diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h index 47d1865f7d..676b7aec2f 100644 --- a/sys/include/psa_crypto/psa/crypto_sizes.h +++ b/sys/include/psa_crypto/psa/crypto_sizes.h @@ -844,7 +844,8 @@ extern "C" { #define PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits) \ (size_t)\ (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 32 : \ - (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_SECP_R1 ? PSA_BITS_TO_BYTES(key_bits) : \ + (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_SECP_R1 ? \ + PSA_BITS_TO_BYTES(key_bits) : \ 0)) /** @@ -884,9 +885,11 @@ extern "C" { * Unspecified if the parameters are not valid. */ #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \ - (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type) ? PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) : \ - (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits) : \ - 0)) + (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type) ? \ + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) : \ + (PSA_KEY_TYPE_IS_ECC(key_type) ? \ + PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits) : \ + 0)) /** * @brief Check whether the key size is a valid ECC size for key type. diff --git a/sys/psa_crypto/include/psa_ecc.h b/sys/psa_crypto/include/psa_ecc.h index 42a3e6f404..fea88b6520 100644 --- a/sys/psa_crypto/include/psa_ecc.h +++ b/sys/psa_crypto/include/psa_ecc.h @@ -262,7 +262,8 @@ psa_status_t psa_generate_ecc_ed25519_key_pair( uint8_t *priv_key_buffer, uint8_ * @param[inout] pub_key_buffer_length * @return @ref psa_status_t */ -psa_status_t psa_derive_ecc_ed25519_public_key( const uint8_t *priv_key_buffer, uint8_t *pub_key_buffer, +psa_status_t psa_derive_ecc_ed25519_public_key( const uint8_t *priv_key_buffer, + uint8_t *pub_key_buffer, size_t priv_key_buffer_length, size_t *pub_key_buffer_length); diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c index 5ca6a3f642..abc2b4b969 100644 --- a/sys/psa_crypto/psa_crypto.c +++ b/sys/psa_crypto/psa_crypto.c @@ -1974,8 +1974,8 @@ psa_status_t psa_sign_hash(psa_key_id_t key, psa_key_attributes_t attributes = slot->attr; - status = psa_location_dispatch_sign_hash(&attributes, alg, slot, hash, hash_length, signature, - signature_size, signature_length); + status = psa_location_dispatch_sign_hash(&attributes, alg, slot, hash, hash_length, + signature, signature_size, signature_length); unlock_status = psa_unlock_key_slot(slot); return ((status == PSA_SUCCESS) ? unlock_status : status); @@ -2027,8 +2027,8 @@ psa_status_t psa_sign_message(psa_key_id_t key, psa_key_attributes_t attributes = slot->attr; - status = psa_location_dispatch_sign_message(&attributes, alg, slot, input, input_length, signature, - signature_size, signature_length); + status = psa_location_dispatch_sign_message(&attributes, alg, slot, input, input_length, + signature, signature_size, signature_length); unlock_status = psa_unlock_key_slot(slot); return ((status == PSA_SUCCESS) ? unlock_status : status); @@ -2084,8 +2084,8 @@ psa_status_t psa_verify_hash(psa_key_id_t key, psa_key_attributes_t attributes = slot->attr; - status = psa_location_dispatch_verify_hash(&attributes, alg, slot, hash, hash_length, signature, - signature_length); + status = psa_location_dispatch_verify_hash(&attributes, alg, slot, hash, hash_length, + signature, signature_length); unlock_status = psa_unlock_key_slot(slot); return ((status == PSA_SUCCESS) ? unlock_status : status); @@ -2141,8 +2141,8 @@ psa_status_t psa_verify_message(psa_key_id_t key, psa_key_attributes_t attributes = slot->attr; - status = psa_location_dispatch_verify_message(&attributes, alg, slot, input, input_length, signature, - signature_length); + status = psa_location_dispatch_verify_message(&attributes, alg, slot, input, input_length, + signature, signature_length); unlock_status = psa_unlock_key_slot(slot); return ((status == PSA_SUCCESS) ? unlock_status : status); diff --git a/sys/psa_crypto/psa_crypto_algorithm_dispatch.c b/sys/psa_crypto/psa_crypto_algorithm_dispatch.c index 8afa065b0d..ef9e4a77ea 100644 --- a/sys/psa_crypto/psa_crypto_algorithm_dispatch.c +++ b/sys/psa_crypto/psa_crypto_algorithm_dispatch.c @@ -236,11 +236,13 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation, #endif #if (IS_USED(MODULE_PSA_HASH_SHA_512_224)) case PSA_ALG_SHA_512_224: - return psa_hashes_sha512_224_finish(&operation->ctx.sha512_224, hash, hash_size, hash_length); + return psa_hashes_sha512_224_finish(&operation->ctx.sha512_224, hash, + hash_size, hash_length); #endif #if (IS_USED(MODULE_PSA_HASH_SHA_512_256)) case PSA_ALG_SHA_512_256: - return psa_hashes_sha512_256_finish(&operation->ctx.sha512_256, hash, hash_size, hash_length); + return psa_hashes_sha512_256_finish(&operation->ctx.sha512_256, hash, + hash_size, hash_length); #endif #if (IS_USED(MODULE_PSA_HASH_SHA3_256)) case PSA_ALG_SHA3_256: @@ -282,7 +284,8 @@ psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attr if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type)) { asym_key = - PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); + PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, + PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); if (asym_key == PSA_INVALID_OPERATION) { return PSA_ERROR_INVALID_ARGUMENT; @@ -333,7 +336,8 @@ psa_status_t psa_algorithm_dispatch_sign_message(const psa_key_attributes_t *att if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type)) { asym_key = - PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); + PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, + PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); if (asym_key == PSA_INVALID_OPERATION) { return PSA_ERROR_INVALID_ARGUMENT; @@ -345,19 +349,22 @@ psa_status_t psa_algorithm_dispatch_sign_message(const psa_key_attributes_t *att switch (asym_key) { #if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P192R1) case PSA_ECC_P192_R1: - return psa_ecc_p192r1_sign_message(attributes, alg, key_data, *key_bytes, input, input_length, - signature, signature_size, signature_length); + return psa_ecc_p192r1_sign_message(attributes, alg, key_data, *key_bytes, input, + input_length, + signature, signature_size, signature_length); #endif #if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) case PSA_ECC_P256_R1: - return psa_ecc_p256r1_sign_message(attributes, alg, key_data, *key_bytes, input, input_length, - signature, signature_size, signature_length); + return psa_ecc_p256r1_sign_message(attributes, alg, key_data, *key_bytes, input, + input_length, + signature, signature_size, signature_length); #endif #if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) case PSA_ECC_ED25519: psa_get_public_key_data_from_key_slot(slot, &pub_key_data, &pub_key_bytes); - return psa_ecc_ed25519_sign_message(key_data, *key_bytes, pub_key_data, *pub_key_bytes, input, input_length, - signature, signature_size, signature_length); + return psa_ecc_ed25519_sign_message(key_data, *key_bytes, pub_key_data, *pub_key_bytes, + input, input_length, + signature, signature_size, signature_length); #endif default: (void)alg; @@ -387,7 +394,8 @@ psa_status_t psa_algorithm_dispatch_verify_hash( const psa_key_attributes_t *at if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { asym_key = - PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); + PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, + PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); if (asym_key == PSA_INVALID_OPERATION) { return PSA_ERROR_INVALID_ARGUMENT; @@ -432,7 +440,8 @@ psa_status_t psa_algorithm_dispatch_verify_message(const psa_key_attributes_t *a if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { asym_key = - PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); + PSA_ENCODE_ECC_KEY_TYPE(attributes->bits, + PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)); if (asym_key == PSA_INVALID_OPERATION) { return PSA_ERROR_INVALID_ARGUMENT; @@ -512,7 +521,8 @@ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t * #endif #if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) case PSA_ECC_ED25519: - return psa_generate_ecc_ed25519_key_pair(key_data, pubkey_data, key_bytes, pubkey_data_len); + return