Skip to content

Commit 1b26e0d

Browse files
author
itayzafrir
committed
Fix crypto service abort functionality - cipher
Also refactor cipher setup function to one common function.
1 parent ca62922 commit 1b26e0d

File tree

2 files changed

+84
-63
lines changed

2 files changed

+84
-63
lines changed

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

Lines changed: 30 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1055,12 +1055,17 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
10551055
/****************************************************************/
10561056
/* SYMMETRIC */
10571057
/****************************************************************/
1058-
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
1059-
psa_key_handle_t key_handle,
1060-
psa_algorithm_t alg)
1058+
static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
1059+
psa_key_handle_t key_handle,
1060+
psa_algorithm_t alg,
1061+
psa_sec_function_t func)
10611062
{
1063+
if (operation->handle != PSA_NULL_HANDLE) {
1064+
return (PSA_ERROR_BAD_STATE);
1065+
}
1066+
10621067
psa_crypto_ipc_t psa_crypto_ipc = {
1063-
.func = PSA_CIPHER_ENCRYPT_SETUP,
1068+
.func = func,
10641069
.handle = key_handle,
10651070
.alg = alg
10661071
};
@@ -1072,26 +1077,25 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
10721077
return (status);
10731078
}
10741079
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
1080+
if (status != PSA_SUCCESS) {
1081+
ipc_close(&operation->handle);
1082+
}
10751083
return (status);
10761084
}
10771085

1078-
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
1086+
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
10791087
psa_key_handle_t key_handle,
10801088
psa_algorithm_t alg)
10811089
{
1082-
psa_crypto_ipc_t psa_crypto_ipc = {
1083-
.func = PSA_CIPHER_DECRYPT_SETUP,
1084-
.handle = key_handle,
1085-
.alg = alg
1086-
};
1087-
1088-
psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) };
1090+
psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_ENCRYPT_SETUP);
1091+
return (status);
1092+
}
10891093

1090-
psa_status_t status = ipc_connect(PSA_SYMMETRIC_ID, &operation->handle);
1091-
if (status != PSA_SUCCESS) {
1092-
return (status);
1093-
}
1094-
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
1094+
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
1095+
psa_key_handle_t key_handle,
1096+
psa_algorithm_t alg)
1097+
{
1098+
psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_DECRYPT_SETUP);
10951099
return (status);
10961100
}
10971101

@@ -1114,6 +1118,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
11141118
};
11151119

11161120
psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, false);
1121+
if (status != PSA_SUCCESS) {
1122+
ipc_close(&operation->handle);
1123+
}
11171124
return (status);
11181125
}
11191126

@@ -1133,6 +1140,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
11331140
};
11341141

11351142
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false);
1143+
if (status != PSA_SUCCESS) {
1144+
ipc_close(&operation->handle);
1145+
}
11361146
return (status);
11371147
}
11381148

@@ -1160,6 +1170,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
11601170
};
11611171

11621172
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false);
1173+
if (status != PSA_SUCCESS) {
1174+
ipc_close(&operation->handle);
1175+
}
11631176
return (status);
11641177
}
11651178

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

Lines changed: 54 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -919,28 +919,30 @@ static void psa_symmetric_operation(void)
919919

920920
switch (psa_crypto_ipc.func) {
921921
case PSA_CIPHER_ENCRYPT_SETUP: {
922-
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
923-
msg.client_id)) {
922+
if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) {
923+
status = psa_cipher_encrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg);
924+
} else {
924925
status = PSA_ERROR_INVALID_HANDLE;
925-
break;
926926
}
927927

928-
status = psa_cipher_encrypt_setup(msg.rhandle,
929-
psa_crypto_ipc.handle,
930-
psa_crypto_ipc.alg);
928+
if (status != PSA_SUCCESS) {
929+
mbedtls_free(msg.rhandle);
930+
psa_set_rhandle(msg.handle, NULL);
931+
}
931932
break;
932933
}
933934

934935
case PSA_CIPHER_DECRYPT_SETUP: {
935-
if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
936-
msg.client_id)) {
936+
if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) {
937+
status = psa_cipher_decrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg);
938+
} else {
937939
status = PSA_ERROR_INVALID_HANDLE;
938-
break;
939940
}
940941

941-
status = psa_cipher_decrypt_setup(msg.rhandle,
942-
psa_crypto_ipc.handle,
943-
psa_crypto_ipc.alg);
942+
if (status != PSA_SUCCESS) {
943+
mbedtls_free(msg.rhandle);
944+
psa_set_rhandle(msg.handle, NULL);
945+
}
944946
break;
945947
}
946948

