allow calling hash or mac on large buffers without large memory allocation

Nir Sonnenschein · Nir Sonnenschein · commit 4a4af57c22c3 · 2019-02-19T15:49:52.000+02:00
use a fixed size buffer for large inputs to process the input
in multiple smaller pieces.
diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c
@@ -18,6 +18,11 @@
 #define mbedtls_free   free
 #endif
 
+// ---------------------------------- Macros -----------------------------------
+#if !defined(MIN)
+#define MIN( a, b ) ( ( ( a ) < ( b ) ) ? ( a ) : ( b ) )
+#endif
+
 // -------------------------------- Structures ---------------------------------
 typedef struct psa_spm_hash_clone_s {
     int32_t partition_id;
@@ -28,6 +33,12 @@ typedef struct psa_spm_hash_clone_s {
 // ---------------------------------- Globals ----------------------------------
 static int psa_spm_init_refence_counter = 0;
 
+/* maximal memoty allocation for reading large hash ort mac input buffers.
+the data will be read in chunks of size */
+#if !defined (MAX_DATA_CHUNK_SIZE_IN_BYTES)
+    #define MAX_DATA_CHUNK_SIZE_IN_BYTES 400
+#endif
+
 #ifndef MAX_CONCURRENT_HASH_CLONES
 #define MAX_CONCURRENT_HASH_CLONES 2
 #endif
@@ -216,24 +227,42 @@ static void psa_mac_operation(void)
                 }
 
                 case PSA_MAC_UPDATE: {
-                    uint8_t *input_ptr = mbedtls_calloc(1, msg.in_size[1]);
-                    if (input_ptr == NULL) {
+
+                    uint8_t * input_buffer = NULL;
+                    size_t data_remaining = msg.in_size[1];
+                    size_t allocation_size = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES);
+                    size_t size_to_read = 0;
+
+                    input_buffer = mbedtls_calloc(1, allocation_size);
+                    if (input_buffer == NULL) {
                         status = PSA_ERROR_INSUFFICIENT_MEMORY;
                         break;
                     }
 
-                    bytes_read = psa_read(msg.handle, 1, input_ptr,
-                                          msg.in_size[1]);
+                    while (data_remaining > 0)
+                    {
+                        size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES);
+                        bytes_read = psa_read(msg.handle, 1, input_buffer,
+                                              size_to_read);
 
-                    if (bytes_read != msg.in_size[1]) {
-                        SPM_PANIC("SPM read length mismatch");
-                    }
+                        if (bytes_read != size_to_read) {
+                            SPM_PANIC("SPM read length mismatch");
+                        }
 
-                    status = psa_mac_update(msg.rhandle,
-                                            input_ptr,
-                                            msg.in_size[1]);
+                        status = psa_mac_update(msg.rhandle,
+                                                input_buffer,
+                                                bytes_read);
+                        
+                        // stop on error 
+                        if (status != PSA_SUCCESS)
+                        {
+                            break;
+                        }
+                        data_remaining = data_remaining - bytes_read;
+                    }
+                    
+                    mbedtls_free(input_buffer);
 
-                    mbedtls_free(input_ptr);
                     break;
                 }
 
@@ -363,23 +392,41 @@ static void psa_hash_operation(void)
                 }
 
                 case PSA_HASH_UPDATE: {
-                    uint8_t *input_ptr = mbedtls_calloc(1, msg.in_size[1]);
-                    if (input_ptr == NULL) {
+                    uint8_t * input_buffer = NULL;
+                    size_t data_remaining = msg.in_size[1];
+                    size_t size_to_read = 0;
+                    size_t allocation_size = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES);
+
+                    input_buffer = mbedtls_calloc(1, allocation_size);
+                    if (input_buffer == NULL) {
                         status = PSA_ERROR_INSUFFICIENT_MEMORY;
                         break;
                     }
 
-                    bytes_read = psa_read(msg.handle, 1, input_ptr,
-                                          msg.in_size[1]);
+                    while (data_remaining > 0)
+                    {
+                        size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES);
+                        bytes_read = psa_read(msg.handle, 1, input_buffer,
+                                              size_to_read);
 
-                    if (bytes_read != msg.in_size[1]) {
-                        SPM_PANIC("SPM read length mismatch");
+                        if (bytes_read != size_to_read) {
+                            SPM_PANIC("SPM read length mismatch");
+                        }
+
+                        status = psa_hash_update(msg.rhandle,
+                                                input_buffer,
+                                                bytes_read);
+
+                        // stop on error 
+                        if (status != PSA_SUCCESS)
+                        {
+                            break;
+                        }
+                        data_remaining = data_remaining - bytes_read;
                     }
 
-                    status = psa_hash_update(msg.rhandle,
-                                             input_ptr,
-                                             msg.in_size[1]);
-                    mbedtls_free(input_ptr);
+                    mbedtls_free(input_buffer);
+
                     break;
                 }
 
