yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 07:21:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Key and Algorithm validation

Browse source
This commit is contained in:
mohammad1603 2018-05-09 02:24:42 -07:00 committed by itayzafrir
parent a7e6df76ea
commit dad36fa855
2 changed files with 28 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/psa/crypto.h
View file

@ -143,6 +143,7 @@ typedef uint32_t psa_key_type_t;
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7e000000) #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7e000000)
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x02000000) #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x02000000)
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x04000000) #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x04000000)
#define PSA_KEY_TYPE_CATEGORY_CIPHER ((psa_key_type_t)0x04000000)
#define PSA_KEY_TYPE_CATEGORY_ASYMMETRIC ((psa_key_type_t)0x06000000) #define PSA_KEY_TYPE_CATEGORY_ASYMMETRIC ((psa_key_type_t)0x06000000)
#define PSA_KEY_TYPE_PAIR_FLAG ((psa_key_type_t)0x01000000) #define PSA_KEY_TYPE_PAIR_FLAG ((psa_key_type_t)0x01000000)

36
library/psa_crypto.c
View file

@ -1488,6 +1488,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
size_t key_bits; size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL; const mbedtls_cipher_info_t *cipher_info = NULL;
unsigned char tag[16]; unsigned char tag[16];
mbedtls_cipher_id_t cipher_id;
if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
@ -1497,6 +1498,15 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
return( status ); return( status );
slot = &global_data.key_slots[key]; slot = &global_data.key_slots[key];
if ( key_type == PSA_KEY_TYPE_AES )
{
cipher_id = MBEDTLS_CIPHER_ID_AES;
}
else
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
//TODO: check key policy //TODO: check key policy
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
@ -1507,13 +1517,11 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
&& PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
operation->block_size = cipher_info->block_size;
if( alg == PSA_ALG_GCM ) if( alg == PSA_ALG_GCM )
{ {
mbedtls_gcm_context gcm; mbedtls_gcm_context gcm;
mbedtls_gcm_init( &gcm ); mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, ret = mbedtls_gcm_setkey( &gcm, cipher_id,
( const unsigned char * )slot->data.raw.data, key_bits ); ( const unsigned char * )slot->data.raw.data, key_bits );
if( ret != 0 ) if( ret != 0 )
{ {
@ -1541,7 +1549,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ccm_init( &ccm ); mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, ret = mbedtls_ccm_setkey( &ccm, cipher_id,
slot->data.raw.data, key_bits ); slot->data.raw.data, key_bits );
if( ret != 0 ) if( ret != 0 )
{ {
@ -1551,7 +1559,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length,
nonce , nonce_length, additional_data, nonce , nonce_length, additional_data,
additional_data_length, additional_data_length,
plaintext, ciphertext, sizeof( tag ), tag ); plaintext, ciphertext, tag, sizeof( tag ) );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_ccm_free( &ccm ); mbedtls_ccm_free( &ccm );
@ -1585,6 +1593,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
size_t key_bits; size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL; const mbedtls_cipher_info_t *cipher_info = NULL;
unsigned char tag[16]; unsigned char tag[16];
mbedtls_cipher_id_t cipher_id;
if( plaintext_size < ciphertext_length ) if( plaintext_size < ciphertext_length )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
@ -1594,6 +1603,15 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
return( status ); return( status );
slot = &global_data.key_slots[key]; slot = &global_data.key_slots[key];
if ( key_type == PSA_KEY_TYPE_AES )
{
cipher_id = MBEDTLS_CIPHER_ID_AES;
}
else
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
//TODO: check key policy //TODO: check key policy
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
@ -1604,14 +1622,12 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
&& PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
operation->block_size = cipher_info->block_size;
if( alg == PSA_ALG_GCM ) if( alg == PSA_ALG_GCM )
{ {
mbedtls_gcm_context gcm; mbedtls_gcm_context gcm;
mbedtls_gcm_init( &gcm ); mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, ret = mbedtls_gcm_setkey( &gcm, cipher_id,
slot->data.raw.data, key_bits ); slot->data.raw.data, key_bits );
if( ret != 0 ) if( ret != 0 )
{ {
@ -1639,7 +1655,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ccm_init( &ccm ); mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, ret = mbedtls_ccm_setkey( &ccm, cipher_id,
slot->data.raw.data, key_bits ); slot->data.raw.data, key_bits );
if( ret != 0 ) if( ret != 0 )
{ {
@ -1649,7 +1665,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length,
nonce , nonce_length, additional_data, nonce , nonce_length, additional_data,
additional_data_length, ciphertext , additional_data_length, ciphertext ,
plaintext, sizeof( tag ), tag ); plaintext, tag, sizeof( tag ) );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_ccm_free( &ccm ); mbedtls_ccm_free( &ccm );