Skip to content

Commit 8044f6d

Browse files
author
itayzafrir
committed
Fix crypto service abort functionality - generators
1 parent 545e669 commit 8044f6d

File tree

2 files changed

+55
-37
lines changed

2 files changed

+55
-37
lines changed

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1006,6 +1006,10 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
10061006
size_t label_length,
10071007
size_t capacity)
10081008
{
1009+
if (generator->handle != PSA_NULL_HANDLE) {
1010+
return (PSA_ERROR_BAD_STATE);
1011+
}
1012+
10091013
psa_crypto_derivation_ipc_t psa_crypto_ipc = {
10101014
.func = PSA_KEY_DERIVATION,
10111015
.handle = key_handle,
@@ -1024,6 +1028,9 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
10241028
return (status);
10251029
}
10261030
status = ipc_call(&generator->handle, in_vec, 3, NULL, 0, false);
1031+
if (status != PSA_SUCCESS) {
1032+
ipc_close(&generator->handle);
1033+
}
10271034
return (status);
10281035
}
10291036

@@ -1033,6 +1040,10 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
10331040
size_t peer_key_length,
10341041
psa_algorithm_t alg)
10351042
{
1043+
if (generator->handle != PSA_NULL_HANDLE) {
1044+
return (PSA_ERROR_BAD_STATE);
1045+
}
1046+
10361047
psa_crypto_derivation_ipc_t psa_crypto_ipc = {
10371048
.func = PSA_KEY_AGREEMENT,
10381049
.handle = private_key_handle,
@@ -1050,6 +1061,9 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
10501061
return (status);
10511062
}
10521063
status = ipc_call(&generator->handle, in_vec, 2, NULL, 0, false);
1064+
if (status != PSA_SUCCESS) {
1065+
ipc_close(&generator->handle);
1066+
}
10531067
return (status);
10541068
}
10551069

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

Lines changed: 41 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1622,11 +1622,14 @@ void psa_crypto_generator_operations(void)
16221622

16231623
case PSA_GENERATOR_ABORT: {
16241624
status = psa_generator_abort(msg.rhandle);
1625+
mbedtls_free(msg.rhandle);
1626+
psa_set_rhandle(msg.handle, NULL);
16251627
break;
16261628
}
16271629

16281630
case PSA_KEY_DERIVATION: {
16291631
uint8_t *salt = NULL;
1632+
uint8_t *label = NULL;
16301633

16311634
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
16321635
msg.client_id)) {
@@ -1635,39 +1638,36 @@ void psa_crypto_generator_operations(void)
16351638
}
16361639

16371640
salt = mbedtls_calloc(1, msg.in_size[1]);
1638-
if (salt == NULL) {
1641+
label = mbedtls_calloc(1, msg.in_size[2]);
1642+
if (salt == NULL || label == NULL) {
16391643
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1640-
break;
1641-
}
1644+
} else {
1645+
bytes_read = psa_read(msg.handle, 1, salt, msg.in_size[1]);
1646+
if (bytes_read != msg.in_size[1]) {
1647+
SPM_PANIC("SPM read length mismatch");
1648+
}
16421649

1643-
bytes_read = psa_read(msg.handle, 1, salt,
1644-
msg.in_size[1]);
1645-
if (bytes_read != msg.in_size[1]) {
1646-
SPM_PANIC("SPM read length mismatch");
1647-
}
1650+
bytes_read = psa_read(msg.handle, 2, label, msg.in_size[2]);
1651+
if (bytes_read != msg.in_size[2]) {
1652+
SPM_PANIC("SPM read length mismatch");
1653+
}
16481654

1649-
uint8_t *label = mbedtls_calloc(1, msg.in_size[2]);
1650-
if (label == NULL) {
1651-
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1652-
mbedtls_free(salt);
1653-
break;
1654-
}
1655+
status = psa_key_derivation(msg.rhandle, psa_crypto_ipc.handle,
1656+
psa_crypto_ipc.alg,
1657+
salt,
1658+
msg.in_size[1],//salt length
1659+
label,
1660+
msg.in_size[2],//label length
1661+
psa_crypto_ipc.capacity);
16551662

1656-
bytes_read = psa_read(msg.handle, 2, label,
1657-
msg.in_size[2]);
1658-
if (bytes_read != msg.in_size[2]) {
1659-
SPM_PANIC("SPM read length mismatch");
16601663
}
16611664

1662-
status = psa_key_derivation(msg.rhandle, psa_crypto_ipc.handle,
1663-
psa_crypto_ipc.alg,
1664-
salt,
1665-
msg.in_size[1],//salt length
1666-
label,
1667-
msg.in_size[2],//label length
1668-
psa_crypto_ipc.capacity);
1669-
mbedtls_free(label);
16701665
mbedtls_free(salt);
1666+
mbedtls_free(label);
1667+
if (status != PSA_SUCCESS) {
1668+
mbedtls_free(msg.rhandle);
1669+
psa_set_rhandle(msg.handle, NULL);
1670+
}
16711671

16721672
break;
16731673
}
@@ -1684,20 +1684,24 @@ void psa_crypto_generator_operations(void)
16841684
private_key = mbedtls_calloc(1, msg.in_size[1]);
16851685
if (private_key == NULL) {
16861686
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1687-
break;
1687+
} else {
1688+
bytes_read = psa_read(msg.handle, 1, private_key, msg.in_size[1]);
1689+
if (bytes_read != msg.in_size[1]) {
1690+
SPM_PANIC("SPM read length mismatch");
1691+
}
1692+
1693+
status = psa_key_agreement(msg.rhandle, psa_crypto_ipc.handle,
1694+
private_key,
1695+
msg.in_size[1],//private_key length
1696+
psa_crypto_ipc.alg);
1697+
mbedtls_free(private_key);
16881698
}
16891699

1690-
bytes_read = psa_read(msg.handle, 1, private_key,
1691-
msg.in_size[1]);
1692-
if (bytes_read != msg.in_size[1]) {
1693-
SPM_PANIC("SPM read length mismatch");
1700+
if (status != PSA_SUCCESS) {
1701+
mbedtls_free(msg.rhandle);
1702+
psa_set_rhandle(msg.handle, NULL);
16941703
}
16951704

1696-
status = psa_key_agreement(msg.rhandle, psa_crypto_ipc.handle,
1697-
private_key,
1698-
msg.in_size[1],//private_key length
1699-
psa_crypto_ipc.alg);
1700-
mbedtls_free(private_key);
17011705
break;
17021706
}
17031707

@@ -1710,8 +1714,8 @@ void psa_crypto_generator_operations(void)
17101714
break;
17111715
}
17121716
case PSA_IPC_DISCONNECT: {
1713-
psa_generator_abort(msg.rhandle);
17141717
if (msg.rhandle != NULL) {
1718+
psa_generator_abort(msg.rhandle);
17151719
mbedtls_free(msg.rhandle);
17161720
}
17171721

0 commit comments

Comments
 (0)