mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 16:15:32 +00:00
psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on the driver identifier even in the case of the Mbed TLS software implementation (viewed as a driver). Also use the driver identifier to check that an cipher operation context is active or not. This aligns the way hash and cipher multi-part operations are dispatched. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
06aa442bef
commit
49fafa98b1
|
@ -73,11 +73,6 @@ extern "C" {
|
|||
#include "psa/crypto_driver_contexts.h"
|
||||
|
||||
typedef struct {
|
||||
/** Unique ID indicating which driver got assigned to do the
|
||||
* operation. Since driver contexts are driver-specific, swapping
|
||||
* drivers halfway through the operation is not supported.
|
||||
* ID values are auto-generated in psa_driver_wrappers.h */
|
||||
unsigned int id;
|
||||
/** Context structure for the assigned driver, when id is not zero. */
|
||||
void* ctx;
|
||||
} psa_operation_driver_context_t;
|
||||
|
@ -143,10 +138,17 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
|
|||
|
||||
struct psa_cipher_operation_s
|
||||
{
|
||||
/** Unique ID indicating which driver got assigned to do the
|
||||
* operation. Since driver contexts are driver-specific, swapping
|
||||
* drivers halfway through the operation is not supported.
|
||||
* ID values are auto-generated in psa_crypto_driver_wrappers.h
|
||||
* ID value zero means the context is not valid or not assigned to
|
||||
* any driver (i.e. none of the driver contexts are active). */
|
||||
unsigned int id;
|
||||
|
||||
psa_algorithm_t alg;
|
||||
unsigned int iv_required : 1;
|
||||
unsigned int iv_set : 1;
|
||||
unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */
|
||||
uint8_t iv_size;
|
||||
uint8_t block_size;
|
||||
union
|
||||
|
|
|
@ -3393,7 +3393,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
|||
PSA_KEY_USAGE_DECRYPT );
|
||||
|
||||
/* A context must be freshly initialized before it can be set up. */
|
||||
if( operation->alg != 0 )
|
||||
if( operation->id != 0 )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
/* The requested algorithm must be one that can be processed by cipher. */
|
||||
|
@ -3405,11 +3405,12 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
|||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
/* Initialize the operation struct members, except for alg. The alg member
|
||||
/* Initialize the operation struct members, except for id. The id member
|
||||
* is used to indicate to psa_cipher_abort that there are resources to free,
|
||||
* so we only set it after resources have been allocated/initialized. */
|
||||
* so we only set it (in the driver wrapper) after resources have been
|
||||
* allocated/initialized. */
|
||||
operation->alg = alg;
|
||||
operation->iv_set = 0;
|
||||
operation->mbedtls_in_use = 0;
|
||||
operation->iv_size = 0;
|
||||
operation->block_size = 0;
|
||||
if( alg == PSA_ALG_ECB_NO_PADDING )
|
||||
|
@ -3435,13 +3436,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
|||
slot->key.bytes,
|
||||
alg );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
/* Once the driver context is initialized, it needs to be freed using
|
||||
* psa_cipher_abort. Indicate this through setting alg. */
|
||||
operation->alg = alg;
|
||||
}
|
||||
|
||||
exit:
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_cipher_abort( operation );
|
||||
|
@ -3472,7 +3466,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
|
|||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( operation->alg == 0 )
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
@ -3501,7 +3495,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
|
|||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( operation->alg == 0 )
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
@ -3531,7 +3525,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
|
|||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( operation->alg == 0 )
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
@ -3559,7 +3553,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
|
|||
{
|
||||
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||
|
||||
if( operation->alg == 0 )
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
@ -3585,7 +3579,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
|
|||
|
||||
psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
|
||||
{
|
||||
if( operation->alg == 0 )
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
/* The object has (apparently) been initialized but it is not (yet)
|
||||
* in use. It's ok to call abort on such an object, and there's
|
||||
|
@ -3600,9 +3594,9 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
|
|||
|
||||
psa_driver_wrapper_cipher_abort( operation );
|
||||
|
||||
operation->id = 0;
|
||||
operation->alg = 0;
|
||||
operation->iv_set = 0;
|
||||
operation->mbedtls_in_use = 0;
|
||||
operation->iv_size = 0;
|
||||
operation->block_size = 0;
|
||||
operation->iv_required = 0;
|
||||
|
|
|
@ -49,13 +49,7 @@ static psa_status_t cipher_setup(
|
|||
* available for the given algorithm & key. */
|
||||
mbedtls_cipher_init( &operation->ctx.cipher );
|
||||
|
||||
/* Once the cipher context is initialised, it needs to be freed using
|
||||
* psa_cipher_abort. Indicate there is something to be freed through setting
|
||||
* alg, and indicate the operation is being done using mbedtls crypto through
|
||||
* setting mbedtls_in_use. */
|
||||
operation->alg = alg;
|
||||
operation->mbedtls_in_use = 1;
|
||||
|
||||
key_bits = attributes->core.bits;
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
|
||||
key_bits, NULL );
|
||||
|
|
|
@ -741,8 +741,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
/* Declared with fallback == true */
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
operation->ctx.driver.id =
|
||||
PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
||||
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
||||
operation->ctx.driver.ctx = driver_ctx;
|
||||
}
|
||||
else
|
||||
|
@ -757,11 +756,15 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
/* Fell through, meaning no accelerator supports this operation */
|
||||
return( mbedtls_psa_cipher_encrypt_setup( operation,
|
||||
attributes,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg ) );
|
||||
status = mbedtls_psa_cipher_encrypt_setup( operation,
|
||||
attributes,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg );
|
||||
if( status == PSA_SUCCESS )
|
||||
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
||||
|
||||
return( status );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
|
@ -779,7 +782,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
alg );
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
||||
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
||||
operation->ctx.driver.ctx = driver_ctx;
|
||||
}
|
||||
else
|
||||
|
@ -831,8 +834,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
/* Declared with fallback == true */
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
operation->ctx.driver.id =
|
||||
PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
||||
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
||||
operation->ctx.driver.ctx = driver_ctx;
|
||||
}
|
||||
else
|
||||
|
@ -847,11 +849,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
/* Fell through, meaning no accelerator supports this operation */
|
||||
return( mbedtls_psa_cipher_decrypt_setup( operation,
|
||||
attributes,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg ) );
|
||||
status = mbedtls_psa_cipher_decrypt_setup( operation,
|
||||
attributes,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg );
|
||||
if( status == PSA_SUCCESS )
|
||||
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
||||
|
||||
return( status );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
@ -868,7 +875,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
alg );
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
||||
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
||||
operation->ctx.driver.ctx = driver_ctx;
|
||||
}
|
||||
else
|
||||
|
@ -895,15 +902,14 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
|||
size_t iv_size,
|
||||
size_t *iv_length )
|
||||
{
|
||||
if( operation->mbedtls_in_use )
|
||||
return( mbedtls_psa_cipher_generate_iv( operation,
|
||||
iv,
|
||||
iv_size,
|
||||
iv_length ) );
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
switch( operation->ctx.driver.id )
|
||||
switch( operation->id )
|
||||
{
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_generate_iv( operation,
|
||||
iv,
|
||||
iv_size,
|
||||
iv_length ) );
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( test_transparent_cipher_generate_iv(
|
||||
|
@ -911,9 +917,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
|||
iv,
|
||||
iv_size,
|
||||
iv_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
||||
return( test_opaque_cipher_generate_iv(
|
||||
operation->ctx.driver.ctx,
|
||||
|
@ -921,8 +925,8 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
|||
iv_size,
|
||||
iv_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
}
