Skip to content

Commit 545e669

Browse files
author
itayzafrir
committed
Fix crypto service abort functionality - mac
1 parent da999c6 commit 545e669

File tree

2 files changed

+66
-49
lines changed

2 files changed

+66
-49
lines changed

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,10 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
120120
psa_algorithm_t alg,
121121
psa_sec_function_t func)
122122
{
123+
if (operation->handle != PSA_NULL_HANDLE) {
124+
return (PSA_ERROR_BAD_STATE);
125+
}
126+
123127
psa_crypto_ipc_t psa_crypto_ipc = {
124128
.func = func,
125129
.handle = key_handle,
@@ -133,6 +137,9 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
133137
return (status);
134138
}
135139
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
140+
if (status != PSA_SUCCESS) {
141+
ipc_close(&operation->handle);
142+
}
136143
return (status);
137144
}
138145

@@ -168,6 +175,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
168175
};
169176

170177
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false);
178+
if (status != PSA_SUCCESS) {
179+
ipc_close(&operation->handle);
180+
}
171181
return (status);
172182
}
173183

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

Lines changed: 56 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -227,28 +227,30 @@ static void psa_mac_operation(void)
227227

228228
switch (psa_crypto.func) {
229229
case PSA_MAC_SIGN_SETUP: {
230-
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle,
231-
msg.client_id)) {
230+
if (psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, msg.client_id)) {
231+
status = psa_mac_sign_setup(msg.rhandle, psa_crypto.handle, psa_crypto.alg);
232+
} else {
232233
status = PSA_ERROR_INVALID_HANDLE;
233-
break;
234234
}
235235

236-
status = psa_mac_sign_setup(msg.rhandle,
237-
psa_crypto.handle,
238-
psa_crypto.alg);
236+
if (status != PSA_SUCCESS) {
237+
mbedtls_free(msg.rhandle);
238+
psa_set_rhandle(msg.handle, NULL);
239+
}
239240
break;
240241
}
241242

242243
case PSA_MAC_VERIFY_SETUP: {
243-
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle,
244-
msg.client_id)) {
244+
if (psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, msg.client_id)) {
245+
status = psa_mac_verify_setup(msg.rhandle, psa_crypto.handle, psa_crypto.alg);
246+
} else {
245247
status = PSA_ERROR_INVALID_HANDLE;
246-
break;
247248
}
248249

249-
status = psa_mac_verify_setup(msg.rhandle,
250-
psa_crypto.handle,
251-
psa_crypto.alg);
250+
if (status != PSA_SUCCESS) {
251+
mbedtls_free(msg.rhandle);
252+
psa_set_rhandle(msg.handle, NULL);
253+
}
252254
break;
253255
}
254256

@@ -261,32 +263,32 @@ static void psa_mac_operation(void)
261263

262264
input_buffer = mbedtls_calloc(1, allocation_size);
263265
if (input_buffer == NULL) {
266+
psa_mac_abort(msg.rhandle);
264267
status = PSA_ERROR_INSUFFICIENT_MEMORY;
265-
break;
266-
}
268+
} else {
269+
while (data_remaining > 0) {
270+
size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES);
271+
bytes_read = psa_read(msg.handle, 1, input_buffer, size_to_read);
267272

268-
while (data_remaining > 0) {
269-
size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES);
270-
bytes_read = psa_read(msg.handle, 1, input_buffer,
271-
size_to_read);
273+
if (bytes_read != size_to_read) {
274+
SPM_PANIC("SPM read length mismatch");
275+
}
272276

273-
if (bytes_read != size_to_read) {
274-
SPM_PANIC("SPM read length mismatch");
277+
status = psa_mac_update(msg.rhandle, input_buffer, bytes_read);
278+
// stop on error
279+
if (status != PSA_SUCCESS) {
280+
break;
281+
}
282+
data_remaining = data_remaining - bytes_read;
275283
}
276284

277-
status = psa_mac_update(msg.rhandle,
278-
input_buffer,
279-
bytes_read);
280-
281-
// stop on error
282-
if (status != PSA_SUCCESS) {
283-
break;
284-
}
285-
data_remaining = data_remaining - bytes_read;
285+
mbedtls_free(input_buffer);
286286
}
287287

288-
mbedtls_free(input_buffer);
289-
288+
if (status != PSA_SUCCESS) {
289+
mbedtls_free(msg.rhandle);
290+
psa_set_rhandle(msg.handle, NULL);
291+
}
290292
break;
291293
}
292294

@@ -301,19 +303,19 @@ static void psa_mac_operation(void)
301303
size_t mac_length = 0;
302304
uint8_t *mac = mbedtls_calloc(1, mac_size);
303305
if (mac == NULL) {
306+
psa_mac_abort(msg.rhandle);
304307
status = PSA_ERROR_INSUFFICIENT_MEMORY;
305-
break;
306-
}
307-
308-
status = psa_mac_sign_finish(msg.rhandle, mac, mac_size,
309-
&mac_length);
310-
if (status == PSA_SUCCESS) {
311-
psa_write(msg.handle, 0, mac, mac_length);
312-
psa_write(msg.handle, 1, &mac_length,
313-
sizeof(mac_length));
308+
} else {
309+
status = psa_mac_sign_finish(msg.rhandle, mac, mac_size, &mac_length);
310+
if (status == PSA_SUCCESS) {
311+
psa_write(msg.handle, 0, mac, mac_length);
312+
psa_write(msg.handle, 1, &mac_length, sizeof(mac_length));
313+
}
314+
mbedtls_free(mac);
314315
}
315316

316-
mbedtls_free(mac);
317+
mbedtls_free(msg.rhandle);
318+
psa_set_rhandle(msg.handle, NULL);
317319
break;
318320
}
319321

@@ -328,22 +330,27 @@ static void psa_mac_operation(void)
328330

329331
uint8_t *mac = mbedtls_calloc(1, mac_length);
330332
if (mac == NULL) {
333+
psa_mac_abort(msg.rhandle);
331334
status = PSA_ERROR_INSUFFICIENT_MEMORY;
332-
break;
333-
}
335+
} else {
336+
bytes_read = psa_read(msg.handle, 2, mac, msg.in_size[2]);
337+
if (bytes_read != msg.in_size[2]) {
338+
SPM_PANIC("SPM read length mismatch");
339+
}
334340

335-
bytes_read = psa_read(msg.handle, 2, mac, msg.in_size[2]);
336-
if (bytes_read != msg.in_size[2]) {
337-
SPM_PANIC("SPM read length mismatch");
341+
status = psa_mac_verify_finish(msg.rhandle, mac, mac_length);
342+
mbedtls_free(mac);
338343
}
339344

340-
status = psa_mac_verify_finish(msg.rhandle, mac, mac_length);
341-
mbedtls_free(mac);
345+
mbedtls_free(msg.rhandle);
346+
psa_set_rhandle(msg.handle, NULL);
342347
break;
343348
}
344349

345350
case PSA_MAC_ABORT: {
346351
status = psa_mac_abort(msg.rhandle);
352+
mbedtls_free(msg.rhandle);
353+
psa_set_rhandle(msg.handle, NULL);
347354
break;
348355
}
349356

@@ -359,8 +366,8 @@ static void psa_mac_operation(void)
359366
}
360367

361368
case PSA_IPC_DISCONNECT: {
362-
psa_mac_abort(msg.rhandle);
363369
if (msg.rhandle != NULL) {
370+
psa_mac_abort(msg.rhandle);
364371
mbedtls_free(msg.rhandle);
365372
}
366373

0 commit comments

Comments
 (0)