Updates to make the AES Wrapped support generic
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 71254b3..840c373 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -86,31 +86,32 @@
*/
typedef struct mbedtls_aes_context
{
- int nr; /*!< The number of rounds. */
- uint32_t *rk; /*!< AES round keys. */
- uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
- hold 32 extra Bytes, which can be used for
- one of the following purposes:
- <ul><li>Alignment if VIA padlock is
- used.</li>
- <li>Simplifying key expansion in the 256-bit
- case by generating an extra round key.
- </li></ul> */
- bool vendor_format; /*!< Is the key of a vendor defined type. */
- } mbedtls_aes_context;
+ int nr; /*!< The number of rounds. */
+ uint32_t * rk; /*!< AES round keys. */
+ uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
+ * hold 32 extra Bytes, which can be used for
+ * one of the following purposes:
+ * <ul><li>Alignment if VIA padlock is
+ * used.</li>
+ * <li>Simplifying key expansion in the 256-bit
+ * case by generating an extra round key.
+ * </li></ul> */
+ void * vendor_ctx; /*!< Vendor defined context. */
+} mbedtls_aes_context;
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- /**
+ #if defined(MBEDTLS_CIPHER_MODE_XTS)
+
+/**
* \brief The AES XTS context-type definition.
*/
- typedef struct mbedtls_aes_xts_context
- {
- mbedtls_aes_context crypt; /*!< The AES context to use for AES block
- encryption or decryption. */
- mbedtls_aes_context tweak; /*!< The AES context used for tweak
- computation. */
- } mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
+typedef struct mbedtls_aes_xts_context
+{
+ mbedtls_aes_context crypt; /*!< The AES context to use for AES block
+ * encryption or decryption. */
+ mbedtls_aes_context tweak; /*!< The AES context used for tweak
+ * computation. */
+} mbedtls_aes_xts_context;
+ #endif /* MBEDTLS_CIPHER_MODE_XTS */
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 64fa494..ddd132b 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -141,9 +141,24 @@
* verified that the usage of the key with multiple algorithms
* is safe.
*/
-static inline void psa_set_key_enrollment_algorithm(
- psa_key_attributes_t *attributes,
- psa_algorithm_t alg2)
+
+/** Perform any vendor specific action when aborting a cipher operation.
+ *
+ * This function is called at the beginning of the psa_cipher_abort function.
+ * The vendor must provide an implementation of this function to perform any
+ * vendor specific abort operation. A weakly linked implementation of this
+ * function that does nothing is provided in the implementation.
+ *
+ * This function must not be called directly.
+ *
+ * \param[in,out] operation Initialized cipher operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval Implementation dependent return values.
+ */
+psa_status_t psa_cipher_abort_vendor(psa_cipher_operation_t * operation);
+
+static inline void psa_set_key_enrollment_algorithm (psa_key_attributes_t * attributes, psa_algorithm_t alg2)
{
attributes->core.policy.alg2 = alg2;
}
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index ad35fc8..826a314 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -386,7 +386,7 @@
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
*/
-#define PSA_KEY_TYPE_VENDOR_AES ((psa_key_type_t)0xC0000001)
+#define PSA_KEY_TYPE_AES_VENDOR ((psa_key_type_t)0xC0000001)
/** Whether a key type is AES. */
#define PSA_KEY_TYPE_IS_AES(type) (((type)&PSA_KEY_TYPE_AES) != 0)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index aa85f5e..929f457 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2488,7 +2488,7 @@
switch( key_type )
{
case PSA_KEY_TYPE_AES:
- case PSA_KEY_TYPE_VENDOR_AES:
+ case PSA_KEY_TYPE_AES_VENDOR:
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
break;
case PSA_KEY_TYPE_DES:
@@ -3997,6 +3997,16 @@
return( status );
}
+// The weakly linked function "psa_cipher_abort_vendor_weak" which returns "PSA_SUCCESS" will be linked if
+// the vendor does not provide a definition for "psa_cipher_abort_vendor"
+psa_status_t psa_cipher_abort_vendor( psa_cipher_operation_t * operation) __attribute__ ((weak, alias("psa_cipher_abort_vendor_weak")));
+psa_status_t psa_cipher_abort_vendor_weak( psa_cipher_operation_t * operation);
+psa_status_t psa_cipher_abort_vendor_weak( psa_cipher_operation_t * operation)
+{
+ (void)operation;
+ return PSA_SUCCESS;
+}
+
psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
{
if( operation->alg == 0 )
@@ -4012,6 +4022,7 @@
if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
return( PSA_ERROR_BAD_STATE );
+ psa_cipher_abort_vendor(operation);
mbedtls_cipher_free( &operation->ctx.cipher );
operation->alg = 0;