wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

psa: introduce global lock

Browse Source
This commit is contained in:
Marco Oliverio
2021-12-30 16:48:54 +01:00
parent a7165907da
commit 630b244cee
4 changed files with 90 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
wolfcrypt/src/port/psa/psa.c
View File

@@ -35,12 +35,35 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/types.h> #include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_PSA_GLOBAL_LOCK)
static wolfSSL_Mutex psa_global_mutex;
void PSA_LOCK()
{
/* ideally we should propagate the return error here. Leaving out for code
simplicity for now. */
wc_LockMutex(&psa_global_mutex);
}
void PSA_UNLOCK()
{
wc_UnLockMutex(&psa_global_mutex);
}
#endif
int wc_psa_init() int wc_psa_init()
{ {
psa_status_t s; psa_status_t s;
#if defined(WOLFSSL_PSA_GLOBAL_LOCK)
wc_InitMutex(&psa_global_mutex);
#endif
PSA_LOCK();
s = psa_crypto_init(); s = psa_crypto_init();
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;
@@ -59,7 +82,9 @@ int wc_psa_get_random(unsigned char *out, word32 sz)
{ {
psa_status_t s; psa_status_t s;
PSA_LOCK();
s = psa_generate_random((uint8_t*)out, sz); s = psa_generate_random((uint8_t*)out, sz);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;

27
wolfcrypt/src/port/psa/psa_aes.c
View File

@@ -57,7 +57,9 @@ static int wc_psa_aes_import_key(Aes *aes, const uint8_t *key,
dir == AES_DECRYPTION ? PSA_KEY_USAGE_DECRYPT : 0); dir == AES_DECRYPTION ? PSA_KEY_USAGE_DECRYPT : 0);
psa_set_key_algorithm(&key_attr, alg); psa_set_key_algorithm(&key_attr, alg);
PSA_LOCK();
s = psa_import_key(&key_attr, key, key_length, &id); s = psa_import_key(&key_attr, key, key_length, &id);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;
@@ -100,12 +102,16 @@ int wc_psa_aes_get_key_size(Aes *aes, word32 *keySize)
if (aes->key_id == PSA_KEY_ID_NULL) if (aes->key_id == PSA_KEY_ID_NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
PSA_LOCK();
s = psa_get_key_attributes(aes->key_id, &attr); s = psa_get_key_attributes(aes->key_id, &attr);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;
*keySize = (word32)(psa_get_key_bits(&attr) / 8); *keySize = (word32)(psa_get_key_bits(&attr) / 8);
PSA_LOCK();
psa_reset_key_attributes(&attr); psa_reset_key_attributes(&attr);
PSA_UNLOCK();
return 0; return 0;
} }
@@ -135,15 +141,21 @@ int wc_psa_aes_set_key(Aes *aes, const uint8_t *key, size_t key_length,
/* the object was already used for other encryption. Reset the context */ /* the object was already used for other encryption. Reset the context */
if (aes->ctx_initialized) { if (aes->ctx_initialized) {
PSA_LOCK();
s = psa_cipher_abort(&aes->psa_ctx); s = psa_cipher_abort(&aes->psa_ctx);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;
