cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add PSA-specific cipher context

Browse Source
This commit is contained in:
Hanno Becker 2018-11-09 16:47:20 +00:00
parent 1cb36530be
commit 73f59fc3e9
2 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/mbedtls/cipher_internal.h
View File

@ -34,6 +34,10 @@
#include "cipher.h" #include "cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -114,6 +118,17 @@ typedef struct
const mbedtls_cipher_info_t *info; const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t; } mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef struct
{
psa_key_slot_t slot;
unsigned char slot_state; /*!< 0: The slot is unset.
* 1: The slot is set and we own it.
* 2: The slot is set but we don't own it. */
} mbedtls_cipher_context_psa;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]; extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
extern int mbedtls_cipher_supported[]; extern int mbedtls_cipher_supported[];

20
library/cipher.c
View File

@ -169,7 +169,19 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 ) if( ctx->psa_enabled == 1 )
{ {
/* TODO: Add free'ing of PSA-specific context. */ if( ctx->cipher_ctx != NULL )
{
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
if( cipher_psa->slot_state == 1 )
{
/* TODO: Destroy PSA key */
}
mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
mbedtls_free( cipher_psa );
}
mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
return; return;
@ -225,6 +237,10 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
if( NULL == cipher_info || NULL == ctx ) if( NULL == cipher_info || NULL == ctx )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
ctx->cipher_ctx = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
if( ctx->cipher_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
ctx->cipher_info = cipher_info; ctx->cipher_info = cipher_info;
@ -244,7 +260,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 ) if( ctx->psa_enabled == 1 )
{ {
/* TODO */ /* TODO: Allocate and setup PSA key slot from raw key material. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */