Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 16fa3db..fd7f6f9 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -38,8 +38,12 @@
/*
* MAC multi-part operation definitions.
*/
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_MAC
+#endif
-#if defined(MBEDTLS_MD_C)
+#if defined(PSA_WANT_ALG_HMAC)
typedef struct
{
/** The HMAC algorithm in use */
@@ -49,22 +53,33 @@
/** The HMAC part of the context. */
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} psa_hmac_internal_data;
-#endif /* MBEDTLS_MD_C */
+#endif /* PSA_WANT_ALG_HMAC */
#include "mbedtls/cmac.h"
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_MAC
-#endif
-
typedef struct
{
psa_algorithm_t alg;
- /* To be fleshed out in a later commit. */
+ unsigned int key_set : 1;
+ unsigned int iv_required : 1;
+ unsigned int iv_set : 1;
+ unsigned int has_input : 1;
+ unsigned int is_sign : 1;
+ uint8_t mac_size;
+ unsigned int id;
+ union
+ {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(PSA_WANT_ALG_HMAC)
+ psa_hmac_internal_data hmac;
+#endif
+#if defined(MBEDTLS_CMAC_C)
+ mbedtls_cipher_context_t cmac;
+#endif
+ } ctx;
} mbedtls_psa_mac_operation_t;
-#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
+#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 975e9f7..04c0064 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -130,28 +130,17 @@
struct psa_mac_operation_s
{
- psa_algorithm_t alg;
- unsigned int key_set : 1;
- unsigned int iv_required : 1;
- unsigned int iv_set : 1;
- unsigned int has_input : 1;
- unsigned int is_sign : 1;
- uint8_t mac_size;
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
unsigned int id;
- union
- {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_MD_C)
- psa_hmac_internal_data hmac;
-#endif
-#if defined(MBEDTLS_CMAC_C)
- mbedtls_cipher_context_t cmac;
-#endif
- psa_driver_mac_context_t driver;
- } ctx;
+ psa_driver_mac_context_t ctx;
};
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
+#define PSA_MAC_OPERATION_INIT {0, {0}}
static inline struct psa_mac_operation_s psa_mac_operation_init( void )
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f58df4a..f91e5c3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2328,7 +2328,7 @@
/* Initialize the MAC operation structure. Once this function has been
* called, psa_mac_abort can run and will do the right thing. */
-static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
+static psa_status_t psa_mac_init( mbedtls_psa_mac_operation_t *operation,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
@@ -2376,8 +2376,11 @@
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
+psa_status_t psa_mac_abort( psa_mac_operation_t *psa_operation )
{
+ /* Temporary recast to avoid changing a lot of lines */
+ mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
+
if( operation->alg == 0 )
{
/* The object has (apparently) been initialized but it is not
@@ -2425,7 +2428,7 @@
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation,
+static psa_status_t psa_cmac_setup( mbedtls_psa_mac_operation_t *operation,
psa_key_slot_t *slot )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -2514,7 +2517,7 @@
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
+static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
int is_sign )
@@ -2525,6 +2528,9 @@
psa_key_usage_t usage =
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
+ /* Temporary recast to avoid changing a lot of lines */
+ mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
+
/* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 )
{
@@ -2608,7 +2614,7 @@
exit:
if( status != PSA_SUCCESS )
{
- psa_mac_abort( operation );
+ psa_mac_abort( psa_operation );
}
else
{
@@ -2634,10 +2640,13 @@
return( psa_mac_setup( operation, key, alg, 0 ) );
}
-psa_status_t psa_mac_update( psa_mac_operation_t *operation,
+psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation,
const uint8_t *input,
size_t input_length )
{
+ /* Temporary recast to avoid changing a lot of lines */
+ mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
+
psa_status_t status = PSA_ERROR_BAD_STATE;
if( ! operation->key_set )
return( PSA_ERROR_BAD_STATE );
@@ -2669,7 +2678,7 @@
}
if( status != PSA_SUCCESS )
- psa_mac_abort( operation );
+ psa_mac_abort( psa_operation );
return( status );
}
@@ -2713,7 +2722,7 @@
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
+static psa_status_t psa_mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size )
{
@@ -2752,11 +2761,14 @@
}
}
-psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
+psa_status_t psa_mac_sign_finish( psa_mac_operation_t *psa_operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
+ /* Temporary recast to avoid changing a lot of lines */
+ mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
+
psa_status_t status;
if( operation->alg == 0 )
@@ -2782,21 +2794,24 @@
if( status == PSA_SUCCESS )
{
- status = psa_mac_abort( operation );
