Get rid of large stack buffers in PSA sign wrapper
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index e576f73..e8b26db 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -761,88 +761,13 @@
type == MBEDTLS_PK_ECDSA );
}
-/* Like mbedtls_asn1_write_mpi, but from a buffer */
-static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
- const unsigned char *src, size_t slen )
+/* translate PSA errors to best PK approximation */
+static int pk_err_from_psa( psa_status_t status )
{
- int ret;
- size_t len = 0;
-
- if( (size_t)( *p - start ) < slen )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
- len = slen;
- *p -= len;
- memcpy( *p, src, len );
-
- if( **p & 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
- *--(*p) = 0x00;
- len += 1;
- }
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
-
- return( (int) len );
-}
-
-/* Transcode signature from PSA format to ASN.1 sequence.
- * See ecdsa_signature_to_asn1 in ecdsa.c.
- *
- * [in] sig: the signature in PSA format
- * [in/out] sig_len: signature length pre- and post-transcoding
- * [out] dst: the signature in ASN.1 format
- */
-static int pk_ecdsa_sig_asn1_from_psa( const unsigned char *sig, size_t *sig_len,
- unsigned char *dst )
-{
- int ret;
- unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
- unsigned char *p = buf + sizeof( buf );
- size_t len = 0;
- const size_t mpi_len = *sig_len / 2;
-
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, buf, sig + mpi_len, mpi_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, buf, sig, mpi_len ) );
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
- memcpy( dst, p, len );
- *sig_len = len;
-
- return( 0 );
-}
-
-static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
- const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
- psa_status_t status;
- psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
- /* PSA needs a buffer of know size */
- unsigned char buf[2 * MBEDTLS_ECP_MAX_BYTES];
- const size_t buf_len = sizeof( buf );
-
- /* PSA has its own RNG */
- (void) f_rng;
- (void) p_rng;
-
- status = psa_asymmetric_sign( *key, alg, hash, hash_len,
- buf, buf_len, sig_len );
-
- /* translate errors to best approximation */
switch( status )
{
case PSA_SUCCESS:
- break; /* don't return now */
+ return( 0 );
case PSA_ERROR_NOT_SUPPORTED:
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
case PSA_ERROR_INSUFFICIENT_MEMORY:
@@ -858,12 +783,109 @@
default: /* should never happen */
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
}
+}
- pk_ecdsa_sig_asn1_from_psa( buf, sig_len, sig );
+/*
+ * Like mbedtls_asn1_write_mpi(), but from a buffer.
+ *
+ * p: pointer to the end of the output buffer
+ * start: start of the output buffer, and also of the mpi to write at the end
+ * n_len: length ot the mpi to read from start
+ */
+static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
+ size_t n_len )
+{
+ int ret;
+ size_t len = 0;
+
+ if( (size_t)( *p - start ) < n_len )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = n_len;
+ *p -= len;
+ memmove( *p, start, len );
+
+ /* if the msb is 1, ASN.1 requires that we prepend a 0.
+ * we're never called with n_len == 0, so we can always read back a byte */
+ if( **p & 0x80 )
+ {
+ if( *p - start < 1 )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = 0x00;
+ len += 1;
+ }
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_INTEGER ) );
+
+ return( (int) len );
+}
+
+/* Transcode signature from PSA format to ASN.1 sequence.
+ * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
+ * MPIs, and in-place.
+ *
+ * [in/out] sig: the signature pre- and post-transcoding
+ * [in/out] sig_len: signature length pre- and post-transcoding
+ * [int] buf_len: the available size the in/out buffer
+ */
+static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
+ size_t buf_len )
+{
+ int ret;
+ size_t len = 0;
+ const size_t rs_len = *sig_len / 2;
+ unsigned char *p = sig + buf_len;
+
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+ memmove( sig, p, len );
+ *sig_len = len;
return( 0 );
}
+static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
+ psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ size_t bits, buf_len;
+ psa_status_t status;
+
+ /* PSA has its own RNG */
+ (void) f_rng;
+ (void) p_rng;
+
+ /* PSA needs an output buffer of known size, but our API doesn't provide
+ * that information. Assume that the buffer is large enough for a
+ * maximal-length signature with that key (otherwise the application is
+ * buggy anyway). */
+ status = psa_get_key_information( *key, NULL, &bits );
+ if( status != PSA_SUCCESS )
+ return( pk_err_from_psa( status ) );
+
+ buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( bits );
+
+ /* make the signature */
+ status = psa_asymmetric_sign( *key, alg, hash, hash_len,
+ sig, buf_len, sig_len );
+ if( status != PSA_SUCCESS )
+ return( pk_err_from_psa( status ) );
+
+ /* transcode it to ASN.1 sequence */
+ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
+}
+
const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",