From 11743f91de58569006d6333980f54c1cf9219101 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 18:38:46 +0100 Subject: [PATCH] Migrate MAC update call into the software driver Step 2/x in moving the driver. Separate commits should make for easier review. Additional changes on top of code movement: * Early-return success on input with zero-length to mac_update, to avoid NULL pointers getting passed into the driver dispatch Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 42 ++++++++++------------------------------ library/psa_crypto_mac.c | 33 ++++++++++++++++++++++++++----- 2 files changed, 38 insertions(+), 37 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 075f8ded1..ac772bce3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2405,45 +2405,23 @@ psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation, return( psa_mac_setup( operation, key, alg, 0 ) ); } -psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation, +psa_status_t psa_mac_update( psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ) { - /* Temporary recast to avoid changing a lot of lines */ - mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; - - psa_status_t status = PSA_ERROR_BAD_STATE; - if( ! operation->key_set ) + if( operation->id == 0 ) return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); - operation->has_input = 1; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) - { - int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac, - input, input_length ); - status = mbedtls_to_psa_error( ret ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input, - input_length ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* This shouldn't happen if `operation` was initialized by - * a setup function. */ - return( PSA_ERROR_BAD_STATE ); - } + /* Don't require hash implementations to behave correctly on a + * zero-length input, which may have an invalid pointer. */ + if( input_length == 0 ) + return( PSA_SUCCESS ); + psa_status_t status = psa_driver_wrapper_mac_update( operation, + input, input_length ); if( status != PSA_SUCCESS ) - psa_mac_abort( psa_operation ); + psa_mac_abort( operation ); + return( status ); } diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 03618a583..252afca1f 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -427,11 +427,34 @@ static psa_status_t mac_update( const uint8_t *input, size_t input_length ) { - /* To be fleshed out in a subsequent commit */ - (void) operation; - (void) input; - (void) input_length; - return( PSA_ERROR_NOT_SUPPORTED ); + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + operation->has_input = 1; + +#if defined(BUILTIN_ALG_CMAC) + if( operation->alg == PSA_ALG_CMAC ) + { + return( mbedtls_to_psa_error( + mbedtls_cipher_cmac_update( &operation->ctx.cmac, + input, input_length ) ) ); + } + else +#endif /* BUILTIN_ALG_CMAC */ +#if defined(BUILTIN_ALG_HMAC) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input, + input_length ) ); + } + else +#endif /* BUILTIN_ALG_HMAC */ + { + /* This shouldn't happen if `operation` was initialized by + * a setup function. */ + return( PSA_ERROR_BAD_STATE ); + } } static psa_status_t mac_sign_finish(