Add PSA-specific cipher context

2025-10-30 19:20:40 -04:00 · 2018-11-09 16:47:20 +00:00 · 2018-11-09 16:47:20 +00:00 · 73f59fc3e9
commit 73f59fc3e9
parent 1cb36530be
2 changed files with 33 additions and 2 deletions
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@ -34,6 +34,10 @@

 #include "cipher.h"

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -114,6 +118,17 @@ typedef struct
    const mbedtls_cipher_info_t *info;
 } mbedtls_cipher_definition_t;

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+typedef struct
+{
+    psa_key_slot_t slot;
+    unsigned char slot_state; /*!< 0: The slot is unset.
+                               *   1: The slot is set and we own it.
+                               *   2: The slot is set but we don't own it. */
+
+} mbedtls_cipher_context_psa;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];

 extern int mbedtls_cipher_supported[];
--- a/library/cipher.c
+++ b/library/cipher.c
@ -169,7 +169,19 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    if( ctx->psa_enabled == 1 )
    {
-        /* TODO: Add free'ing of PSA-specific context. */
+        if( ctx->cipher_ctx != NULL )
+        {
+            mbedtls_cipher_context_psa * const cipher_psa =
+                (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+            if( cipher_psa->slot_state == 1 )
+            {
+                /* TODO: Destroy PSA key */
+            }
+
+            mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
+            mbedtls_free( cipher_psa );
+        }

        mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
        return;
@ -225,6 +237,10 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
    if( NULL == cipher_info || NULL == ctx )
        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

+    ctx->cipher_ctx = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
+    if( ctx->cipher_ctx == NULL )
+        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+
    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );

    ctx->cipher_info = cipher_info;
@ -244,7 +260,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    if( ctx->psa_enabled == 1 )
    {
-        /* TODO */
+        /* TODO: Allocate and setup PSA key slot from raw key material. */
        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */