nrf_security: Use the PSA operation cipher context and key in Cracen SW

Make sure that you use the blkcipher context and the key already existed
in the PSA cipher operation intead of allocating new ones in the stack.

Also add a blkcipher operation in the CMAC context for the PSA
CMAC software driver in Cracen for consistency.

Signed-off-by: Georgios Vasilakis <[email protected]>

Author: Vge0rge

subsys/nrf_security/src/drivers/cracen/cracen_sw/include/cracen_sw_common.h

@@ -17,6 +17,7 @@
  * This function is designed for CRACEN software workarounds that need
  * AES-ECB encryption functionality.
  *
+ * @param blkciph The block cipher struct.
  * @param key The AES key reference.
  * @param input Pointer to the input block.
  * @param input_length Length of the input block.
@@ -26,15 +27,16 @@
  *
  * @retval psa_status_t PSA_SUCCESS on success, error code otherwise.
  */
-psa_status_t cracen_aes_ecb_encrypt(const struct sxkeyref *key, const uint8_t *input,
-			      size_t input_length, uint8_t *output, size_t output_size,
-			      size_t *output_length);
+psa_status_t cracen_aes_ecb_encrypt(struct sxblkcipher *blkciph, const struct sxkeyref *key,
+				    const uint8_t *input, size_t input_length, uint8_t *output,
+				    size_t output_size, size_t *output_length);
 
 /** @brief Decrypt a single AES block using ECB mode.
  *
  * This function is designed for CRACEN software workarounds that need
  * AES-ECB decryption functionality.
  *
+ * @param blkciph The block cipher struct.
  * @param key The AES key reference.
  * @param input Pointer to the input block.
  * @param input_length Length of the input block.
@@ -44,22 +46,23 @@ psa_status_t cracen_aes_ecb_encrypt(const struct sxkeyref *key, const uint8_t *i
  *
  * @retval psa_status_t PSA_SUCCESS on success, error code otherwise.
  */
-psa_status_t cracen_aes_ecb_decrypt(const struct sxkeyref *key, const uint8_t *input,
-			      size_t input_length, uint8_t *output, size_t output_size,
-			      size_t *output_length);
+psa_status_t cracen_aes_ecb_decrypt(struct sxblkcipher *blkciph, const struct sxkeyref *key,
+				    const uint8_t *input, size_t input_length, uint8_t *output,
+				    size_t output_size, size_t *output_length);
 
 /** @brief Perform a single AES block encryption operation.
  *
  * This function is designed for use as an AES primitive in CRACEN software workarounds that require
  * it.
  *
+ * @param blkciph The block cipher struct.
  * @param key The AES key reference.
  * @param input Pointer to the input block.
  * @param output Pointer to a 16-byte output buffer.
  *
  * @retval psa_status_t PSA_SUCCESS on success, error code otherwise.
  */
-psa_status_t cracen_aes_primitive(const struct sxkeyref *key, const uint8_t *input,
-				  uint8_t *output);
+psa_status_t cracen_aes_primitive(struct sxblkcipher *blkciph, const struct sxkeyref *key,
+				  const uint8_t *input, uint8_t *output);
 
 #endif /* CRACEN_SW_COMMON_H */

subsys/nrf_security/src/drivers/cracen/cracen_sw/src/cracen_sw_aes_ctr.c

@@ -130,8 +130,8 @@ psa_status_t cracen_sw_aes_ctr_update(cracen_cipher_operation_t *operation, cons
 
 			memcpy(current_ctr, operation->iv, SX_BLKCIPHER_AES_BLK_SZ);
 
