ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix crypto service abort functionality - cipher 

Also refactor cipher setup function to one common function.
pull/10469/head
itayzafrir 2019-03-20 17:33:23 +02:00 committed by adbridge
parent 805f35f145
commit 3233820b83
2 changed files with 84 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c
View File

@ -1055,12 +1055,17 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
/****************************************************************/ /****************************************************************/
/* SYMMETRIC */ /* SYMMETRIC */
/****************************************************************/ /****************************************************************/
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
psa_key_handle_t key_handle, psa_key_handle_t key_handle,
psa_algorithm_t alg) psa_algorithm_t alg,
psa_sec_function_t func)
{ {
if (operation->handle != PSA_NULL_HANDLE) {
return (PSA_ERROR_BAD_STATE);
}
psa_crypto_ipc_t psa_crypto_ipc = { psa_crypto_ipc_t psa_crypto_ipc = {
.func = PSA_CIPHER_ENCRYPT_SETUP, .func = func,
.handle = key_handle, .handle = key_handle,
.alg = alg .alg = alg
}; };
@ -1072,6 +1077,17 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
return (status); return (status);
} }
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
if (status != PSA_SUCCESS) {
ipc_close(&operation->handle);
}
return (status);
}
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
psa_key_handle_t key_handle,
psa_algorithm_t alg)
{
psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_ENCRYPT_SETUP);
return (status); return (status);
} }
@ -1079,19 +1095,7 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
psa_key_handle_t key_handle, psa_key_handle_t key_handle,
psa_algorithm_t alg) psa_algorithm_t alg)
{ {
psa_crypto_ipc_t psa_crypto_ipc = { psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_DECRYPT_SETUP);
.func = PSA_CIPHER_DECRYPT_SETUP,
.handle = key_handle,
.alg = alg
};
psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) };
psa_status_t status = ipc_connect(PSA_SYMMETRIC_ID, &operation->handle);
if (status != PSA_SUCCESS) {
return (status);
}
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
return (status); return (status);
} }
@ -1114,6 +1118,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
}; };
psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, false); psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, false);
if (status != PSA_SUCCESS) {
ipc_close(&operation->handle);
}
return (status); return (status);
} }
@ -1133,6 +1140,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
}; };
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false);
if (status != PSA_SUCCESS) {
ipc_close(&operation->handle);
}
return (status); return (status);
} }
@ -1160,6 +1170,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
}; };
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false); psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false);
if (status != PSA_SUCCESS) {
ipc_close(&operation->handle);
}
return (status); return (status);
} }

100
components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c
View File

@ -919,28 +919,30 @@ static void psa_symmetric_operation(void)
switch (psa_crypto_ipc.func) { switch (psa_crypto_ipc.func) {
case PSA_CIPHER_ENCRYPT_SETUP: { case PSA_CIPHER_ENCRYPT_SETUP: {
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) {
msg.client_id)) { status = psa_cipher_encrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg);
} else {
status = PSA_ERROR_INVALID_HANDLE; status = PSA_ERROR_INVALID_HANDLE;
break;
} }
status = psa_cipher_encrypt_setup(msg.rhandle, if (status != PSA_SUCCESS) {
psa_crypto_ipc.handle, mbedtls_free(msg.rhandle);
psa_crypto_ipc.alg); psa_set_rhandle(msg.handle, NULL);
}
break; break;
} }
case PSA_CIPHER_DECRYPT_SETUP: { case PSA_CIPHER_DECRYPT_SETUP: {
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) {
msg.client_id)) { status = psa_cipher_decrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg);
} else {
status = PSA_ERROR_INVALID_HANDLE; status = PSA_ERROR_INVALID_HANDLE;
break;
} }
status = psa_cipher_decrypt_setup(msg.rhandle, if (status != PSA_SUCCESS) {
psa_crypto_ipc.handle, mbedtls_free(msg.rhandle);
psa_crypto_ipc.alg); psa_set_rhandle(msg.handle, NULL);
}
break; break;
} }
@ -955,6 +957,9 @@ static void psa_symmetric_operation(void)
psa_write(msg.handle, 0, iv, iv_length); psa_write(msg.handle, 0, iv, iv_length);
psa_write(msg.handle, 1, &iv_length, psa_write(msg.handle, 1, &iv_length,
sizeof(iv_length)); sizeof(iv_length));
} else {
mbedtls_free(msg.rhandle);
psa_set_rhandle(msg.handle, NULL);
} }
break; break;
} }
@ -968,7 +973,10 @@ static void psa_symmetric_operation(void)
SPM_PANIC("SPM read length mismatch"); SPM_PANIC("SPM read length mismatch");
} }
status = psa_cipher_set_iv(msg.rhandle, iv, iv_length); status = psa_cipher_set_iv(msg.rhandle, iv, iv_length);
if (status != PSA_SUCCESS) {
mbedtls_free(msg.rhandle);
psa_set_rhandle(msg.handle, NULL);
}
break; break;
} }
@ -976,38 +984,35 @@ static void psa_symmetric_operation(void)
size_t input_length = msg.in_size[1]; size_t input_length = msg.in_size[1];
size_t output_size = msg.out_size[0]; size_t output_size = msg.out_size[0];
size_t output_length = 0; size_t output_length = 0;
uint8_t *input; uint8_t *input = NULL;
unsigned char *output; unsigned char *output = NULL;
input = mbedtls_calloc(1, input_length); input = mbedtls_calloc(1, input_length);
if (input == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
break;
}
bytes_read = psa_read(msg.handle, 1, input,
input_length);
if (bytes_read != input_length) {
SPM_PANIC("SPM read length mismatch");
}
output = mbedtls_calloc(1, output_size); output = mbedtls_calloc(1, output_size);
if (output == NULL) { if (input == NULL || output == NULL) {
mbedtls_free(input); psa_cipher_abort(msg.rhandle);
status = PSA_ERROR_INSUFFICIENT_MEMORY; status = PSA_ERROR_INSUFFICIENT_MEMORY;
break; } else {
} bytes_read = psa_read(msg.handle, 1, input, input_length);
if (bytes_read != input_length) {
SPM_PANIC("SPM read length mismatch");
}
status = psa_cipher_update(msg.rhandle, input, input_length, output, output_size,
&output_length);
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, output, output_length);
psa_write(msg.handle, 1, &output_length, sizeof(output_length));
}
status = psa_cipher_update(msg.rhandle, input,
input_length, output, output_size, &output_length);
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, output, output_length);
psa_write(msg.handle, 1,
&output_length, sizeof(output_length));
} }
mbedtls_free(input); mbedtls_free(input);
mbedtls_free(output); mbedtls_free(output);
if (status != PSA_SUCCESS) {
mbedtls_free(msg.rhandle);
psa_set_rhandle(msg.handle, NULL);
}
break; break;
} }
@ -1018,23 +1023,26 @@ static void psa_symmetric_operation(void)
output = mbedtls_calloc(1, output_size); output = mbedtls_calloc(1, output_size);
if (output == NULL) { if (output == NULL) {
psa_cipher_abort(msg.rhandle);
status = PSA_ERROR_INSUFFICIENT_MEMORY; status = PSA_ERROR_INSUFFICIENT_MEMORY;
break; } else {
status = psa_cipher_finish(msg.rhandle, output, output_size, &output_length);
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, output, output_length);
psa_write(msg.handle, 1, &output_length, sizeof(output_length));
}
mbedtls_free(output);
} }
status = psa_cipher_finish(msg.rhandle, output, mbedtls_free(msg.rhandle);
output_size, &output_length); psa_set_rhandle(msg.handle, NULL);
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, output, output_length);
psa_write(msg.handle, 1,
&output_length, sizeof(output_length));
}
mbedtls_free(output);
break; break;
} }
case PSA_CIPHER_ABORT: { case PSA_CIPHER_ABORT: {
status = psa_cipher_abort(msg.rhandle); status = psa_cipher_abort(msg.rhandle);
mbedtls_free(msg.rhandle);
psa_set_rhandle(msg.handle, NULL);
break; break;
} }
@ -1048,8 +1056,8 @@ static void psa_symmetric_operation(void)
} }
case PSA_IPC_DISCONNECT: { case PSA_IPC_DISCONNECT: {
psa_cipher_abort(msg.rhandle);
if (msg.rhandle != NULL) { if (msg.rhandle != NULL) {
psa_cipher_abort(msg.rhandle);
mbedtls_free(msg.rhandle); mbedtls_free(msg.rhandle);
} }