aes->ctx_initialized =0; aes->ctx_initialized =0;
} }
/* a key was already imported, destroy it first */ /* a key was already imported, destroy it first */
if (aes->key_id != PSA_KEY_ID_NULL) { if (aes->key_id != PSA_KEY_ID_NULL) {
PSA_LOCK();
psa_destroy_key(aes->key_id); psa_destroy_key(aes->key_id);
PSA_UNLOCK();
aes->key_id = PSA_KEY_ID_NULL; aes->key_id = PSA_KEY_ID_NULL;
} }
@@ -154,7 +166,9 @@ int wc_psa_aes_set_key(Aes *aes, const uint8_t *key, size_t key_length,
XMEMCPY(aes->key, key, key_length); XMEMCPY(aes->key, key, key_length);
aes->key_need_importing = 1; aes->key_need_importing = 1;
} else { } else {
PSA_LOCK();
ret = wc_psa_aes_import_key(aes, key, key_length, alg, dir); ret = wc_psa_aes_import_key(aes, key, key_length, alg, dir);
PSA_UNLOCK();
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
@@ -203,9 +217,13 @@ int wc_psa_aes_encrypt_decrypt(Aes *aes, const uint8_t *input,
} }
if (direction == AES_ENCRYPTION) { if (direction == AES_ENCRYPTION) {
PSA_LOCK();
s = psa_cipher_encrypt_setup(&aes->psa_ctx, aes->key_id, alg); s = psa_cipher_encrypt_setup(&aes->psa_ctx, aes->key_id, alg);
PSA_UNLOCK();
} else { } else {
PSA_LOCK();
s = psa_cipher_decrypt_setup(&aes->psa_ctx, aes->key_id, alg); s = psa_cipher_decrypt_setup(&aes->psa_ctx, aes->key_id, alg);
PSA_UNLOCK();
} }
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
@@ -217,16 +235,21 @@ int wc_psa_aes_encrypt_decrypt(Aes *aes, const uint8_t *input,
if (alg != PSA_ALG_ECB_NO_PADDING) { if (alg != PSA_ALG_ECB_NO_PADDING) {
/* wc_SetIV stores the IV in reg */ /* wc_SetIV stores the IV in reg */
PSA_LOCK();
s = psa_cipher_set_iv(&aes->psa_ctx, s = psa_cipher_set_iv(&aes->psa_ctx,
(uint8_t*)aes->reg, AES_IV_SIZE); (uint8_t*)aes->reg, AES_IV_SIZE);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
goto err; goto err;
} }
} }
PSA_LOCK();
s = psa_cipher_update(&aes->psa_ctx, input, s = psa_cipher_update(&aes->psa_ctx, input,
length, output, length, &output_length); length, output, length, &output_length);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
goto err; goto err;
@@ -247,12 +270,16 @@ int wc_psa_aes_encrypt_decrypt(Aes *aes, const uint8_t *input,
int wc_psa_aes_free(Aes *aes) int wc_psa_aes_free(Aes *aes)
{ {
if (aes->key_id != PSA_KEY_ID_NULL) { if (aes->key_id != PSA_KEY_ID_NULL) {
PSA_LOCK();
psa_destroy_key(aes->key_id); psa_destroy_key(aes->key_id);
PSA_UNLOCK();
aes->key_id = PSA_KEY_ID_NULL; aes->key_id = PSA_KEY_ID_NULL;
} }
if (aes->ctx_initialized == 1) { if (aes->ctx_initialized == 1) {
PSA_LOCK();
psa_cipher_abort(&aes->psa_ctx); psa_cipher_abort(&aes->psa_ctx);
PSA_UNLOCK();
aes->ctx_initialized = 0; aes->ctx_initialized = 0;
} }

29
wolfcrypt/src/port/psa/psa_hash.c
View File

@@ -50,10 +50,14 @@ static int wc_psa_hash_init_and_setup(psa_hash_operation_t *ctx,
XMEMSET(ctx, 0, sizeof(*ctx)); XMEMSET(ctx, 0, sizeof(*ctx));
PSA_LOCK();
s = psa_hash_setup(ctx, alg); s = psa_hash_setup(ctx, alg);
PSA_UNLOCK();
if (s != PSA_SUCCESS) { if (s != PSA_SUCCESS) {
PSA_LOCK();
psa_hash_abort(ctx); psa_hash_abort(ctx);
PSA_UNLOCK();
return WC_HW_E; return WC_HW_E;
} }
@@ -68,10 +72,14 @@ static int wc_psa_hash_update(psa_hash_operation_t *ctx, const uint8_t *input,
if (ctx == NULL || (input == NULL && input_length > 0)) if (ctx == NULL || (input == NULL && input_length > 0))
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
PSA_LOCK();
s = psa_hash_update(ctx, input, input_length); s = psa_hash_update(ctx, input, input_length);
PSA_UNLOCK();
if (s != PSA_SUCCESS) { if (s != PSA_SUCCESS) {
PSA_LOCK();
psa_hash_abort(ctx); psa_hash_abort(ctx);
PSA_UNLOCK();
return WC_HW_E; return WC_HW_E;
} }
@@ -87,15 +95,23 @@ static int wc_psa_hash_finish_setup(psa_hash_operation_t *ctx,
if (ctx == NULL || output == NULL) if (ctx == NULL || output == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
PSA_LOCK();
s = psa_hash_finish(ctx, output, PSA_HASH_LENGTH(alg), &hash_length); s = psa_hash_finish(ctx, output, PSA_HASH_LENGTH(alg), &hash_length);
PSA_UNLOCK();
if (s != PSA_SUCCESS) { if (s != PSA_SUCCESS) {
PSA_LOCK();
psa_hash_abort(ctx); psa_hash_abort(ctx);
PSA_UNLOCK();
return WC_HW_E; return WC_HW_E;
} }
PSA_LOCK();
s = psa_hash_setup(ctx, alg); s = psa_hash_setup(ctx, alg);
PSA_UNLOCK();
if (s != PSA_SUCCESS) { if (s != PSA_SUCCESS) {
PSA_LOCK();
psa_hash_abort(ctx); psa_hash_abort(ctx);
PSA_UNLOCK();
return WC_HW_E; return WC_HW_E;
} }
@@ -110,9 +126,14 @@ static int wc_psa_hash_clone(const psa_hash_operation_t *src,
if (src == NULL || dst == NULL) if (src == NULL || dst == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
PSA_LOCK();
psa_hash_abort(dst); psa_hash_abort(dst);
PSA_UNLOCK();
PSA_LOCK();
s = psa_hash_clone(src, dst); s = psa_hash_clone(src, dst);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;
@@ -126,7 +147,9 @@ static int wc_psa_hash_abort(psa_hash_operation_t *ctx)
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
PSA_LOCK();
s = psa_hash_abort(ctx); s = psa_hash_abort(ctx);
PSA_UNLOCK();
if (s != PSA_SUCCESS) if (s != PSA_SUCCESS)
return WC_HW_E; return WC_HW_E;
@@ -146,15 +169,21 @@ static int wc_psa_get_hash(psa_hash_operation_t *ctx,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
XMEMSET(&tmp, 0, sizeof(tmp)); XMEMSET(&tmp, 0, sizeof(tmp));
PSA_LOCK();
s = psa_hash_clone(ctx, &tmp); s = psa_hash_clone(ctx, &tmp);
PSA_UNLOCK();
if (s != PSA_SUCCESS) { if (s != PSA_SUCCESS) {
psa_hash_abort(&tmp); psa_hash_abort(&tmp);
return WC_HW_E; return WC_HW_E;
} }
PSA_LOCK();
s = psa_hash_finish(&tmp, out, PSA_HASH_LENGTH(alg), &hash_length); s = psa_hash_finish(&tmp, out, PSA_HASH_LENGTH(alg), &hash_length);
PSA_UNLOCK();
if (s != PSA_SUCCESS) { if (s != PSA_SUCCESS) {
PSA_LOCK();
psa_hash_abort(&tmp); psa_hash_abort(&tmp);
PSA_UNLOCK();
return WC_HW_E; return WC_HW_E;
} }

9
wolfssl/wolfcrypt/port/psa/psa.h
View File

@@ -31,6 +31,7 @@
* WOLFSSL_PSA_NO_RNG: disable PSA random generator support * WOLFSSL_PSA_NO_RNG: disable PSA random generator support
* WOLFSSL_PSA_NO_HASH: disable PSA hashing support * WOLFSSL_PSA_NO_HASH: disable PSA hashing support
* WOLFSSL_PSA_NO_AES: disable PSA AES support * WOLFSSL_PSA_NO_AES: disable PSA AES support
* WOLFSSL_PSA_GLOBAL_LOCK: serialize the access to the underlying PSA lib
*/ */
#ifndef WOLFSSL_PSA_H #ifndef WOLFSSL_PSA_H
@@ -54,6 +55,14 @@
#endif #endif
#endif /* WOLFSSL_PSA_NO_AES */ #endif /* WOLFSSL_PSA_NO_AES */
#if defined(WOLFSSL_PSA_GLOBAL_LOCK)
void PSA_LOCK(void);
void PSA_UNLOCK(void);
#else
#define PSA_LOCK()
#define PSA_UNLOCK()
#endif
int wc_psa_init(void); int wc_psa_init(void);
#if !defined(WOLFSSL_PSA_NO_RNG) #if !defined(WOLFSSL_PSA_NO_RNG)