From c8c89eda5dd1a89267cd2ded7ff6219db5b8dc43 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:35:28 +0000 Subject: [PATCH 1/6] Fix psa_key_derivation_input_integer() not detecting bad state Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-key-derive-bad-state-error.txt | 3 +++ library/psa_crypto.c | 6 ++++++ tests/suites/test_suite_psa_crypto.function | 10 ++++++++++ 3 files changed, 19 insertions(+) create mode 100644 ChangeLog.d/fix-key-derive-bad-state-error.txt diff --git a/ChangeLog.d/fix-key-derive-bad-state-error.txt b/ChangeLog.d/fix-key-derive-bad-state-error.txt new file mode 100644 index 0000000000..0bccf77682 --- /dev/null +++ b/ChangeLog.d/fix-key-derive-bad-state-error.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix issue where psa_key_derivation_input_integer() is not detecting + bad state after an operation has been aborted. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ec5934e0e0..69d037b8a1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4751,6 +4751,12 @@ static psa_status_t psa_key_derivation_input_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); + if (kdf_alg == 0) { + /* This is a blank or aborted operation. */ + status = PSA_ERROR_BAD_STATE; + goto exit; + } + status = psa_key_derivation_check_input_type(step, key_type); if (status != PSA_SUCCESS) { goto exit; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 21b768bd3a..838717e60c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4566,6 +4566,16 @@ void derive_input(int alg_arg, } TEST_EQUAL(actual_output_status, expected_output_status); + /* Test calling input functions after operation has been aborted + result in PSA_ERROR_BAD_STATE error. + */ + psa_key_derivation_abort(&operation); + + TEST_EQUAL(psa_key_derivation_input_bytes( + &operation, steps[0], + inputs[0]->x, inputs[0]->len), + PSA_ERROR_BAD_STATE); + exit: psa_key_derivation_abort(&operation); for (i = 0; i < ARRAY_LENGTH(keys); i++) { From fd01e44cbe4804d2d23d7466f08eda66870db51b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:42:55 +0000 Subject: [PATCH 2/6] Simplify testing psa_key_derivation_input_*() bad state Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.data | 4 ++++ tests/suites/test_suite_psa_crypto.function | 14 +++----------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 718b10c5dc..eff07ad35e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3454,6 +3454,10 @@ PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: reject calling input functions without calling setup +depends_on:PSA_WANT_ALG_SHA_256 +derive_input:0:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_DERIVE:"61206c6162656c":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 838717e60c..39dd89ae7a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4520,7 +4520,9 @@ void derive_input(int alg_arg, psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); - PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); + if (alg != 0) { + PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); + } for (i = 0; i < ARRAY_LENGTH(steps); i++) { mbedtls_test_set_step(i); @@ -4566,16 +4568,6 @@ void derive_input(int alg_arg, } TEST_EQUAL(actual_output_status, expected_output_status); - /* Test calling input functions after operation has been aborted - result in PSA_ERROR_BAD_STATE error. - */ - psa_key_derivation_abort(&operation); - - TEST_EQUAL(psa_key_derivation_input_bytes( - &operation, steps[0], - inputs[0]->x, inputs[0]->len), - PSA_ERROR_BAD_STATE); - exit: psa_key_derivation_abort(&operation); for (i = 0; i < ARRAY_LENGTH(keys); i++) { From 76bafb6a330b5e4487984d5200d3b8f16487ed2d Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 13:12:36 +0000 Subject: [PATCH 3/6] Replace zero by PSA_ALG_NONE in key derivation testing Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index eff07ad35e..3881173886 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3456,7 +3456,7 @@ derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)): PSA key derivation: reject calling input functions without calling setup depends_on:PSA_WANT_ALG_SHA_256 -derive_input:0:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_DERIVE:"61206c6162656c":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_NONE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_DERIVE:"61206c6162656c":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 From 3dee9a92e4b6b5fd56ef9b94f0ab42629bcd13d2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:48:40 +0000 Subject: [PATCH 4/6] Replace zero by PSA_ALG_NONE in key derivation test function Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 39dd89ae7a..837a137a93 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4520,7 +4520,7 @@ void derive_input(int alg_arg, psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); - if (alg != 0) { + if (alg != PSA_ALG_NONE) { PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); } From e014887ea57dbe323279598dbeaf704dd3a382df Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 15:01:38 +0000 Subject: [PATCH 5/6] Fix code style for key derivation input function Signed-off-by: Waleed Elmelegy --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 69d037b8a1..55eadc489a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4752,7 +4752,7 @@ static psa_status_t psa_key_derivation_input_internal( psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); if (kdf_alg == 0) { - /* This is a blank or aborted operation. */ + /* This is a blank or aborted operation. */ status = PSA_ERROR_BAD_STATE; goto exit; } From 254cadac7027e7f5d8aca9c19868ba2ab54f504c Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 11 Mar 2025 12:27:34 +0000 Subject: [PATCH 6/6] Replace zero by PSA_ALG_NONE in key derivation internal functions Signed-off-by: Waleed Elmelegy --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 55eadc489a..b01f948fac 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4751,7 +4751,7 @@ static psa_status_t psa_key_derivation_input_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); - if (kdf_alg == 0) { + if (kdf_alg == PSA_ALG_NONE) { /* This is a blank or aborted operation. */ status = PSA_ERROR_BAD_STATE; goto exit;