-			status = cracen_aes_primitive(&operation->keyref, current_ctr,
-							keystream_block);
+			status = cracen_aes_primitive(&operation->cipher, &operation->keyref,
+						      current_ctr, keystream_block);
 			if (status != PSA_SUCCESS) {
 				return status;
 			}

subsys/nrf_security/src/drivers/cracen/cracen_sw/src/cracen_sw_cipher.c

@@ -264,25 +264,23 @@ psa_status_t cracen_cipher_encrypt(const psa_key_attributes_t *attributes,
 	}
 
 	if (IS_ENABLED(PSA_NEED_CRACEN_ECB_NO_PADDING_AES) && alg == PSA_ALG_ECB_NO_PADDING) {
-		struct sxkeyref key;
-
-		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size, &key);
+		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size,
+					    &operation.keyref);
 		if (status != PSA_SUCCESS) {
 			return status;
 		}
-		return cracen_aes_ecb_encrypt(&key, input, input_length, output, output_size,
-					      output_length);
+		return cracen_aes_ecb_encrypt(&operation.cipher, &operation.keyref, input,
+					      input_length, output, output_size, output_length);
 	}
 
 	if (IS_ENABLED(PSA_NEED_CRACEN_CBC_PKCS7_AES) && alg == PSA_ALG_CBC_PKCS7) {
-		struct sxkeyref key;
-
-		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size, &key);
+		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size,
+					    &operation.keyref);
 		if (status != PSA_SUCCESS) {
 			return status;
 		}
-		return encrypt_cbc(&key, input, input_length, output, output_size, output_length,
-				   iv);
+		return encrypt_cbc(&operation.keyref, input, input_length, output, output_size,
+				   output_length, iv);
 	}
 
 	status = setup(CRACEN_ENCRYPT, &operation, attributes, key_buffer, key_buffer_size, alg);
@@ -328,25 +326,23 @@ psa_status_t cracen_cipher_decrypt(const psa_key_attributes_t *attributes,
 	}
 
 	if (IS_ENABLED(PSA_NEED_CRACEN_ECB_NO_PADDING_AES) && alg == PSA_ALG_ECB_NO_PADDING) {
-		struct sxkeyref key;
-
-		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size, &key);
+		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size,
+					    &operation.keyref);
 		if (status != PSA_SUCCESS) {
 			return status;
 		}
-		return cracen_aes_ecb_decrypt(&key, input, input_length, output, output_size,
-					      output_length);
+		return cracen_aes_ecb_decrypt(&operation.cipher, &operation.keyref, input,
+					      input_length, output, output_size, output_length);
 	}
 
 	if (IS_ENABLED(PSA_NEED_CRACEN_CBC_PKCS7_AES) && alg == PSA_ALG_CBC_PKCS7) {
-		struct sxkeyref key;
-
-		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size, &key);
+		status = cracen_load_keyref(attributes, key_buffer, key_buffer_size,
+					    &operation.keyref);
 		if (status != PSA_SUCCESS) {
 			return status;
 		}
-		return decrypt_cbc(&key, input + iv_size, input_length - iv_size, output,
-				   output_size, output_length, input);
+		return decrypt_cbc(&operation.keyref, input + iv_size, input_length - iv_size,
+				   output, output_size, output_length, input);
 	}
 
 	if (input_length < iv_size) {
@@ -573,13 +569,13 @@ psa_status_t cracen_cipher_update(cracen_cipher_operation_t *operation, const ui
 							operation->blk_size);
 					if (operation->dir == CRACEN_ENCRYPT) {
 						psa_status = cracen_aes_ecb_encrypt(
-							&operation->keyref,
+							&operation->cipher, &operation->keyref,
 							operation->unprocessed_input,
 							operation->unprocessed_input_bytes, output,
 							output_size, output_length);
 					} else {
 						psa_status = cracen_aes_ecb_decrypt(
-							&operation->keyref,
+							&operation->cipher, &operation->keyref,
 							operation->unprocessed_input,
 							operation->unprocessed_input_bytes, output,
 							output_size, output_length);
@@ -594,12 +590,14 @@ psa_status_t cracen_cipher_update(cracen_cipher_operation_t *operation, const ui
 				if (block_bytes) {
 					if (operation->dir == CRACEN_ENCRYPT) {
 						psa_status = cracen_aes_ecb_encrypt(
-							&operation->keyref, input, block_bytes,
-							output, output_size, output_length);
+							&operation->cipher, &operation->keyref,
+							input, block_bytes, output, output_size,
+							output_length);
 					} else {
 						psa_status = cracen_aes_ecb_decrypt(
-							&operation->keyref, input, block_bytes,
-							output, output_size, output_length);
+							&operation->cipher, &operation->keyref,
+							input, block_bytes, output, output_size,
+							output_length);
 					}
 					if (psa_status != PSA_SUCCESS) {
 						return psa_status;
@@ -707,12 +705,14 @@ psa_status_t cracen_cipher_finish(cracen_cipher_operation_t *operation, uint8_t
 	if (IS_ENABLED(PSA_NEED_CRACEN_ECB_NO_PADDING_AES)) {
 		if (operation->alg == PSA_ALG_ECB_NO_PADDING) {
 			if (operation->dir == CRACEN_ENCRYPT) {
-				return cracen_aes_ecb_encrypt(&operation->keyref,
+				return cracen_aes_ecb_encrypt(&operation->cipher,
+							      &operation->keyref,
 							      operation->unprocessed_input,
 							      operation->unprocessed_input_bytes,
 							      output, output_size, output_length);
 			} else {
-				return cracen_aes_ecb_decrypt(&operation->keyref,
+				return cracen_aes_ecb_decrypt(&operation->cipher,
+							      &operation->keyref,
 							      operation->unprocessed_input,
 							      operation->unprocessed_input_bytes,
 							      output, output_size, output_length);

subsys/nrf_security/src/drivers/cracen/cracen_sw/src/cracen_sw_common.c

@@ -37,12 +37,11 @@ psa_status_t cracen_aes_ecb_crypt(struct sxblkcipher *blkciph,
 	return sx_status;
 }
 
-psa_status_t cracen_aes_ecb_encrypt(const struct sxkeyref *key, const uint8_t *input,
-				    size_t input_length, uint8_t *output, size_t output_size,
-				    size_t *output_length)
+psa_status_t cracen_aes_ecb_encrypt(struct sxblkcipher *blkciph, const struct sxkeyref *key,
+				    const uint8_t *input, size_t input_length, uint8_t *output,
+				    size_t output_size, size_t *output_length)
 {
 	int sx_status;
-	struct sxblkcipher blkciph;
 
 	if (output_size < input_length) {
 		return PSA_ERROR_BUFFER_TOO_SMALL;
@@ -52,21 +51,20 @@ psa_status_t cracen_aes_ecb_encrypt(const struct sxkeyref *key, const uint8_t *i
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
-	sx_status = sx_blkcipher_create_aesecb_enc(&blkciph, key);
+	sx_status = sx_blkcipher_create_aesecb_enc(blkciph, key);
 	if (sx_status != SX_OK) {
 		return silex_statuscodes_to_psa(sx_status);
 	}
 
-	return cracen_aes_ecb_crypt(&blkciph, input, input_length, output, output_size,
+	return cracen_aes_ecb_crypt(blkciph, input, input_length, output, output_size,
 				    output_length);
 }
 
-psa_status_t cracen_aes_ecb_decrypt(const struct sxkeyref *key, const uint8_t *input,
-				    size_t input_length, uint8_t *output, size_t output_size,
-				    size_t *output_length)
+psa_status_t cracen_aes_ecb_decrypt(struct sxblkcipher *blkciph, const struct sxkeyref *key,
+				    const uint8_t *input, size_t input_length, uint8_t *output,
+				    size_t output_size, size_t *output_length)
 {
 	int sx_status;
-	struct sxblkcipher blkciph;
 
 	if (output_size < input_length) {
 		return PSA_ERROR_BUFFER_TOO_SMALL;
@@ -76,26 +74,26 @@ psa_status_t cracen_aes_ecb_decrypt(const struct sxkeyref *key, const uint8_t *i
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
-	sx_status = sx_blkcipher_create_aesecb_dec(&blkciph, key);
+	sx_status = sx_blkcipher_create_aesecb_dec(blkciph, key);
 	if (sx_status != SX_OK) {
 		return silex_statuscodes_to_psa(sx_status);
 	}
 
-	return cracen_aes_ecb_crypt(&blkciph, input, input_length, output, output_size,
+	return cracen_aes_ecb_crypt(blkciph, input, input_length, output, output_size,
 				    output_length);
 }
 
-psa_status_t cracen_aes_primitive(const struct sxkeyref *key, const uint8_t *input, uint8_t *output)
+psa_status_t cracen_aes_primitive(struct sxblkcipher *blkciph, const struct sxkeyref *key,
+				  const uint8_t *input, uint8_t *output)
 {
 	int sx_status;
-	struct sxblkcipher blkciph;
 	size_t output_size;
 
-	sx_status = sx_blkcipher_create_aesecb_enc(&blkciph, key);
+	sx_status = sx_blkcipher_create_aesecb_enc(blkciph, key);
 	if (sx_status != SX_OK) {
 		return silex_statuscodes_to_psa(sx_status);
 	}
 
-	return cracen_aes_ecb_crypt(&blkciph, input, SX_BLKCIPHER_AES_BLK_SZ, output,
+	return cracen_aes_ecb_crypt(blkciph, input, SX_BLKCIPHER_AES_BLK_SZ, output,
 				    SX_BLKCIPHER_AES_BLK_SZ, &output_size);
 }

subsys/nrf_security/src/drivers/cracen/cracen_sw/src/cracen_sw_mac_cmac.c

@@ -67,7 +67,8 @@ psa_status_t cracen_cmac_derive_subkeys(cracen_mac_operation_t *operation, uint8
 {
 	uint8_t empty_block[SX_BLKCIPHER_AES_BLK_SZ] = {0};
 	uint8_t L[SX_BLKCIPHER_AES_BLK_SZ]; /* L is defined in RFC 4493 */
-	psa_status_t status = cracen_aes_primitive(&operation->cmac.keyref, empty_block, L);
+	psa_status_t status = cracen_aes_primitive(&operation->cmac.cipher, &operation->cmac.keyref,
+						   empty_block, L);
 
 	if (status != PSA_SUCCESS) {
 		return status;
@@ -111,9 +112,9 @@ psa_status_t cracen_sw_cmac_update(cracen_mac_operation_t *operation, const uint
 			cracen_xorbytes(operation->cmac.sw_ctx.mac_state,
 					operation->cmac.sw_ctx.partial_block,
 					SX_BLKCIPHER_AES_BLK_SZ);
-			psa_status = cracen_aes_primitive(&operation->cmac.keyref,
-							    operation->cmac.sw_ctx.mac_state,
-							    operation->cmac.sw_ctx.mac_state);
+			psa_status = cracen_aes_primitive(
+				&operation->cmac.cipher, &operation->cmac.keyref,
+				operation->cmac.sw_ctx.mac_state, operation->cmac.sw_ctx.mac_state);
 			if (psa_status != PSA_SUCCESS) {
 				return psa_status;
 			}
@@ -152,9 +153,9 @@ psa_status_t cracen_sw_cmac_finish(cracen_mac_operation_t *operation)
 	/* Final MAC: encrypt (mac_state XOR last_block) */
 	cracen_xorbytes(operation->cmac.sw_ctx.mac_state, last_block, SX_BLKCIPHER_AES_BLK_SZ);
 
-	psa_status =
-		cracen_aes_primitive(&operation->cmac.keyref, operation->cmac.sw_ctx.mac_state,
-				       operation->cmac.sw_ctx.mac_state);
+	psa_status = cracen_aes_primitive(&operation->cmac.cipher, &operation->cmac.keyref,
+					  operation->cmac.sw_ctx.mac_state,
+					  operation->cmac.sw_ctx.mac_state);
 	if (psa_status != PSA_SUCCESS) {
 		return psa_status;
 	}

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa_primitives.h

@@ -220,6 +220,7 @@ struct cracen_mac_operation_s {
 			uint8_t key_buffer[CRACEN_MAX_AES_KEY_SIZE];
 #if defined(CONFIG_CRACEN_NEED_MULTIPART_WORKAROUNDS)
 			cracen_cmac_context_t sw_ctx;
+			struct sxblkcipher cipher;
 #endif /* CONFIG_CRACEN_NEED_MULTIPART_WORKAROUNDS */
 		} cmac;
 #endif /* PSA_NEED_CRACEN_CMAC */