Crypto: Improve alloc module interface
The interface of the alloc module in the Crypto service
is amended to be more robust. Also, the context allocation
API is modified to return the allocated context in order
to save an additional look-up operation.
Change-Id: Ida5d2913d3565eb288e2ff9ac90dad029d5a2f04
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c
index ec49a11..2ffe331 100644
--- a/secure_fw/services/crypto/crypto_mac.c
+++ b/secure_fw/services/crypto/crypto_mac.c
@@ -16,6 +16,13 @@
#include "crypto_utils.h"
/**
+ * \def UNUSED_VAR
+ *
+ * \brief an UNUSED_VAR() macro for better code readability
+ */
+#define UNUSED_VAR(x) (void)x
+
+/**
* \def CRYPTO_HMAC_MAX_KEY_LENGTH
*
* \brief Specifies the maximum key length supported by the
@@ -56,6 +63,24 @@
}
}
+static enum tfm_crypto_err_t tfm_crypto_mac_release(
+ psa_mac_operation_t *operation,
+ struct tfm_mac_operation_s *ctx)
+{
+ enum tfm_crypto_err_t err;
+
+ /* No release necessary on the ctx related quantites for the time being */
+ UNUSED_VAR(ctx);
+
+ /* Release the operation context */
+ err = tfm_crypto_operation_release(TFM_CRYPTO_MAC_OPERATION, operation);
+ if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ return err;
+ }
+
+ return TFM_CRYPTO_ERR_PSA_SUCCESS;
+}
+
static enum tfm_crypto_err_t tfm_crypto_hmac_setup(
struct tfm_mac_operation_s *ctx,
psa_key_slot_t key,
@@ -195,21 +220,12 @@
/* Allocate the operation context in the secure world */
err = tfm_crypto_operation_alloc(TFM_CRYPTO_MAC_OPERATION,
- &(operation->handle));
+ operation,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- /* Look up the corresponding operation context */
- err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
- (void **)&ctx);
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- /* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
- return err;
- }
-
/* Bind the algorithm to the mac operation */
ctx->alg = alg;
@@ -226,7 +242,7 @@
err = tfm_crypto_hmac_setup(ctx, key, alg);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
/* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -234,7 +250,7 @@
} else {
/* Other MAC types constructions are not supported */
/* Release the operation context */
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
@@ -242,6 +258,7 @@
}
static enum tfm_crypto_err_t tfm_crypto_mac_finish(
+ psa_mac_operation_t *operation,
struct tfm_mac_operation_s *ctx,
uint8_t *mac,
size_t mac_size,
@@ -255,10 +272,12 @@
/* Sanity checks */
if (mac_size < ctx->mac_size) {
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BUFFER_TOO_SMALL;
}
if (!(ctx->has_input)) {
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -272,6 +291,7 @@
sizeof(hash1),
&hash_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -280,6 +300,7 @@
PSA_ALG_HMAC_HASH(ctx->alg));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -288,6 +309,7 @@
block_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -296,6 +318,7 @@
hash_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -305,6 +328,7 @@
mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
mac_zeroize(hash1, sizeof(hash1));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
@@ -315,7 +339,7 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
- return TFM_CRYPTO_ERR_PSA_SUCCESS;
+ return tfm_crypto_mac_release(operation, ctx);
}
/*!
@@ -347,10 +371,6 @@
struct tfm_mac_operation_s *ctx = NULL;
- if (input_length == 0) {
- return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
- }
-
/* Validate pointers */
err = tfm_crypto_memory_check(operation,
sizeof(psa_mac_operation_t),
@@ -368,7 +388,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -376,9 +396,13 @@
/* Sanity check */
if (!(ctx->key_set)) {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
+ if (input_length == 0) {
+ (void)tfm_crypto_mac_release(operation, ctx);
+ return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Process the input chunk */
if (PSA_ALG_IS_HMAC(ctx->alg)) {
@@ -386,14 +410,14 @@
input,
input_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return err;
}
/* Set this flag to avoid HMAC without data */
ctx->has_input = 1;
} else {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
@@ -436,7 +460,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -444,18 +468,14 @@
if ((ctx->key_usage_sign == 1) && (ctx->key_usage_verify == 0)) {
/* Finalise the mac operation */
- err = tfm_crypto_mac_finish(ctx, mac, mac_size, mac_length);
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- (void)tfm_crypto_operation_release(&(operation->handle));
- return err;
- }
- /* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
+ err = tfm_crypto_mac_finish(operation, ctx, mac, mac_size, mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
+ /* A call to tfm_crypto_mac_finish() always releases the operation */
+
} else {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -495,7 +515,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -503,19 +523,15 @@
if ((ctx->key_usage_sign == 0) && (ctx->key_usage_verify == 1)) {
/* Finalise the mac operation */
- err = tfm_crypto_mac_finish(ctx,
+ err = tfm_crypto_mac_finish(operation,
+ ctx,
computed_mac,
sizeof(computed_mac),
&computed_mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
- /* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- return err;
- }
+ /* A call to tfm_crypto_mac_finish() always releases the operation */
/* Check that the computed mac match the expected one */
if (computed_mac_length != mac_length) {
@@ -532,7 +548,7 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_SIGNATURE;
}
} else {
- (void)tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_mac_release(operation, ctx);
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -554,7 +570,7 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_MAC_OPERATION,
- operation->handle,
+ operation,
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
@@ -569,17 +585,11 @@
return err;
}
}
-
- /* Release the operation context */
- err = tfm_crypto_operation_release(&(operation->handle));
- if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- return err;
- }
} else {
/* MACs other than HMACs not currently supported */
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
- return TFM_CRYPTO_ERR_PSA_SUCCESS;
+ return tfm_crypto_mac_release(operation, ctx);
}
/*!@}*/