mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 00:05:44 +01:00
psa: aead: Remove key slot from operation context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
7dbd800f42
commit
9f31017956
@ -563,17 +563,6 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
|
|||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return the size of the key in the given slot, in bits.
|
|
||||||
*
|
|
||||||
* \param[in] slot A key slot.
|
|
||||||
*
|
|
||||||
* \return The key size in bits, read from the metadata in the slot.
|
|
||||||
*/
|
|
||||||
static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
|
|
||||||
{
|
|
||||||
return( slot->attr.bits );
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Check whether a given key type is valid for use with a given MAC algorithm
|
/** Check whether a given key type is valid for use with a given MAC algorithm
|
||||||
*
|
*
|
||||||
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
|
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
|
||||||
@ -3522,7 +3511,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
|
|||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
psa_key_slot_t *slot;
|
|
||||||
const mbedtls_cipher_info_t *cipher_info;
|
const mbedtls_cipher_info_t *cipher_info;
|
||||||
union
|
union
|
||||||
{
|
{
|
||||||
@ -3542,7 +3530,7 @@ typedef struct
|
|||||||
uint8_t tag_length;
|
uint8_t tag_length;
|
||||||
} aead_operation_t;
|
} aead_operation_t;
|
||||||
|
|
||||||
#define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0}
|
#define AEAD_OPERATION_INIT {0, {0}, 0, 0, 0}
|
||||||
|
|
||||||
static void psa_aead_abort_internal( aead_operation_t *operation )
|
static void psa_aead_abort_internal( aead_operation_t *operation )
|
||||||
{
|
{
|
||||||
@ -3561,17 +3549,20 @@ static void psa_aead_abort_internal( aead_operation_t *operation )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
static psa_status_t psa_aead_setup(
|
||||||
psa_algorithm_t alg )
|
aead_operation_t *operation,
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
psa_algorithm_t alg )
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t key_bits;
|
size_t key_bits;
|
||||||
mbedtls_cipher_id_t cipher_id;
|
mbedtls_cipher_id_t cipher_id;
|
||||||
|
|
||||||
key_bits = psa_get_key_slot_bits( operation->slot );
|
key_bits = attributes->core.bits;
|
||||||
|
|
||||||
operation->cipher_info =
|
operation->cipher_info =
|
||||||
mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits,
|
mbedtls_cipher_info_from_psa( alg, attributes->core.type, key_bits,
|
||||||
&cipher_id );
|
&cipher_id );
|
||||||
if( operation->cipher_info == NULL )
|
if( operation->cipher_info == NULL )
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
@ -3585,14 +3576,13 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
|||||||
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
|
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
|
||||||
* The call to mbedtls_ccm_encrypt_and_tag or
|
* The call to mbedtls_ccm_encrypt_and_tag or
|
||||||
* mbedtls_ccm_auth_decrypt will validate the tag length. */
|
* mbedtls_ccm_auth_decrypt will validate the tag length. */
|
||||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
|
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
mbedtls_ccm_init( &operation->ctx.ccm );
|
mbedtls_ccm_init( &operation->ctx.ccm );
|
||||||
status = mbedtls_to_psa_error(
|
status = mbedtls_to_psa_error(
|
||||||
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
|
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
|
||||||
operation->slot->key.data,
|
key_buffer, (unsigned int) key_bits ) );
|
||||||
(unsigned int) key_bits ) );
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
break;
|
break;
|
||||||
@ -3605,14 +3595,13 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
|||||||
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
|
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
|
||||||
* The call to mbedtls_gcm_crypt_and_tag or
|
* The call to mbedtls_gcm_crypt_and_tag or
|
||||||
* mbedtls_gcm_auth_decrypt will validate the tag length. */
|
* mbedtls_gcm_auth_decrypt will validate the tag length. */
|
||||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
|
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
mbedtls_gcm_init( &operation->ctx.gcm );
|
mbedtls_gcm_init( &operation->ctx.gcm );
|
||||||
status = mbedtls_to_psa_error(
|
status = mbedtls_to_psa_error(
|
||||||
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
|
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
|
||||||
operation->slot->key.data,
|
key_buffer, (unsigned int) key_bits ) );
|
||||||
(unsigned int) key_bits ) );
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
break;
|
break;
|
||||||
@ -3629,7 +3618,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
|||||||
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
|
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
|
||||||
status = mbedtls_to_psa_error(
|
status = mbedtls_to_psa_error(
|
||||||
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
|
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
|
||||||
operation->slot->key.data ) );
|
key_buffer ) );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
break;
|
break;
|
||||||
@ -3660,17 +3649,22 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
|
|||||||
size_t *ciphertext_length )
|
size_t *ciphertext_length )
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
psa_key_slot_t *slot;
|
||||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||||
uint8_t *tag;
|
uint8_t *tag;
|
||||||
|
|
||||||
*ciphertext_length = 0;
|
*ciphertext_length = 0;
|
||||||
|
|
||||||
status = psa_get_and_lock_transparent_key_slot_with_policy(
|
status = psa_get_and_lock_transparent_key_slot_with_policy(
|
||||||
key, &operation.slot, PSA_KEY_USAGE_ENCRYPT, alg );
|
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
status = psa_aead_setup( &operation, alg );
|
psa_key_attributes_t attributes = {
|
||||||
|
.core = slot->attr
|
||||||
|
};
|
||||||
|
|
||||||
|
status = psa_aead_setup( &operation, &attributes, slot->key.data, alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
@ -3740,9 +3734,8 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
|
|||||||
memset( ciphertext, 0, ciphertext_size );
|
memset( ciphertext, 0, ciphertext_size );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
psa_unlock_key_slot( operation.slot );
|
|
||||||
psa_aead_abort_internal( &operation );
|
psa_aead_abort_internal( &operation );
|
||||||
|
psa_unlock_key_slot( slot );
|
||||||
|
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
*ciphertext_length = plaintext_length + operation.tag_length;
|
*ciphertext_length = plaintext_length + operation.tag_length;
|
||||||
@ -3783,17 +3776,22 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
|
|||||||
size_t *plaintext_length )
|
size_t *plaintext_length )
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
psa_key_slot_t *slot;
|
||||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||||
const uint8_t *tag = NULL;
|
const uint8_t *tag = NULL;
|
||||||
|
|
||||||
*plaintext_length = 0;
|
*plaintext_length = 0;
|
||||||
|
|
||||||
status = psa_get_and_lock_transparent_key_slot_with_policy(
|
status = psa_get_and_lock_transparent_key_slot_with_policy(
|
||||||
key, &operation.slot, PSA_KEY_USAGE_DECRYPT, alg );
|
key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
status = psa_aead_setup( &operation, alg );
|
psa_key_attributes_t attributes = {
|
||||||
|
.core = slot->attr
|
||||||
|
};
|
||||||
|
|
||||||
|
status = psa_aead_setup( &operation, &attributes, slot->key.data, alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
@ -3859,9 +3857,9 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
|
|||||||
memset( plaintext, 0, plaintext_size );
|
memset( plaintext, 0, plaintext_size );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
psa_unlock_key_slot( operation.slot );
|
|
||||||
psa_aead_abort_internal( &operation );
|
psa_aead_abort_internal( &operation );
|
||||||
|
psa_unlock_key_slot( slot );
|
||||||
|
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
*plaintext_length = ciphertext_length - operation.tag_length;
|
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||||
return( status );
|
return( status );
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user