Migrate MAC update call into the software driver

Step 2/x in moving the driver. Separate commits should make for easier review. Additional changes on top of code movement: * Early-return success on input with zero-length to mac_update, to avoid NULL pointers getting passed into the driver dispatch Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-19 18:38:46 +01:00 · 2021-03-19 18:38:46 +01:00 · 6e7f291bb5
commit 6e7f291bb5
parent e680419791
2 changed files with 38 additions and 37 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2354,45 +2354,23 @@ psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
    return( psa_mac_setup( operation, key, alg, 0 ) );
 }
-psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation,
+psa_status_t psa_mac_update( psa_mac_operation_t *operation,
                             const uint8_t *input,
                             size_t input_length )
 {
-    /* Temporary recast to avoid changing a lot of lines */
+    if( operation->id == 0 )
    mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx;
    psa_status_t status = PSA_ERROR_BAD_STATE;
    if( ! operation->key_set )
        return( PSA_ERROR_BAD_STATE );
    if( operation->iv_required && ! operation->iv_set )
        return( PSA_ERROR_BAD_STATE );
    operation->has_input = 1;
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
+    /* Don't require hash implementations to behave correctly on a
-    if( operation->alg == PSA_ALG_CMAC )
+     * zero-length input, which may have an invalid pointer. */
-    {
+    if( input_length == 0 )
-        int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
+        return( PSA_SUCCESS );
    psa_status_t status = psa_driver_wrapper_mac_update( operation,
                                                         input, input_length );
        status = mbedtls_to_psa_error( ret );
    }
    else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
    if( PSA_ALG_IS_HMAC( operation->alg ) )
    {
        status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
                                  input_length );
    }
    else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
    {
        /* This shouldn't happen if `operation` was initialized by
         * a setup function. */
        return( PSA_ERROR_BAD_STATE );
    }
    if( status != PSA_SUCCESS )
-        psa_mac_abort( psa_operation );
+        psa_mac_abort( operation );
    return( status );
 }
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@ -427,11 +427,34 @@ static psa_status_t mac_update(
    const uint8_t *input,
    size_t input_length )
 {
-    /* To be fleshed out in a subsequent commit */
+    if( ! operation->key_set )
-    (void) operation;
+        return( PSA_ERROR_BAD_STATE );
-    (void) input;
+    if( operation->iv_required && ! operation->iv_set )
-    (void) input_length;
+        return( PSA_ERROR_BAD_STATE );
-    return( PSA_ERROR_NOT_SUPPORTED );
+    operation->has_input = 1;
 #if defined(BUILTIN_ALG_CMAC)
    if( operation->alg == PSA_ALG_CMAC )
    {
        return( mbedtls_to_psa_error(
                    mbedtls_cipher_cmac_update( &operation->ctx.cmac,
                                                input, input_length ) ) );
    }
    else
 #endif /* BUILTIN_ALG_CMAC */
 #if defined(BUILTIN_ALG_HMAC)
    if( PSA_ALG_IS_HMAC( operation->alg ) )
    {
        return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
                                 input_length ) );
    }
    else
 #endif /* BUILTIN_ALG_HMAC */
    {
        /* This shouldn't happen if `operation` was initialized by
         * a setup function. */
        return( PSA_ERROR_BAD_STATE );
    }
 }
 static psa_status_t mac_sign_finish(