@@ -955,6 +957,9 @@ static void psa_symmetric_operation(void)
955957
psa_write(msg.handle, 0, iv, iv_length);
956958
psa_write(msg.handle, 1, &iv_length,
957959
sizeof(iv_length));
960+
} else {
961+
mbedtls_free(msg.rhandle);
962+
psa_set_rhandle(msg.handle, NULL);
958963
}
959964
break;
960965
}
@@ -968,46 +973,46 @@ static void psa_symmetric_operation(void)
968973
SPM_PANIC("SPM read length mismatch");
969974
}
970975
status = psa_cipher_set_iv(msg.rhandle, iv, iv_length);
971-
976+
if (status != PSA_SUCCESS) {
977+
mbedtls_free(msg.rhandle);
978+
psa_set_rhandle(msg.handle, NULL);
979+
}
972980
break;
973981
}
974982

975983
case PSA_CIPHER_UPDATE: {
976984
size_t input_length = msg.in_size[1];
977985
size_t output_size = msg.out_size[0];
978986
size_t output_length = 0;
979-
uint8_t *input;
980-
unsigned char *output;
987+
uint8_t *input = NULL;
988+
unsigned char *output = NULL;
981989

982990
input = mbedtls_calloc(1, input_length);
983-
if (input == NULL) {
984-
status = PSA_ERROR_INSUFFICIENT_MEMORY;
985-
break;
986-
}
987-
988-
bytes_read = psa_read(msg.handle, 1, input,
989-
input_length);
990-
if (bytes_read != input_length) {
991-
SPM_PANIC("SPM read length mismatch");
992-
}
993-
994991
output = mbedtls_calloc(1, output_size);
995-
if (output == NULL) {
996-
mbedtls_free(input);
992+
if (input == NULL || output == NULL) {
993+
psa_cipher_abort(msg.rhandle);
997994
status = PSA_ERROR_INSUFFICIENT_MEMORY;
998-
break;
999-
}
995+
} else {
996+
bytes_read = psa_read(msg.handle, 1, input, input_length);
997+
if (bytes_read != input_length) {
998+
SPM_PANIC("SPM read length mismatch");
999+
}
1000+
1001+
status = psa_cipher_update(msg.rhandle, input, input_length, output, output_size,
1002+
&output_length);
1003+
if (status == PSA_SUCCESS) {
1004+
psa_write(msg.handle, 0, output, output_length);
1005+
psa_write(msg.handle, 1, &output_length, sizeof(output_length));
1006+
}
10001007

1001-
status = psa_cipher_update(msg.rhandle, input,
1002-
input_length, output, output_size, &output_length);
1003-
if (status == PSA_SUCCESS) {
1004-
psa_write(msg.handle, 0, output, output_length);
1005-
psa_write(msg.handle, 1,
1006-
&output_length, sizeof(output_length));
10071008
}
10081009

10091010
mbedtls_free(input);
10101011
mbedtls_free(output);
1012+
if (status != PSA_SUCCESS) {
1013+
mbedtls_free(msg.rhandle);
1014+
psa_set_rhandle(msg.handle, NULL);
1015+
}
10111016
break;
10121017
}
10131018

@@ -1018,23 +1023,26 @@ static void psa_symmetric_operation(void)
10181023

10191024
output = mbedtls_calloc(1, output_size);
10201025
if (output == NULL) {
1026+
psa_cipher_abort(msg.rhandle);
10211027
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1022-
break;
1028+
} else {
1029+
status = psa_cipher_finish(msg.rhandle, output, output_size, &output_length);
1030+
if (status == PSA_SUCCESS) {
1031+
psa_write(msg.handle, 0, output, output_length);
1032+
psa_write(msg.handle, 1, &output_length, sizeof(output_length));
1033+
}
1034+
mbedtls_free(output);
10231035
}
10241036

1025-
status = psa_cipher_finish(msg.rhandle, output,
1026-
output_size, &output_length);
1027-
if (status == PSA_SUCCESS) {
1028-
psa_write(msg.handle, 0, output, output_length);
1029-
psa_write(msg.handle, 1,
1030-
&output_length, sizeof(output_length));
1031-
}
1032-
mbedtls_free(output);
1037+
mbedtls_free(msg.rhandle);
1038+
psa_set_rhandle(msg.handle, NULL);
10331039
break;
10341040
}
10351041

10361042
case PSA_CIPHER_ABORT: {
10371043
status = psa_cipher_abort(msg.rhandle);
1044+
mbedtls_free(msg.rhandle);
1045+
psa_set_rhandle(msg.handle, NULL);
10381046
break;
10391047
}
10401048

@@ -1048,8 +1056,8 @@ static void psa_symmetric_operation(void)
10481056
}
10491057

10501058
case PSA_IPC_DISCONNECT: {
1051-
psa_cipher_abort(msg.rhandle);
10521059
if (msg.rhandle != NULL) {
1060+
psa_cipher_abort(msg.rhandle);
10531061
mbedtls_free(msg.rhandle);
10541062
}
10551063

0 commit comments

Comments
 (0)