psa: aead: Remove key slot from operation context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 70d3d5e..65d7fe5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -563,17 +563,6 @@
return( PSA_SUCCESS );
}
-/** Return the size of the key in the given slot, in bits.
- *
- * \param[in] slot A key slot.
- *
- * \return The key size in bits, read from the metadata in the slot.
- */
-static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
-{
- return( slot->attr.bits );
-}
-
/** Check whether a given key type is valid for use with a given MAC algorithm
*
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
@@ -3522,7 +3511,6 @@
typedef struct
{
- psa_key_slot_t *slot;
const mbedtls_cipher_info_t *cipher_info;
union
{
@@ -3542,7 +3530,7 @@
uint8_t tag_length;
} aead_operation_t;
-#define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0}
+#define AEAD_OPERATION_INIT {0, {0}, 0, 0, 0}
static void psa_aead_abort_internal( aead_operation_t *operation )
{
@@ -3561,17 +3549,20 @@
}
}
-static psa_status_t psa_aead_setup( aead_operation_t *operation,
- psa_algorithm_t alg )
+static psa_status_t psa_aead_setup(
+ aead_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t key_bits;
mbedtls_cipher_id_t cipher_id;
- key_bits = psa_get_key_slot_bits( operation->slot );
+ key_bits = attributes->core.bits;
operation->cipher_info =
- mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits,
+ mbedtls_cipher_info_from_psa( alg, attributes->core.type, key_bits,
&cipher_id );
if( operation->cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
@@ -3585,14 +3576,13 @@
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
* The call to mbedtls_ccm_encrypt_and_tag or
* mbedtls_ccm_auth_decrypt will validate the tag length. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
+ if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ccm_init( &operation->ctx.ccm );
status = mbedtls_to_psa_error(
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
- operation->slot->key.data,
- (unsigned int) key_bits ) );
+ key_buffer, (unsigned int) key_bits ) );
if( status != PSA_SUCCESS )
return( status );
break;
@@ -3605,14 +3595,13 @@
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
* The call to mbedtls_gcm_crypt_and_tag or
* mbedtls_gcm_auth_decrypt will validate the tag length. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
+ if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_gcm_init( &operation->ctx.gcm );
status = mbedtls_to_psa_error(
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
- operation->slot->key.data,
- (unsigned int) key_bits ) );
+ key_buffer, (unsigned int) key_bits ) );
if( status != PSA_SUCCESS )
return( status );
break;
@@ -3629,7 +3618,7 @@
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
status = mbedtls_to_psa_error(
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
- operation->slot->key.data ) );
+ key_buffer ) );
if( status != PSA_SUCCESS )
return( status );
break;
@@ -3660,17 +3649,22 @@
size_t *ciphertext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
aead_operation_t operation = AEAD_OPERATION_INIT;
uint8_t *tag;
*ciphertext_length = 0;
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &operation.slot, PSA_KEY_USAGE_ENCRYPT, alg );
+ key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
- status = psa_aead_setup( &operation, alg );
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ status = psa_aead_setup( &operation, &attributes, slot->key.data, alg );
if( status != PSA_SUCCESS )
goto exit;
@@ -3740,9 +3734,8 @@
memset( ciphertext, 0, ciphertext_size );
exit:
- psa_unlock_key_slot( operation.slot );
psa_aead_abort_internal( &operation );
-
+ psa_unlock_key_slot( slot );
if( status == PSA_SUCCESS )
*ciphertext_length = plaintext_length + operation.tag_length;
@@ -3783,17 +3776,22 @@
size_t *plaintext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
aead_operation_t operation = AEAD_OPERATION_INIT;
const uint8_t *tag = NULL;
*plaintext_length = 0;
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &operation.slot, PSA_KEY_USAGE_DECRYPT, alg );
+ key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
- status = psa_aead_setup( &operation, alg );
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ status = psa_aead_setup( &operation, &attributes, slot->key.data, alg );
if( status != PSA_SUCCESS )
goto exit;
@@ -3859,9 +3857,9 @@
memset( plaintext, 0, plaintext_size );
exit:
- psa_unlock_key_slot( operation.slot );
psa_aead_abort_internal( &operation );
-
+ psa_unlock_key_slot( slot );
+
if( status == PSA_SUCCESS )
*plaintext_length = ciphertext_length - operation.tag_length;
return( status );