {
23562332
status = PSA_ERROR_INVALID_SIGNATURE;
23572333
}
23582334

@@ -2361,7 +2337,6 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
23612337
if (status != PSA_SUCCESS) {
23622338
psa_hash_abort(operation);
23632339
}
2364-
LOCAL_INPUT_FREE(hash_external, hash);
23652340
return status;
23662341
}
23672342

@@ -2371,24 +2346,14 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
23712346
size_t *hash_length)
23722347
{
23732348
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2374-
LOCAL_INPUT_DECLARE(input_external, input);
2375-
LOCAL_OUTPUT_DECLARE(hash_external, hash);
23762349

23772350
*hash_length = 0;
23782351
if (!PSA_ALG_IS_HASH(alg)) {
23792352
return PSA_ERROR_INVALID_ARGUMENT;
23802353
}
23812354

2382-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
2383-
LOCAL_OUTPUT_ALLOC(hash_external, hash_size, hash);
2384-
status = psa_driver_wrapper_hash_compute(alg, input, input_length,
2385-
hash, hash_size, hash_length);
2386-
2387-
#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
2388-
exit:
2389-
#endif
2390-
LOCAL_INPUT_FREE(input_external, input);
2391-
LOCAL_OUTPUT_FREE(hash_external, hash);
2355+
status = psa_driver_wrapper_hash_compute(alg, input_external, input_length,
2356+
hash_external, hash_size, hash_length);
23922357
return status;
23932358
}
23942359

@@ -2400,17 +2365,13 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
24002365
size_t actual_hash_length;
24012366
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
24022367

2403-
LOCAL_INPUT_DECLARE(input_external, input);
2404-
LOCAL_INPUT_DECLARE(hash_external, hash);
2405-
24062368
if (!PSA_ALG_IS_HASH(alg)) {
24072369
status = PSA_ERROR_INVALID_ARGUMENT;
24082370
return status;
24092371
}
24102372

2411-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
24122373
status = psa_driver_wrapper_hash_compute(
2413-
alg, input, input_length,
2374+
alg, input_external, input_length,
24142375
actual_hash, sizeof(actual_hash),
24152376
&actual_hash_length);
24162377
if (status != PSA_SUCCESS) {
@@ -2421,17 +2382,12 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
24212382
goto exit;
24222383
}
24232384

2424-
LOCAL_INPUT_ALLOC(hash_external, hash_length, hash);
2425-
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
2385+
if (mbedtls_ct_memcmp(hash_external, actual_hash, actual_hash_length) != 0) {
24262386
status = PSA_ERROR_INVALID_SIGNATURE;
24272387
}
24282388

24292389
exit:
24302390
mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
2431-
2432-
LOCAL_INPUT_FREE(input_external, input);
2433-
LOCAL_INPUT_FREE(hash_external, hash);
2434-
24352391
return status;
24362392
}
24372393

@@ -2578,7 +2534,6 @@ psa_status_t psa_xof_update(psa_xof_operation_t *operation,
25782534
}
25792535

25802536
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2581-
LOCAL_INPUT_DECLARE(input_external, input);
25822537

25832538
operation->has_input = 1;
25842539

@@ -2588,17 +2543,11 @@ psa_status_t psa_xof_update(psa_xof_operation_t *operation,
25882543
return PSA_SUCCESS;
25892544
}
25902545

2591-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
2592-
status = psa_driver_wrapper_xof_update(operation, input, input_length);
2593-
// Label otherwise unused when MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is enabled
2594-
goto exit;
2546+
status = psa_driver_wrapper_xof_update(operation, input_external, input_length);
25952547

2596-
exit:
25972548
if (status != PSA_SUCCESS) {
25982549
psa_xof_abort(operation);
25992550
}
2600-
2601-
LOCAL_INPUT_FREE(input_external, input);
26022551
return status;
26032552
}
26042553

@@ -2617,7 +2566,6 @@ psa_status_t psa_xof_output(psa_xof_operation_t *operation,
26172566
}
26182567

26192568
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2620-
LOCAL_OUTPUT_DECLARE(output_external, output);
26212569

26222570
operation->has_output = 1;
26232571

@@ -2627,17 +2575,11 @@ psa_status_t psa_xof_output(psa_xof_operation_t *operation,
26272575
return PSA_SUCCESS;
26282576
}
26292577

2630-
LOCAL_OUTPUT_ALLOC(output_external, output_length, output);
2631-
status = psa_driver_wrapper_xof_output(operation, output, output_length);
2632-
// Label otherwise unused when MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is enabled
2633-
goto exit;
2578+
status = psa_driver_wrapper_xof_output(operation, output_external, output_length);
26342579

2635-
exit:
26362580
if (status != PSA_SUCCESS) {
26372581
psa_xof_abort(operation);
26382582
}
2639-
2640-
LOCAL_OUTPUT_FREE(output_external, output);
26412583
return status;
26422584
}
26432585

@@ -2797,7 +2739,6 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
27972739
size_t input_length)
27982740
{
27992741
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2800-
LOCAL_INPUT_DECLARE(input_external, input);
28012742

