Crypto: Improve alloc module interface
The interface of the alloc module in the Crypto service
is amended to be more robust. Also, the context allocation
API is modified to return the allocated context in order
to save an additional look-up operation.
Change-Id: Ida5d2913d3565eb288e2ff9ac90dad029d5a2f04
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/secure_fw/services/crypto/crypto_alloc.c b/secure_fw/services/crypto/crypto_alloc.c
index ede9ba7..3812f5f 100644
--- a/secure_fw/services/crypto/crypto_alloc.c
+++ b/secure_fw/services/crypto/crypto_alloc.c
@@ -16,6 +16,49 @@
#include "secure_fw/core/tfm_memory_utils.h"
/**
+ * \def LIST_OPERATION_LOOKUP
+ *
+ * \brief This is an X macro which enforces the correspondence
+ * between backend operation type (through the enum
+ * tfm_crypto_operation_type) and the corresponding frontend type
+ */
+#define LIST_OPERATION_LOOKUP \
+ X(TFM_CRYPTO_CIPHER_OPERATION, psa_cipher_operation_t) \
+ X(TFM_CRYPTO_MAC_OPERATION, psa_mac_operation_t) \
+ X(TFM_CRYPTO_HASH_OPERATION, psa_hash_operation_t)
+
+/**
+ * \def CHECK_ALIGNMENT
+ *
+ * \brief This macro checks the alignment of the operation object pointer which
+ * receives as input based on the requirement of the front end operation
+ * type. This macro expands in a case statement so it must be used in a
+ * switch-case construct. It sets the handle value it receives in input
+ * with the proper value or TFM_CRYPTO_INVALID_HANDLE in case the oper
+ * pointer does not satisfy alignment requirements of the front end type
+ */
+#define CHECK_ALIGNMENT(e,t,oper,handle) \
+ case e: \
+ if ((uintptr_t)oper % offsetof(struct {char c; t x;},x)) { \
+ handle = TFM_CRYPTO_INVALID_HANDLE; \
+ } else { \
+ handle = ((t *)oper)->handle; \
+ } \
+ break;
+/**
+ * \def GET_HANDLE_POINTER
+ *
+ * \brief This macro extracts the pointer to handle value from the object
+ * operation pointer it receives as input. This macro expands in a case
+ * statement so it must be used in a switch case-case construct.
+ */
+#define GET_HANDLE_POINTER(e,t,oper,handle) \
+ case e: \
+ handle = &(((t *)oper)->handle); \
+ break;
+/**
+ * \def TFM_CRYPTO_CONC_OPER_NUM
+ *
* \brief This value defines the maximum number of simultaneous operations
* supported by this implementation.
*/
@@ -33,11 +76,19 @@
static struct tfm_crypto_operation_s operation[TFM_CRYPTO_CONC_OPER_NUM] ={{0}};
+/*
+ * \brief Function used to clear the memory associated to a backend context
+ *
+ * \param[in] index Numerical index in the database of the backend contexts
+ *
+ * \return None
+ *
+ */
static void memset_operation_context(uint32_t index)
{
- uint32_t i, mem_size;
+ uint32_t mem_size;
- volatile uint8_t *mem_ptr = (uint8_t *) &(operation[index].operation);
+ uint8_t *mem_ptr = (uint8_t *) &(operation[index].operation);
switch(operation[index].type) {
case TFM_CRYPTO_CIPHER_OPERATION:
@@ -55,9 +106,81 @@
break;
}
- for (i=0; i<mem_size; i++) {
- mem_ptr[i] = 0;
+ /* Clear the contents of the backend context */
+ (void)tfm_memset(mem_ptr, 0, mem_size);
+}
+
+/*
+ * \brief Function used to extract the handle value from a pointer to a
+ * frontend operation
+ *
+ * \param[in] type Type of the operation context to extract from
+ * \param[in] oper Pointer to the frontend operation
+ *
+ * \return handle 4-byte identifier associated to the context,
+ * TFM_CRYPTO_INVALID_HANDLE in case of problems
+ *
+ */
+static uint32_t get_handle(enum tfm_crypto_operation_type type, void *oper)
+{
+ uint32_t handle = TFM_CRYPTO_INVALID_HANDLE;
+
+ /* Dereference the pointer */
+ switch(type) {
+ /* Generate the list of cases needed to check alignment for all the
+ * possible operation types listed in LIST_OPERATION_LOOKUP. The default
+ * case and TFM_CRYPTO_OPERATION_NONE must be created explicitly
+ */
+#define X(e,t) CHECK_ALIGNMENT(e,t,oper,handle)
+LIST_OPERATION_LOOKUP
+#undef X
+ case TFM_CRYPTO_OPERATION_NONE:
+ default:
+ break;
}
+
+ return handle;
+}
+
+/*
+ * \brief Function used to set the handle value in a pointer to a
+ * frontend operation
+ *
+ * \param[in] type Type of the operation context to extract from
+ * \param[out] oper Pointer to the frontend operation
+ *
+ * \return handle 4-byte identifier associated to the context,
+ * TFM_CRYPTO_INVALID_HANDLE in case of problems
+ *
+ */
+static uint32_t set_handle(enum tfm_crypto_operation_type type,
+ void *oper,
+ uint32_t set_value)
+{
+ uint32_t *handle = NULL;
+
+ /* Extract the pointer value */
+ switch(type) {
+ /* Generate the list of cases needed to get the handle pointer for all the
+ * possible operation types listed in LIST_OPERATION_LOOKUP. The default
+ * case and TFM_CRYPTO_OPERATION_NONE must be created explicitly
+ */
+#define X(e,t) GET_HANDLE_POINTER(e,t,oper,handle)
+LIST_OPERATION_LOOKUP
+#undef X
+ case TFM_CRYPTO_OPERATION_NONE:
+ default:
+ break;
+ }
+
+ if (handle == NULL || ((uintptr_t)handle % sizeof(uint32_t))) {
+ return TFM_CRYPTO_INVALID_HANDLE;
+ }
+
+ /* Set the value by derefencing the pointer, alignment is correct */
+ *handle = set_value;
+
+ return set_value;
}
/*!
@@ -69,39 +192,49 @@
enum tfm_crypto_err_t tfm_crypto_init_alloc(void)
{
/* Clear the contents of the local contexts */
- tfm_memset(operation, 0, sizeof(operation));
+ (void)tfm_memset(operation, 0, sizeof(operation));
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
enum tfm_crypto_err_t tfm_crypto_operation_alloc(
enum tfm_crypto_operation_type type,
- uint32_t *handle)
+ void *oper,
+ void **ctx)
{
- uint32_t i = 0;
+ uint32_t i = 0, handle;
+
+ /* Init to invalid values */
+ *ctx = NULL;
for (i=0; i<TFM_CRYPTO_CONC_OPER_NUM; i++) {
if (operation[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
operation[i].in_use = TFM_CRYPTO_IN_USE;
operation[i].type = type;
- *handle = i;
+ handle = set_handle(type, oper, i);
+ if (handle == TFM_CRYPTO_INVALID_HANDLE) {
+ return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
+ }
+ *ctx = (void *) &(operation[i].operation);
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
}
- *handle = TFM_CRYPTO_INVALID_HANDLE;
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
}
-enum tfm_crypto_err_t tfm_crypto_operation_release(uint32_t *handle)
+enum tfm_crypto_err_t tfm_crypto_operation_release(
+ enum tfm_crypto_operation_type type,
+ void *oper)
{
- uint32_t i = *handle;
+ uint32_t handle = get_handle(type, oper);
- if ( (i<TFM_CRYPTO_CONC_OPER_NUM) &&
- (operation[i].in_use == TFM_CRYPTO_IN_USE) ) {
- memset_operation_context(i);
- operation[i].in_use = TFM_CRYPTO_NOT_IN_USE;
- operation[i].type = TFM_CRYPTO_OPERATION_NONE;
- *handle = TFM_CRYPTO_INVALID_HANDLE;
+ if ( (handle != TFM_CRYPTO_INVALID_HANDLE) &&
+ (handle < TFM_CRYPTO_CONC_OPER_NUM) &&
+ (operation[handle].in_use == TFM_CRYPTO_IN_USE) ) {
+ memset_operation_context(handle);
+ operation[handle].in_use = TFM_CRYPTO_NOT_IN_USE;
+ operation[handle].type = TFM_CRYPTO_OPERATION_NONE;
+ (void)set_handle(type, oper, TFM_CRYPTO_INVALID_HANDLE);
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
@@ -110,13 +243,16 @@
enum tfm_crypto_err_t tfm_crypto_operation_lookup(
enum tfm_crypto_operation_type type,
- uint32_t handle,
- void **oper)
+ void *oper,
+ void **ctx)
{
- if ( (handle<TFM_CRYPTO_CONC_OPER_NUM) &&
+ uint32_t handle = get_handle(type, oper);
+
+ if ( (handle != TFM_CRYPTO_INVALID_HANDLE) &&
+ (handle < TFM_CRYPTO_CONC_OPER_NUM) &&
(operation[handle].in_use == TFM_CRYPTO_IN_USE) &&
(operation[handle].type == type) ) {
- *oper = (void *) &(operation[handle].operation);
+ *ctx = (void *) &(operation[handle].operation);
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
diff --git a/secure_fw/services/crypto/crypto_cipher.c b/secure_fw/services/crypto/crypto_cipher.c
index b53ace0..85fe892 100644
--- a/secure_fw/services/crypto/crypto_cipher.c
+++ b/secure_fw/services/crypto/crypto_cipher.c
@@ -50,7 +50,7 @@
}
/* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
+ err = tfm_crypto_operation_release(TFM_CRYPTO_CIPHER_OPERATION, operation);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
@@ -113,21 +113,12 @@
/* Allocate the operation context in the secure world */
err = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
- &(operation->handle));
+ operation,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- /* Look up the corresponding operation context */
- err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- operation->handle,
- (void **)&ctx);
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- /* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
- return err;
- }
-
/* Set the proper cipher mode (encrypt/decrypt) in the operation context */
ctx->cipher_mode = (uint8_t) c_mode;
@@ -222,7 +213,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -318,7 +309,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -396,7 +387,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -438,7 +429,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
diff --git a/secure_fw/services/crypto/crypto_hash.c b/secure_fw/services/crypto/crypto_hash.c
index 54550cc..5e99dbf 100644
--- a/secure_fw/services/crypto/crypto_hash.c
+++ b/secure_fw/services/crypto/crypto_hash.c
@@ -38,7 +38,7 @@
}
/* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
+ err = tfm_crypto_operation_release(TFM_CRYPTO_HASH_OPERATION, operation);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
@@ -80,21 +80,12 @@
/* Allocate the operation context in the secure world */
err = tfm_crypto_operation_alloc(TFM_CRYPTO_HASH_OPERATION,
- &(operation->handle));
+ operation,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- /* Look up the corresponding operation context */
- err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- operation->handle,
- (void **)&ctx);
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- /* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
- return err;
- }
-
/* Bind the algorithm to the hash context */
ctx->alg = alg;
@@ -133,7 +124,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -182,7 +173,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -262,7 +253,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c
index ec49a11..2ffe331 100644
--- a/secure_fw/services/crypto/crypto_mac.c
+++ b/secure_fw/services/crypto/crypto_mac.c
@@ -16,6 +16,13 @@
#include "crypto_utils.h"
/**
+ * \def UNUSED_VAR
+ *
+ * \brief an UNUSED_VAR() macro for better code readability
+ */
+#define UNUSED_VAR(x) (void)x
+
+/**
* \def CRYPTO_HMAC_MAX_KEY_LENGTH
*
* \brief Specifies the maximum key length supported by the
@@ -56,6 +63,24 @@
}
}
+static enum tfm_crypto_err_t tfm_crypto_mac_release(
+ psa_mac_operation_t *operation,
+ struct tfm_mac_operation_s *ctx)
+{
+ enum tfm_crypto_err_t err;
+
+ /* No release necessary on the ctx related quantites for the time being */
+ UNUSED_VAR(ctx);
+
+ /* Release the operation context */
+ err = tfm_crypto_operation_release(TFM_CRYPTO_MAC_OPERATION, operation);
+ if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ return err;
+ }
+
+ return TFM_CRYPTO_ERR_PSA_SUCCESS;
+}
+
static enum tfm_crypto_err_t tfm_crypto_hmac_setup(
struct tfm_mac_operation_s *ctx,
psa_key_slot_t key,
@@ -195,21 +220,12 @@
/* Allocate the operation context in the secure world */
err = tfm_crypto_operation_alloc(TFM_CRYPTO_MAC_OPERATION,
- &(operation->handle));
+ operation,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- /* Look up the corresponding operation context */
- err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
- (void **)&ctx);
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- /* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
- return err;
- }
-
/* Bind the algorithm to the mac operation */
ctx->alg = alg;
@@ -226,7 +242,7 @@
err = tfm_crypto_hmac_setup(ctx, key, alg);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
/* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -234,7 +250,7 @@
} else {
/* Other MAC types constructions are not supported */
/* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
@@ -242,6 +258,7 @@
}
static enum tfm_crypto_err_t tfm_crypto_mac_finish(
+ psa_mac_operation_t *operation,
struct tfm_mac_operation_s *ctx,
uint8_t *mac,
size_t mac_size,
@@ -255,10 +272,12 @@
/* Sanity checks */
if (mac_size < ctx->mac_size) {
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BUFFER_TOO_SMALL;
}
if (!(ctx->has_input)) {
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -272,6 +291,7 @@
sizeof(hash1),
&hash_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -280,6 +300,7 @@
PSA_ALG_HMAC_HASH(ctx->alg));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -288,6 +309,7 @@
block_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -296,6 +318,7 @@
hash_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -305,6 +328,7 @@
mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -315,7 +339,7 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
- return TFM_CRYPTO_ERR_PSA_SUCCESS;
+ return tfm_crypto_mac_release(operation, ctx);
}
/*!
@@ -347,10 +371,6 @@
struct tfm_mac_operation_s *ctx = NULL;
- if (input_length == 0) {
- return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
- }
-
/* Validate pointers */
err = tfm_crypto_memory_check(operation,
sizeof(psa_mac_operation_t),
@@ -368,7 +388,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -376,9 +396,13 @@
/* Sanity check */
if (!(ctx->key_set)) {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
+ if (input_length == 0) {
+ (void)tfm_crypto_mac_release(operation, ctx);
+ return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Process the input chunk */
if (PSA_ALG_IS_HMAC(ctx->alg)) {
@@ -386,14 +410,14 @@
input,
input_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
/* Set this flag to avoid HMAC without data */
ctx->has_input = 1;
} else {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
@@ -436,7 +460,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -444,18 +468,14 @@
if ((ctx->key_usage_sign == 1) && (ctx->key_usage_verify == 0)) {
/* Finalise the mac operation */
- err = tfm_crypto_mac_finish(ctx, mac, mac_size, mac_length);
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- (void)tfm_crypto_operation_release(&(operation->handle));
- return err;
- }
- /* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
+ err = tfm_crypto_mac_finish(operation, ctx, mac, mac_size, mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
+ /* A call to tfm_crypto_mac_finish() always releases the operation */
+
} else {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -495,7 +515,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -503,19 +523,15 @@
if ((ctx->key_usage_sign == 0) && (ctx->key_usage_verify == 1)) {
/* Finalise the mac operation */
- err = tfm_crypto_mac_finish(ctx,
+ err = tfm_crypto_mac_finish(operation,
+ ctx,
computed_mac,
sizeof(computed_mac),
&computed_mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
- /* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- return err;
- }
+ /* A call to tfm_crypto_mac_finish() always releases the operation */
/* Check that the computed mac match the expected one */
if (computed_mac_length != mac_length) {
@@ -532,7 +548,7 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_SIGNATURE;
}
} else {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -554,7 +570,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -569,17 +585,11 @@
return err;
}
}
-
- /* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- return err;
- }
} else {
/* MACs other than HMACs not currently supported */
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
- return TFM_CRYPTO_ERR_PSA_SUCCESS;
+ return tfm_crypto_mac_release(operation, ctx);
}
/*!@}*/
diff --git a/secure_fw/services/crypto/tfm_crypto_api.h b/secure_fw/services/crypto/tfm_crypto_api.h
index 8f51b66..f3ea31a 100644
--- a/secure_fw/services/crypto/tfm_crypto_api.h
+++ b/secure_fw/services/crypto/tfm_crypto_api.h
@@ -54,39 +54,44 @@
enum tfm_crypto_err_t tfm_crypto_init_alloc(void);
/**
- * \brief Allocate an operation object
+ * \brief Allocate an operation context in the backend
*
- * \param[in] type Type of the operation object to allocate
- * \param[out] handle Pointer to the corresponding handle assigned
+ * \param[in] type Type of the operation context to allocate
+ * \param[out] oper Pointer to the frontend operation
+ * \param[out ctx Double pointer to the corresponding context
*
* \return Return values as described in \ref tfm_crypto_err_t
*/
enum tfm_crypto_err_t tfm_crypto_operation_alloc(
enum tfm_crypto_operation_type type,
- uint32_t *handle);
+ void *oper,
+ void **ctx);
/**
- * \brief Release an operation object
+ * \brief Release an operation context in the backend
*
- * \param[in] handle Pointer to the handle for the release of the
- * corresponding object
+ * \param[in] type Type of the operation context to release
+ * \param[in/out] oper Pointer to the frontend operation for the release
+ * of the corresponding backend context
*
* \return Return values as described in \ref tfm_crypto_err_t
*/
-enum tfm_crypto_err_t tfm_crypto_operation_release(uint32_t *handle);
-
+enum tfm_crypto_err_t tfm_crypto_operation_release(
+ enum tfm_crypto_operation_type type,
+ void *oper);
/**
- * \brief Look up an operation object pointer from the corresponding handle
+ * \brief Look up an operation context in the backend for the corresponding
+ * frontend operation
*
- * \param[in] type Type of the operation object to look up
- * \param[in] handle Handle to the operation object to look up
- * \param[out] oper Double pointer to the corresponding object
+ * \param[in] type Type of the operation context to look up
+ * \param[in] oper Pointer to the frontend operation
+ * \param[out] ctx Double pointer to the corresponding context
*
* \return Return values as described in \ref tfm_crypto_err_t
*/
enum tfm_crypto_err_t tfm_crypto_operation_lookup(
enum tfm_crypto_operation_type type,
- uint32_t handle,
- void **oper);
+ void *oper,
+ void **ctx);
/**
* \brief Retrieve a key from the provided key slot according to the key
* policy and algorithm provided. This function is expected to be