mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 02:43:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Get rid of intermediate full-attributes local variables

Browse Source 
Now that a key slot contains the full `psa_key_attributes_t, the temporary
local variables holding a copy of core attributes read from the slot are no
longer needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-02-28 01:18:23 +01:00
parent 7fad3ef3b5
commit 7a5d9201c1
1 changed files with 29 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
library/psa_crypto.c
View File

@ -1324,10 +1324,7 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr.core
};
status = psa_driver_wrapper_export_key(&attributes,
status = psa_driver_wrapper_export_key(&slot->attr,
slot->key.data, slot->key.bytes,
data, data_size, data_length);
@ -1411,7 +1408,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
@ -1437,11 +1433,8 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
status = psa_driver_wrapper_export_public_key(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
data, data_size, data_length);
exit:
@ -2372,7 +2365,6 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
if (operation->id != 0) {
@ -2389,11 +2381,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
&operation->mac_size);
if (status != PSA_SUCCESS) {
goto exit;
@ -2403,13 +2391,13 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
/* Dispatch the MAC setup call with validated input */
if (is_sign) {
status = psa_driver_wrapper_mac_sign_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
} else {
status = psa_driver_wrapper_mac_verify_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
@ -2559,7 +2547,6 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
psa_key_attributes_t attributes;
status = psa_get_and_lock_key_slot_with_policy(
key,
@ -2570,11 +2557,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
&operation_mac_size);
if (status != PSA_SUCCESS) {
goto exit;
@ -2586,7 +2569,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
}
status = psa_driver_wrapper_mac_compute(
&attributes,
&slot->attr,
slot->key.data, slot->key.bytes,
alg,
input, input_length,
@ -2696,7 +2679,6 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
*signature_length = 0;
@ -2728,19 +2710,15 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
if (input_is_message) {
status = psa_driver_wrapper_sign_message(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_size, signature_length);
} else {
status = psa_driver_wrapper_sign_hash(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_size, signature_length);
}
@ -2782,18 +2760,14 @@ static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr.core
};
if (input_is_message) {
status = psa_driver_wrapper_verify_message(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_length);
} else {
status = psa_driver_wrapper_verify_hash(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_length);
}
@ -3031,7 +3005,6 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
(void) input;
(void) input_length;
@ -3056,12 +3029,8 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
status = psa_driver_wrapper_asymmetric_encrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
exit:
@ -3083,7 +3052,6 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
(void) input;
(void) input_length;
@ -3107,12 +3075,8 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
status = psa_driver_wrapper_asymmetric_decrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
@ -3181,7 +3145,6 @@ psa_status_t psa_sign_hash_start(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
/* Check that start has not been previously called, or operation has not
* previously errored. */
@ -3208,14 +3171,10 @@ psa_status_t psa_sign_hash_start(
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
/* Ensure ops count gets reset, in case of operation re-use. */
operation->num_ops = 0;
status = psa_driver_wrapper_sign_hash_start(operation, &attributes,
status = psa_driver_wrapper_sign_hash_start(operation, &slot->attr,
slot->key.data,
slot->key.bytes, alg,
hash, hash_length);
@ -3353,14 +3312,10 @@ psa_status_t psa_verify_hash_start(
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr.core
};
/* Ensure ops count gets reset, in case of operation re-use. */
operation->num_ops = 0;
status = psa_driver_wrapper_verify_hash_start(operation, &attributes,
status = psa_driver_wrapper_verify_hash_start(operation, &slot->attr,
slot->key.data,
slot->key.bytes,
alg, hash, hash_length,
@ -3889,7 +3844,6 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT);
psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
if (operation->id != 0) {
@ -3919,20 +3873,16 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
}
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
/* Try doing the operation through a driver before using software fallback. */
if (cipher_operation == MBEDTLS_ENCRYPT) {
status = psa_driver_wrapper_cipher_encrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
} else {
status = psa_driver_wrapper_cipher_decrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
@ -4145,7 +4095,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
psa_key_attributes_t attributes;
if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@ -4159,10 +4108,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_GENERIC_ERROR;
@ -4182,7 +4127,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
}
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
psa_crypto_buffer_offset(output, default_iv_length),
output_size - default_iv_length, output_length);
@ -4216,7 +4161,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;
if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@ -4230,10 +4174,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@ -4244,7 +4184,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
}
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length);
@ -4353,17 +4293,13 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr.core
};
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_driver_wrapper_aead_encrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
@ -4408,17 +4344,13 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr.core
};
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_driver_wrapper_aead_decrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
@ -4484,7 +4416,6 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
psa_key_attributes_t attributes;
status = psa_aead_check_algorithm(alg);
if (status != PSA_SUCCESS) {
@ -4514,23 +4445,19 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) {
goto exit;
}
if (is_encrypt) {
status = psa_driver_wrapper_aead_encrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
} else {
status = psa_driver_wrapper_aead_decrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
@ -4539,7 +4466,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
goto exit;
}
operation->key_type = psa_get_key_type(&attributes);
operation->key_type = psa_get_key_type(&slot->attr);
exit:
unlock_status = psa_unregister_read_under_mutex(slot);
@ -5842,7 +5769,6 @@ static psa_status_t psa_generate_derived_key_internal(
size_t bytes = PSA_BITS_TO_BYTES(bits);
size_t storage_size = bytes;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
@ -5891,12 +5817,9 @@ static psa_status_t psa_generate_derived_key_internal(
}
slot->attr.bits = (psa_key_bits_t) bits;
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
if (psa_key_lifetime_is_external(attributes.core.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&attributes,
if (psa_key_lifetime_is_external(slot->attr.core.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&slot->attr,
&storage_size);
if (status != PSA_SUCCESS) {
goto exit;
@ -5907,7 +5830,7 @@ static psa_status_t psa_generate_derived_key_internal(
goto exit;
}
status = psa_driver_wrapper_import_key(&attributes,
status = psa_driver_wrapper_import_key(&slot->attr,
data, bytes,
slot->key.data,
slot->key.bytes,
@ -7023,11 +6946,7 @@ static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
return PSA_ERROR_NOT_SUPPORTED;
}
psa_key_attributes_t attributes = {
.core = private_key->attr.core
};
return psa_driver_wrapper_key_agreement(&attributes,
return psa_driver_wrapper_key_agreement(&private_key->attr,
private_key->key.data,
private_key->key.bytes, alg,
peer_key, peer_key_length,
@ -7823,7 +7742,6 @@ psa_status_t psa_pake_set_password_key(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;
psa_key_type_t type;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7838,11 +7756,7 @@ psa_status_t psa_pake_set_password_key(
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr.core
};
type = psa_get_key_type(&attributes);
type = psa_get_key_type(&slot->attr);
if (type != PSA_KEY_TYPE_PASSWORD &&
type != PSA_KEY_TYPE_PASSWORD_HASH) {