yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-12 19:35:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

psa: asymmetric_encrypt/decrypt: Improve error code consistency

Browse source 
In psa_asymmetric_encrypt/decrypt(), always return
PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key
and the algorithm is not a PSA algorithm we know
about, whether RSA is supported or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-08 14:28:35 +02:00
parent 2091eed609
commit 7207d574ab
1 changed files with 32 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
library/psa_crypto.c
View file

@ -3107,10 +3107,10 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{ {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL; mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation( slot->attr.type, status = mbedtls_psa_rsa_load_representation( slot->attr.type,
slot->key.data, slot->key.data,
@ -3124,9 +3124,11 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
status = PSA_ERROR_BUFFER_TOO_SMALL; status = PSA_ERROR_BUFFER_TOO_SMALL;
goto rsa_exit; goto rsa_exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
{ {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_rsa_pkcs1_encrypt( rsa, mbedtls_rsa_pkcs1_encrypt( rsa,
mbedtls_psa_get_random, mbedtls_psa_get_random,
@ -3135,12 +3137,14 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
input_length, input_length,
input, input,
output ) ); output ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) ) if( PSA_ALG_IS_RSA_OAEP( alg ) )
{ {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
psa_rsa_oaep_set_padding_mode( alg, rsa ); psa_rsa_oaep_set_padding_mode( alg, rsa );
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_encrypt( rsa, mbedtls_rsa_rsaes_oaep_encrypt( rsa,
@ -3151,23 +3155,26 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
input_length, input_length,
input, input,
output ) ); output ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
{ {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
goto rsa_exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
rsa_exit: rsa_exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
*output_length = mbedtls_rsa_get_len( rsa ); *output_length = mbedtls_rsa_get_len( rsa );
mbedtls_rsa_free( rsa ); mbedtls_rsa_free( rsa );
mbedtls_free( rsa ); mbedtls_free( rsa );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
}
else
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
} }
@ -3213,10 +3220,10 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{ {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL; mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation( slot->attr.type, status = mbedtls_psa_rsa_load_representation( slot->attr.type,
slot->key.data, slot->key.data,
@ -3230,10 +3237,12 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
goto rsa_exit; goto rsa_exit;
} }
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
{ {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_rsa_pkcs1_decrypt( rsa, mbedtls_rsa_pkcs1_decrypt( rsa,
mbedtls_psa_get_random, mbedtls_psa_get_random,
@ -3243,12 +3252,14 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
input, input,
output, output,
output_size ) ); output_size ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) ) if( PSA_ALG_IS_RSA_OAEP( alg ) )
{ {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
psa_rsa_oaep_set_padding_mode( alg, rsa ); psa_rsa_oaep_set_padding_mode( alg, rsa );
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_decrypt( rsa, mbedtls_rsa_rsaes_oaep_decrypt( rsa,
@ -3260,20 +3271,24 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
input, input,
output, output,
output_size ) ); output_size ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
{ {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
rsa_exit: rsa_exit:
mbedtls_rsa_free( rsa ); mbedtls_rsa_free( rsa );
mbedtls_free( rsa ); mbedtls_free( rsa );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
}
else
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
} }