diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0d309c00b..0761978f7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -286,41 +286,6 @@ static psa_status_t mbedtls_to_psa_error( int ret ) } } -static void psa_operation_init(void *operation, - psa_algorithm_t alg) -{ - if( PSA_ALG_IS_MAC(alg) ) - { - if ( ((psa_mac_operation_t*)operation)->alg != 0 ) //restart - { - ((psa_mac_operation_t*)operation)->alg = 0; - ((psa_mac_operation_t*)operation)->iv_required = 0; - } - else - { - ((psa_mac_operation_t*)operation)->alg = alg; - ((psa_mac_operation_t*)operation)->iv_required = 1; - } - - ((psa_mac_operation_t*)operation)->key_set = 0; - ((psa_mac_operation_t*)operation)->iv_set = 0; - ((psa_mac_operation_t*)operation)->has_input = 0; - ((psa_mac_operation_t*)operation)->mac_size = 0; - } - else if( PSA_ALG_IS_CIPHER(alg) ) - { - if ( ((psa_cipher_operation_t*)operation)->alg != 0 ) //restart - ((psa_cipher_operation_t*)operation)->alg = 0; - else - ((psa_cipher_operation_t*)operation)->alg = alg; - - ((psa_cipher_operation_t*)operation)->key_set = 0; - ((psa_cipher_operation_t*)operation)->iv_set = 0; - ((psa_cipher_operation_t*)operation)->iv_size = 0; - ((psa_cipher_operation_t*)operation)->block_size = 0; - } -} - /****************************************************************/ /* Key management */ /****************************************************************/ @@ -992,7 +957,13 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) #endif /* MBEDTLS_MD_C */ return( PSA_ERROR_NOT_SUPPORTED ); } - psa_operation_init(operation, 0); + + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 0; + operation->has_input = 0; + return( PSA_SUCCESS ); } @@ -1007,7 +978,11 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; - psa_operation_init(operation, alg); + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 1; + operation->has_input = 0; status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1333,7 +1308,11 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, psa_algorithm_t padding_mode = PSA_ALG_BLOCK_CIPHER_PAD_NONE; mbedtls_cipher_padding_t mode = MBEDTLS_PADDING_NONE; - psa_operation_init(operation, alg); + operation->alg = alg; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_size = 0; + operation->block_size = 0; status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1348,7 +1327,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, mbedtls_cipher_init( &operation->ctx.cipher ); ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); - if (ret != 0) + if( ret != 0 ) { psa_cipher_abort( operation ); return( mbedtls_to_psa_error( ret ) ); @@ -1356,14 +1335,14 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, ret = mbedtls_cipher_setkey( &operation->ctx.cipher, slot->data.raw.data, key_bits, cipher_operation ); - if (ret != 0) + if( ret != 0 ) { psa_cipher_abort( operation ); return( mbedtls_to_psa_error( ret ) ); } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - if (( alg & PSA_ALG_CBC_BASE) == PSA_ALG_CBC_BASE) + if( ( alg & PSA_ALG_CBC_BASE) == PSA_ALG_CBC_BASE ) { padding_mode = alg & PSA_ALG_BLOCK_CIPHER_PADDING_MASK; @@ -1376,10 +1355,10 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, mode = MBEDTLS_PADDING_NONE; break; default: - return ( PSA_ERROR_INVALID_PADDING ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, mode ); - if (ret != 0) + if( ret != 0 ) return( mbedtls_to_psa_error( ret ) ); } #endif //MBEDTLS_CIPHER_MODE_WITH_PADDING @@ -1387,9 +1366,9 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, operation->key_set = 1; operation->alg = alg; operation->block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type); - if ( PSA_ALG_IS_BLOCK_CIPHER(alg) ) + if( PSA_ALG_IS_BLOCK_CIPHER( alg ) || ( alg == PSA_ALG_CTR ) ) { - operation->iv_size = operation->block_size; + operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type); } return ( PSA_SUCCESS ); @@ -1414,28 +1393,39 @@ psa_status_t psa_encrypt_generate_iv(psa_cipher_operation_t *operation, size_t iv_size, size_t *iv_length) { - int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - if (iv_size < operation->iv_size) - return ( PSA_ERROR_BUFFER_TOO_SMALL ); - - ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, iv, operation->iv_size); - if (ret != 0) + int ret = PSA_SUCCESS; + if( operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + if( iv_size < operation->iv_size ) { - return( mbedtls_to_psa_error( ret ) ); + ret = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, iv, operation->iv_size); + if( ret != 0 ) + { + ret = mbedtls_to_psa_error( ret ); + goto exit; } *iv_length = operation->iv_size; - return psa_encrypt_set_iv( operation, iv, *iv_length); + ret = psa_encrypt_set_iv( operation, iv, *iv_length); + + exit: + if( ret != PSA_SUCCESS) + psa_cipher_abort( operation ); + return( ret ); } psa_status_t psa_encrypt_set_iv(psa_cipher_operation_t *operation, const unsigned char *iv, size_t iv_length) { - int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - + int ret = PSA_SUCCESS; + if( operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); - if (ret != 0) + if( ret != 0 ) { psa_cipher_abort( operation ); return( mbedtls_to_psa_error( ret ) ); @@ -1455,12 +1445,12 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, { int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - if ( output_size < input_length ) + if( output_size < input_length ) return ( PSA_ERROR_BUFFER_TOO_SMALL ); ret = mbedtls_cipher_update( &operation->ctx.cipher, input, input_length, output, output_length ); - if (ret != 0) + if( ret != 0 ) { psa_cipher_abort( operation ); return( mbedtls_to_psa_error( ret ) ); @@ -1482,7 +1472,7 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, ret = mbedtls_cipher_finish( &operation->ctx.cipher, output, output_length ); - if (ret != 0) + if( ret != 0 ) { psa_cipher_abort( operation ); return( mbedtls_to_psa_error( ret ) ); @@ -1495,8 +1485,12 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) { mbedtls_cipher_free( &operation->ctx.cipher ); - psa_operation_init(operation, 0); - + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_size = 0; + operation->block_size = 0; + return ( PSA_SUCCESS ); }