mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-24 10:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1172 from davidhorstmann-arm/generate-random-buffer-protection

Browse Source 
Add secure buffer copying to `psa_generate_random()`
This commit is contained in:
David Horstmann 2024-03-04 13:23:46 +00:00 committed by GitHub
commit 2bb537ec61
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 70 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
library/psa_crypto.c
View File

@ -4252,6 +4252,54 @@ psa_status_t mbedtls_psa_verify_hash_abort(
* defined( MBEDTLS_ECP_RESTARTABLE ) */ * defined( MBEDTLS_ECP_RESTARTABLE ) */
} }
static psa_status_t psa_generate_random_internal(uint8_t *output,
size_t output_size)
{
GUARD_MODULE_INITIALIZED;
psa_status_t status;
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
size_t output_length = 0;
status = mbedtls_psa_external_get_random(&global_data.rng,
output, output_size,
&output_length);
if (status != PSA_SUCCESS) {
goto exit;
}
/* Breaking up a request into smaller chunks is currently not supported
* for the external RNG interface. */
if (output_length != output_size) {
status = PSA_ERROR_INSUFFICIENT_ENTROPY;
goto exit;
}
status = PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
while (output_size > 0) {
size_t request_size =
(output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
MBEDTLS_PSA_RANDOM_MAX_REQUEST :
output_size);
int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, request_size);
if (ret != 0) {
status = mbedtls_to_psa_error(ret);
goto exit;
}
output_size -= request_size;
output += request_size;
}
status = PSA_SUCCESS;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
exit:
return status;
}
/****************************************************************/ /****************************************************************/
/* Symmetric cryptography */ /* Symmetric cryptography */
/****************************************************************/ /****************************************************************/
@ -4370,7 +4418,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
goto exit; goto exit;
} }
status = psa_generate_random(local_iv, default_iv_length); status = psa_generate_random_internal(local_iv, default_iv_length);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -4559,7 +4607,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
status = psa_generate_random(local_iv, default_iv_length); status = psa_generate_random_internal(local_iv, default_iv_length);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -5065,7 +5113,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
goto exit; goto exit;
} }
status = psa_generate_random(local_nonce, required_nonce_size); status = psa_generate_random_internal(local_nonce, required_nonce_size);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -7579,7 +7627,7 @@ exit:
* some constant data such as zeros, which would result in the data * some constant data such as zeros, which would result in the data
* being protected with a reproducible, easily knowable key. * being protected with a reproducible, easily knowable key.
*/ */
psa_generate_random(output, output_size); psa_generate_random_internal(output, output_size);
*output_length = output_size; *output_length = output_size;
} }
@ -7589,7 +7637,6 @@ exit:
} }
/****************************************************************/ /****************************************************************/
/* Random generation */ /* Random generation */
/****************************************************************/ /****************************************************************/
@ -7658,44 +7705,21 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng)
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
} }
psa_status_t psa_generate_random(uint8_t *output, psa_status_t psa_generate_random(uint8_t *output_external,
size_t output_size) size_t output_size)
{ {
GUARD_MODULE_INITIALIZED; psa_status_t status;
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) LOCAL_OUTPUT_DECLARE(output_external, output);
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
size_t output_length = 0; status = psa_generate_random_internal(output, output_size);
psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng,
output, output_size,
&output_length);
if (status != PSA_SUCCESS) {
return status;
}
/* Breaking up a request into smaller chunks is currently not supported
* for the external RNG interface. */
if (output_length != output_size) {
return PSA_ERROR_INSUFFICIENT_ENTROPY;
}
return PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ #if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
exit:
while (output_size > 0) { #endif
size_t request_size = LOCAL_OUTPUT_FREE(output_external, output);
(output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? return status;
MBEDTLS_PSA_RANDOM_MAX_REQUEST :
output_size);
int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, request_size);
if (ret != 0) {
return mbedtls_to_psa_error(ret);
}
output_size -= request_size;
output += request_size;
}
return PSA_SUCCESS;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
} }
/* Wrapper function allowing the classic API to use the PSA RNG. /* Wrapper function allowing the classic API to use the PSA RNG.

2
tests/scripts/generate_psa_wrappers.py
View File

@ -165,6 +165,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
'psa_hash_compute', 'psa_hash_compute',
'psa_hash_compare'): 'psa_hash_compare'):
return True return True
if function_name == 'psa_generate_random':
return True
if function_name in ('psa_mac_update', if function_name in ('psa_mac_update',
'psa_mac_sign_finish', 'psa_mac_sign_finish',
'psa_mac_verify_finish', 'psa_mac_verify_finish',

6
tests/src/psa_test_wrappers.c
View File

@ -562,7 +562,13 @@ psa_status_t mbedtls_test_wrap_psa_generate_random(
uint8_t *arg0_output, uint8_t *arg0_output,
size_t arg1_output_size) size_t arg1_output_size)
{ {
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg0_output, arg1_output_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size); psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg0_output, arg1_output_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status; return status;
} }