From 3d91abefac0e6be0a6cc1aa094392181c549acb0 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Tue, 3 Jul 2018 13:15:54 +0300 Subject: [PATCH 1/3] Use PSA_BLOCK_CIPHER_BLOCK_SIZE() macro to get the cipher block size Use PSA_BLOCK_CIPHER_BLOCK_SIZE() macro to get the cipher block size instead of accessing the operation struct additionally, for SPM case, the 'block_size' member is not a member in the operation struct --- tests/suites/test_suite_psa_crypto.function | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1017e88c8..9eac29b43 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1057,7 +1057,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg, TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, iv_size ) == PSA_SUCCESS ); - output_buffer_size = input->len + operation.block_size; + output_buffer_size = (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); @@ -1126,7 +1127,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); - output_buffer_size = input->len + operation.block_size; + output_buffer_size = (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); @@ -1199,7 +1201,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); - output_buffer_size = input->len + operation.block_size; + output_buffer_size = (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); @@ -1273,7 +1276,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, iv_size ) == PSA_SUCCESS ); - output_buffer_size = input->len + operation.block_size; + output_buffer_size = (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); @@ -1343,7 +1347,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, TEST_ASSERT( psa_encrypt_generate_iv( &operation1, iv, iv_size, &iv_length ) == PSA_SUCCESS ); - output1_size = input->len + operation1.block_size; + output1_size = (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); output1 = mbedtls_calloc( 1, output1_size ); TEST_ASSERT( output1 != NULL ); @@ -1429,7 +1434,8 @@ void cipher_verify_output_multipart( int alg_arg, TEST_ASSERT( psa_encrypt_generate_iv( &operation1, iv, iv_size, &iv_length ) == PSA_SUCCESS ); - output1_buffer_size = input->len + operation1.block_size; + output1_buffer_size = (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); output1 = mbedtls_calloc( 1, output1_buffer_size ); TEST_ASSERT( output1 != NULL ); From 2701005b46953d6f993a57115ceda2d1384c8bd1 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Tue, 3 Jul 2018 13:16:15 +0300 Subject: [PATCH 2/3] Modifications for psa-crypto in order to integrate with SPM Add required includes in tests and psa_crypto.c file in order to be able to compilef for the SPM solution. Some functions needed to be deprecated from psa_crypto.c since they already implemented in the SPM. --- library/psa_crypto.c | 15 +++++++++++++-- tests/suites/test_suite_psa_crypto.function | 5 +++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ca461c20e..68fa0ef67 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -27,6 +27,17 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) +//! In case MBEDTLS_PSA_CRYPTO_SPM is defined the code is built for SPM (Secure +//! Partition Manager) integration which separate the code into two parts +//! NSPE (Non-Secure Process Environment) and SPE (Secure Process Environment). +//! In this mode an additional header file should be included. +#if defined(MBEDTLS_PSA_CRYPTO_SPM) +//! PSA_CRYPTO_SECURE means that this file is compiled to the SPE side. +//! some headers will be affected by this flag. +#define PSA_CRYPTO_SECURE 1 +#include "crypto_spe.h" +#endif + #include "psa/crypto.h" #include @@ -2481,7 +2492,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) /****************************************************************/ /* Key Policy */ /****************************************************************/ - +#if !defined(MBEDTLS_PSA_CRYPTO_SPM) void psa_key_policy_init( psa_key_policy_t *policy ) { memset( policy, 0, sizeof( *policy ) ); @@ -2504,7 +2515,7 @@ psa_algorithm_t psa_key_policy_get_algorithm( psa_key_policy_t *policy ) { return( policy->alg ); } - +#endif /* !defined(MBEDTLS_PSA_CRYPTO_SPM) */ psa_status_t psa_set_key_policy( psa_key_slot_t key, const psa_key_policy_t *policy ) { diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9eac29b43..c90447f81 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1,5 +1,10 @@ /* BEGIN_HEADER */ #include + +#if defined(MBEDTLS_PSA_CRYPTO_SPM) +#include "spm/psa_defs.h" +#endif + #include "mbedtls/asn1write.h" #include "psa/crypto.h" From a5c7b7d0ddcfcc1b5313abb28311c0c2c6b39223 Mon Sep 17 00:00:00 2001 From: Mohammad Abo Mokh Date: Wed, 4 Jul 2018 15:57:00 +0300 Subject: [PATCH 3/3] Style fixes --- library/psa_crypto.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 68fa0ef67..6dff2f532 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -26,14 +26,17 @@ #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - -//! In case MBEDTLS_PSA_CRYPTO_SPM is defined the code is built for SPM (Secure -//! Partition Manager) integration which separate the code into two parts -//! NSPE (Non-Secure Process Environment) and SPE (Secure Process Environment). -//! In this mode an additional header file should be included. +/* + * In case MBEDTLS_PSA_CRYPTO_SPM is defined the code is built for SPM (Secure + * Partition Manager) integration which separate the code into two parts + * NSPE (Non-Secure Process Environment) and SPE (Secure Process Environment). + * In this mode an additional header file should be included. + */ #if defined(MBEDTLS_PSA_CRYPTO_SPM) -//! PSA_CRYPTO_SECURE means that this file is compiled to the SPE side. -//! some headers will be affected by this flag. +/* + * PSA_CRYPTO_SECURE means that this file is compiled to the SPE side. + * some headers will be affected by this flag. + */ #define PSA_CRYPTO_SECURE 1 #include "crypto_spe.h" #endif @@ -2492,6 +2495,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) /****************************************************************/ /* Key Policy */ /****************************************************************/ + #if !defined(MBEDTLS_PSA_CRYPTO_SPM) void psa_key_policy_init( psa_key_policy_t *policy ) { @@ -2516,6 +2520,7 @@ psa_algorithm_t psa_key_policy_get_algorithm( psa_key_policy_t *policy ) return( policy->alg ); } #endif /* !defined(MBEDTLS_PSA_CRYPTO_SPM) */ + psa_status_t psa_set_key_policy( psa_key_slot_t key, const psa_key_policy_t *policy ) {