Don't call psa_get_key_information internally
When you have a key slot pointer, read the key type directly, and call
psa_get_key_bits to get the bit size.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 63dbcce..d730bd8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1469,7 +1469,6 @@
{
psa_status_t status;
key_slot_t *slot;
- psa_key_type_t key_type;
size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL;
@@ -1477,10 +1476,6 @@
if( status != PSA_SUCCESS )
return( status );
- status = psa_get_key_information( key, &key_type, &key_bits );
- if( status != PSA_SUCCESS )
- return( status );
-
status = psa_get_key_from_slot( key, &slot, 0, alg );
if( status != PSA_SUCCESS )
return( status );
@@ -1495,9 +1490,12 @@
if( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 )
operation->key_usage_verify = 1;
+ key_bits = psa_get_key_bits( slot );
+
if( ! PSA_ALG_IS_HMAC( alg ) )
{
- cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL );
+ cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type, key_bits,
+ NULL );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
operation->mac_size = cipher_info->block_size;
@@ -1515,7 +1513,7 @@
default:
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HMAC( alg ) )
- status = psa_hmac_start( operation, key_type, slot, alg );
+ status = psa_hmac_start( operation, slot->type, slot, alg );
else
#endif /* MBEDTLS_MD_C */
return( PSA_ERROR_NOT_SUPPORTED );
@@ -2254,7 +2252,6 @@
int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
psa_status_t status;
key_slot_t *slot;
- psa_key_type_t key_type;
size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL;
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
@@ -2265,14 +2262,12 @@
if( status != PSA_SUCCESS )
return( status );
- status = psa_get_key_information( key, &key_type, &key_bits );
- if( status != PSA_SUCCESS )
- return( status );
status = psa_get_key_from_slot( key, &slot, usage, alg);
if( status != PSA_SUCCESS )
return( status );
+ key_bits = psa_get_key_bits( slot );
- cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL );
+ cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type, key_bits, NULL );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
@@ -2284,7 +2279,7 @@
}
#if defined(MBEDTLS_DES_C)
- if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
+ if( slot->type == PSA_KEY_TYPE_DES && key_bits == 128 )
{
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
unsigned char keys[24];
@@ -2336,11 +2331,11 @@
operation->key_set = 1;
operation->block_size = ( PSA_ALG_IS_BLOCK_CIPHER( alg ) ?
- PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) :
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ) :
1 );
if( PSA_ALG_IS_BLOCK_CIPHER( alg ) || alg == PSA_ALG_CTR )
{
- operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
+ operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type );
}
return( PSA_SUCCESS );
@@ -2675,7 +2670,6 @@
int ret;
psa_status_t status;
key_slot_t *slot;
- psa_key_type_t key_type;
size_t key_bits;
uint8_t *tag;
size_t tag_length;
@@ -2684,19 +2678,17 @@
*ciphertext_length = 0;
- status = psa_get_key_information( key, &key_type, &key_bits );
- if( status != PSA_SUCCESS )
- return( status );
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
+ key_bits = psa_get_key_bits( slot );
- cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
+ cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type,
key_bits, &cipher_id );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
+ if( ( slot->type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -2705,7 +2697,7 @@
mbedtls_gcm_context gcm;
tag_length = 16;
- if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
//make sure we have place to hold the tag in the ciphertext buffer
@@ -2736,7 +2728,7 @@
mbedtls_ccm_context ccm;
tag_length = 16;
- if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
if( nonce_length < 7 || nonce_length > 13 )
@@ -2820,7 +2812,6 @@
int ret;
psa_status_t status;
key_slot_t *slot;
- psa_key_type_t key_type;
size_t key_bits;
const uint8_t *tag;
size_t tag_length;
@@ -2829,19 +2820,17 @@
*plaintext_length = 0;
- status = psa_get_key_information( key, &key_type, &key_bits );
- if( status != PSA_SUCCESS )
- return( status );
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
+ key_bits = psa_get_key_bits( slot );
- cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
+ cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type,
key_bits, &cipher_id );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
+ if( ( slot->type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
return( PSA_ERROR_INVALID_ARGUMENT );