From 197c2fd0a04a5a71156b9fb046d93f656916846c Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 16 Mar 2021 14:50:33 +0100
Subject: [PATCH] psa: aead: Move key resolution

As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

First step in this PR: move key resolution from
aead operation setup to psa_aead_encrypt/decrypt
APIs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/psa_crypto.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5de0f10a4..b135b720e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3564,19 +3564,12 @@ static void psa_aead_abort_internal( aead_operation_t *operation )
 }
 
 static psa_status_t psa_aead_setup( aead_operation_t *operation,
-                                    mbedtls_svc_key_id_t key,
-                                    psa_key_usage_t usage,
                                     psa_algorithm_t alg )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t key_bits;
     mbedtls_cipher_id_t cipher_id;
 
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &operation->slot, usage, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
     key_bits = psa_get_key_slot_bits( operation->slot );
 
     operation->cipher_info =
@@ -3690,7 +3683,12 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
 
     *ciphertext_length = 0;
 
-    status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_ENCRYPT, alg );
+    status = psa_get_and_lock_transparent_key_slot_with_policy(
+                 key, &operation.slot, PSA_KEY_USAGE_ENCRYPT, alg );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    status = psa_aead_setup( &operation, alg );
     if( status != PSA_SUCCESS )
         return( status );
 
@@ -3805,7 +3803,12 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
 
     *plaintext_length = 0;
 
-    status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_DECRYPT, alg );
+    status = psa_get_and_lock_transparent_key_slot_with_policy(
+                 key, &operation.slot, PSA_KEY_USAGE_DECRYPT, alg );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    status = psa_aead_setup( &operation, alg );
     if( status != PSA_SUCCESS )
         return( status );