From da999c694691d52810eb4b017df1dba867f39a19 Mon Sep 17 00:00:00 2001 From: itayzafrir Date: Wed, 20 Mar 2019 18:18:33 +0200 Subject: [PATCH] Fix crypto service abort functionality - hash --- .../COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c | 10 ++ .../COMPONENT_SPE/psa_crypto_partition.c | 95 +++++++++++-------- 2 files changed, 64 insertions(+), 41 deletions(-) diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c index 4c2ad31d2b..d0fafb8b6a 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c @@ -240,6 +240,10 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation) psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg) { + if (operation->handle != PSA_NULL_HANDLE) { + return (PSA_ERROR_BAD_STATE); + } + psa_crypto_ipc_t psa_crypto_ipc = { .func = PSA_HASH_SETUP, .handle = 0, @@ -253,6 +257,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, return (status); } status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); + if (status != PSA_SUCCESS) { + ipc_close(&operation->handle); + } return (status); } @@ -272,6 +279,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, }; psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); + if (status != PSA_SUCCESS) { + ipc_close(&operation->handle); + } return (status); } diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c index d7b6ab4b95..84208a6401 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c @@ -414,6 +414,10 @@ static void psa_hash_operation(void) case PSA_HASH_SETUP: { status = psa_hash_setup(msg.rhandle, psa_crypto.alg); + if (status != PSA_SUCCESS) { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); + } break; } @@ -425,32 +429,32 @@ static void psa_hash_operation(void) input_buffer = mbedtls_calloc(1, allocation_size); if (input_buffer == NULL) { + psa_hash_abort(msg.rhandle); status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; + } else { + while (data_remaining > 0) { + size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); + bytes_read = psa_read(msg.handle, 1, input_buffer, size_to_read); + + if (bytes_read != size_to_read) { + SPM_PANIC("SPM read length mismatch"); + } + + status = psa_hash_update(msg.rhandle, input_buffer, bytes_read); + // stop on error + if (status != PSA_SUCCESS) { + break; + } + data_remaining = data_remaining - bytes_read; + } + mbedtls_free(input_buffer); } - while (data_remaining > 0) { - size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - bytes_read = psa_read(msg.handle, 1, input_buffer, - size_to_read); - - if (bytes_read != size_to_read) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_hash_update(msg.rhandle, - input_buffer, - bytes_read); - - // stop on error - if (status != PSA_SUCCESS) { - break; - } - data_remaining = data_remaining - bytes_read; + if (status != PSA_SUCCESS) { + destroy_hash_clone(msg.rhandle); + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); } - - mbedtls_free(input_buffer); - break; } @@ -465,20 +469,20 @@ static void psa_hash_operation(void) size_t hash_length = 0; uint8_t *hash = mbedtls_calloc(1, hash_size); if (hash == NULL) { + psa_hash_abort(msg.rhandle); status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; + } else { + status = psa_hash_finish(msg.rhandle, hash, hash_size, &hash_length); + if (status == PSA_SUCCESS) { + psa_write(msg.handle, 0, hash, hash_length); + psa_write(msg.handle, 1, &hash_length, sizeof(hash_length)); + } + mbedtls_free(hash); } - status = psa_hash_finish(msg.rhandle, hash, hash_size, - &hash_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, hash, hash_length); - psa_write(msg.handle, 1, &hash_length, - sizeof(hash_length)); - } - - mbedtls_free(hash); destroy_hash_clone(msg.rhandle); + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); break; } @@ -493,24 +497,29 @@ static void psa_hash_operation(void) uint8_t *hash = mbedtls_calloc(1, hash_length); if (hash == NULL) { + psa_hash_abort(msg.rhandle); status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; + } else { + bytes_read = psa_read(msg.handle, 2, hash, msg.in_size[2]); + if (bytes_read != msg.in_size[2]) { + SPM_PANIC("SPM read length mismatch"); + } + + status = psa_hash_verify(msg.rhandle, hash, hash_length); + mbedtls_free(hash); } - bytes_read = psa_read(msg.handle, 2, hash, msg.in_size[2]); - if (bytes_read != msg.in_size[2]) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_hash_verify(msg.rhandle, hash, hash_length); - mbedtls_free(hash); destroy_hash_clone(msg.rhandle); + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); break; } case PSA_HASH_ABORT: { status = psa_hash_abort(msg.rhandle); destroy_hash_clone(msg.rhandle); + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); break; } @@ -537,6 +546,10 @@ static void psa_hash_operation(void) status = psa_hash_clone(hash_clone->source_operation, msg.rhandle); release_hash_clone(hash_clone); } + if (status != PSA_SUCCESS) { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); + } break; } @@ -550,8 +563,8 @@ static void psa_hash_operation(void) } case PSA_IPC_DISCONNECT: { - psa_hash_abort(msg.rhandle); if (msg.rhandle != NULL) { + psa_hash_abort(msg.rhandle); destroy_hash_clone(msg.rhandle); mbedtls_free(msg.rhandle); }