mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-17 05:12:57 +01:00
sys/psa_crypto: wipe temporary private key copies from stack
This commit is contained in:
parent
335c4f8c0c
commit
7b9c113c99
@ -21,6 +21,7 @@
|
||||
#include "psa_error.h"
|
||||
#include "psa_cryptocell_310_ecc_common.h"
|
||||
#include "cryptocell_310_util.h"
|
||||
#include "string_utils.h"
|
||||
|
||||
#define ENABLE_DEBUG 0
|
||||
#include "debug.h"
|
||||
@ -67,6 +68,7 @@ psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffe
|
||||
return CRYS_to_psa_error(ret);
|
||||
}
|
||||
|
||||
explicit_bzero(&priv_key, sizeof(priv_key));
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
@ -89,7 +91,7 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key,
|
||||
ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key);
|
||||
if (ret != CRYS_OK) {
|
||||
DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||
return CRYS_to_psa_error(ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
cryptocell_310_enable();
|
||||
@ -99,10 +101,12 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key,
|
||||
cryptocell_310_disable();
|
||||
if (ret != CRYS_OK) {
|
||||
DEBUG("CRYS_ECDSA_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||
return CRYS_to_psa_error(ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
return PSA_SUCCESS;
|
||||
done:
|
||||
explicit_bzero(&user_priv_key, sizeof(user_priv_key));
|
||||
return CRYS_to_psa_error(ret);
|
||||
}
|
||||
|
||||
psa_status_t cryptocell_310_common_ecc_verify(const uint8_t *pub_key,
|
||||
|
@ -21,6 +21,7 @@
|
||||
#include "crys_ec_edw_api.h"
|
||||
#include "psa_error.h"
|
||||
#include "cryptocell_310_util.h"
|
||||
#include "string_utils.h"
|
||||
|
||||
#define ENABLE_DEBUG 0
|
||||
#include "debug.h"
|
||||
@ -49,13 +50,15 @@ psa_status_t psa_generate_ecc_ed25519_key_pair( uint8_t *priv_key_buffer,
|
||||
cryptocell_310_disable();
|
||||
if (ret != CRYS_OK) {
|
||||
DEBUG("CRYS_ECEDW_KeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||
return CRYS_to_psa_error(ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
memcpy(priv_key_buffer, secret_key, CRYS_ECEDW_ORD_SIZE_IN_BYTES);
|
||||
memcpy(pub_key_buffer, &secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES], CRYS_ECEDW_MOD_SIZE_IN_BYTES);
|
||||
|
||||
return PSA_SUCCESS;
|
||||
done:
|
||||
explicit_bzero(&secret_key, sizeof(secret_key));
|
||||
return CRYS_to_psa_error(ret);
|
||||
}
|
||||
|
||||
psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
|
||||
@ -91,10 +94,12 @@ psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
|
||||
cryptocell_310_disable();
|
||||
if (ret != CRYS_OK) {
|
||||
DEBUG("CRYS_ECEDW_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
||||
return CRYS_to_psa_error(ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
return PSA_SUCCESS;
|
||||
done:
|
||||
explicit_bzero(&secret_key, sizeof(secret_key));
|
||||
return CRYS_to_psa_error(ret);
|
||||
|
||||
(void)signature_size;
|
||||
}
|
||||
|
@ -23,6 +23,8 @@
|
||||
psa_status_t CRYS_to_psa_error(CRYSError_t error)
|
||||
{
|
||||
switch (error) {
|
||||
case CRYS_OK:
|
||||
return PSA_SUCCESS;
|
||||
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
|
||||
case CRYS_HASH_IS_NOT_SUPPORTED:
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
|
Loading…
Reference in New Issue
Block a user