Merge #20037 #20038 #20039

20037: nib/_nib-6ln: bail out early if address is no longer assigned [backport 2023.10] r=benpicco a=MrKevinWeiss # Backport of #19999 20038: nanocoap: prevent integer underflow in coap_opt_put_uri_pathquery() [backport 2023.10] r=benpicco a=MrKevinWeiss # Backport of #19994 20039: sys/psa_crypto: Fix macro for public key max size and SE example [backport 2023.10] r=benpicco a=MrKevinWeiss # Backport of #19995 ### Contribution description #### 1. Wrong public key size when using secure elements, introduced by #19954 Fixed conditions for key size macros in `crypto_sizes.h`. #### 2. EdDSA and ECDSA examples fail when using a secure element because of unsopported changes introduced by #19954 Updated `example/psa_crypto` to use only supported functions for secure elements. ### Testing procedure Build `example/psa_crypto` for secure elements and run application Output on master: ``` 2023-10-19 14:33:24,372 # main(): This is RIOT! (Version: 2019.07-devel-22378-gb6772) 2023-10-19 14:33:24,372 # HMAC SHA256 took 56393 us 2023-10-19 14:33:24,372 # Cipher AES 128 took 68826 us 2023-10-19 14:33:24,372 # *** RIOT kernel panic: 2023-10-19 14:33:24,373 # HARD FAULT HANDLER 2023-10-19 14:33:24,373 # 2023-10-19 14:33:24,373 # *** rebooting... ``` Output with fixes: ``` 2023-10-19 13:35:24,715 # main(): This is RIOT! (Version: 2019.07-devel-22384-g8ef66-dev/psa-crypto-fixes) 2023-10-19 13:35:24,715 # HMAC SHA256 took 56374 us 2023-10-19 13:35:24,715 # Cipher AES 128 took 68805 us 2023-10-19 13:35:24,715 # ECDSA took 281164 us 2023-10-19 13:35:24,715 # All Done ``` Co-authored-by: Benjamin Valentin <[email protected]> Co-authored-by: Lena Boeckmann <[email protected]>
RIOT-OS · Nov 2, 2023 · 2ffdc2c · 2ffdc2c
4 parents e15ea85 + ff27c9d + 6f3bd7b + 4f36d87
commit 2ffdc2c
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 31 deletions.
diff --git a/examples/psa_crypto/example_ecdsa_p256.c b/examples/psa_crypto/example_ecdsa_p256.c
@@ -81,10 +81,13 @@ psa_status_t example_ecdsa_p256(void)
     }
 
 #ifdef SECURE_ELEMENT
+    /* Currently there is no support for message signature and verification on secure elements */
     psa_set_key_lifetime(&pubkey_attr, lifetime);
+    psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH);
+#else
+    psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
 #endif
     psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
-    psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
     psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
     psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
 
@@ -99,6 +102,12 @@ psa_status_t example_ecdsa_p256(void)
         return status;
     }
 
+#ifdef SECURE_ELEMENT
+    /* Currently there is only support for hash signature and verification on secure elements,
+       so we can't verify the message, but only the hash */
+    return psa_verify_hash(pubkey_id, ECC_ALG, hash, sizeof(hash), signature, sig_length);
+#endif
+
     /* verify on original message with internal hashing operation */
     return psa_verify_message(pubkey_id, ECC_ALG, msg, sizeof(msg), signature, sig_length);
 }

diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c
@@ -24,7 +24,10 @@
 extern psa_status_t example_cipher_aes_128(void);
 extern psa_status_t example_hmac_sha256(void);
 extern psa_status_t example_ecdsa_p256(void);
+
+#ifndef SECURE_ELEMENT
 extern psa_status_t example_eddsa(void);
+#endif
 
 #ifdef MULTIPLE_SE
 extern psa_status_t example_cipher_aes_128_sec_se(void);
@@ -61,12 +64,14 @@ int main(void)
         printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
     }
 
+#ifndef SECURE_ELEMENT
     start = ztimer_now(ZTIMER_USEC);
     status = example_eddsa();
     printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
         printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
     }
+#endif
 
 #ifdef MULTIPLE_SE
     puts("Running Examples with secondary SE:");

diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h
@@ -965,7 +965,9 @@ extern "C" {
  *
  *          See also @ref PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(@p key_type, @p key_bits).
  */
-#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) || IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P192R1)
+#if (IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) || \
+    IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P192R1) || \
+    IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256))
 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
     (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_ECC_FAMILY_SECT_R1, PSA_MAX_PRIV_KEY_SIZE))
 #else

diff --git a/sys/net/application_layer/nanocoap/nanocoap.c b/sys/net/application_layer/nanocoap/nanocoap.c
@@ -902,8 +902,15 @@ size_t coap_opt_put_string_with_len(uint8_t *buf, uint16_t lastonum, uint16_t op
 
 size_t coap_opt_put_uri_pathquery(uint8_t *buf, uint16_t *lastonum, const char *uri)
 {
+    size_t len;
     const char *query = strchr(uri, '?');
-    size_t len = query ? (size_t)(query - uri - 1) : strlen(uri);
+
+    if (query) {
+        len = (query == uri) ? 0 : (query - uri - 1);
+    } else {
+        len = strlen(uri);
+    }
+
     size_t bytes_out = coap_opt_put_string_with_len(buf, *lastonum,
                                                     COAP_OPT_URI_PATH,
                                                     uri, len, '/');

diff --git a/sys/net/gnrc/network_layer/ipv6/nib/_nib-6ln.c b/sys/net/gnrc/network_layer/ipv6/nib/_nib-6ln.c
@@ -185,12 +185,18 @@ void _handle_rereg_address(const ipv6_addr_t *addr)
 {
     gnrc_netif_t *netif = gnrc_netif_get_by_ipv6_addr(addr);
 
+    if (netif == NULL) {
+        DEBUG("nib: Couldn't re-register %s, address wasn't assigned to any "
+              "interface anymore.\n",
+              ipv6_addr_to_str(addr_str, addr, sizeof(addr_str)));
+        return;
+    }
+
     gnrc_netif_acquire(netif);
     _nib_dr_entry_t *router = _nib_drl_get(NULL, netif->pid);
     const bool router_reachable = (router != NULL) &&
                                   _is_reachable(router->next_hop);
-
-    if (router_reachable && (netif != NULL)) {
+    if (router_reachable) {
         assert((unsigned)netif->pid == _nib_onl_get_if(router->next_hop));
         DEBUG("nib: Re-registering %s",
               ipv6_addr_to_str(addr_str, addr, sizeof(addr_str)));
@@ -200,40 +206,32 @@ void _handle_rereg_address(const ipv6_addr_t *addr)
         _snd_ns(&router->next_hop->ipv6, netif, addr, &router->next_hop->ipv6);
     }
     else {
-        DEBUG("nib: Couldn't re-register %s, no current router found or address "
-              "wasn't assigned to any interface anymore.\n",
+        DEBUG("nib: Couldn't re-register %s, no current router found.\n",
               ipv6_addr_to_str(addr_str, addr, sizeof(addr_str)));
+        netif->ipv6.rs_sent = 0;
+        _handle_search_rtr(netif);
+        goto out;
     }
-    if (netif != NULL) {
-        int idx = gnrc_netif_ipv6_addr_idx(netif, addr);
 
-        if (idx < 0) {
-            DEBUG("nib: %s is not assigned to interface %d anymore.\n",
-                  ipv6_addr_to_str(addr_str, addr, sizeof(addr_str)),
-                  netif->pid);
-        }
-        else if (router_reachable &&
-                 (_is_valid(netif, idx) || (_is_tentative(netif, idx) &&
-                 (gnrc_netif_ipv6_addr_dad_trans(netif, idx) <
-                 SIXLOWPAN_ND_REG_TRANSMIT_NUMOF)))) {
-            uint32_t retrans_time;
+    int idx = gnrc_netif_ipv6_addr_idx(netif, addr);
+    assert(idx >= 0);
 
-            if (_is_valid(netif, idx)) {
-                retrans_time = SIXLOWPAN_ND_MAX_RS_SEC_INTERVAL * MS_PER_SEC;
-            }
-            else {
-                retrans_time = netif->ipv6.retrans_time;
-                /* increment encoded retransmission count */
-                netif->ipv6.addrs_flags[idx]++;
-            }
-            _evtimer_add(&netif->ipv6.addrs[idx], GNRC_IPV6_NIB_REREG_ADDRESS,
-                         &netif->ipv6.addrs_timers[idx], retrans_time);
+    if (_is_valid(netif, idx) || (_is_tentative(netif, idx) &&
+        (gnrc_netif_ipv6_addr_dad_trans(netif, idx) < SIXLOWPAN_ND_REG_TRANSMIT_NUMOF))) {
+        uint32_t retrans_time;
+
+        if (_is_valid(netif, idx)) {
+            retrans_time = SIXLOWPAN_ND_MAX_RS_SEC_INTERVAL * MS_PER_SEC;
         }
         else {
-            netif->ipv6.rs_sent = 0;
-            _handle_search_rtr(netif);
+            retrans_time = netif->ipv6.retrans_time;
+            /* increment encoded retransmission count */
+            netif->ipv6.addrs_flags[idx]++;
         }
+        _evtimer_add(&netif->ipv6.addrs[idx], GNRC_IPV6_NIB_REREG_ADDRESS,
+                     &netif->ipv6.addrs_timers[idx], retrans_time);
     }
+out:
     gnrc_netif_release(netif);
 }