diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c index 1ccb160b9e..4c2ad31d2b 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c @@ -1055,12 +1055,17 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator) /****************************************************************/ /* SYMMETRIC */ /****************************************************************/ -psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t key_handle, - psa_algorithm_t alg) +static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, + psa_key_handle_t key_handle, + psa_algorithm_t alg, + psa_sec_function_t func) { + if (operation->handle != PSA_NULL_HANDLE) { + return (PSA_ERROR_BAD_STATE); + } + psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_ENCRYPT_SETUP, + .func = func, .handle = key_handle, .alg = alg }; @@ -1072,6 +1077,17 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, return (status); } status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); + if (status != PSA_SUCCESS) { + ipc_close(&operation->handle); + } + return (status); +} + +psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, + psa_key_handle_t key_handle, + psa_algorithm_t alg) +{ + psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_ENCRYPT_SETUP); return (status); } @@ -1079,19 +1095,7 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_key_handle_t key_handle, psa_algorithm_t alg) { - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_DECRYPT_SETUP, - .handle = key_handle, - .alg = alg - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_connect(PSA_SYMMETRIC_ID, &operation->handle); - if (status != PSA_SUCCESS) { - return (status); - } - status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); + psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_DECRYPT_SETUP); return (status); } @@ -1114,6 +1118,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, }; psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, false); + if (status != PSA_SUCCESS) { + ipc_close(&operation->handle); + } return (status); } @@ -1133,6 +1140,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, }; psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); + if (status != PSA_SUCCESS) { + ipc_close(&operation->handle); + } return (status); } @@ -1160,6 +1170,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, }; psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false); + if (status != PSA_SUCCESS) { + ipc_close(&operation->handle); + } return (status); } diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c index 55c9ff5270..d7b6ab4b95 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c @@ -919,28 +919,30 @@ static void psa_symmetric_operation(void) switch (psa_crypto_ipc.func) { case PSA_CIPHER_ENCRYPT_SETUP: { - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, - msg.client_id)) { + if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { + status = psa_cipher_encrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg); + } else { status = PSA_ERROR_INVALID_HANDLE; - break; } - status = psa_cipher_encrypt_setup(msg.rhandle, - psa_crypto_ipc.handle, - psa_crypto_ipc.alg); + if (status != PSA_SUCCESS) { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); + } break; } case PSA_CIPHER_DECRYPT_SETUP: { - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, - msg.client_id)) { + if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { + status = psa_cipher_decrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg); + } else { status = PSA_ERROR_INVALID_HANDLE; - break; } - status = psa_cipher_decrypt_setup(msg.rhandle, - psa_crypto_ipc.handle, - psa_crypto_ipc.alg); + if (status != PSA_SUCCESS) { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); + } break; } @@ -955,6 +957,9 @@ static void psa_symmetric_operation(void) psa_write(msg.handle, 0, iv, iv_length); psa_write(msg.handle, 1, &iv_length, sizeof(iv_length)); + } else { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); } break; } @@ -968,7 +973,10 @@ static void psa_symmetric_operation(void) SPM_PANIC("SPM read length mismatch"); } status = psa_cipher_set_iv(msg.rhandle, iv, iv_length); - + if (status != PSA_SUCCESS) { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); + } break; } @@ -976,38 +984,35 @@ static void psa_symmetric_operation(void) size_t input_length = msg.in_size[1]; size_t output_size = msg.out_size[0]; size_t output_length = 0; - uint8_t *input; - unsigned char *output; + uint8_t *input = NULL; + unsigned char *output = NULL; input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - - bytes_read = psa_read(msg.handle, 1, input, - input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - mbedtls_free(input); + if (input == NULL || output == NULL) { + psa_cipher_abort(msg.rhandle); status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } + } else { + bytes_read = psa_read(msg.handle, 1, input, input_length); + if (bytes_read != input_length) { + SPM_PANIC("SPM read length mismatch"); + } + + status = psa_cipher_update(msg.rhandle, input, input_length, output, output_size, + &output_length); + if (status == PSA_SUCCESS) { + psa_write(msg.handle, 0, output, output_length); + psa_write(msg.handle, 1, &output_length, sizeof(output_length)); + } - status = psa_cipher_update(msg.rhandle, input, - input_length, output, output_size, &output_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, - &output_length, sizeof(output_length)); } mbedtls_free(input); mbedtls_free(output); + if (status != PSA_SUCCESS) { + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); + } break; } @@ -1018,23 +1023,26 @@ static void psa_symmetric_operation(void) output = mbedtls_calloc(1, output_size); if (output == NULL) { + psa_cipher_abort(msg.rhandle); status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; + } else { + status = psa_cipher_finish(msg.rhandle, output, output_size, &output_length); + if (status == PSA_SUCCESS) { + psa_write(msg.handle, 0, output, output_length); + psa_write(msg.handle, 1, &output_length, sizeof(output_length)); + } + mbedtls_free(output); } - status = psa_cipher_finish(msg.rhandle, output, - output_size, &output_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, - &output_length, sizeof(output_length)); - } - mbedtls_free(output); + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); break; } case PSA_CIPHER_ABORT: { status = psa_cipher_abort(msg.rhandle); + mbedtls_free(msg.rhandle); + psa_set_rhandle(msg.handle, NULL); break; } @@ -1048,8 +1056,8 @@ static void psa_symmetric_operation(void) } case PSA_IPC_DISCONNECT: { - psa_cipher_abort(msg.rhandle); if (msg.rhandle != NULL) { + psa_cipher_abort(msg.rhandle); mbedtls_free(msg.rhandle); }