Add utility function to check for drivers init

This will be used in the next commit. While at it, move driver initialization before RNG init - this will be handy when the entropy module wants to use drivers for hashes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-09 11:17:43 +01:00 · 2023-03-09 11:17:43 +01:00 · 7abdf7eee5
commit 7abdf7eee5
parent d8ea37f1a3
4 changed files with 44 additions and 6 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -111,6 +111,7 @@ static int key_type_is_raw_bytes(psa_key_type_t type)
 typedef struct {
    unsigned initialized : 1;
    unsigned rng_state : 2;
+    unsigned drivers_initialized : 1;
    mbedtls_psa_random_context_t rng;
 } psa_global_data_t;

@ -125,6 +126,12 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
    if (global_data.initialized == 0)  \
    return PSA_ERROR_BAD_STATE;

+int psa_can_do_hash(psa_algorithm_t hash_alg)
+{
+    (void) hash_alg;
+    return global_data.drivers_initialized;
+}
+
 psa_status_t mbedtls_to_psa_error(int ret)
 {
    /* Mbed TLS error codes can combine a high-level error code and a
@ -7124,6 +7131,13 @@ psa_status_t psa_crypto_init(void)
        return PSA_SUCCESS;
    }

+    /* Init drivers */
+    status = psa_driver_wrapper_init();
+    if (status != PSA_SUCCESS) {
+        goto exit;
+    }
+    global_data.drivers_initialized = 1;
+
    /* Initialize and seed the random generator. */
    mbedtls_psa_random_init(&global_data.rng);
    global_data.rng_state = RNG_INITIALIZED;
@ -7138,12 +7152,6 @@ psa_status_t psa_crypto_init(void)
        goto exit;
    }

-    /* Init drivers */
-    status = psa_driver_wrapper_init();
-    if (status != PSA_SUCCESS) {
-        goto exit;
-    }
-
 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
    status = psa_crypto_load_transaction();
    if (status == PSA_SUCCESS) {
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@ -26,6 +26,18 @@
 #include "psa/crypto.h"
 #include "psa/crypto_se_driver.h"

+/**
+ * Tell if PSA is ready for this hash.
+ *
+ * \note            For now, only checks the state of the driver subsystem,
+ *                  not the algorithm. Might do more in the future.
+ *
+ * \param hash_alg  The hash algorithm (ignored for now).
+ *
+ * \return 1 if the driver subsytem is ready, 0 otherwise.
+ */
+int psa_can_do_hash(psa_algorithm_t hash_alg);
+
 /** Constant-time buffer comparison
 *
 * \param[in]  a    Left-hand buffer for comparison.
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@ -1,3 +1,6 @@
+PSA can_do_hash
+psa_can_do_hash:
+
 PSA compile-time sanity checks
 static_checks:

--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -13,6 +13,9 @@
 #include "psa/crypto.h"
 #include "psa_crypto_slot_management.h"

+/* For psa_can_do_hash() */
+#include "psa_crypto_core.h"
+
 #include "test/asn1_helpers.h"
 #include "test/psa_crypto_helpers.h"
 #include "test/psa_exercise_key.h"
@ -1255,6 +1258,18 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops,
 * END_DEPENDENCIES
 */

+/* BEGIN_CASE */
+void psa_can_do_hash()
+{
+    /* We can't test that this is specific to drivers until partial init has
+     * been implemented, but we can at least test before/after full init. */
+    TEST_EQUAL(0, psa_can_do_hash(PSA_ALG_NONE));
+    PSA_INIT();
+    TEST_EQUAL(1, psa_can_do_hash(PSA_ALG_NONE));
+    PSA_DONE();
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void static_checks()
 {