diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d3ac4ce618..419be1649c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3286,7 +3286,7 @@ psa_status_t psa_sign_hash_complete( exit: /* Update ops count with work done. */ - operation->num_ops += psa_driver_wrapper_sign_hash_get_num_ops(operation); + operation->num_ops = psa_driver_wrapper_sign_hash_get_num_ops(operation); if (status != PSA_OPERATION_INCOMPLETE) { psa_wipe_output_buffer(signature, status, signature_size, @@ -3413,7 +3413,7 @@ psa_status_t psa_verify_hash_complete( exit: /* Update ops count with work done. */ - operation->num_ops += psa_driver_wrapper_verify_hash_get_num_ops( + operation->num_ops = psa_driver_wrapper_verify_hash_get_num_ops( operation); if (status != PSA_OPERATION_INCOMPLETE) { diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index f74db70888..a00728918c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -638,45 +638,45 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops); uint32_t mbedtls_psa_interruptible_get_max_ops(void); /** - * \brief Get the number of ops that a hash signing operation has taken so - * far. If the operation has completed, then this will represent the - * number of ops required for the entire operation. After initialization - * or calling psa_sign_hash_interruptible_abort() on the operation, a - * value of 0 will be returned. + * \brief Get the number of ops that a hash signing operation has taken for the + * previous call. If no call or work has taken place, this will return + * zero. * * \note The signature of this function is that of a PSA driver - * sign_get_num_ops entry point. This function behaves as a - * sign_get_num_ops entry point as defined in the PSA driver interface - * specification for transparent drivers. + * sign_get_num_ops entry point, however it differs in behaviour from the + * driver function in that this function returns a delta of work done in + * the last call rather than all of the ops done ever by the whole + * operation, due to internal implementation differences. * * \param[in] operation The \c * mbedtls_psa_sign_hash_interruptible_operation_t * to use. This must be initialized first. * - * \return Number of ops that the operation has taken so - * far. + * \return Number of ops that were completed + * in the last call to \c + * mbedtls_psa_sign_hash_complete(). */ uint32_t mbedtls_psa_sign_hash_get_num_ops( const mbedtls_psa_sign_hash_interruptible_operation_t *operation); /** - * \brief Get the number of ops that a hash verification operation has taken - * so far. If the operation has completed, then this will represent the - * number of ops required for the entire operation. After initialization - * or calling psa_verify_hash_interruptible_abort() on the operation, a - * value of 0 will be returned. + * \brief Get the number of ops that a hash verification operation has taken for + * the previous call. If no call or work has taken place, this will + * return zero. * * \note The signature of this function is that of a PSA driver - * verify_get_num_ops entry point. This function behaves as a - * verify_get_num_ops entry point as defined in the PSA driver interface - * specification for transparent drivers. + * verify_get_num_ops entry point however it differs in behaviour from the + * driver function in that this function returns a delta of work done in + * the last call rather than all of the ops done ever by the whole + * operation, due to internal implementation differences. * * \param[in] operation The \c * mbedtls_psa_verify_hash_interruptible_operation_t * to use. This must be initialized first. * - * \return Number of ops that the operation has taken so - * far. + * \return Number of ops that were completed + * in the last call to \c + * mbedtls_psa_verify_hash_complete(). */ uint32_t mbedtls_psa_verify_hash_get_num_ops( const mbedtls_psa_verify_hash_interruptible_operation_t *operation); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 2b2b02571a..fba8990337 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -453,7 +453,11 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops( return 0; case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_sign_hash_get_num_ops( + /* Internal implementation returns a delta of ops completed in the + * last call to complete(), so need to add in ops already completed + * before this.*/ + return( operation->num_ops + + mbedtls_psa_sign_hash_get_num_ops( &operation->ctx.mbedtls_ctx ) ); @@ -478,7 +482,11 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops( return 0; case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_verify_hash_get_num_ops( + /* Internal implementation returns a delta of ops completed in the + * last call to complete(), so need to add in ops already completed + * before this.*/ + return ( operation->num_ops + + mbedtls_psa_verify_hash_get_num_ops( &operation->ctx.mbedtls_ctx ) );