Crypto: Make operations inactive as per PSA API
Updates the cipher, hash and MAC modules to make operations inactive
when required by the PSA Crypto API.
Change-Id: I008b70c86aa410a1b9adefca5c3b8734d7521fb6
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c
index a13a00b..45a7eae 100644
--- a/secure_fw/services/crypto/crypto_mac.c
+++ b/secure_fw/services/crypto/crypto_mac.c
@@ -122,7 +122,6 @@
&key_data[0],
key_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- tfm_crypto_hash_abort(&(ctx->ctx.hmac.hash_operation));
return err;
}
@@ -131,7 +130,6 @@
hashed_key, sizeof(hashed_key),
&key_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- tfm_crypto_hash_abort(&(ctx->ctx.hmac.hash_operation));
return err;
}
} else {
@@ -168,7 +166,6 @@
ipad,
block_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
- tfm_crypto_hash_abort(&(ctx->ctx.hmac.hash_operation));
return err;
}
@@ -209,7 +206,7 @@
(void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
/* Release the operation context */
- tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
@@ -229,7 +226,7 @@
err = tfm_crypto_hmac_setup(ctx, key, alg);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
/* Release the operation context */
- tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
@@ -237,7 +234,7 @@
} else {
/* Other MAC types constructions are not supported */
/* Release the operation context */
- tfm_crypto_operation_release(&(operation->handle));
+ (void)tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
@@ -318,9 +315,6 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
- /* Clear the mac context */
- mac_zeroize(ctx, sizeof(struct tfm_mac_operation_s));
-
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
@@ -382,6 +376,7 @@
/* Sanity check */
if (!(ctx->key_set)) {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -391,12 +386,14 @@
input,
input_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
/* Set this flag to avoid HMAC without data */
ctx->has_input = 1;
} else {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
@@ -449,6 +446,7 @@
/* Finalise the mac operation */
err = tfm_crypto_mac_finish(ctx, mac, mac_size, mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
/* Release the operation context */
@@ -457,6 +455,7 @@
return err;
}
} else {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -509,6 +508,7 @@
sizeof(computed_mac),
&computed_mac_length);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return err;
}
/* Release the operation context */
@@ -532,6 +532,7 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_SIGNATURE;
}
} else {
+ (void)tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
@@ -570,7 +571,10 @@
}
/* Release the operation context */
- tfm_crypto_operation_release(&(operation->handle));
+ err = tfm_crypto_operation_release(&(operation->handle));
+ if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ return err;
+ }
} else {
/* MACs other than HMACs not currently supported */
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;