Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(), crypto_cipher_update(), crypto_cipher_final() and crypto_cipher_get_block_size() replacing struct cipher_ops in crypto_ops. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
author: Jens Wiklander <jens.wiklander@linaro.org> 2017-11-09 23:06:30 +0100
committer: Jérôme Forissier <jerome.forissier@linaro.org> 2017-11-14 13:48:32 +0100
commit: 82d91db11f0188df939ce52f6106a39f026de74c (patch)
tree: 2b740aba5310154be0fb0f9e94eabd139eb65eb0 /core
parent: b887bd8f271b056210e964fe7e86dbafe7f6d752 (diff)
6 files changed, 89 insertions, 81 deletions
diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c
index 91b325b3..b1a1baf5 100644
--- a/core/crypto/crypto.c
+++ b/core/crypto/crypto.c
@@ -30,3 +30,41 @@ TEE_Result crypto_hash_final(void *ctx __unused, uint32_t algo __unused,
 	return TEE_ERROR_NOT_IMPLEMENTED;
 }
 #endif /*_CFG_CRYPTO_WITH_HASH*/
+
+#if !defined(_CFG_CRYPTO_WITH_CIPHER)
+TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED
+}
+
+TEE_Result crypto_cipher_init(void *ctx __unused, uint32_t algo __unused,
+			      TEE_OperationMode mode __unused,
+			      const uint8_t *key1 __unused,
+			      size_t key1_len __unused,
+			      const uint8_t *key2 __unused,
+			      size_t key2_len __unused,
+			      const uint8_t *iv __unused,
+			      size_t iv_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED
+}
+
+TEE_Result crypto_cipher_update(void *ctx __unused, uint32_t algo __unused,
+				TEE_OperationMode mode __unused,
+				bool last_block __unused,
+				const uint8_t *data __unused,
+				size_t len __unused, uint8_t *dst __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED
+}
+
+void crypto_cipher_final(void *ctx __unused, uint32_t algo __unused)
+{
+}
+
+TEE_Result crypto_cipher_get_block_size(uint32_t algo __unused,
+					size_t *size __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED
+}
+#endif /*_CFG_CRYPTO_WITH_CIPHER*/
diff --git a/core/include/tee/tee_cryp_provider.h b/core/include/tee/tee_cryp_provider.h
index 81915aa9..3ab70416 100644
--- a/core/include/tee/tee_cryp_provider.h
+++ b/core/include/tee/tee_cryp_provider.h
@@ -47,22 +47,6 @@
 
 #include <tee_api_types.h>
 
-/* Symmetric ciphers */
-struct cipher_ops {
-	TEE_Result (*get_ctx_size)(uint32_t algo, size_t *size);
-	TEE_Result (*init)(void *ctx, uint32_t algo,
-			    TEE_OperationMode mode,
-			    const uint8_t *key1, size_t key1_len,
-			    const uint8_t *key2, size_t key2_len,
-			    const uint8_t *iv, size_t iv_len);
-	TEE_Result (*update)(void *ctx, uint32_t algo,
-			     TEE_OperationMode mode,
-			     bool last_block, const uint8_t *data,
-			     size_t len, uint8_t *dst);
-	void       (*final)(void *ctx, uint32_t algo);
-	TEE_Result (*get_block_size)(uint32_t algo, size_t *size);
-};
-
 /* Message Authentication Code functions */
 struct mac_ops {
 	TEE_Result (*get_ctx_size)(uint32_t algo, size_t *size);
@@ -275,7 +259,6 @@ struct crypto_ops {
 	const char *name;
 
 	TEE_Result (*init)(void);
-	struct cipher_ops cipher;
 	struct mac_ops mac;
 	struct authenc_ops authenc;
 	struct acipher_ops acipher;
@@ -293,6 +276,18 @@ TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data,
 TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest,
 			     size_t len);
 
+/* Symmetric ciphers */
+TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size);
+TEE_Result crypto_cipher_init(void *ctx, uint32_t algo, TEE_OperationMode mode,
+			      const uint8_t *key1, size_t key1_len,
+			      const uint8_t *key2, size_t key2_len,
+			      const uint8_t *iv, size_t iv_len);
+TEE_Result crypto_cipher_update(void *ctx, uint32_t algo,
+				TEE_OperationMode mode, bool last_block,
+				const uint8_t *data, size_t len, uint8_t *dst);
+void crypto_cipher_final(void *ctx, uint32_t algo);
+TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size);
+
 /*
  * Verifies a SHA-256 hash, doesn't require tee_cryp_init() to be called in
  * advance and has as few dependencies as possible.
diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c
index 5e8ce255..a26b8522 100644
--- a/core/lib/libtomcrypt/src/tee_ltc_provider.c
+++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c
@@ -1922,7 +1922,7 @@ static TEE_Result cipher_get_block_size(uint32_t algo, size_t *size)
 	return TEE_SUCCESS;
 }
 
-static TEE_Result cipher_get_ctx_size(uint32_t algo, size_t *size)
+TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size)
 {
 	switch (algo) {
 #if defined(CFG_CRYPTO_AES)
@@ -1999,7 +1999,7 @@ static void get_des2_key(const uint8_t *key, size_t key_len,
 	}
 }
 
-static TEE_Result cipher_init(void *ctx, uint32_t algo,
+TEE_Result crypto_cipher_init(void *ctx, uint32_t algo,
 			      TEE_OperationMode mode __maybe_unused,
 			      const uint8_t *key1, size_t key1_len,
 			      const uint8_t *key2 __maybe_unused,
@@ -2076,16 +2076,14 @@ static TEE_Result cipher_init(void *ctx, uint32_t algo,
 #if defined(CFG_CRYPTO_CTS)
 	case TEE_ALG_AES_CTS:
 		cts = ctx;
-		res = cipher_init((void *)(&(cts->ecb)),
-					  TEE_ALG_AES_ECB_NOPAD, mode, key1,
-					  key1_len, key2, key2_len, iv,
-					  iv_len);
+		res = crypto_cipher_init((void *)(&(cts->ecb)),
+					 TEE_ALG_AES_ECB_NOPAD, mode, key1,
+					 key1_len, key2, key2_len, iv, iv_len);
 		if (res != TEE_SUCCESS)
 			return res;
-		res = cipher_init((void *)(&(cts->cbc)),
-					  TEE_ALG_AES_CBC_NOPAD, mode, key1,
-					  key1_len, key2, key2_len, iv,
-					  iv_len);
+		res = crypto_cipher_init((void *)(&(cts->cbc)),
+					 TEE_ALG_AES_CBC_NOPAD, mode, key1,
+					 key1_len, key2, key2_len, iv, iv_len);
 		if (res != TEE_SUCCESS)
 			return res;
 		ltc_res = CRYPT_OK;
@@ -2118,7 +2116,7 @@ static TEE_Result cipher_init(void *ctx, uint32_t algo,
 		return TEE_ERROR_BAD_STATE;
 }
 
-static TEE_Result cipher_update(void *ctx, uint32_t algo,
+TEE_Result crypto_cipher_update(void *ctx, uint32_t algo,
 				TEE_OperationMode mode,
 				bool last_block __maybe_unused,
 				const uint8_t *data, size_t len, uint8_t *dst)
@@ -2187,7 +2185,7 @@ static TEE_Result cipher_update(void *ctx, uint32_t algo,
 		return TEE_ERROR_BAD_STATE;
 }
 
-static void cipher_final(void *ctx, uint32_t algo)
+void crypto_cipher_final(void *ctx, uint32_t algo)
 {
 	switch (algo) {
 #if defined(CFG_CRYPTO_ECB)
@@ -2509,7 +2507,7 @@ static TEE_Result mac_final(void *ctx, uint32_t algo, uint8_t *digest,
 
 		memcpy(digest, cbc->digest, MIN(ltc_digest_len,
 						cbc->block_len));
-		cipher_final(&cbc->cbc, algo);
+		crypto_cipher_final(&cbc->cbc, algo);
 		break;
 #endif
 #if defined(CFG_CRYPTO_CMAC)
@@ -2980,15 +2978,6 @@ static TEE_Result tee_ltc_init(void)
 const struct crypto_ops crypto_ops = {
 	.name = "LibTomCrypt provider",
 	.init = tee_ltc_init,
-#if defined(_CFG_CRYPTO_WITH_CIPHER)
-	.cipher = {
-		.final = cipher_final,
-		.get_block_size = cipher_get_block_size,
-		.get_ctx_size = cipher_get_ctx_size,
-		.init = cipher_init,
-		.update = cipher_update,
-	},
-#endif
 #if defined(_CFG_CRYPTO_WITH_MAC)
 	.mac = {
 		.get_ctx_size = mac_get_ctx_size,
diff --git a/core/tee/tee_cryp_utl.c b/core/tee/tee_cryp_utl.c
index e40a6850..9cc736c4 100644
--- a/core/tee/tee_cryp_utl.c
+++ b/core/tee/tee_cryp_utl.c
@@ -199,8 +199,6 @@ TEE_Result tee_do_cipher_update(void *ctx, uint32_t algo,
 	if (mode != TEE_MODE_ENCRYPT && mode != TEE_MODE_DECRYPT)
 		return TEE_ERROR_BAD_PARAMETERS;
 