+ status = psa_mac_abort( psa_operation );
if( status == PSA_SUCCESS )
*mac_length = operation->mac_size;
else
memset( mac, '!', mac_size );
}
else
- psa_mac_abort( operation );
+ psa_mac_abort( psa_operation );
return( status );
}
-psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
+psa_status_t psa_mac_verify_finish( psa_mac_operation_t *psa_operation,
const uint8_t *mac,
size_t mac_length )
{
+ /* Temporary recast to avoid changing a lot of lines */
+ mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
+
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
psa_status_t status;
@@ -2825,9 +2840,9 @@
cleanup:
if( status == PSA_SUCCESS )
- status = psa_mac_abort( operation );
+ status = psa_mac_abort( psa_operation );
else
- psa_mac_abort( operation );
+ psa_mac_abort( psa_operation );
mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 09f6319..32ea7f5 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1383,7 +1383,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_transparent_test_driver_mac_sign_setup(
- &operation->ctx.driver.transparent_test_driver_ctx,
+ &operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1397,7 +1397,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_sign_setup( &operation->ctx.driver.mbedtls_ctx,
+ status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1414,7 +1414,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_opaque_test_driver_mac_sign_setup(
- &operation->ctx.driver.opaque_test_driver_ctx,
+ &operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1454,7 +1454,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_transparent_test_driver_mac_verify_setup(
- &operation->ctx.driver.transparent_test_driver_ctx,
+ &operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1468,7 +1468,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_verify_setup( &operation->ctx.driver.mbedtls_ctx,
+ status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1485,7 +1485,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = mbedtls_opaque_test_driver_mac_sign_setup(
- &operation->ctx.driver.opaque_test_driver_ctx,
+ &operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1515,7 +1515,7 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_update( &operation->ctx.driver.mbedtls_ctx,
+ return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
input, input_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@@ -1523,12 +1523,12 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_mac_update(
- &operation->ctx.driver.transparent_test_driver_ctx,
+ &operation->ctx.transparent_test_driver_ctx,
input, input_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( mbedtls_opaque_test_driver_mac_update(
- &operation->ctx.driver.opaque_test_driver_ctx,
+ &operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -1549,7 +1549,7 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_sign_finish( &operation->ctx.driver.mbedtls_ctx,
+ return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
mac, mac_size, mac_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@@ -1557,12 +1557,12 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_mac_sign_finish(
- &operation->ctx.driver.transparent_test_driver_ctx,
+ &operation->ctx.transparent_test_driver_ctx,
mac, mac_size, mac_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( mbedtls_opaque_test_driver_mac_sign_finish(
- &operation->ctx.driver.opaque_test_driver_ctx,
+ &operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -1583,7 +1583,7 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_verify_finish( &operation->ctx.driver.mbedtls_ctx,
+ return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
mac, mac_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@@ -1591,12 +1591,12 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_mac_verify_finish(
- &operation->ctx.driver.transparent_test_driver_ctx,
+ &operation->ctx.transparent_test_driver_ctx,
mac, mac_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( mbedtls_opaque_test_driver_mac_verify_finish(
- &operation->ctx.driver.opaque_test_driver_ctx,
+ &operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -1615,7 +1615,7 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- status = mbedtls_psa_mac_abort( &operation->ctx.driver.mbedtls_ctx );
+ status = mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx );
break;
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
@@ -1623,11 +1623,11 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
status = mbedtls_transparent_test_driver_mac_abort(
- &operation->ctx.driver.transparent_test_driver_ctx );
+ &operation->ctx.transparent_test_driver_ctx );
break;
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
status = mbedtls_opaque_test_driver_mac_abort(
- &operation->ctx.driver.opaque_test_driver_ctx );
+ &operation->ctx.opaque_test_driver_ctx );
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */