From 7abdf7eee5f5d8e775cc0c5bcecb8caab046ffa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Mar 2023 11:17:43 +0100 Subject: [PATCH] Add utility function to check for drivers init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will be used in the next commit. While at it, move driver initialization before RNG init - this will be handy when the entropy module wants to use drivers for hashes. Signed-off-by: Manuel Pégourié-Gonnard --- library/psa_crypto.c | 20 ++++++++++++++------ library/psa_crypto_core.h | 12 ++++++++++++ tests/suites/test_suite_psa_crypto.data | 3 +++ tests/suites/test_suite_psa_crypto.function | 15 +++++++++++++++ 4 files changed, 44 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba204f7ef..46938eadb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -111,6 +111,7 @@ static int key_type_is_raw_bytes(psa_key_type_t type) typedef struct { unsigned initialized : 1; unsigned rng_state : 2; + unsigned drivers_initialized : 1; mbedtls_psa_random_context_t rng; } psa_global_data_t; @@ -125,6 +126,12 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state = if (global_data.initialized == 0) \ return PSA_ERROR_BAD_STATE; +int psa_can_do_hash(psa_algorithm_t hash_alg) +{ + (void) hash_alg; + return global_data.drivers_initialized; +} + psa_status_t mbedtls_to_psa_error(int ret) { /* Mbed TLS error codes can combine a high-level error code and a @@ -7124,6 +7131,13 @@ psa_status_t psa_crypto_init(void) return PSA_SUCCESS; } + /* Init drivers */ + status = psa_driver_wrapper_init(); + if (status != PSA_SUCCESS) { + goto exit; + } + global_data.drivers_initialized = 1; + /* Initialize and seed the random generator. */ mbedtls_psa_random_init(&global_data.rng); global_data.rng_state = RNG_INITIALIZED; @@ -7138,12 +7152,6 @@ psa_status_t psa_crypto_init(void) goto exit; } - /* Init drivers */ - status = psa_driver_wrapper_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) status = psa_crypto_load_transaction(); if (status == PSA_SUCCESS) { diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index d3d0188a6..8bc1b647c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -26,6 +26,18 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +/** + * Tell if PSA is ready for this hash. + * + * \note For now, only checks the state of the driver subsystem, + * not the algorithm. Might do more in the future. + * + * \param hash_alg The hash algorithm (ignored for now). + * + * \return 1 if the driver subsytem is ready, 0 otherwise. + */ +int psa_can_do_hash(psa_algorithm_t hash_alg); + /** Constant-time buffer comparison * * \param[in] a Left-hand buffer for comparison. diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index eddac7fc1..86b2f667d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1,3 +1,6 @@ +PSA can_do_hash +psa_can_do_hash: + PSA compile-time sanity checks static_checks: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 231b47fca..41a3237b3 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -13,6 +13,9 @@ #include "psa/crypto.h" #include "psa_crypto_slot_management.h" +/* For psa_can_do_hash() */ +#include "psa_crypto_core.h" + #include "test/asn1_helpers.h" #include "test/psa_crypto_helpers.h" #include "test/psa_exercise_key.h" @@ -1255,6 +1258,18 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void psa_can_do_hash() +{ + /* We can't test that this is specific to drivers until partial init has + * been implemented, but we can at least test before/after full init. */ + TEST_EQUAL(0, psa_can_do_hash(PSA_ALG_NONE)); + PSA_INIT(); + TEST_EQUAL(1, psa_can_do_hash(PSA_ALG_NONE)); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void static_checks() {