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
@ -932,28 +936,27 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
|
|||
const uint8_t *iv,
|
||||
size_t iv_length )
|
||||
{
|
||||
if( operation->mbedtls_in_use )
|
||||
return( mbedtls_psa_cipher_set_iv( operation,
|
||||
iv,
|
||||
iv_length ) );
|
||||
switch( operation->id )
|
||||
{
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_set_iv( operation,
|
||||
iv,
|
||||
iv_length ) );
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
switch( operation->ctx.driver.id )
|
||||
{
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx,
|
||||
iv,
|
||||
iv_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
||||
return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx,
|
||||
iv,
|
||||
iv_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
}
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
@ -966,17 +969,16 @@ psa_status_t psa_driver_wrapper_cipher_update(
|
|||
size_t output_size,
|
||||
size_t *output_length )
|
||||
{
|
||||
if( operation->mbedtls_in_use )
|
||||
return( mbedtls_psa_cipher_update( operation,
|
||||
input,
|
||||
input_length,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
switch( operation->ctx.driver.id )
|
||||
switch( operation->id )
|
||||
{
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_update( operation,
|
||||
input,
|
||||
input_length,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( test_transparent_cipher_update( operation->ctx.driver.ctx,
|
||||
|
@ -985,8 +987,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
|
|||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
||||
return( test_opaque_cipher_update( operation->ctx.driver.ctx,
|
||||
input,
|
||||
|
@ -995,8 +995,8 @@ psa_status_t psa_driver_wrapper_cipher_update(
|
|||
output_size,
|
||||
output_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
}
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
@ -1007,31 +1007,31 @@ psa_status_t psa_driver_wrapper_cipher_finish(
|
|||
size_t output_size,
|
||||
size_t *output_length )
|
||||
{
|
||||
if( operation->mbedtls_in_use )
|
||||
return( mbedtls_psa_cipher_finish( operation,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
switch( operation->id )
|
||||
{
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_finish( operation,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
switch( operation->ctx.driver.id )
|
||||
{
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( test_transparent_cipher_finish( operation->ctx.driver.ctx,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
||||
return( test_opaque_cipher_finish( operation->ctx.driver.ctx,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
}
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
@ -1039,20 +1039,21 @@ psa_status_t psa_driver_wrapper_cipher_finish(
|
|||
psa_status_t psa_driver_wrapper_cipher_abort(
|
||||
psa_cipher_operation_t *operation )
|
||||
{
|
||||
if( operation->mbedtls_in_use )
|
||||
return( mbedtls_psa_cipher_abort( operation ) );
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_operation_driver_context_t *driver_context = &operation->ctx.driver;
|
||||
|
||||
/* The object has (apparently) been initialized but it is not in use. It's
|
||||
* ok to call abort on such an object, and there's nothing to do. */
|
||||
if( driver_context->ctx == NULL && driver_context->id == 0 )
|
||||
if( ( operation->id != PSA_CRYPTO_MBED_TLS_DRIVER_ID ) &&
|
||||
( driver_context->ctx == NULL ) )
|
||||
return( PSA_SUCCESS );
|
||||
|
||||
switch( driver_context->id )
|
||||
switch( operation->id )
|
||||
{
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_abort( operation ) );
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
status = test_transparent_cipher_abort( driver_context->ctx );
|
||||
|
@ -1061,11 +1062,9 @@ psa_status_t psa_driver_wrapper_cipher_abort(
|
|||
sizeof( test_transparent_cipher_operation_t ) );
|
||||
mbedtls_free( driver_context->ctx );
|
||||
driver_context->ctx = NULL;
|
||||
driver_context->id = 0;
|
||||
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
||||
status = test_opaque_cipher_abort( driver_context->ctx );
|
||||
mbedtls_platform_zeroize(
|
||||
|
@ -1073,13 +1072,13 @@ psa_status_t psa_driver_wrapper_cipher_abort(
|
|||
sizeof( test_opaque_cipher_operation_t ) );
|
||||
mbedtls_free( driver_context->ctx );
|
||||
driver_context->ctx = NULL;
|
||||
driver_context->id = 0;
|
||||
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
}
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)status;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue