yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use enum for slot state in PSA-based cipher context

Browse source
This commit is contained in:
Hanno Becker 2018-11-17 22:11:16 +00:00
parent 8d88a6e20d
commit ce61a32e6a
2 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
include/mbedtls/cipher_internal.h
View file

@ -119,14 +119,26 @@ typedef struct
} mbedtls_cipher_definition_t; } mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef enum
{
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts
* which use raw key material internally
* imported into a freshly allocated key slot,
* and which hence need to destroy that key
* slot when they are no longer needed. */
MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts
* which use a key from a key slot
* provided by the user, and which hence
* should not be destroyed when the
* context is no longer needed. */
} mbedtls_cipher_psa_key_ownership;
typedef struct typedef struct
{ {
psa_algorithm_t alg; psa_algorithm_t alg;
psa_key_slot_t slot; psa_key_slot_t slot;
unsigned char slot_state; /*!< 0: The slot is unset. mbedtls_cipher_psa_key_ownership slot_state;
* 1: The slot is set and we own it.
* 2: The slot is set but we don't own it. */
} mbedtls_cipher_context_psa; } mbedtls_cipher_context_psa;
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */

8
library/cipher.c
View file

@ -175,7 +175,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
mbedtls_cipher_context_psa * const cipher_psa = mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx; (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
if( cipher_psa->slot_state == 1 ) if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
{ {
/* xxx_free() doesn't allow to return failures. */ /* xxx_free() doesn't allow to return failures. */
(void) psa_destroy_key( cipher_psa->slot ); (void) psa_destroy_key( cipher_psa->slot );
@ -299,14 +299,16 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* Don't allow keys to be set multiple times. */ /* Don't allow keys to be set multiple times. */
if( cipher_psa->slot_state != 0 ) if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* Find a fresh key slot to use. */ /* Find a fresh key slot to use. */
status = mbedtls_psa_get_free_key_slot( &cipher_psa->slot ); status = mbedtls_psa_get_free_key_slot( &cipher_psa->slot );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
cipher_psa->slot_state = 1; /* Indicate that we own the key slot. */ /* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
/* From that point on, the responsibility for destroying the /* From that point on, the responsibility for destroying the
* key slot is on mbedtls_cipher_free(). This includes the case * key slot is on mbedtls_cipher_free(). This includes the case