From f028fe195ba8ea50e3835b718540295aa5392e5c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 17:14:44 +0000 Subject: [PATCH 1/8] Protect buffer in psa_import_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d21c13ea54..cc7dc09d60 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2199,11 +2199,12 @@ rsa_exit: } psa_status_t psa_import_key(const psa_key_attributes_t *attributes, - const uint8_t *data, + const uint8_t *data_external, size_t data_length, mbedtls_svc_key_id_t *key) { psa_status_t status; + LOCAL_INPUT_DECLARE(data_external, data); psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; size_t bits; @@ -2223,6 +2224,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, return PSA_ERROR_NOT_SUPPORTED; } + LOCAL_INPUT_ALLOC(data_external, data_length, data); + status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes, &slot, &driver); if (status != PSA_SUCCESS) { @@ -2277,6 +2280,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, status = psa_finish_key_creation(slot, driver, key); exit: + LOCAL_INPUT_FREE(data_external, data); if (status != PSA_SUCCESS) { psa_fail_key_creation(slot, driver); } From 45ac5265925c21f14772af07b098fb621d337280 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 17:15:19 +0000 Subject: [PATCH 2/8] Protect the buffer in psa_export_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index cc7dc09d60..7830f40f46 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1599,13 +1599,14 @@ psa_status_t psa_export_key_internal( } psa_status_t psa_export_key(mbedtls_svc_key_id_t key, - uint8_t *data, + uint8_t *data_external, size_t data_size, size_t *data_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + LOCAL_OUTPUT_DECLARE(data_external, data); /* Reject a zero-length output buffer now, since this can never be a * valid key representation. This way we know that data must be a valid @@ -1630,15 +1631,18 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, return status; } + LOCAL_OUTPUT_ALLOC(data_external, data_size, data); + psa_key_attributes_t attributes = { .core = slot->attr }; status = psa_driver_wrapper_export_key(&attributes, slot->key.data, slot->key.bytes, data, data_size, data_length); - +exit: unlock_status = psa_unlock_key_slot(slot); + LOCAL_OUTPUT_FREE(data_external, data); return (status == PSA_SUCCESS) ? unlock_status : status; } From b1d2c67ee0180093baa9e79c671ea5e7b34c3e0d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 17:19:30 +0000 Subject: [PATCH 3/8] Protect buffer in psa_export_public_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7830f40f46..4fc940c9f4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1714,7 +1714,7 @@ psa_status_t psa_export_public_key_internal( } psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, - uint8_t *data, + uint8_t *data_external, size_t data_size, size_t *data_length) { @@ -1722,6 +1722,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; psa_key_attributes_t attributes; + LOCAL_OUTPUT_DECLARE(data_external, data); /* Reject a zero-length output buffer now, since this can never be a * valid key representation. This way we know that data must be a valid @@ -1742,6 +1743,8 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, return status; } + LOCAL_OUTPUT_ALLOC(data_external, data_size, data); + if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -1757,6 +1760,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, exit: unlock_status = psa_unlock_key_slot(slot); + LOCAL_OUTPUT_FREE(data_external, data); return (status == PSA_SUCCESS) ? unlock_status : status; } From 77b91e3930fbbd286035deacf60aeee7dccb51c2 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Jan 2024 10:58:06 +0000 Subject: [PATCH 4/8] Generate test wrappers for key management Signed-off-by: Ryan Everett --- tests/scripts/generate_psa_wrappers.py | 2 +- tests/src/psa_test_wrappers.c | 26 ++++++++++++++++++-------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index 005a324116..4271fe6900 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -143,7 +143,7 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): """Whether the specified buffer argument to a PSA function should be copied. """ # Proof-of-concept: just instrument one function for now - if function_name == 'psa_cipher_encrypt': + if function_name == 'psa_import_key' or function_name == 'psa_export_key' or function_name == 'psa_export_public_key': return True if function_name in ('psa_sign_message', 'psa_verify_message', diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 460d4535f5..de3714d2ca 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -267,15 +267,7 @@ psa_status_t mbedtls_test_wrap_psa_cipher_encrypt( size_t arg5_output_size, size_t *arg6_output_length) { -#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_cipher_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length); -#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } @@ -435,7 +427,13 @@ psa_status_t mbedtls_test_wrap_psa_export_key( size_t arg2_data_size, size_t *arg3_data_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_export_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } @@ -446,7 +444,13 @@ psa_status_t mbedtls_test_wrap_psa_export_public_key( size_t arg2_data_size, size_t *arg3_data_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_export_public_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } @@ -566,7 +570,13 @@ psa_status_t mbedtls_test_wrap_psa_import_key( size_t arg2_data_length, mbedtls_svc_key_id_t *arg3_key) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_length); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_import_key)(arg0_attributes, arg1_data, arg2_data_length, arg3_key); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_length); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } From 84a666daa862c0e7f9ef3d6ee56bd671579904a5 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Jan 2024 12:00:02 +0000 Subject: [PATCH 5/8] Re-add cipher_encrypt to test wrapper script Signed-off-by: Ryan Everett --- tests/scripts/generate_psa_wrappers.py | 2 ++ tests/src/psa_test_wrappers.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index 4271fe6900..fbc598f8a4 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -143,6 +143,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): """Whether the specified buffer argument to a PSA function should be copied. """ # Proof-of-concept: just instrument one function for now + if function_name == 'psa_cipher_encrypt': + return True if function_name == 'psa_import_key' or function_name == 'psa_export_key' or function_name == 'psa_export_public_key': return True if function_name in ('psa_sign_message', diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index de3714d2ca..bb1409e10b 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -267,7 +267,15 @@ psa_status_t mbedtls_test_wrap_psa_cipher_encrypt( size_t arg5_output_size, size_t *arg6_output_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); + MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_cipher_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); + MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } From 35f68533d8f0880423586b510a4618d3640efde4 Mon Sep 17 00:00:00 2001 From: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com> Date: Thu, 25 Jan 2024 12:02:03 +0000 Subject: [PATCH 6/8] Conditionally guard exit label to deter unused label error Co-authored-by: David Horstmann Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4fc940c9f4..da70db08f8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1639,7 +1639,9 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, status = psa_driver_wrapper_export_key(&attributes, slot->key.data, slot->key.bytes, data, data_size, data_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) exit: +#endif unlock_status = psa_unlock_key_slot(slot); LOCAL_OUTPUT_FREE(data_external, data); From 4c74c4fe843029365007e16c6e0924ca000db261 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Jan 2024 14:36:09 +0000 Subject: [PATCH 7/8] Fix line-too-long in script Signed-off-by: Ryan Everett --- tests/scripts/generate_psa_wrappers.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index fbc598f8a4..3cdafed167 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -145,7 +145,9 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): # Proof-of-concept: just instrument one function for now if function_name == 'psa_cipher_encrypt': return True - if function_name == 'psa_import_key' or function_name == 'psa_export_key' or function_name == 'psa_export_public_key': + if function_name in ('psa_import_key', + 'psa_export_key', + 'psa_export_public_key'): return True if function_name in ('psa_sign_message', 'psa_verify_message', From 8d606857da2e395ac8c9bbb7131ffe234e588657 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 1 Feb 2024 17:52:13 +0000 Subject: [PATCH 8/8] Remove unnecessary dependencies from psa_crypto_helpers.h The psa_test_wrappers.h inclusion was breaking the examples in programs/ on functions with poisoning added Signed-off-by: Ryan Everett --- tests/include/test/psa_crypto_helpers.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 96a8c1c82e..8e790cbab3 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -16,13 +16,6 @@ #include #endif -#include "test/psa_test_wrappers.h" - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) -#include "test/psa_memory_poisoning_wrappers.h" -#endif - #if defined(MBEDTLS_PSA_CRYPTO_C) /** Initialize the PSA Crypto subsystem. */ #define PSA_INIT() PSA_ASSERT(psa_crypto_init())