psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 0ef885d..b2da6a2 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -143,10 +143,12 @@
unsigned int iv_required : 1;
unsigned int iv_set : 1;
+ uint8_t default_iv_length;
+
psa_driver_cipher_context_t ctx;
};
-#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
+#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ab4d18f..9c8e108 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3322,6 +3322,7 @@
operation->iv_required = 0;
else
operation->iv_required = 1;
+ operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
psa_key_attributes_t attributes = {
.core = slot->attr
@@ -3371,6 +3372,8 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ *iv_length = 0;
+
if( operation->id == 0 )
{
return( PSA_ERROR_BAD_STATE );
@@ -3381,13 +3384,26 @@
return( PSA_ERROR_BAD_STATE );
}
- status = psa_driver_wrapper_cipher_generate_iv( operation,
- iv,
- iv_size,
- iv_length );
+ if( iv_size < operation->default_iv_length )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+ status = psa_generate_random( iv, operation->default_iv_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_driver_wrapper_cipher_set_iv( operation,
+ iv,
+ operation->default_iv_length );
+
+exit:
if( status == PSA_SUCCESS )
+ {
operation->iv_set = 1;
+ *iv_length = operation->default_iv_length;
+ }
else
psa_cipher_abort( operation );
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 4d46aaf..4992a6e 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -260,24 +260,6 @@
iv, iv_length ) ) );
}
-static psa_status_t cipher_generate_iv(
- mbedtls_psa_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length )
-{
- int status = PSA_ERROR_CORRUPTION_DETECTED;
-
- if( iv_size < operation->iv_length )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
-
- status = psa_generate_random( iv, operation->iv_length );
- if( status != PSA_SUCCESS )
- return( status );
-
- *iv_length = operation->iv_length;
-
- return( cipher_set_iv( operation, iv, *iv_length ) );
-}
-
/* Process input for which the algorithm is set to ECB mode. This requires
* manual processing, since the PSA API is defined as being able to process
* arbitrary-length calls to psa_cipher_update() with ECB mode, but the
@@ -489,13 +471,6 @@
operation, attributes, key_buffer, key_buffer_size, alg ) );
}
-psa_status_t mbedtls_psa_cipher_generate_iv(
- mbedtls_psa_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length )
-{
- return( cipher_generate_iv( operation, iv, iv_size, iv_length ) );
-}
-
psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
@@ -553,13 +528,6 @@
operation, attributes, key_buffer, key_buffer_size, alg ) );
}
-psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv(
- mbedtls_psa_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length )
-{
- return( cipher_generate_iv( operation, iv, iv_size, iv_length ) );
-}
-
psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length )
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 72c3f47..3e1a7a0 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -100,32 +100,6 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
-/** Generate an IV for a symmetric encryption operation.
- *
- * This function generates a random IV (initialization vector), nonce
- * or initial counter value for the encryption operation as appropriate
- * for the chosen algorithm, key type and key size.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_generate_iv entry point. This function behaves as a
- * cipher_generate_iv entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation Active cipher operation.
- * \param[out] iv Buffer where the generated IV is to be written.
- * \param[in] iv_size Size of the \p iv buffer in bytes.
- * \param[out] iv_length On success, the number of bytes of the
- * generated IV.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p iv buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_cipher_generate_iv(
- mbedtls_psa_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length );
-
/** Set the IV for a symmetric encryption or decryption operation.
*
* This function sets the IV (initialization vector), nonce
@@ -242,10 +216,6 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
-psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv(
- mbedtls_psa_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length );
-
psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length );
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 32c957e..9459c46 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -853,46 +853,6 @@
}
}
-psa_status_t psa_driver_wrapper_cipher_generate_iv(
- psa_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length )
-{
- switch( operation->id )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_generate_iv( &operation->ctx.mbedtls_ctx,
- iv,
- iv_size,
- iv_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( test_transparent_cipher_generate_iv(
- &operation->ctx.transparent_test_driver_ctx,
- iv, iv_size, iv_length ) );
-
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( test_opaque_cipher_generate_iv(
- &operation->ctx.opaque_test_driver_ctx,
- iv,
- iv_size,
- iv_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- }
-
- (void)iv;
- (void)iv_size;
- (void)iv_length;
-
- return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index d4ff91c..e336996 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -101,12 +101,6 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
-psa_status_t psa_driver_wrapper_cipher_generate_iv(
- psa_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length );
-
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index 56b1159..6d6a6af 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -81,10 +81,6 @@
psa_status_t test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation );
-psa_status_t test_transparent_cipher_generate_iv(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length);
-
psa_status_t test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
@@ -130,10 +126,6 @@
psa_status_t test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation);
-psa_status_t test_opaque_cipher_generate_iv(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- uint8_t *iv, size_t iv_size, size_t *iv_length);
-
psa_status_t test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c
index 295d47a..4dc4678 100644
--- a/tests/src/drivers/cipher.c
+++ b/tests/src/drivers/cipher.c
@@ -260,21 +260,6 @@
return( test_driver_cipher_hooks.forced_status );
}
-psa_status_t test_transparent_cipher_generate_iv(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length)
-{
- test_driver_cipher_hooks.hits++;
-
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
-
- return( mbedtls_transparent_test_driver_cipher_generate_iv(
- operation, iv, iv_size, iv_length ) );
-}
-
psa_status_t test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
@@ -424,19 +409,6 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_generate_iv(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length)
-{
- (void) operation;
- (void) iv;
- (void) iv_size;
- (void) iv_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
psa_status_t test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv,