From 71fd80d279ab46934534c8e8f4a76e4f1b2e9ea3 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 7 Jul 2020 21:12:27 +0200 Subject: [PATCH] Re-define members of psa_key_slot_t In preparation for the implementation of the accelerator APIs. This is ramping up to the goal of only storing the export representation in the key slot, and not keeping the crypto implementation-specific representations around. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 60 +++++++++++++++++++-------------------- library/psa_crypto_core.h | 7 +++-- 2 files changed, 34 insertions(+), 33 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 79bc9c9db..54980730c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -443,7 +443,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, static psa_status_t prepare_raw_data_slot( psa_key_type_t type, size_t bits, - struct raw_data *raw ) + struct key_data *key ) { /* Check that the bit size is acceptable for the key type */ switch( type ) @@ -491,11 +491,11 @@ static psa_status_t prepare_raw_data_slot( psa_key_type_t type, return( PSA_ERROR_INVALID_ARGUMENT ); /* Allocate memory for the key */ - raw->bytes = PSA_BITS_TO_BYTES( bits ); - raw->data = mbedtls_calloc( 1, raw->bytes ); - if( raw->data == NULL ) + key->bytes = PSA_BITS_TO_BYTES( bits ); + key->data = mbedtls_calloc( 1, key->bytes ); + if( key->data == NULL ) { - raw->bytes = 0; + key->bytes = 0; return( PSA_ERROR_INSUFFICIENT_MEMORY ); } return( PSA_SUCCESS ); @@ -716,7 +716,7 @@ static psa_key_bits_t psa_calculate_key_bits( const psa_key_slot_t *slot ) size_t bits = 0; /* return 0 on an empty slot */ if( key_type_is_raw_bytes( slot->attr.type ) ) - bits = PSA_BYTES_TO_BITS( slot->data.raw.bytes ); + bits = PSA_BYTES_TO_BITS( slot->data.key.bytes ); #if defined(MBEDTLS_RSA_C) else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ); @@ -751,11 +751,11 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, if( bit_size > PSA_MAX_KEY_BITS ) return( PSA_ERROR_NOT_SUPPORTED ); status = prepare_raw_data_slot( slot->attr.type, bit_size, - &slot->data.raw ); + &slot->data.key ); if( status != PSA_SUCCESS ) return( status ); if( data_length != 0 ) - memcpy( slot->data.raw.data, data, data_length ); + memcpy( slot->data.key.data, data, data_length ); } else #if defined(MBEDTLS_ECP_C) @@ -963,7 +963,7 @@ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) } else if( key_type_is_raw_bytes( slot->attr.type ) ) { - mbedtls_free( slot->data.raw.data ); + mbedtls_free( slot->data.key.data ); } else #if defined(MBEDTLS_RSA_C) @@ -1306,12 +1306,12 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, if( key_type_is_raw_bytes( slot->attr.type ) ) { - if( slot->data.raw.bytes > data_size ) + if( slot->data.key.bytes > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, slot->data.raw.data, slot->data.raw.bytes ); - memset( data + slot->data.raw.bytes, 0, - data_size - slot->data.raw.bytes ); - *data_length = slot->data.raw.bytes; + memcpy( data, slot->data.key.data, slot->data.key.bytes ); + memset( data + slot->data.key.bytes, 0, + data_size - slot->data.key.bytes ); + *data_length = slot->data.key.bytes; return( PSA_SUCCESS ); } #if defined(MBEDTLS_ECP_C) @@ -2718,7 +2718,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation, return( ret ); ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, - slot->data.raw.data, + slot->data.key.data, key_bits ); return( ret ); } @@ -2862,8 +2862,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, } status = psa_hmac_setup_internal( &operation->ctx.hmac, - slot->data.raw.data, - slot->data.raw.bytes, + slot->data.key.data, + slot->data.key.bytes, hash_alg ); } else @@ -3795,8 +3795,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ uint8_t keys[24]; - memcpy( keys, slot->data.raw.data, 16 ); - memcpy( keys + 16, slot->data.raw.data, 8 ); + memcpy( keys, slot->data.key.data, 16 ); + memcpy( keys + 16, slot->data.key.data, 8 ); ret = mbedtls_cipher_setkey( &operation->ctx.cipher, keys, 192, cipher_operation ); @@ -3805,7 +3805,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, #endif { ret = mbedtls_cipher_setkey( &operation->ctx.cipher, - slot->data.raw.data, + slot->data.key.data, (int) key_bits, cipher_operation ); } if( ret != 0 ) @@ -4137,7 +4137,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_ccm_init( &operation->ctx.ccm ); status = mbedtls_to_psa_error( mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id, - operation->slot->data.raw.data, + operation->slot->data.key.data, (unsigned int) key_bits ) ); if( status != 0 ) goto cleanup; @@ -4156,7 +4156,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_gcm_init( &operation->ctx.gcm ); status = mbedtls_to_psa_error( mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id, - operation->slot->data.raw.data, + operation->slot->data.key.data, (unsigned int) key_bits ) ); if( status != 0 ) goto cleanup; @@ -4173,7 +4173,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_chachapoly_init( &operation->ctx.chachapoly ); status = mbedtls_to_psa_error( mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, - operation->slot->data.raw.data ) ); + operation->slot->data.key.data ) ); if( status != 0 ) goto cleanup; break; @@ -5246,8 +5246,8 @@ psa_status_t psa_key_derivation_input_key( return( psa_key_derivation_input_internal( operation, step, slot->attr.type, - slot->data.raw.data, - slot->data.raw.bytes ) ); + slot->data.key.data, + slot->data.key.bytes ) ); } @@ -5525,17 +5525,17 @@ static psa_status_t psa_generate_key_internal( if( key_type_is_raw_bytes( type ) ) { psa_status_t status; - status = prepare_raw_data_slot( type, bits, &slot->data.raw ); + status = prepare_raw_data_slot( type, bits, &slot->data.key ); if( status != PSA_SUCCESS ) return( status ); - status = psa_generate_random( slot->data.raw.data, - slot->data.raw.bytes ); + status = psa_generate_random( slot->data.key.data, + slot->data.key.bytes ); if( status != PSA_SUCCESS ) return( status ); #if defined(MBEDTLS_DES_C) if( type == PSA_KEY_TYPE_DES ) - psa_des_set_key_parity( slot->data.raw.data, - slot->data.raw.bytes ); + psa_des_set_key_parity( slot->data.key.data, + slot->data.key.bytes ); #endif /* MBEDTLS_DES_C */ } else diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index ef40f7994..8af45a17d 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -43,12 +43,13 @@ typedef struct psa_core_key_attributes_t attr; union { - /* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */ - struct raw_data + /* Dynamically allocated key data buffer. + * Format as specified in psa_export_key(). */ + struct key_data { uint8_t *data; size_t bytes; - } raw; + } key; #if defined(MBEDTLS_RSA_C) /* RSA public key or key pair */ mbedtls_rsa_context *rsa;