Merge branch 'fix/mbedtls_port_sanity_checks_and_return_values_v5.0' into 'release/v5.0'

mbedtls/port: refactor sanity checks and their return values (v5.0)

See merge request espressif/esp-idf!22127
This commit is contained in:
Mahavir Jain 2023-02-19 11:47:47 +08:00
commit 395b682aa3
4 changed files with 131 additions and 36 deletions

View File

@ -28,6 +28,7 @@
#include <string.h>
#include "mbedtls/aes.h"
#include "mbedtls/platform_util.h"
#include "esp_log.h"
#include "aes/esp_aes.h"
#include "soc/hwcrypto_periph.h"
#include <sys/lock.h>
@ -40,6 +41,7 @@
#include "esp_private/periph_ctrl.h"
static const char *TAG = "esp-aes";
/* AES uses a spinlock mux not a lock as the underlying block operation
only takes 208 cycles (to write key & compute block), +600 cycles
for DPORT protection but +3400 cycles again if you use a full sized lock.
@ -113,6 +115,26 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
return 0;
}
static int esp_aes_validate_input(esp_aes_context *ctx, const unsigned char *input,
const unsigned char *output )
{
if (!ctx) {
ESP_LOGD(TAG, "No AES context supplied");
return -1;
}
if (!input) {
ESP_LOGD(TAG, "No input supplied");
return -1;
}
if (!output) {
ESP_LOGD(TAG, "No output supplied");
return -1;
}
return 0;
}
void esp_aes_encrypt(esp_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
@ -129,6 +151,10 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx,
{
int r;
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
@ -158,6 +184,10 @@ int esp_internal_aes_decrypt(esp_aes_context *ctx,
{
int r;
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
@ -180,6 +210,10 @@ int esp_aes_crypt_ecb(esp_aes_context *ctx,
{
int r;
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
@ -204,6 +238,15 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output )
{
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGD(TAG, "No IV supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
uint32_t *output_words = (uint32_t *)output;
const uint32_t *input_words = (const uint32_t *)input;
uint32_t *iv_words = (uint32_t *)iv;
@ -271,13 +314,26 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int c;
size_t n = *iv_off;
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv_off) {
ESP_LOGE(TAG, "No IV offset supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
int c;
size_t n = *iv_off;
esp_aes_acquire_hardware();
ctx->key_in_hardware = 0;
ctx->key_in_hardware = aes_hal_setkey(ctx->key, ctx->key_bytes, ESP_AES_ENCRYPT);
@ -326,6 +382,15 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx,
unsigned char c;
unsigned char ov[17];
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
@ -369,8 +434,27 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
unsigned char *output )
{
int c, i;
size_t n = *nc_off;
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!stream_block) {
ESP_LOGE(TAG, "No stream supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!nonce_counter) {
ESP_LOGE(TAG, "No nonce supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!nc_off) {
ESP_LOGE(TAG, "No nonce offset supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
size_t n = *nc_off;
if (!valid_key_length(ctx)) {
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
@ -416,8 +500,17 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx,
int ret = 0;
size_t n;
if (ctx == NULL || iv_off == NULL || iv == NULL ||
input == NULL || output == NULL ) {
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv_off) {
ESP_LOGE(TAG, "No IV offset supplied");
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}

View File

@ -606,7 +606,7 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx,
int r;
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
@ -640,7 +640,7 @@ int esp_internal_aes_decrypt(esp_aes_context *ctx,
int r;
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
@ -676,7 +676,7 @@ int esp_aes_crypt_ecb(esp_aes_context *ctx,
int r;
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
@ -705,12 +705,12 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx,
{
int r = 0;
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
/* For CBC input length should be multiple of
@ -758,12 +758,12 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx,
size_t block_bytes = length - (length % AES_BLOCK_BYTES);
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
@ -846,17 +846,17 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx,
size_t n;
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv_off) {
ESP_LOGE(TAG, "No IV offset supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!valid_key_length(ctx)) {
@ -931,17 +931,17 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx,
size_t stream_bytes = 0;
if (esp_aes_validate_input(ctx, input, output)) {
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!iv_off) {
ESP_LOGE(TAG, "No IV offset supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
n = *iv_off;
@ -992,17 +992,22 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
size_t n;
if (esp_aes_validate_input(ctx, input, output)) {
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!stream_block) {
ESP_LOGE(TAG, "No stream supplied");
return -1;
}
if (!nonce_counter) {
ESP_LOGE(TAG, "No nonce supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
if (!nc_off) {
ESP_LOGE(TAG, "No nonce offset supplied");
return -1;
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
n = *nc_off;

View File

@ -24,6 +24,7 @@
#include "esp_log.h"
#include "mbedtls/aes.h"
#include "mbedtls/gcm.h"
#include "esp_heap_caps.h"
#include "soc/soc_memory_layout.h"
@ -340,12 +341,12 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
/* Initialize AES-GCM context */
@ -401,12 +402,12 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if (ctx->gcm_state != ESP_AES_GCM_STATE_START) {
@ -435,21 +436,21 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
if (!output_length) {
ESP_LOGE(TAG, "No output length supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
*output_length = input_length;
if (!ctx) {
ESP_LOGE(TAG, "No GCM context supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if (!input) {
ESP_LOGE(TAG, "No input supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if (!output) {
ESP_LOGE(TAG, "No output supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if ( output > input && (size_t) ( output - input ) < input_length ) {
@ -611,7 +612,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
In practice, e.g. with mbedtls the length of aad will always be short
*/
if (aad_len > LLDESC_MAX_NUM_PER_DESC) {
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
/* IV and AD are limited to 2^32 bits, so 2^29 bytes */
/* IV is not allowed to be zero length */
@ -623,17 +624,17 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return -1;
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
/* Initialize AES-GCM context */

View File

@ -18,10 +18,6 @@
extern "C" {
#endif
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function.*/
typedef enum {
ESP_AES_GCM_STATE_INIT,
ESP_AES_GCM_STATE_START,