From a16ce9f601804a3e397518bd2b3a492b73d9fb9a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Feb 2023 14:19:23 +0000 Subject: [PATCH] Remove driver entry points for {get|set}_max_ops(). Move the global variable to the PSA layer, and just set that when calling PSA level functions. Move the internal ecp set to before each ecp call. Signed-off-by: Paul Elliott --- include/psa/crypto.h | 3 ++ library/psa_crypto.c | 34 +++++++------------ library/psa_crypto_driver_wrappers.h | 4 --- .../psa_crypto_driver_wrappers.c.jinja | 18 ---------- 4 files changed, 15 insertions(+), 44 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 80bf5c9690..48c45dfa31 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4217,6 +4217,9 @@ uint32_t psa_interruptible_get_max_ops(void); * \c psa_sign_hash_interruptible_abort() on * the operation, a value of 0 will be returned. * + * \note This interface is guaranteed re-entrant and + * thus may be called from driver code. + * * \warning This is a beta API, and thus subject to change * at any point. It is not bound by the usual * interface stability promises. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ec9273de9..8e2cecc68b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3153,17 +3153,18 @@ exit: /* Asymmetric interruptible cryptography */ /****************************************************************/ +static uint32_t psa_interruptible_max_ops = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + void psa_interruptible_set_max_ops(uint32_t max_ops) { - psa_driver_wrapper_interruptible_set_max_ops(max_ops); + psa_interruptible_max_ops = max_ops; } uint32_t psa_interruptible_get_max_ops(void) { - return psa_driver_wrapper_interruptible_get_max_ops(); + return psa_interruptible_max_ops; } - uint32_t psa_sign_hash_get_num_ops( const psa_sign_hash_interruptible_operation_t *operation) { @@ -3458,12 +3459,8 @@ psa_status_t psa_verify_hash_abort( /* implementations */ /****************************************************************/ -static uint32_t mbedtls_psa_interruptible_max_ops = - PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) { - mbedtls_psa_interruptible_max_ops = max_ops; #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ @@ -3476,16 +3473,13 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) } mbedtls_ecp_set_max_ops(max_ops); +#else + (void) max_ops; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && * defined( MBEDTLS_ECP_RESTARTABLE ) */ } -uint32_t mbedtls_psa_interruptible_get_max_ops(void) -{ - return mbedtls_psa_interruptible_max_ops; -} - uint32_t mbedtls_psa_sign_hash_get_num_ops( const mbedtls_psa_sign_hash_interruptible_operation_t *operation) { @@ -3544,11 +3538,6 @@ psa_status_t mbedtls_psa_sign_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, key_buffer, @@ -3613,6 +3602,9 @@ psa_status_t mbedtls_psa_sign_hash_complete( mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); + /* Ensure max_ops is set to the current value (or default). */ + mbedtls_psa_interruptible_set_max_ops(psa_interruptible_get_max_ops()); + if (signature_size < 2 * operation->coordinate_bytes) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; @@ -3764,11 +3756,6 @@ psa_status_t mbedtls_psa_verify_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, key_buffer, @@ -3853,6 +3840,9 @@ psa_status_t mbedtls_psa_verify_hash_complete( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Ensure max_ops is set to the current value (or default). */ + mbedtls_psa_interruptible_set_max_ops(psa_interruptible_get_max_ops()); + status = mbedtls_to_psa_error( mbedtls_ecdsa_verify_restartable(&operation->ctx->grp, operation->hash, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e3edec791e..b16750658f 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -70,10 +70,6 @@ psa_status_t psa_driver_wrapper_verify_hash( * Interruptible Signature functions */ -void psa_driver_wrapper_interruptible_set_max_ops(uint32_t max_ops); - -uint32_t psa_driver_wrapper_interruptible_get_max_ops(void); - uint32_t psa_driver_wrapper_sign_hash_get_num_ops( psa_sign_hash_interruptible_operation_t *operation); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index b35e726a0c..e1a20784c3 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -433,24 +433,6 @@ psa_status_t psa_driver_wrapper_verify_hash( } } -void psa_driver_wrapper_interruptible_set_max_ops( uint32_t max_ops ) -{ - /* TODO - dispatch to drivers dynamically registered for this - * service when registering is implemented. For now, fall - * through to internal implementation. */ - - mbedtls_psa_interruptible_set_max_ops( max_ops ); -} - -uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) -{ - /* TODO - dispatch to drivers dynamically registered for this - * service when registering is implemented. For now, fall - * through to internal implementation. */ - - return mbedtls_psa_interruptible_get_max_ops( ); -} - uint32_t psa_driver_wrapper_sign_hash_get_num_ops( psa_sign_hash_interruptible_operation_t *operation ) {