-	if (crypto_ops.cipher.update == NULL)
-		return TEE_ERROR_NOT_IMPLEMENTED;
 	/*
 	 * Check that the block contains the correct number of data, apart
 	 * for the last block in some XTS / CTR / XTS mode
@@ -242,8 +240,8 @@ TEE_Result tee_do_cipher_update(void *ctx, uint32_t algo,
 		}
 	}
 
-	return crypto_ops.cipher.update(ctx, algo, mode, last_block, data, len,
-					dst);
+	return crypto_cipher_update(ctx, algo, mode, last_block, data, len,
+				    dst);
 }
 
 /*
diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c
index 4a834a9b..9afd186b 100644
--- a/core/tee/tee_fs_key_manager.c
+++ b/core/tee/tee_fs_key_manager.c
@@ -136,7 +136,7 @@ TEE_Result tee_fs_fek_crypt(const TEE_UUID *uuid, TEE_OperationMode mode,
 			return res;
 	}
 
-	res = crypto_ops.cipher.get_ctx_size(TEE_FS_KM_ENC_FEK_ALG, &ctx_size);
+	res = crypto_cipher_get_ctx_size(TEE_FS_KM_ENC_FEK_ALG, &ctx_size);
 	if (res != TEE_SUCCESS)
 		return res;
 
@@ -144,17 +144,17 @@ TEE_Result tee_fs_fek_crypt(const TEE_UUID *uuid, TEE_OperationMode mode,
 	if (!ctx)
 		return TEE_ERROR_OUT_OF_MEMORY;
 
-	res = crypto_ops.cipher.init(ctx, TEE_FS_KM_ENC_FEK_ALG, mode, tsk,
-				     sizeof(tsk), NULL, 0, NULL, 0);
+	res = crypto_cipher_init(ctx, TEE_FS_KM_ENC_FEK_ALG, mode, tsk,
+				 sizeof(tsk), NULL, 0, NULL, 0);
 	if (res != TEE_SUCCESS)
 		goto exit;
 
-	res = crypto_ops.cipher.update(ctx, TEE_FS_KM_ENC_FEK_ALG,
-			mode, true, in_key, size, dst_key);
+	res = crypto_cipher_update(ctx, TEE_FS_KM_ENC_FEK_ALG,
+				   mode, true, in_key, size, dst_key);
 	if (res != TEE_SUCCESS)
 		goto exit;
 
-	crypto_ops.cipher.final(ctx, TEE_FS_KM_ENC_FEK_ALG);
+	crypto_cipher_final(ctx, TEE_FS_KM_ENC_FEK_ALG);
 
 	memcpy(out_key, dst_key, sizeof(dst_key));
 
@@ -253,7 +253,7 @@ static TEE_Result aes_ecb(uint8_t out[TEE_AES_BLOCK_SIZE],
 	size_t ctx_size;
 	uint32_t algo = TEE_ALG_AES_ECB_NOPAD;
 
-	res = crypto_ops.cipher.get_ctx_size(algo, &ctx_size);
+	res = crypto_cipher_get_ctx_size(algo, &ctx_size);
 	if (res != TEE_SUCCESS)
 		return res;
 
@@ -261,17 +261,17 @@ static TEE_Result aes_ecb(uint8_t out[TEE_AES_BLOCK_SIZE],
 	if (!ctx)
 		return TEE_ERROR_OUT_OF_MEMORY;
 
-	res = crypto_ops.cipher.init(ctx, algo, TEE_MODE_ENCRYPT, key,
-				     key_size, NULL, 0, NULL, 0);
+	res = crypto_cipher_init(ctx, algo, TEE_MODE_ENCRYPT, key,
+				 key_size, NULL, 0, NULL, 0);
 	if (res != TEE_SUCCESS)
 		goto out;
 
-	res = crypto_ops.cipher.update(ctx, algo, TEE_MODE_ENCRYPT, true, in,
-				       TEE_AES_BLOCK_SIZE, out);
+	res = crypto_cipher_update(ctx, algo, TEE_MODE_ENCRYPT, true, in,
+				   TEE_AES_BLOCK_SIZE, out);
 	if (res != TEE_SUCCESS)
 		goto out;
 
-	crypto_ops.cipher.final(ctx, algo);
+	crypto_cipher_final(ctx, algo);
 	res = TEE_SUCCESS;
 
 out:
@@ -325,22 +325,22 @@ TEE_Result tee_fs_crypt_block(const TEE_UUID *uuid, uint8_t *out,
 	res = essiv(iv, fek, blk_idx);
 
 	/* Run AES CBC */
-	res = crypto_ops.cipher.get_ctx_size(algo, &ctx_size);
+	res = crypto_cipher_get_ctx_size(algo, &ctx_size);
 	if (res != TEE_SUCCESS)
 		return res;
 	ctx = malloc(ctx_size);
 	if (!ctx)
 		return TEE_ERROR_OUT_OF_MEMORY;
 
-	res = crypto_ops.cipher.init(ctx, algo, mode, fek, sizeof(fek), NULL,
-				     0, iv, TEE_AES_BLOCK_SIZE);
+	res = crypto_cipher_init(ctx, algo, mode, fek, sizeof(fek), NULL,
+				 0, iv, TEE_AES_BLOCK_SIZE);
 	if (res != TEE_SUCCESS)
 		goto exit;
-	res = crypto_ops.cipher.update(ctx, algo, mode, true, in, size, out);
+	res = crypto_cipher_update(ctx, algo, mode, true, in, size, out);
 	if (res != TEE_SUCCESS)
 		goto exit;
 
-	crypto_ops.cipher.final(ctx, algo);
+	crypto_cipher_final(ctx, algo);
 
 exit:
 	free(ctx);
diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
index 81473743..570c5ed1 100644
--- a/core/tee/tee_svc_cryp.c
+++ b/core/tee/tee_svc_cryp.c
@@ -2028,11 +2028,7 @@ TEE_Result syscall_cryp_state_alloc(unsigned long algo, unsigned long mode,
 		    (algo != TEE_ALG_AES_XTS && (key1 == 0 || key2 != 0))) {
 			res = TEE_ERROR_BAD_PARAMETERS;
 		} else {
-			if (crypto_ops.cipher.get_ctx_size)
-				res = crypto_ops.cipher.get_ctx_size(algo,
-								&cs->ctx_size);
-			else
-				res = TEE_ERROR_NOT_IMPLEMENTED;
+			res = crypto_cipher_get_ctx_size(algo, &cs->ctx_size);
 			if (res != TEE_SUCCESS)
 				break;
 			cs->ctx = calloc(1, cs->ctx_size);
@@ -2406,33 +2402,25 @@ TEE_Result syscall_cipher_init(unsigned long state, const void *iv,
 
 	key1 = o->attr;
 
-	if (!crypto_ops.cipher.init)
-		return TEE_ERROR_NOT_IMPLEMENTED;
-
 	if (tee_obj_get(utc, cs->key2, &o) == TEE_SUCCESS) {
 		struct tee_cryp_obj_secret *key2 = o->attr;
 
 		if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0)
 			return TEE_ERROR_BAD_PARAMETERS;
 
-		res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode,
-					     (uint8_t *)(key1 + 1),
-					     key1->key_size,
-					     (uint8_t *)(key2 + 1),
-					     key2->key_size,
-					     iv, iv_len);
+		res = crypto_cipher_init(cs->ctx, cs->algo, cs->mode,
+					 (uint8_t *)(key1 + 1), key1->key_size,
+					 (uint8_t *)(key2 + 1), key2->key_size,
+					 iv, iv_len);
 	} else {
-		res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode,
-					     (uint8_t *)(key1 + 1),
-					     key1->key_size,
-					     NULL,
-					     0,
-					     iv, iv_len);
+		res = crypto_cipher_init(cs->ctx, cs->algo, cs->mode,
+					 (uint8_t *)(key1 + 1), key1->key_size,
+					 NULL, 0, iv, iv_len);
 	}
 	if (res != TEE_SUCCESS)
 		return res;
 
-	cs->ctx_finalize = crypto_ops.cipher.final;
+	cs->ctx_finalize = crypto_cipher_final;
 	return TEE_SUCCESS;
 }
author	Jens Wiklander <jens.wiklander@linaro.org>	2017-11-09 23:06:30 +0100
committer	Jérôme Forissier <jerome.forissier@linaro.org>	2017-11-14 13:48:32 +0100
commit	82d91db11f0188df939ce52f6106a39f026de74c (patch)
tree	2b740aba5310154be0fb0f9e94eabd139eb65eb0 /core
parent	b887bd8f271b056210e964fe7e86dbafe7f6d752 (diff)