yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Further pake code optimizations

Browse source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-03-07 16:26:37 +01:00
parent 57580f2539
commit 691e91adac
4 changed files with 20 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/proposed/psa-driver-interface.md
View file

@ -458,9 +458,7 @@ For `PSA_ALG_JPAKE` the following steps are available for input operation:
* `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key * `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key
* `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key * `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key
The core has checked that input_length is smaller than PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE.
where primitive is the JPAKE algorithm primitive and step the PSA API level input step.
Thus no risk of integer overflow while checking operation buffer overflow.
### PAKE driver get implicit key ### PAKE driver get implicit key

44
library/psa_crypto.c
View file

@ -7609,6 +7609,7 @@ psa_status_t psa_pake_output(
size_t *output_length) size_t *output_length)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID;
*output_length = 0; *output_length = 0;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7635,6 +7636,8 @@ psa_status_t psa_pake_output(
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
driver_step = convert_jpake_computation_stage_to_driver_step(
&operation->computation_stage.jpake);
break; break;
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
default: default:
@ -7643,17 +7646,8 @@ psa_status_t psa_pake_output(
goto exit; goto exit;
} }
#if defined(PSA_WANT_ALG_JPAKE) status = psa_driver_wrapper_pake_output(operation, driver_step,
status = psa_driver_wrapper_pake_output(operation, output, output_size, output_length);
convert_jpake_computation_stage_to_driver_step(
&operation->computation_stage.jpake),
output,
output_size,
output_length);
#else
(void) output;
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_WANT_ALG_JPAKE */
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
@ -7682,8 +7676,7 @@ exit:
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_input_prologue( static psa_status_t psa_jpake_input_prologue(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_step_t step, psa_pake_step_t step)
size_t input_length)
{ {
if (step != PSA_PAKE_STEP_KEY_SHARE && if (step != PSA_PAKE_STEP_KEY_SHARE &&
step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PUBLIC &&
@ -7698,12 +7691,6 @@ static psa_status_t psa_jpake_input_prologue(
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE(
PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256);
if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (computation_stage->state != PSA_PAKE_STATE_READY && if (computation_stage->state != PSA_PAKE_STATE_READY &&
computation_stage->state != PSA_PAKE_INPUT_X1_X2 && computation_stage->state != PSA_PAKE_INPUT_X1_X2 &&
computation_stage->state != PSA_PAKE_INPUT_X4S) { computation_stage->state != PSA_PAKE_INPUT_X4S) {
@ -7787,6 +7774,7 @@ psa_status_t psa_pake_input(
size_t input_length) size_t input_length)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = psa_pake_complete_inputs(operation); status = psa_pake_complete_inputs(operation);
@ -7800,7 +7788,7 @@ psa_status_t psa_pake_input(
goto exit; goto exit;
} }
if (input_length == 0) { if (input_length == 0 || input_length > PSA_PAKE_INPUT_MAX_SIZE) {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
goto exit; goto exit;
} }
@ -7808,10 +7796,12 @@ psa_status_t psa_pake_input(
switch (operation->alg) { switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_input_prologue(operation, step, input_length); status = psa_jpake_input_prologue(operation, step);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
driver_step = convert_jpake_computation_stage_to_driver_step(
&operation->computation_stage.jpake);
break; break;
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
default: default:
@ -7820,16 +7810,8 @@ psa_status_t psa_pake_input(
goto exit; goto exit;
} }
#if defined(PSA_WANT_ALG_JPAKE) status = psa_driver_wrapper_pake_input(operation, driver_step,
status = psa_driver_wrapper_pake_input(operation, input, input_length);
convert_jpake_computation_stage_to_driver_step(
&operation->computation_stage.jpake),
input,
input_length);
#else
(void) input;
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_WANT_ALG_JPAKE */
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;

10
library/psa_crypto_pake.c
View file

@ -431,7 +431,8 @@ static psa_status_t mbedtls_psa_pake_input_internal(
0, 23 /* secp256r1 */ 0, 23 /* secp256r1 */
}; };
if (operation->buffer_length + sizeof(ecparameters) > sizeof(operation->buffer)) { if (operation->buffer_length + sizeof(ecparameters) >
sizeof(operation->buffer)) {
return PSA_ERROR_BUFFER_TOO_SMALL; return PSA_ERROR_BUFFER_TOO_SMALL;
} }
@ -441,10 +442,9 @@ static psa_status_t mbedtls_psa_pake_input_internal(
} }
/* /*
* The core has checked that input_length is smaller than * The core checks that input_length is smaller than
* PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) * PSA_PAKE_INPUT_MAX_SIZE.
* where primitive is the JPAKE algorithm primitive and step * Thus no risk of integer overflow here.
* the PSA API level input step. Thus no risk of integer overflow here.
*/ */
if (operation->buffer_length + input_length + 1 > sizeof(operation->buffer)) { if (operation->buffer_length + input_length + 1 > sizeof(operation->buffer)) {
return PSA_ERROR_BUFFER_TOO_SMALL; return PSA_ERROR_BUFFER_TOO_SMALL;

6
library/psa_crypto_pake.h
View file

@ -96,11 +96,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
* entry point as defined in the PSA driver interface specification for * entry point as defined in the PSA driver interface specification for
* transparent drivers. * transparent drivers.
* *
* \note The core has checked that input_length is smaller than * \note The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE.
PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
where primitive is the JPAKE algorithm primitive and step
the PSA API level input step. Thus no risk of integer overflow while
checking operation buffer overflow.
* *
* \param[in,out] operation Active PAKE operation. * \param[in,out] operation Active PAKE operation.
* \param step The driver step for which the input is provided. * \param step The driver step for which the input is provided.