commit 6118e43d1566dfc41af7c88b8d21b77db9e66e0f
author Hanno Becker <hanno.becker@arm.com> Fri Nov 09 16:47:20 2018 +0000
committer Hanno Becker <hanno.becker@arm.com> Thu Nov 22 16:33:01 2018 +0000
tree 5b0861345f029aba032e20e56e4e447f7944b1de
parent ce1ddee13a171867687ec0ac6b04d2a9a732c2df

Add PSA-specific cipher context

include/mbedtls/cipher_internal.h

diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index c6def0b..f696452 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -34,6 +34,10 @@
 
 #include "cipher.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -114,6 +118,17 @@
     const mbedtls_cipher_info_t *info;
 } mbedtls_cipher_definition_t;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+typedef struct
+{
+    psa_key_slot_t slot;
+    unsigned char slot_state; /*!< 0: The slot is unset.
+                               *   1: The slot is set and we own it.
+                               *   2: The slot is set but we don't own it. */
+
+} mbedtls_cipher_context_psa;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
 
 extern int mbedtls_cipher_supported[];

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index e6baa2c..0bff79e 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -169,7 +169,19 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
-        /* TODO: Add free'ing of PSA-specific context. */
+        if( ctx->cipher_ctx != NULL )
+        {
+            mbedtls_cipher_context_psa * const cipher_psa =
+                (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+            if( cipher_psa->slot_state == 1 )
+            {
+                /* TODO: Destroy PSA key */
+            }
+
+            mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
+            mbedtls_free( cipher_psa );
+        }
 
         mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
         return;
@@ -225,6 +237,10 @@
     if( NULL == cipher_info || NULL == ctx )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
+    ctx->cipher_ctx = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
+    if( ctx->cipher_ctx == NULL )
+        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+
     memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
 
     ctx->cipher_info = cipher_info;
@@ -244,7 +260,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
-        /* TODO */
+        /* TODO: Allocate and setup PSA key slot from raw key material. */
         return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */