Fix issues with get_{sign/verify}_num_ops

Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

include/psa/crypto_struct.h

@@ -508,7 +508,7 @@ struct psa_sign_hash_interruptible_operation_s {
 
     psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx);
 
-    size_t MBEDTLS_PRIVATE(num_ops);
+    uint32_t MBEDTLS_PRIVATE(num_ops);
 };
 
 #define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 }
@@ -539,7 +539,7 @@ struct psa_verify_hash_interruptible_operation_s {
 
     psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx);
 
-    size_t MBEDTLS_PRIVATE(num_ops);
+    uint32_t MBEDTLS_PRIVATE(num_ops);
 };
 
 #define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 }

library/psa_crypto.c

@@ -3146,13 +3146,13 @@ uint32_t psa_interruptible_get_max_ops(void)
 uint32_t psa_sign_hash_get_num_ops(
     const psa_sign_hash_interruptible_operation_t *operation)
 {
-    return psa_driver_wrapper_sign_hash_get_num_ops(operation);
+    return operation->num_ops;
 }
 
 uint32_t psa_verify_hash_get_num_ops(
     const psa_verify_hash_interruptible_operation_t *operation)
 {
-    return psa_driver_wrapper_verify_hash_get_num_ops(operation);
+    return operation->num_ops;
 }
 
 psa_status_t psa_sign_hash_start(
@@ -3192,6 +3192,9 @@ psa_status_t psa_sign_hash_start(
         .core = slot->attr
     };
 
+    /* Ensure ops count gets reset, in case of operation re-use. */
+    operation->num_ops = 0;
+
     status = psa_driver_wrapper_sign_hash_start(operation, &attributes,
                                                 slot->key.data,
                                                 slot->key.bytes, alg,
@@ -3238,6 +3241,9 @@ psa_status_t psa_sign_hash_complete(
                                                    signature_length);
 exit:
 
+    /* Update ops count with work done. */
+    operation->num_ops += psa_driver_wrapper_sign_hash_get_num_ops(operation);
+
     if (status != PSA_OPERATION_INCOMPLETE) {
         /* Fill the unused part of the output buffer (the whole buffer on error,
          * the trailing part on success) with something that isn't a valid
@@ -3308,6 +3314,9 @@ psa_status_t psa_verify_hash_start(
         .core = slot->attr
     };
 
+    /* Ensure ops count gets reset, in case of operation re-use. */
+    operation->num_ops = 0;
+
     status = psa_driver_wrapper_verify_hash_start(operation, &attributes,
                                                   slot->key.data,
                                                   slot->key.bytes,
@@ -3340,6 +3349,10 @@ psa_status_t psa_verify_hash_complete(
 
 exit:
 
+    /* Update ops count with work done. */
+    operation->num_ops += psa_driver_wrapper_verify_hash_get_num_ops(
+        operation);
+
     if (status != PSA_OPERATION_INCOMPLETE) {
         psa_verify_hash_abort(operation);
     }

scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja

@@ -448,6 +448,10 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
 {
     switch( operation->id )
     {
+        /* If uninitialised, return 0, as no work can have been done. */
+        case 0:
+            return 0;
+
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
             return( mbedtls_psa_sign_hash_get_num_ops(
                                                 &operation->ctx.mbedtls_ctx )
@@ -469,6 +473,10 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
 {
     switch( operation->id )
     {
+        /* If uninitialised, return 0, as no work can have been done. */
+        case 0:
+            return 0;
+
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
             return( mbedtls_psa_verify_hash_get_num_ops(
                                                 &operation->ctx.mbedtls_ctx )