Move the MAC operation structure into the driver headers

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-03-19 17:05:52 +01:00
parent 896d51e584
commit 6e3c2cbb52
4 changed files with 79 additions and 60 deletions

View file

@ -38,8 +38,12 @@
/*
* MAC multi-part operation definitions.
*/
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
#define MBEDTLS_PSA_BUILTIN_MAC
#endif
#if defined(MBEDTLS_MD_C)
#if defined(PSA_WANT_ALG_HMAC)
typedef struct
{
/** The HMAC algorithm in use */
@ -49,22 +53,33 @@ typedef struct
/** The HMAC part of the context. */
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} psa_hmac_internal_data;
#endif /* MBEDTLS_MD_C */
#endif /* PSA_WANT_ALG_HMAC */
#include "mbedtls/cmac.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
#define MBEDTLS_PSA_BUILTIN_MAC
#endif
typedef struct
{
psa_algorithm_t alg;
/* To be fleshed out in a later commit. */
unsigned int key_set : 1;
unsigned int iv_required : 1;
unsigned int iv_set : 1;
unsigned int has_input : 1;
unsigned int is_sign : 1;
uint8_t mac_size;
unsigned int id;
union
{
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(PSA_WANT_ALG_HMAC)
psa_hmac_internal_data hmac;
#endif
#if defined(MBEDTLS_CMAC_C)
mbedtls_cipher_context_t cmac;
#endif
} ctx;
} mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.

View file

@ -130,28 +130,17 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
struct psa_mac_operation_s
{
psa_algorithm_t alg;
unsigned int key_set : 1;
unsigned int iv_required : 1;
unsigned int iv_set : 1;
unsigned int has_input : 1;
unsigned int is_sign : 1;
uint8_t mac_size;
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
* ID values are auto-generated in psa_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
unsigned int id;
union
{
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD_C)
psa_hmac_internal_data hmac;
#endif
#if defined(MBEDTLS_CMAC_C)
mbedtls_cipher_context_t cmac;
#endif
psa_driver_mac_context_t driver;
} ctx;
psa_driver_mac_context_t ctx;
};
#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
#define PSA_MAC_OPERATION_INIT {0, {0}}
static inline struct psa_mac_operation_s psa_mac_operation_init( void )
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;

View file

@ -2328,7 +2328,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg )
/* Initialize the MAC operation structure. Once this function has been
* called, psa_mac_abort can run and will do the right thing. */
static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
static psa_status_t psa_mac_init( mbedtls_psa_mac_operation_t *operation,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
@ -2376,8 +2376,11 @@ static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
psa_status_t psa_mac_abort( psa_mac_operation_t *psa_operation )
{
/* Temporary recast to avoid changing a lot of lines */
mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
if( operation->alg == 0 )
{
/* The object has (apparently) been initialized but it is not
@ -2425,7 +2428,7 @@ bad_state:
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation,
static psa_status_t psa_cmac_setup( mbedtls_psa_mac_operation_t *operation,
psa_key_slot_t *slot )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2514,7 +2517,7 @@ cleanup:
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
int is_sign )
@ -2525,6 +2528,9 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
psa_key_usage_t usage =
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
/* Temporary recast to avoid changing a lot of lines */
mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
/* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 )
{
@ -2608,7 +2614,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
exit:
if( status != PSA_SUCCESS )
{
psa_mac_abort( operation );
psa_mac_abort( psa_operation );
}
else
{
@ -2634,10 +2640,13 @@ psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
return( psa_mac_setup( operation, key, alg, 0 ) );
}
psa_status_t psa_mac_update( psa_mac_operation_t *operation,
psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation,
const uint8_t *input,
size_t input_length )
{
/* Temporary recast to avoid changing a lot of lines */
mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
psa_status_t status = PSA_ERROR_BAD_STATE;
if( ! operation->key_set )
return( PSA_ERROR_BAD_STATE );
@ -2669,7 +2678,7 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation,
}
if( status != PSA_SUCCESS )
psa_mac_abort( operation );
psa_mac_abort( psa_operation );
return( status );
}
@ -2713,7 +2722,7 @@ exit:
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
static psa_status_t psa_mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size )
{
@ -2752,11 +2761,14 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
}
}
psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
psa_status_t psa_mac_sign_finish( psa_mac_operation_t *psa_operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
/* Temporary recast to avoid changing a lot of lines */
mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
psa_status_t status;
if( operation->alg == 0 )
@ -2782,21 +2794,24 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
if( status == PSA_SUCCESS )
{
status = psa_mac_abort( operation );
status = psa_mac_abort( psa_operation );
if( status == PSA_SUCCESS )
*mac_length = operation->mac_size;
else
memset( mac, '!', mac_size );
}
else
psa_mac_abort( operation );
psa_mac_abort( psa_operation );
return( status );
}
psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
psa_status_t psa_mac_verify_finish( psa_mac_operation_t *psa_operation,
const uint8_t *mac,
size_t mac_length )
{
/* Temporary recast to avoid changing a lot of lines */
mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
psa_status_t status;
@ -2825,9 +2840,9 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
cleanup:
if( status == PSA_SUCCESS )
status = psa_mac_abort( operation );
status = psa_mac_abort( psa_operation );
else
psa_mac_abort( operation );
psa_mac_abort( psa_operation );
mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );

View file

@ -1383,7 +1383,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_transparent_test_driver_mac_sign_setup(
&operation->ctx.driver.transparent_test_driver_ctx,
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1397,7 +1397,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_sign_setup( &operation->ctx.driver.mbedtls_ctx,
status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1414,7 +1414,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_opaque_test_driver_mac_sign_setup(
&operation->ctx.driver.opaque_test_driver_ctx,
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1454,7 +1454,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_transparent_test_driver_mac_verify_setup(
&operation->ctx.driver.transparent_test_driver_ctx,
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1468,7 +1468,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_verify_setup( &operation->ctx.driver.mbedtls_ctx,
status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1485,7 +1485,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_opaque_test_driver_mac_sign_setup(
&operation->ctx.driver.opaque_test_driver_ctx,
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1515,7 +1515,7 @@ psa_status_t psa_driver_wrapper_mac_update(
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_update( &operation->ctx.driver.mbedtls_ctx,
return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
input, input_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@ -1523,12 +1523,12 @@ psa_status_t psa_driver_wrapper_mac_update(
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_mac_update(
&operation->ctx.driver.transparent_test_driver_ctx,
&operation->ctx.transparent_test_driver_ctx,
input, input_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( mbedtls_opaque_test_driver_mac_update(
&operation->ctx.driver.opaque_test_driver_ctx,
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@ -1549,7 +1549,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_sign_finish( &operation->ctx.driver.mbedtls_ctx,
return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
mac, mac_size, mac_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@ -1557,12 +1557,12 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_mac_sign_finish(
&operation->ctx.driver.transparent_test_driver_ctx,
&operation->ctx.transparent_test_driver_ctx,
mac, mac_size, mac_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( mbedtls_opaque_test_driver_mac_sign_finish(
&operation->ctx.driver.opaque_test_driver_ctx,
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@ -1583,7 +1583,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_verify_finish( &operation->ctx.driver.mbedtls_ctx,
return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
mac, mac_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@ -1591,12 +1591,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_mac_verify_finish(
&operation->ctx.driver.transparent_test_driver_ctx,
&operation->ctx.transparent_test_driver_ctx,
mac, mac_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( mbedtls_opaque_test_driver_mac_verify_finish(
&operation->ctx.driver.opaque_test_driver_ctx,
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@ -1615,7 +1615,7 @@ psa_status_t psa_driver_wrapper_mac_abort(
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
status = mbedtls_psa_mac_abort( &operation->ctx.driver.mbedtls_ctx );
status = mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx );
break;
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@ -1623,11 +1623,11 @@ psa_status_t psa_driver_wrapper_mac_abort(
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
status = mbedtls_transparent_test_driver_mac_abort(
&operation->ctx.driver.transparent_test_driver_ctx );
&operation->ctx.transparent_test_driver_ctx );
break;
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
status = mbedtls_opaque_test_driver_mac_abort(
&operation->ctx.driver.opaque_test_driver_ctx );
&operation->ctx.opaque_test_driver_ctx );
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */