fixup! core: crypto: add Ed25519 support

sa-kib · sa-kib · commit c54d157b5458 · 2022-08-22T16:21:01.000Z
mempool_free()
diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
@@ -2119,17 +2119,17 @@ tee_svc_obj_generate_key_x25519(struct tee_obj *o,
 				uint32_t param_count)
 {
 	TEE_Result res = TEE_ERROR_GENERIC;
-	struct x25519_keypair *tee_x25519_key = NULL;
+	struct x25519_keypair *key = NULL;
 
 	/* Copy the present attributes into the obj before starting */
 	res = tee_svc_cryp_obj_populate_type(o, type_props, params,
 					     param_count);
 	if (res != TEE_SUCCESS)
 		return res;
 
-	tee_x25519_key = (struct x25519_keypair *)o->attr;
+	key = o->attr;
 
-	res = crypto_acipher_gen_x25519_key(tee_x25519_key, key_size);
+	res = crypto_acipher_gen_x25519_key(key, key_size);
 	if (res != TEE_SUCCESS)
 		return res;
 
@@ -2174,6 +2174,7 @@ tee_svc_obj_ed25519_sign(struct ed25519_keypair *key,
 			 uint8_t *sig, size_t *sig_len,
 			 const TEE_Attribute *params, size_t num_params)
 {
+	TEE_Result err;
 	size_t n;
 	size_t ctx_len = 0;
 	uint8_t *ctx = NULL;
@@ -2187,26 +2188,33 @@ tee_svc_obj_ed25519_sign(struct ed25519_keypair *key,
 			break;
 
 		case TEE_ATTR_EDDSA_CTX:
-			cx_flag = true;
+			/* only first provided context if effective */
+			if (cx_flag)
+				break;
 			ctx_len = params[n].content.ref.length;
 			if (ctx_len > 255)
 				return TEE_ERROR_BAD_PARAMETERS;
-			ctx = mempool_calloc(mempool_default, 1, 256);
+			ctx = mempool_calloc(mempool_default, 1, ctx_len + 1);
 			if (!ctx)
 				return TEE_ERROR_OUT_OF_MEMORY;
 			memcpy(ctx, params[n].content.ref.buffer, ctx_len);
 			ctx[ctx_len] = 0;
+			cx_flag = true;
 			break;
 
 		default:
 			return TEE_ERROR_BAD_PARAMETERS;
 		}
 	}
 
-	if (ph_flag || cx_flag)
-		return crypto_acipher_ed25519ctx_sign(key, msg, msg_len, sig,
+	if (ph_flag || cx_flag) {
+		err = crypto_acipher_ed25519ctx_sign(key, msg, msg_len, sig,
 						      sig_len, ph_flag,
 						      ctx, ctx_len);
+		if (ctx)
+			mempool_free(mempool_default, ctx);
+		return err;
+	}
 
 	return crypto_acipher_ed25519_sign(key, msg, msg_len, sig, sig_len);
 }
@@ -2217,36 +2225,44 @@ tee_svc_obj_ed25519_verify(struct ed25519_keypair *key,
 			   const uint8_t *sig, size_t sig_len,
 			   const TEE_Attribute *params, size_t num_params)
 {
+	TEE_Result err;
 	size_t n;
 	size_t ctx_len = 0;
-	uint8_t ctx[256] = {0};
-	uint8_t ph_flag = 0;
-	uint8_t cx_flag = 0;
+	uint8_t *ctx = NULL;
+	bool ph_flag = false;
+	bool cx_flag = false;
 
-	for (n = 0u; n < num_params; n++) {
+	for (n = 0; n < num_params; n++) {
 		switch (params[n].attributeID) {
 		case TEE_ATTR_EDDSA_PREHASH:
-			ph_flag = 1;
+			ph_flag = true;
 			break;
 
 		case TEE_ATTR_EDDSA_CTX:
-			cx_flag = 1;
+			/* only first provided context if effective */
+			if (cx_flag)
+				break;
 			ctx_len = params[n].content.ref.length;
 			if (ctx_len > 255)
 				return TEE_ERROR_BAD_PARAMETERS;
-
+			ctx = mempool_calloc(mempool_default, 1, ctx_len + 1);
 			memcpy(ctx, params[n].content.ref.buffer, ctx_len);
 			ctx[ctx_len] = 0;
+			cx_flag = true;
 			break;
 
 		default:
 			return TEE_ERROR_BAD_PARAMETERS;
 		}
 	}
-	if (ph_flag || cx_flag)
-		return crypto_acipher_ed25519ctx_verify(key, msg, msg_len, sig,
+	if (ph_flag || cx_flag) {
+		err = crypto_acipher_ed25519ctx_verify(key, msg, msg_len, sig,
 							sig_len, ph_flag,
 							ctx, ctx_len);
+		if (ctx)
+			mempool_free(mempool_default, ctx);
+		return err;
+	}
 
 	return crypto_acipher_ed25519_verify(key, msg, msg_len, sig, sig_len);
 }
