Migrate MAC update call into the software driver

Step 2/x in moving the driver. Separate commits should make for easier review. Additional changes on top of code movement: * Early-return success on input with zero-length to mac_update, to avoid NULL pointers getting passed into the driver dispatch Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-19 18:38:46 +01:00 · 2021-03-19 18:38:46 +01:00 · 6e7f291bb5
commit 6e7f291bb5
parent e680419791
2 changed files with 38 additions and 37 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2354,45 +2354,23 @@ psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
    return( psa_mac_setup( operation, key, alg, 0 ) );
 }

-psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation,
+psa_status_t psa_mac_update( psa_mac_operation_t *operation,
                             const uint8_t *input,
                             size_t input_length )
 {
-    /* Temporary recast to avoid changing a lot of lines */
-    mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
-
-    psa_status_t status = PSA_ERROR_BAD_STATE;
-    if( ! operation->key_set )
+    if( operation->id == 0 )
        return( PSA_ERROR_BAD_STATE );
-    if( operation->iv_required && ! operation->iv_set )
-        return( PSA_ERROR_BAD_STATE );
-    operation->has_input = 1;

-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( operation->alg == PSA_ALG_CMAC )
-    {
-        int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
-                                              input, input_length );
-        status = mbedtls_to_psa_error( ret );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
-                                  input_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-    {
-        /* This shouldn't happen if `operation` was initialized by
-         * a setup function. */
-        return( PSA_ERROR_BAD_STATE );
-    }
+    /* Don't require hash implementations to behave correctly on a
+     * zero-length input, which may have an invalid pointer. */
+    if( input_length == 0 )
+        return( PSA_SUCCESS );

+    psa_status_t status = psa_driver_wrapper_mac_update( operation,
+                                                         input, input_length );
    if( status != PSA_SUCCESS )
-        psa_mac_abort( psa_operation );
+        psa_mac_abort( operation );
+
    return( status );
 }

--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@ -427,11 +427,34 @@ static psa_status_t mac_update(
    const uint8_t *input,
    size_t input_length )
 {
-    /* To be fleshed out in a subsequent commit */
-    (void) operation;
-    (void) input;
-    (void) input_length;
-    return( PSA_ERROR_NOT_SUPPORTED );
+    if( ! operation->key_set )
+        return( PSA_ERROR_BAD_STATE );
+    if( operation->iv_required && ! operation->iv_set )
+        return( PSA_ERROR_BAD_STATE );
+    operation->has_input = 1;
+
+#if defined(BUILTIN_ALG_CMAC)
+    if( operation->alg == PSA_ALG_CMAC )
+    {
+        return( mbedtls_to_psa_error(
+                    mbedtls_cipher_cmac_update( &operation->ctx.cmac,
+                                                input, input_length ) ) );
+    }
+    else
+#endif /* BUILTIN_ALG_CMAC */
+#if defined(BUILTIN_ALG_HMAC)
+    if( PSA_ALG_IS_HMAC( operation->alg ) )
+    {
+        return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
+                                 input_length ) );
+    }
+    else
+#endif /* BUILTIN_ALG_HMAC */
+    {
+        /* This shouldn't happen if `operation` was initialized by
+         * a setup function. */
+        return( PSA_ERROR_BAD_STATE );
+    }
 }

 static psa_status_t mac_sign_finish(