lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #22 from ARMmbed/iotssl-2697-psa-key-allocation-crypto

Browse Source 
Adapting to the new PSA key slot allocation mechanism
This commit is contained in:
Jaeden Amero
2019-01-23 15:00:19 +00:00
committed by GitHub
parent cfb7ae9318 54c139f141
commit 0b6b871056
14 changed files with 92 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
library/cipher.c
View File

@ -302,12 +302,18 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* Find a fresh key slot to use. */
status = mbedtls_psa_get_free_key_slot( &cipher_psa->slot );
key_type = mbedtls_psa_translate_cipher_type(
ctx->cipher_info->type );
if( key_type == 0 )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
/* Allocate a key slot to use. */
status = psa_allocate_key( key_type, key_bitlen, &cipher_psa->slot );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
/* From that point on, the responsibility for destroying the
@ -330,10 +336,6 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Populate new key slot. */
key_type = mbedtls_psa_translate_cipher_type(
ctx->cipher_info->type );
if( key_type == 0 )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
status = psa_import_key( cipher_psa->slot,
key_type, key, key_bytelen );
if( status != PSA_SUCCESS )

17
library/pk.c
View File

@ -147,10 +147,10 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
/*
* Initialise a PSA-wrapping context
*/
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_slot_t key )
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key )
{
const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
psa_key_slot_t *pk_ctx;
psa_key_handle_t *pk_ctx;
psa_key_type_t type;
if( ctx == NULL || ctx->pk_info != NULL )
@ -168,7 +168,7 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_slot_t key )
ctx->pk_info = info;
pk_ctx = (psa_key_slot_t *) ctx->pk_ctx;
pk_ctx = (psa_key_handle_t *) ctx->pk_ctx;
*pk_ctx = key;
return( 0 );
@ -547,13 +547,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
* Currently only works for EC private keys.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
psa_key_slot_t *slot,
psa_key_handle_t *slot,
psa_algorithm_t hash_alg )
{
#if !defined(MBEDTLS_ECP_C)
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
#else
psa_key_slot_t key;
psa_key_handle_t key;
const mbedtls_ecp_keypair *ec;
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
size_t d_len;
@ -572,9 +572,11 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
return( ret );
curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
key_type = PSA_KEY_TYPE_ECC_KEYPAIR(
mbedtls_psa_parse_tls_ecc_group ( curve_id ) );
/* find a free key slot */
if( PSA_SUCCESS != mbedtls_psa_get_free_key_slot( &key ) )
/* allocate a key slot */
if( PSA_SUCCESS != psa_allocate_key( key_type, d_len * 8, &key ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
/* set policy */
@ -585,7 +587,6 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
/* import private key in slot */
key_type = PSA_KEY_TYPE_ECC_KEYPAIR(curve_id);
if( PSA_SUCCESS != psa_import_key( key, key_type, d, d_len ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );

18
library/pk_wrap.c
View File

@ -546,7 +546,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *sig, size_t sig_len )
{
int ret;
psa_key_slot_t key_slot;
psa_key_handle_t key_slot;
psa_key_policy_t policy;
psa_key_type_t psa_type;
mbedtls_pk_context key;
@ -571,15 +571,17 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
if( key_len <= 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ( ret = mbedtls_psa_get_free_key_slot( &key_slot ) ) != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( ret ) );
psa_md = mbedtls_psa_translate_md( md_alg );
if( psa_md == 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
psa_sig_md = PSA_ALG_ECDSA( psa_md );
psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
if( ( ret = psa_allocate_key( psa_type,
MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE(curve),
&key_slot ) ) != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( ret ) );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
if( ( ret = psa_set_key_policy( key_slot, &policy ) ) != PSA_SUCCESS )
@ -879,7 +881,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
static void *pk_opaque_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( psa_key_slot_t ) );
void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) );
/* no _init() function to call, an calloc() already zeroized */
@ -888,13 +890,13 @@ static void *pk_opaque_alloc_wrap( void )
static void pk_opaque_free_wrap( void *ctx )
{
mbedtls_platform_zeroize( ctx, sizeof( psa_key_slot_t ) );
mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) );
mbedtls_free( ctx );
}
static size_t pk_opaque_get_bitlen( const void *ctx )
{
const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
size_t bits;
if( PSA_SUCCESS != psa_get_key_information( *key, NULL, &bits ) )
@ -999,7 +1001,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
size_t bits, buf_len;
psa_status_t status;

2
library/pkwrite.c
View File

@ -168,7 +168,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
{
size_t buffer_size;
psa_key_slot_t* key_slot = (psa_key_slot_t*) key->pk_ctx;
psa_key_handle_t* key_slot = (psa_key_handle_t*) key->pk_ctx;
if ( *p < start )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );

6
library/ssl_tls.c
View File

@ -798,7 +798,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
psa_status_t status;
psa_algorithm_t alg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_slot_t psk;
psa_key_handle_t psk;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
@ -7617,7 +7617,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
psa_key_slot_t psk_slot,
psa_key_handle_t psk_slot,
const unsigned char *psk_identity,
size_t psk_identity_len )
{
@ -7640,7 +7640,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
}
int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
psa_key_slot_t psk_slot )
psa_key_handle_t psk_slot )
{
if( psk_slot == 0 || ssl->handshake == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );