From 6425a188dfeeb831c71d47a835006fce8dad08ce Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Mon, 22 Jan 2024 11:39:34 +0000 Subject: [PATCH 1/3] Add a client view of the multipart contexts In case MBEDTLS_PSA_CRYPTO_CLIENT is defined and MBEDTLS_PSA_CRYPTO_C is not, a client view of the multipart operation contexts is provided through an handle object that allows mapping to the corresponding service side data structures. Signed-off-by: Antonio de Angelis --- include/psa/crypto_platform.h | 10 ++++++++++ include/psa/crypto_struct.h | 21 ++++++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 4d03435474b..a871ee12468 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -89,4 +89,14 @@ typedef struct { } mbedtls_psa_external_random_context_t; #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +/** The type of the client handle used in context structures + * + * When a client view of the multipart context structures is required, + * this handle is used to keep a mapping with the service side of the + * context which contains the actual data. + */ +typedef uint32_t mbedtls_psa_client_handle_t; +#endif + #endif /* PSA_CRYPTO_PLATFORM_H */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 3a196182a4f..b43215ded50 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -68,6 +68,9 @@ extern "C" { #include "psa/crypto_driver_contexts_primitives.h" struct psa_hash_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -76,6 +79,7 @@ struct psa_hash_operation_s { * any driver (i.e. the driver context is not active, in use). */ unsigned int MBEDTLS_PRIVATE(id); psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx); +#endif }; #define PSA_HASH_OPERATION_INIT { 0, { 0 } } @@ -86,6 +90,9 @@ static inline struct psa_hash_operation_s psa_hash_operation_init(void) } struct psa_cipher_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -100,6 +107,7 @@ struct psa_cipher_operation_s { uint8_t MBEDTLS_PRIVATE(default_iv_length); psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx); +#endif }; #define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } @@ -114,6 +122,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) #include "psa/crypto_driver_contexts_composites.h" struct psa_mac_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -124,6 +135,7 @@ struct psa_mac_operation_s { uint8_t MBEDTLS_PRIVATE(mac_size); unsigned int MBEDTLS_PRIVATE(is_sign) : 1; psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx); +#endif }; #define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } } @@ -134,7 +146,9 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void) } struct psa_aead_operation_s { - +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -156,6 +170,7 @@ struct psa_aead_operation_s { unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx); +#endif }; #define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } } @@ -170,10 +185,14 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void) #include "psa/crypto_driver_contexts_key_derivation.h" struct psa_key_derivation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else psa_algorithm_t MBEDTLS_PRIVATE(alg); unsigned int MBEDTLS_PRIVATE(can_output_key) : 1; size_t MBEDTLS_PRIVATE(capacity); psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx); +#endif }; /* This only zeroes out the first byte in the union, the rest is unspecified. */ From 90d18343ceb1e74c3284bcc0870d6f3d3914503e Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Mon, 22 Jan 2024 13:15:37 +0000 Subject: [PATCH 2/3] Update the initialization macros The initializatio macros need to be updated to support the case where the crypto client view of the structures is being initialized Signed-off-by: Antonio de Angelis --- include/psa/crypto_struct.h | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index b43215ded50..cc7731abc44 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -81,8 +81,11 @@ struct psa_hash_operation_s { psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx); #endif }; - +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_HASH_OPERATION_INIT { 0 } +#else #define PSA_HASH_OPERATION_INIT { 0, { 0 } } +#endif static inline struct psa_hash_operation_s psa_hash_operation_init(void) { const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; @@ -110,7 +113,11 @@ struct psa_cipher_operation_s { #endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_CIPHER_OPERATION_INIT { 0 } +#else #define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } +#endif static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; @@ -138,7 +145,11 @@ struct psa_mac_operation_s { #endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_MAC_OPERATION_INIT { 0 } +#else #define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } } +#endif static inline struct psa_mac_operation_s psa_mac_operation_init(void) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; @@ -173,7 +184,11 @@ struct psa_aead_operation_s { #endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_AEAD_OPERATION_INIT { 0 } +#else #define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } } +#endif static inline struct psa_aead_operation_s psa_aead_operation_init(void) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; @@ -195,8 +210,12 @@ struct psa_key_derivation_s { #endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 } +#else /* This only zeroes out the first byte in the union, the rest is unspecified. */ #define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } } +#endif static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void) { From 4380a33bd3f1ed8a10cccb2fcceddc1d526854d5 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Fri, 2 Feb 2024 14:21:24 +0000 Subject: [PATCH 3/3] Add a client view layout for interruptible hash and pake Add a client view layout (and update related initializers) for PSA sign/verify hash interruptible operation struct and PAKE operation struct Signed-off-by: Antonio de Angelis --- include/psa/crypto_extra.h | 8 ++++++++ include/psa/crypto_struct.h | 16 ++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fc9bf4f0f53..c67345bd2e5 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1828,8 +1828,12 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_PAKE_OPERATION_INIT { 0 } +#else #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \ { 0 }, { { 0 } } } +#endif struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1957,6 +1961,9 @@ struct psa_jpake_computation_stage_s { ((round) == PSA_JPAKE_FIRST ? 2 : 1)) struct psa_pake_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -1982,6 +1989,7 @@ struct psa_pake_operation_s { psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); } MBEDTLS_PRIVATE(data); +#endif }; static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index cc7731abc44..26c93da7c51 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -455,6 +455,9 @@ static inline size_t psa_get_key_bits( * \brief The context for PSA interruptible hash signing. */ struct psa_sign_hash_interruptible_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -468,9 +471,14 @@ struct psa_sign_hash_interruptible_operation_s { unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; uint32_t MBEDTLS_PRIVATE(num_ops); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#else #define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } +#endif static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) @@ -485,6 +493,9 @@ psa_sign_hash_interruptible_operation_init(void) * \brief The context for PSA interruptible hash verification. */ struct psa_verify_hash_interruptible_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -498,9 +509,14 @@ struct psa_verify_hash_interruptible_operation_s { unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; uint32_t MBEDTLS_PRIVATE(num_ops); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#else #define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } +#endif static inline struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_init(void)