28022743
if (operation->id == 0) {
28032744
status = PSA_ERROR_BAD_STATE;
@@ -2811,18 +2752,11 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
28112752
return status;
28122753
}
28132754

2814-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
2815-
status = psa_driver_wrapper_mac_update(operation, input, input_length);
2755+
status = psa_driver_wrapper_mac_update(operation, input_external, input_length);
28162756

28172757
if (status != PSA_SUCCESS) {
28182758
psa_mac_abort(operation);
28192759
}
2820-
2821-
#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
2822-
exit:
2823-
#endif
2824-
LOCAL_INPUT_FREE(input_external, input);
2825-
28262760
return status;
28272761
}
28282762

@@ -2833,8 +2767,6 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
28332767
{
28342768
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
28352769
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
2836-
LOCAL_OUTPUT_DECLARE(mac_external, mac);
2837-
LOCAL_OUTPUT_ALLOC(mac_external, mac_size, mac);
28382770

28392771
if (operation->id == 0) {
28402772
status = PSA_ERROR_BAD_STATE;
@@ -2860,7 +2792,8 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
28602792

28612793

28622794
status = psa_driver_wrapper_mac_sign_finish(operation,
2863-
mac, operation->mac_size,
2795+
mac_external,
2796+
operation->mac_size,
28642797
mac_length);
28652798

28662799
exit:
@@ -2875,13 +2808,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
28752808
operation->mac_size = 0;
28762809
}
28772810

2878-
if (mac != NULL) {
2879-
psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length);
2811+
if (mac_external != NULL) {
2812+
psa_wipe_tag_output_buffer(mac_external, status, mac_size, *mac_length);
28802813
}
28812814

28822815
abort_status = psa_mac_abort(operation);
2883-
LOCAL_OUTPUT_FREE(mac_external, mac);
2884-
28852816
return status == PSA_SUCCESS ? abort_status : status;
28862817
}
28872818

@@ -2891,7 +2822,6 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
28912822
{
28922823
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
28932824
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
2894-
LOCAL_INPUT_DECLARE(mac_external, mac);
28952825

28962826
if (operation->id == 0) {
28972827
status = PSA_ERROR_BAD_STATE;
@@ -2908,13 +2838,11 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
29082838
goto exit;
29092839
}
29102840

2911-
LOCAL_INPUT_ALLOC(mac_external, mac_length, mac);
29122841
status = psa_driver_wrapper_mac_verify_finish(operation,
2913-
mac, mac_length);
2842+
mac_external, mac_length);
29142843

29152844
exit:
29162845
abort_status = psa_mac_abort(operation);
2917-
LOCAL_INPUT_FREE(mac_external, mac);
29182846

29192847
return status == PSA_SUCCESS ? abort_status : status;
29202848
}
@@ -2988,21 +2916,9 @@ psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
29882916
size_t *mac_length)
29892917
{
29902918
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2991-
LOCAL_INPUT_DECLARE(input_external, input);
2992-
LOCAL_OUTPUT_DECLARE(mac_external, mac);
2993-
2994-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
2995-
LOCAL_OUTPUT_ALLOC(mac_external, mac_size, mac);
29962919
status = psa_mac_compute_internal(key, alg,
2997-
input, input_length,
2998-
mac, mac_size, mac_length, 1);
2999-
3000-
#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
3001-
exit:
3002-
#endif
3003-
LOCAL_INPUT_FREE(input_external, input);
3004-
LOCAL_OUTPUT_FREE(mac_external, mac);
3005-
2920+
input_external, input_length,
2921+
mac_external, mac_size, mac_length, 1);
30062922
return status;
30072923
}
30082924

@@ -3016,12 +2932,9 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
30162932
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
30172933
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
30182934
size_t actual_mac_length;
3019-
LOCAL_INPUT_DECLARE(input_external, input);
3020-
LOCAL_INPUT_DECLARE(mac_external, mac);
30212935

3022-
LOCAL_INPUT_ALLOC(input_external, input_length, input);
30232936
status = psa_mac_compute_internal(key, alg,
3024-
input, input_length,
2937+
input_external, input_length,
30252938
actual_mac, sizeof(actual_mac),
30262939
&actual_mac_length, 0);
30272940
if (status != PSA_SUCCESS) {
@@ -3033,17 +2946,13 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
30332946
goto exit;
30342947
}
30352948

3036-
LOCAL_INPUT_ALLOC(mac_external, mac_length, mac);
3037-
if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
2949+
if (mbedtls_ct_memcmp(mac_external, actual_mac, actual_mac_length) != 0) {
30382950
status = PSA_ERROR_INVALID_SIGNATURE;
30392951
goto exit;
30402952
}
30412953

30422954
exit:
30432955
mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
3044-
LOCAL_INPUT_FREE(input_external, input);
3045-
LOCAL_INPUT_FREE(mac_external, mac);
3046-
30472956
return status;
30482957
}
30492958

0 commit comments

Comments
 (0)