mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
sys/psa_crypto: wipe temporary private key copies from stack
This commit is contained in:
parent
335c4f8c0c
commit
7b9c113c99
@ -21,6 +21,7 @@
|
|||||||
#include "psa_error.h"
|
#include "psa_error.h"
|
||||||
#include "psa_cryptocell_310_ecc_common.h"
|
#include "psa_cryptocell_310_ecc_common.h"
|
||||||
#include "cryptocell_310_util.h"
|
#include "cryptocell_310_util.h"
|
||||||
|
#include "string_utils.h"
|
||||||
|
|
||||||
#define ENABLE_DEBUG 0
|
#define ENABLE_DEBUG 0
|
||||||
#include "debug.h"
|
#include "debug.h"
|
||||||
@ -67,6 +68,7 @@ psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffe
|
|||||||
return CRYS_to_psa_error(ret);
|
return CRYS_to_psa_error(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
explicit_bzero(&priv_key, sizeof(priv_key));
|
||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -89,7 +91,7 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key,
|
|||||||
ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key);
|
ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key);
|
||||||
if (ret != CRYS_OK) {
|
if (ret != CRYS_OK) {
|
||||||
DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||||
return CRYS_to_psa_error(ret);
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
cryptocell_310_enable();
|
cryptocell_310_enable();
|
||||||
@ -99,10 +101,12 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key,
|
|||||||
cryptocell_310_disable();
|
cryptocell_310_disable();
|
||||||
if (ret != CRYS_OK) {
|
if (ret != CRYS_OK) {
|
||||||
DEBUG("CRYS_ECDSA_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
DEBUG("CRYS_ECDSA_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||||
return CRYS_to_psa_error(ret);
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
return PSA_SUCCESS;
|
done:
|
||||||
|
explicit_bzero(&user_priv_key, sizeof(user_priv_key));
|
||||||
|
return CRYS_to_psa_error(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t cryptocell_310_common_ecc_verify(const uint8_t *pub_key,
|
psa_status_t cryptocell_310_common_ecc_verify(const uint8_t *pub_key,
|
||||||
|
@ -21,6 +21,7 @@
|
|||||||
#include "crys_ec_edw_api.h"
|
#include "crys_ec_edw_api.h"
|
||||||
#include "psa_error.h"
|
#include "psa_error.h"
|
||||||
#include "cryptocell_310_util.h"
|
#include "cryptocell_310_util.h"
|
||||||
|
#include "string_utils.h"
|
||||||
|
|
||||||
#define ENABLE_DEBUG 0
|
#define ENABLE_DEBUG 0
|
||||||
#include "debug.h"
|
#include "debug.h"
|
||||||
@ -49,13 +50,15 @@ psa_status_t psa_generate_ecc_ed25519_key_pair( uint8_t *priv_key_buffer,
|
|||||||
cryptocell_310_disable();
|
cryptocell_310_disable();
|
||||||
if (ret != CRYS_OK) {
|
if (ret != CRYS_OK) {
|
||||||
DEBUG("CRYS_ECEDW_KeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
DEBUG("CRYS_ECEDW_KeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||||
return CRYS_to_psa_error(ret);
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(priv_key_buffer, secret_key, CRYS_ECEDW_ORD_SIZE_IN_BYTES);
|
memcpy(priv_key_buffer, secret_key, CRYS_ECEDW_ORD_SIZE_IN_BYTES);
|
||||||
memcpy(pub_key_buffer, &secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES], CRYS_ECEDW_MOD_SIZE_IN_BYTES);
|
memcpy(pub_key_buffer, &secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES], CRYS_ECEDW_MOD_SIZE_IN_BYTES);
|
||||||
|
|
||||||
return PSA_SUCCESS;
|
done:
|
||||||
|
explicit_bzero(&secret_key, sizeof(secret_key));
|
||||||
|
return CRYS_to_psa_error(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
|
psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
|
||||||
@ -91,10 +94,12 @@ psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
|
|||||||
cryptocell_310_disable();
|
cryptocell_310_disable();
|
||||||
if (ret != CRYS_OK) {
|
if (ret != CRYS_OK) {
|
||||||
DEBUG("CRYS_ECEDW_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
DEBUG("CRYS_ECEDW_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||||
return CRYS_to_psa_error(ret);
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
return PSA_SUCCESS;
|
done:
|
||||||
|
explicit_bzero(&secret_key, sizeof(secret_key));
|
||||||
|
return CRYS_to_psa_error(ret);
|
||||||
|
|
||||||
(void)signature_size;
|
(void)signature_size;
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,8 @@
|
|||||||
psa_status_t CRYS_to_psa_error(CRYSError_t error)
|
psa_status_t CRYS_to_psa_error(CRYSError_t error)
|
||||||
{
|
{
|
||||||
switch (error) {
|
switch (error) {
|
||||||
|
case CRYS_OK:
|
||||||
|
return PSA_SUCCESS;
|
||||||
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
|
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
|
||||||
case CRYS_HASH_IS_NOT_SUPPORTED:
|
case CRYS_HASH_IS_NOT_SUPPORTED:
|
||||||
return PSA_ERROR_NOT_SUPPORTED;
|
return PSA_ERROR_NOT_SUPPORTED;
|
||||||
|
Loading…
Reference in New Issue
Block a user