From 449608bc610aa4c126f064b8cd6ac1339c6356dc Mon Sep 17 00:00:00 2001 From: Archana Date: Wed, 8 Sep 2021 15:36:05 +0530 Subject: [PATCH] Code style improvements Signed-off-by: Archana --- library/psa_crypto.c | 32 ++--- library/psa_crypto_core.h | 2 +- library/psa_crypto_driver_wrappers.c | 35 ++--- library/psa_crypto_driver_wrappers.h | 3 +- tests/include/test/drivers/key_management.h | 15 +-- .../src/drivers/test_driver_key_management.c | 127 +++++++++--------- 6 files changed, 107 insertions(+), 107 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ee1698341..b105890fb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -431,7 +431,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type, - size_t bits ) + size_t bits ) { /* Check that the bit size is acceptable for the key type */ switch( type ) @@ -558,7 +558,8 @@ psa_status_t psa_import_key_into_slot( { *bits = PSA_BYTES_TO_BITS( data_length ); - status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); + status = psa_validate_unstructured_key_bit_size( attributes->core.type, + *bits ); if( status != PSA_SUCCESS ) return( status ); @@ -1892,7 +1893,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, if( data_length == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - /* Ensure that the bytes-to-bits conversion hasn't overflown. */ + /* Ensure that the bytes-to-bits conversion cannot overflow. */ if( data_length > SIZE_MAX / 8 ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -1902,15 +1903,15 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, goto exit; /* In the case of a transparent key or an opaque key stored in local - * storage( thus not in the case of the old-style secure element interface - * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the - * imported key material. */ + * storage ( thus not in the case of importing a key in a secure element + * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a + * buffer to hold the imported key material. */ if( slot->key.data == NULL ) { if( psa_key_lifetime_is_external( attributes->core.lifetime ) ) { - status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data, - data_length , &storage_size ); + status = psa_driver_wrapper_get_key_buffer_size_from_key_data( + attributes, data, data_length, &storage_size ); if( status != PSA_SUCCESS ) goto exit; } @@ -2046,7 +2047,7 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, * If the source and target keys are stored across different locations, * the source key would need to be exported as plaintext and re-imported * in the other location. This has security implications which have not - * been fully mapped.For now, this can be acheived through + * been fully mapped. For now, this can be achieved through * appropriate API invocations from the application, if needed. * */ status = PSA_ERROR_NOT_SUPPORTED; @@ -2054,14 +2055,14 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, } /* * When the source and target keys are within the same location, - * - For transparent keys it is a blind copy sans any driver invocation, + * - For transparent keys it is a blind copy without any driver invocation, * - For opaque keys this translates to an invocation of the drivers' * copy_key entry point through the dispatch layer. * */ if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) ) { status = psa_driver_wrapper_get_key_buffer_size( &actual_attributes, - &storage_size ); + &storage_size ); if( status != PSA_SUCCESS ) goto exit; status = psa_allocate_buffer_to_slot( target_slot, storage_size ); @@ -4197,7 +4198,8 @@ static psa_status_t psa_generate_derived_key_internal( if( psa_key_lifetime_is_external( attributes.core.lifetime ) ) { - status = psa_driver_wrapper_get_key_buffer_size( &attributes, &storage_size ); + status = psa_driver_wrapper_get_key_buffer_size( &attributes, + &storage_size ); if( status != PSA_SUCCESS ) goto exit; } @@ -5193,9 +5195,9 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, goto exit; /* In the case of a transparent key or an opaque key stored in local - * storage( thus not in the case of the old-style secure element interface - * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the - * imported key material. */ + * storage ( thus not in the case of generating a key in a secure element + * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a + * buffer to hold the generated key material. */ if( slot->key.data == NULL ) { if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 4a3fa5079..8c91b04d0 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -546,5 +546,5 @@ psa_status_t psa_verify_hash_builtin( * the two is not supported. */ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type, - size_t bits ); + size_t bits ); #endif /* PSA_CRYPTO_CORE_H */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 1597b00d0..00c17063a 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -380,10 +380,9 @@ psa_status_t psa_driver_wrapper_verify_hash( } } -/** calculate the key buffer size required to store the key material of a key +/** Calculate the key buffer size required to store the key material of a key * associated with an opaque driver from input key data. * - * * \param[in] attributes The key attributes * \param[in] data The input key data. * \param[in] data_length The input data length. @@ -399,7 +398,8 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( size_t data_length, size_t *key_buffer_size ) { - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); psa_key_type_t key_type = attributes->core.type; *key_buffer_size = 0; @@ -459,7 +459,8 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( return( PSA_SUCCESS ); } #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - *key_buffer_size = mbedtls_test_opaque_size_function( key_type, key_bits ); + *key_buffer_size = mbedtls_test_opaque_size_function( key_type, + key_bits ); return( ( *key_buffer_size != 0 ) ? PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -785,20 +786,12 @@ psa_status_t psa_driver_wrapper_get_builtin_key( psa_status_t psa_driver_wrapper_copy_key( psa_key_attributes_t *attributes, const uint8_t *source_key, size_t source_key_size, - uint8_t *target_key_buffer, size_t target_buffer_size, size_t *key_length ) + uint8_t *target_key_buffer, size_t target_key_buffer_size, + size_t *target_key_buffer_length ) { - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; - - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - /* Copying to a secure element is not implemented yet. */ - return( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) { @@ -808,16 +801,16 @@ psa_status_t psa_driver_wrapper_copy_key( return( mbedtls_test_opaque_copy_key( attributes, source_key, source_key_size, target_key_buffer, - target_buffer_size, - key_length ) ); + target_key_buffer_size, + target_key_buffer_length) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)source_key; (void)source_key_size; (void)target_key_buffer; - (void)target_buffer_size; - (void)key_length; + (void)target_key_buffer_size; + (void)target_key_buffer_length; status = PSA_ERROR_INVALID_ARGUMENT; } return( status ); diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 7c45fbfce..c186228fa 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -103,7 +103,8 @@ psa_status_t psa_driver_wrapper_get_builtin_key( psa_status_t psa_driver_wrapper_copy_key( psa_key_attributes_t *attributes, const uint8_t *source_key, size_t source_key_size, - uint8_t *target_key_buffer, size_t target_buffer_size, size_t *key_length ); + uint8_t *target_key_buffer, size_t target_key_buffer_size, + size_t *target_key_buffer_length ); /* * Cipher functions */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index ed0b5ebbc..16ee0b216 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -51,19 +51,18 @@ static inline mbedtls_test_driver_key_management_hooks_t /* * In order to convert the plain text keys to Opaque, the size of the key is - * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to xor mangling - * the key. The pad prefix needs to be accounted for while sizing for the key. + * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to + * xor mangling the key. The pad prefix needs to be accounted for while + * sizing for the key. */ #define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U -#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) - -size_t mbedtls_test_opaque_get_base_size(); +#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \ + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) size_t mbedtls_test_opaque_size_function( const psa_key_type_t key_type, const size_t key_bits ); - extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; @@ -118,8 +117,8 @@ psa_status_t mbedtls_test_opaque_copy_key( const uint8_t *source_key, size_t source_key_size, uint8_t *target_key_buffer, - size_t target_buffer_size, - size_t *key_length ); + size_t target_key_buffer_size, + size_t *target_key_buffer_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index fec0a3e48..2683edcd8 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -58,11 +58,13 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = /* - * This macro returns the base size for the key context when SE does not support storage. - * It is the size of the metadata that gets added to the wrapped key. - * In its test functionality the metadata is just some padded prefixing to the key. + * This macro returns the base size for the key context when SE does not + * support storage. It is the size of the metadata that gets added to the + * wrapped key. In its test functionality the metadata is just some padded + * prefixing to the key. */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE size_t mbedtls_test_opaque_size_function( @@ -80,62 +82,70 @@ size_t mbedtls_test_opaque_size_function( return( key_buffer_size ); } -size_t mbedtls_test_opaque_get_base_size() +static size_t mbedtls_test_opaque_get_base_size() { return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; } /* - * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the clear key. - * It expects the clear and wrap buffers to be passed in. - * key_buffer_size is the size of the clear key to be wrapped. - * wrap_buffer_size is the size of the output buffer wrap_key. - * The argument key_buffer_length is filled with the wrapped key_size on success. + * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the + * clear key. It expects the clear and wrap buffers to be passed in. + * key_length is the size of the clear key to be wrapped. + * wrapped_key_buffer_size is the size of the output buffer wrap_key. + * The argument wrapped_key_buffer_length is filled with the wrapped + * key_size on success. * */ static psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *wrap_key, - size_t wrap_buffer_size, - size_t *key_buffer_length ) + const uint8_t *key, + size_t key_length, + uint8_t *wrapped_key_buffer, + size_t wrapped_key_buffer_size, + size_t *wrapped_key_buffer_length ) { - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; - if( key_buffer_size + opaque_key_base_size > wrap_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - /* Write in the opaque pad prefix */ - memcpy( wrap_key, &prefix, opaque_key_base_size); - wrap_key += opaque_key_base_size; - *key_buffer_length = key_buffer_size + opaque_key_base_size; - while( key_buffer_size-- ) - wrap_key[key_buffer_size] = key_buffer[key_buffer_size] ^ 0xFF; - return( PSA_SUCCESS ); + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; + + if( key_length + opaque_key_base_size > wrapped_key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + /* Write in the opaque pad prefix */ + memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size); + wrapped_key_buffer += opaque_key_base_size; + *wrapped_key_buffer_length = key_length + opaque_key_base_size; + + while( key_length-- ) + wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; + return( PSA_SUCCESS ); } /* - * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix and unwraps - * the wrapped key. It expects the clear and wrap buffers to be passed in. - * wrapped_key_buffer_size is the size of the wrapped key, + * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix + * and unwraps the wrapped key. It expects the clear and wrap buffers to be + * passed in. + * wrapped_key_length is the size of the wrapped key, * key_buffer_size is the size of the output buffer clear_key. - * The argument key_buffer_length is filled with the unwrapped(clear) key_size on success. + * The argument key_buffer_length is filled with the unwrapped(clear) + * key_size on success. * */ static psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, - size_t wrapped_key_buffer_size, + size_t wrapped_key_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { - /* Remove the pad prefis from the wrapped key */ - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - size_t clear_key_size = wrapped_key_buffer_size - opaque_key_base_size; - wrapped_key += opaque_key_base_size; - if( clear_key_size > key_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - *key_buffer_length = clear_key_size; - while( clear_key_size-- ) - key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; - return( PSA_SUCCESS ); + /* Remove the pad prefix from the wrapped key */ + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + size_t clear_key_size = wrapped_key_length - opaque_key_base_size; + + wrapped_key += opaque_key_base_size; + if( clear_key_size > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + *key_buffer_length = clear_key_size; + while( clear_key_size-- ) + key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; + return( PSA_SUCCESS ); } psa_status_t mbedtls_test_transparent_generate_key( @@ -257,21 +267,22 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *key_buffer_length, size_t *bits) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); - /* This buffer will be used as an intermediate placeholder for the clear - * key till we wrap it */ + /* This buffer will be used as an intermediate placeholder for + * the clear key till we wrap it */ uint8_t *key_buffer_temp; - key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); - if( !key_buffer_temp ) + key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); + if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) { *bits = PSA_BYTES_TO_BITS( data_length ); - status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); + status = psa_validate_unstructured_key_bit_size( attributes->core.type, + *bits ); if( status != PSA_SUCCESS ) goto exit; @@ -311,13 +322,6 @@ psa_status_t mbedtls_test_opaque_import_key( #endif { status = PSA_ERROR_INVALID_ARGUMENT; - (void)data; - (void)data_length; - (void)key_buffer; - (void)key_buffer_size; - (void)key_buffer_length; - (void)bits; - (void)type; goto exit; } status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, @@ -389,10 +393,10 @@ psa_status_t mbedtls_test_opaque_export_key( } else { - /* This buffer will be used as an intermediate placeholder for the opaque key - * till we unwrap the key into key_buffer */ + /* This buffer will be used as an intermediate placeholder for + * the opaque key till we unwrap the key into key_buffer */ uint8_t *key_buffer_temp; - size_t status = PSA_ERROR_BUFFER_TOO_SMALL; + size_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) || @@ -400,7 +404,7 @@ psa_status_t mbedtls_test_opaque_export_key( PSA_KEY_TYPE_IS_ECC( type ) ) { key_buffer_temp = mbedtls_calloc( 1, key_length ); - if( !key_buffer_temp ) + if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); memcpy( key_buffer_temp, key, key_length ); status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length, @@ -475,12 +479,14 @@ psa_status_t mbedtls_test_opaque_export_public_key( { if( key_length != sizeof( psa_drv_slot_number_t ) ) { - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t key_type = psa_get_key_type( attributes ); uint8_t *key_buffer_temp; + key_buffer_temp = mbedtls_calloc( 1, key_length ); - if( !key_buffer_temp ) + if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) @@ -512,7 +518,6 @@ psa_status_t mbedtls_test_opaque_export_public_key( { status = PSA_ERROR_NOT_SUPPORTED; (void)key; - (void)key_length; (void)key_type; } mbedtls_free( key_buffer_temp );