Remove the deprecated PSA_ALG_SELECT_RAW option

This change affects the psa_key_derivation_s structure. With the buffer
removed from the union, it is empty if MBEDTLS_MD_C is not defined.

We can avoid undefined behaviour by adding a new dummy field that is
always present or make the whole union conditional on MBEDTLS_MD_C.

In this latter case the initialiser macro has to depend on MBEDTLS_MD_C
as well. Furthermore the first structure would be either
psa_hkdf_key_derivation_t or psa_tls12_prf_key_derivation_t both of
which are very deep and would make the initialisation macro difficult
to maintain, therefore we go with the first option.
This commit is contained in:
Janos Follath 2019-06-14 11:05:39 +01:00
parent a27c927d4a
commit adbec81cc4
4 changed files with 7 additions and 83 deletions

View File

@ -283,9 +283,6 @@ psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation,
size_t capacity);
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
/** \addtogroup crypto_types
* @{
*/

View File

@ -277,11 +277,8 @@ struct psa_key_derivation_s
size_t capacity;
union
{
struct
{
uint8_t *data;
size_t size;
} buffer;
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
#if defined(MBEDTLS_MD_C)
psa_hkdf_key_derivation_t hkdf;
psa_tls12_prf_key_derivation_t tls12_prf;
@ -289,7 +286,8 @@ struct psa_key_derivation_s
} ctx;
};
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {{0, 0}}}
/* This only zeroes out the first byte in the union, the rest is unspecified. */
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {0}}
static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;

View File

@ -3865,16 +3865,6 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation
* nothing to do. */
}
else
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
if( operation->ctx.buffer.data != NULL )
{
mbedtls_platform_zeroize( operation->ctx.buffer.data,
operation->ctx.buffer.size );
mbedtls_free( operation->ctx.buffer.data );
}
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
@ -4213,23 +4203,6 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *op
}
operation->capacity -= output_length;
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
/* Initially, the capacity of a selection operation is always
* the size of the buffer, i.e. `operation->ctx.buffer.size`,
* abbreviated in this comment as `size`. When the remaining
* capacity is `c`, the next bytes to serve start `c` bytes
* from the end of the buffer, i.e. `size - c` from the
* beginning of the buffer. Since `operation->capacity` was just
* decremented above, we need to serve the bytes from
* `size - operation->capacity - output_length` to
* `size - operation->capacity`. */
size_t offset =
operation->ctx.buffer.size - operation->capacity - output_length;
memcpy( output, operation->ctx.buffer.data + offset, output_length );
status = PSA_SUCCESS;
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
@ -4237,16 +4210,17 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *op
status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
output, output_length );
}
else
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
kdf_alg, output,
output_length );
}
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
else
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
#endif /* MBEDTLS_MD_C */
{
return( PSA_ERROR_BAD_STATE );
@ -4509,23 +4483,6 @@ static psa_status_t psa_key_derivation_internal(
/* Set operation->alg even on failure so that abort knows what to do. */
operation->alg = alg;
if( alg == PSA_ALG_SELECT_RAW )
{
(void) salt;
if( salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
(void) label;
if( label_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
operation->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
if( operation->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( operation->ctx.buffer.data, secret, secret_length );
operation->ctx.buffer.size = secret_length;
max_capacity = secret_length;
status = PSA_SUCCESS;
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( alg ) )
{
@ -4848,25 +4805,6 @@ static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_key_derivation_input_raw(
psa_key_derivation_operation_t *operation,
const uint8_t *data,
size_t data_length )
{
if( operation->capacity != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
operation->ctx.buffer.data = mbedtls_calloc( 1, data_length );
if( operation->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( operation->ctx.buffer.data, data, data_length );
operation->ctx.buffer.size = data_length;
operation->capacity = data_length;
return PSA_SUCCESS;
}
static psa_status_t psa_key_derivation_input_internal(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
@ -4876,11 +4814,6 @@ static psa_status_t psa_key_derivation_input_internal(
psa_status_t status;
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
status = psa_key_derivation_input_raw( operation, data, data_length );
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{

View File

@ -1767,10 +1767,6 @@ PSA key derivation: TLS 1.2 PRF SHA-256, good case
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_setup:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key derivation: not a key derivation algorithm (selection)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_setup:PSA_ALG_SELECT_RAW:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: not a key derivation algorithm (HMAC)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT