yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 04:05:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

psa: aead: Remove key slot from operation context

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-03-16 16:36:37 +01:00
parent 7dbd800f42
commit 9f31017956
1 changed files with 30 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
library/psa_crypto.c
View File

@ -563,17 +563,6 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
return( PSA_SUCCESS );
}
/** Return the size of the key in the given slot, in bits.
*
* \param[in] slot A key slot.
*
* \return The key size in bits, read from the metadata in the slot.
*/
static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
{
return( slot->attr.bits );
}
/** Check whether a given key type is valid for use with a given MAC algorithm
*
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
@ -3522,7 +3511,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
typedef struct
{
psa_key_slot_t *slot;
const mbedtls_cipher_info_t *cipher_info;
union
{
@ -3542,7 +3530,7 @@ typedef struct
uint8_t tag_length;
} aead_operation_t;
#define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0}
#define AEAD_OPERATION_INIT {0, {0}, 0, 0, 0}
static void psa_aead_abort_internal( aead_operation_t *operation )
{
@ -3561,17 +3549,20 @@ static void psa_aead_abort_internal( aead_operation_t *operation )
}
}
static psa_status_t psa_aead_setup( aead_operation_t *operation,
psa_algorithm_t alg )
static psa_status_t psa_aead_setup(
aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t key_bits;
mbedtls_cipher_id_t cipher_id;
key_bits = psa_get_key_slot_bits( operation->slot );
key_bits = attributes->core.bits;
operation->cipher_info =
mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits,
mbedtls_cipher_info_from_psa( alg, attributes->core.type, key_bits,
&cipher_id );
if( operation->cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
@ -3585,14 +3576,13 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
* The call to mbedtls_ccm_encrypt_and_tag or
* mbedtls_ccm_auth_decrypt will validate the tag length. */
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ccm_init( &operation->ctx.ccm );
status = mbedtls_to_psa_error(
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
operation->slot->key.data,
(unsigned int) key_bits ) );
key_buffer, (unsigned int) key_bits ) );
if( status != PSA_SUCCESS )
return( status );
break;
@ -3605,14 +3595,13 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
* The call to mbedtls_gcm_crypt_and_tag or
* mbedtls_gcm_auth_decrypt will validate the tag length. */
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_gcm_init( &operation->ctx.gcm );
status = mbedtls_to_psa_error(
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
operation->slot->key.data,
(unsigned int) key_bits ) );
key_buffer, (unsigned int) key_bits ) );
if( status != PSA_SUCCESS )
return( status );
break;
@ -3629,7 +3618,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
status = mbedtls_to_psa_error(
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
operation->slot->key.data ) );
key_buffer ) );
if( status != PSA_SUCCESS )
return( status );
break;
@ -3660,17 +3649,22 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
size_t *ciphertext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
aead_operation_t operation = AEAD_OPERATION_INIT;
uint8_t *tag;
*ciphertext_length = 0;
status = psa_get_and_lock_transparent_key_slot_with_policy(
key, &operation.slot, PSA_KEY_USAGE_ENCRYPT, alg );
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
status = psa_aead_setup( &operation, alg );
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_aead_setup( &operation, &attributes, slot->key.data, alg );
if( status != PSA_SUCCESS )
goto exit;
@ -3740,9 +3734,8 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
memset( ciphertext, 0, ciphertext_size );
exit:
psa_unlock_key_slot( operation.slot );
psa_aead_abort_internal( &operation );
psa_unlock_key_slot( slot );
if( status == PSA_SUCCESS )
*ciphertext_length = plaintext_length + operation.tag_length;
@ -3783,17 +3776,22 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
size_t *plaintext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
aead_operation_t operation = AEAD_OPERATION_INIT;
const uint8_t *tag = NULL;
*plaintext_length = 0;
status = psa_get_and_lock_transparent_key_slot_with_policy(
key, &operation.slot, PSA_KEY_USAGE_DECRYPT, alg );
key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
status = psa_aead_setup( &operation, alg );
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_aead_setup( &operation, &attributes, slot->key.data, alg );
if( status != PSA_SUCCESS )
goto exit;
@ -3859,9 +3857,9 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
memset( plaintext, 0, plaintext_size );
exit:
psa_unlock_key_slot( operation.slot );
psa_aead_abort_internal( &operation );
psa_unlock_key_slot( slot );
if( status == PSA_SUCCESS )
*plaintext_length = ciphertext_length - operation.tag_length;
return( status );