From 0b8055982724a2bd6ef8424e120ca782fe34080b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Dec 2020 18:08:20 +0100 Subject: [PATCH] psa: Call cipher setup implementation as a driver Signed-off-by: Ronald Cron --- library/psa_crypto.c | 16 --------- library/psa_crypto_driver_wrappers.c | 54 +++++++++++++++------------- 2 files changed, 29 insertions(+), 41 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 399b37cea..b26a98840 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3443,22 +3443,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->alg = alg; } - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - /* Try doing the operation through a driver before using software fallback. */ - if( cipher_operation == MBEDTLS_ENCRYPT ) - status = mbedtls_psa_cipher_encrypt_setup( operation, &attributes, - slot->key.data, - slot->key.bytes, - alg ); - else - status = mbedtls_psa_cipher_decrypt_setup( operation, &attributes, - slot->key.data, - slot->key.bytes, - alg ); - exit: if( status == PSA_SUCCESS ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 0c5546324..7960a08d6 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -19,6 +19,7 @@ * limitations under the License. */ +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "psa_crypto_driver_wrappers.h" #include "psa_crypto_hash.h" @@ -715,8 +716,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); void *driver_ctx = NULL; @@ -726,6 +726,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) driver_ctx = mbedtls_calloc( 1, sizeof( test_transparent_cipher_operation_t ) ); @@ -751,11 +752,19 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( mbedtls_free( driver_ctx ); } - return( status ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( mbedtls_psa_cipher_encrypt_setup( operation, + attributes, + key_buffer, + key_buffer_size, + alg ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: driver_ctx = @@ -782,19 +791,13 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ + (void)status; + (void)driver_ctx; return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)operation; - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_decrypt_setup( @@ -803,7 +806,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -814,6 +816,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) driver_ctx = mbedtls_calloc( 1, sizeof( test_transparent_cipher_operation_t ) ); @@ -839,11 +842,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( mbedtls_free( driver_ctx ); } - return( status ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( mbedtls_psa_cipher_decrypt_setup( operation, + attributes, + key_buffer, + key_buffer_size, + alg ) ); /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: driver_ctx = @@ -870,19 +880,13 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ + (void)status; + (void)driver_ctx; return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)operation; - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_generate_iv(