mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-01 22:20:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

psa: driver wrapper: Change cipher_*_setup signatures

Browse Source 
Change the signature of
psa_driver_wrapper_cipher_encrypt/decrypt_setup to
that of a PSA driver cipher_encrypt/decrypt_setup
entry point.

Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-12-14 14:36:06 +01:00
parent d6d28885f0
commit a4af55f14f
3 changed files with 94 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
library/psa_crypto.c
View File

@ -3418,14 +3418,22 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
else else
operation->iv_required = 1; operation->iv_required = 1;
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Try doing the operation through a driver before using software fallback. */ /* Try doing the operation through a driver before using software fallback. */
if( cipher_operation == MBEDTLS_ENCRYPT ) if( cipher_operation == MBEDTLS_ENCRYPT )
status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, status = psa_driver_wrapper_cipher_encrypt_setup( operation,
slot, &attributes,
slot->key.data,
slot->key.bytes,
alg ); alg );
else else
status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, status = psa_driver_wrapper_cipher_decrypt_setup( operation,
slot, &attributes,
slot->key.data,
slot->key.bytes,
alg ); alg );
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
@ -3439,9 +3447,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
psa_key_lifetime_is_external( slot->attr.lifetime ) ) psa_key_lifetime_is_external( slot->attr.lifetime ) )
goto exit; goto exit;
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Try doing the operation through a driver before using software fallback. */ /* Try doing the operation through a driver before using software fallback. */
if( cipher_operation == MBEDTLS_ENCRYPT ) if( cipher_operation == MBEDTLS_ENCRYPT )
status = mbedtls_psa_cipher_encrypt_setup( operation, &attributes, status = mbedtls_psa_cipher_encrypt_setup( operation, &attributes,

138
library/psa_crypto_driver_wrappers.c
View File

@ -710,16 +710,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
} }
psa_status_t psa_driver_wrapper_cipher_encrypt_setup( psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_operation_driver_context_t *operation, psa_cipher_operation_t *operation,
psa_key_slot_t *slot, const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg ) psa_algorithm_t alg )
{ {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_location_t location =
psa_key_attributes_t attributes = { PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
.core = slot->attr void *driver_ctx = NULL;
};
switch( location ) switch( location )
{ {
@ -727,25 +727,28 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
/* Key is stored in the slot in export representation, so /* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */ * cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); driver_ctx = mbedtls_calloc( 1,
if( operation->ctx == NULL ) sizeof( test_transparent_cipher_operation_t ) );
if( driver_ctx == NULL )
return PSA_ERROR_INSUFFICIENT_MEMORY; return PSA_ERROR_INSUFFICIENT_MEMORY;
status = test_transparent_cipher_encrypt_setup( operation->ctx, status = test_transparent_cipher_encrypt_setup( driver_ctx,
&attributes, attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg ); alg );
/* Declared with fallback == true */ /* Declared with fallback == true */
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; {
operation->ctx.driver.id =
PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
operation->ctx.driver.ctx = driver_ctx;
}
else else
{ {
mbedtls_platform_zeroize( mbedtls_platform_zeroize( driver_ctx,
operation->ctx,
sizeof( test_transparent_cipher_operation_t ) ); sizeof( test_transparent_cipher_operation_t ) );
mbedtls_free( operation->ctx ); mbedtls_free( driver_ctx );
operation->ctx = NULL;
} }
return( status ); return( status );
@ -755,24 +758,26 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
/* Add cases for opaque driver here */ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME: case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); driver_ctx =
if( operation->ctx == NULL ) mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
if( driver_ctx == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY ); return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = test_opaque_cipher_encrypt_setup( operation->ctx, status = test_opaque_cipher_encrypt_setup( driver_ctx,
&attributes, attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg ); alg );
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; {
operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
operation->ctx.driver.ctx = driver_ctx;
}
else else
{ {
mbedtls_platform_zeroize( mbedtls_platform_zeroize(
operation->ctx, driver_ctx, sizeof( test_opaque_cipher_operation_t ) );
sizeof( test_opaque_cipher_operation_t ) ); mbedtls_free( driver_ctx );
mbedtls_free( operation->ctx );
operation->ctx = NULL;
} }
return( status ); return( status );
@ -782,25 +787,27 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
} }
#else /* PSA_CRYPTO_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)slot;
(void)alg;
(void)operation; (void)operation;
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_DRIVER_PRESENT */
} }
psa_status_t psa_driver_wrapper_cipher_decrypt_setup( psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_operation_driver_context_t *operation, psa_cipher_operation_t *operation,
psa_key_slot_t *slot, const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg ) psa_algorithm_t alg )
{ {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_location_t location =
psa_key_attributes_t attributes = { PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
.core = slot->attr void *driver_ctx = NULL;
};
switch( location ) switch( location )
{ {
@ -808,25 +815,28 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
/* Key is stored in the slot in export representation, so /* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */ * cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); driver_ctx = mbedtls_calloc( 1,
if( operation->ctx == NULL ) sizeof( test_transparent_cipher_operation_t ) );
return( PSA_ERROR_INSUFFICIENT_MEMORY ); if( driver_ctx == NULL )
return PSA_ERROR_INSUFFICIENT_MEMORY;
status = test_transparent_cipher_decrypt_setup( operation->ctx, status = test_transparent_cipher_decrypt_setup( driver_ctx,
&attributes, attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg ); alg );
/* Declared with fallback == true */ /* Declared with fallback == true */
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; {
operation->ctx.driver.id =
PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
operation->ctx.driver.ctx = driver_ctx;
}
else else
{ {
mbedtls_platform_zeroize( mbedtls_platform_zeroize( driver_ctx,
operation->ctx,
sizeof( test_transparent_cipher_operation_t ) ); sizeof( test_transparent_cipher_operation_t ) );
mbedtls_free( operation->ctx ); mbedtls_free( driver_ctx );
operation->ctx = NULL;
} }
return( status ); return( status );
@ -836,24 +846,26 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
/* Add cases for opaque driver here */ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME: case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); driver_ctx =
if( operation->ctx == NULL ) mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
return PSA_ERROR_INSUFFICIENT_MEMORY; if( driver_ctx == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = test_opaque_cipher_decrypt_setup( operation->ctx, status = test_opaque_cipher_decrypt_setup( driver_ctx,
&attributes, attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg ); alg );
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; {
operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
operation->ctx.driver.ctx = driver_ctx;
}
else else
{ {
mbedtls_platform_zeroize( mbedtls_platform_zeroize(
operation->ctx, driver_ctx, sizeof( test_opaque_cipher_operation_t ) );
sizeof( test_opaque_cipher_operation_t ) ); mbedtls_free( driver_ctx );
mbedtls_free( operation->ctx );
operation->ctx = NULL;
} }
return( status ); return( status );
@ -863,9 +875,11 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
} }
#else /* PSA_CRYPTO_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)slot;
(void)alg;
(void)operation; (void)operation;
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_DRIVER_PRESENT */

10
library/psa_crypto_driver_wrappers.h
View File

@ -90,13 +90,15 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
size_t *output_length ); size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_encrypt_setup( psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_operation_driver_context_t *operation, psa_cipher_operation_t *operation,
psa_key_slot_t *slot, const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg ); psa_algorithm_t alg );
psa_status_t psa_driver_wrapper_cipher_decrypt_setup( psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_operation_driver_context_t *operation, psa_cipher_operation_t *operation,
psa_key_slot_t *slot, const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg ); psa_algorithm_t alg );
psa_status_t psa_driver_wrapper_cipher_generate_iv( psa_status_t psa_driver_wrapper_cipher_generate_iv(