psa_generate_ecc_ed25519_key_pair(key_data, pubkey_data, + key_bytes, pubkey_data_len); #endif default: (void)status; @@ -573,7 +583,8 @@ psa_status_t psa_algorithm_dispatch_import_key(const psa_key_attributes_t *attri #endif #if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) case PSA_ECC_ED25519: - ret = psa_derive_ecc_ed25519_public_key(data, pubkey_data, data_length, pubkey_data_len); + ret = psa_derive_ecc_ed25519_public_key(data, pubkey_data, + data_length, pubkey_data_len); break; #endif default: @@ -588,7 +599,8 @@ psa_status_t psa_algorithm_dispatch_import_key(const psa_key_attributes_t *attri } return ret; } - return psa_builtin_import_key(attributes, data, data_length, key_data, key_data_size, key_bytes, bits); + return psa_builtin_import_key(attributes, data, data_length, key_data, key_data_size, + key_bytes, bits); } #endif /* MODULE_PSA_KEY_MANAGEMENT */ diff --git a/sys/psa_crypto/psa_crypto_location_dispatch.c b/sys/psa_crypto/psa_crypto_location_dispatch.c index d83160873b..b314bcfda8 100644 --- a/sys/psa_crypto/psa_crypto_location_dispatch.c +++ b/sys/psa_crypto/psa_crypto_location_dispatch.c @@ -52,7 +52,10 @@ psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attr if (status != PSA_SUCCESS) { /* In case anything goes wrong, free the key slot for reuse. */ psa_se_drv_data_t *driver = psa_get_se_driver_data(attributes->lifetime); - psa_status_t abort_status = drv->key_management->p_destroy(drv_context, driver->ctx.internal.persistent_data, *slot_number); + psa_status_t abort_status = + drv->key_management->p_destroy(drv_context, + driver->ctx.internal.persistent_data, + *slot_number); return abort_status == PSA_SUCCESS ? status : abort_status; } return PSA_SUCCESS; @@ -86,7 +89,10 @@ psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attri if (status != PSA_SUCCESS) { /* In case anything goes wrong, free the key slot for reuse. */ psa_se_drv_data_t *driver = psa_get_se_driver_data(attributes->lifetime); - psa_status_t abort_status = drv->key_management->p_destroy(drv_context, driver->ctx.internal.persistent_data, *slot_number); + psa_status_t abort_status = + drv->key_management->p_destroy(drv_context, + driver->ctx.internal.persistent_data, + *slot_number); return abort_status == PSA_SUCCESS ? status : abort_status; } return PSA_SUCCESS; @@ -125,7 +131,8 @@ psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_ return PSA_ERROR_NOT_SUPPORTED; } - status = drv->cipher->p_setup(drv_context, &operation->backend_ctx.se_ctx, *slot_number, + status = drv->cipher->p_setup(drv_context, + &operation->backend_ctx.se_ctx, *slot_number, attributes->policy.alg, PSA_CRYPTO_DRIVER_ENCRYPT); if (status != PSA_SUCCESS) { return status; @@ -380,8 +387,9 @@ psa_status_t psa_location_dispatch_sign_message(const psa_key_attributes_t *attr { /* TODO: implement MODULE_PSA_SECURE_ELEMENT support */ - return psa_algorithm_dispatch_sign_message(attributes, alg, slot, input, input_length, signature, - signature_size, signature_length); + return psa_algorithm_dispatch_sign_message(attributes, alg, slot, input, + input_length, signature, + signature_size, signature_length); } psa_status_t psa_location_dispatch_verify_hash(const psa_key_attributes_t *attributes, @@ -426,8 +434,8 @@ psa_status_t psa_location_dispatch_verify_message( const psa_key_attributes_t * { /* TODO: implement MODULE_PSA_SECURE_ELEMENT support */ - return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature, - signature_length); + return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, + signature, signature_length); } #endif /* MODULE_PSA_ASYMMETRIC */ diff --git a/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c b/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c index 25ad3242cc..c7c1582359 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c +++ b/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c @@ -313,7 +313,8 @@ static psa_status_t psa_get_persisted_key_slot_from_storage(psa_key_id_t id, size_t cbor_encoded_len; psa_key_attributes_t attr = psa_key_attributes_init(); - psa_status_t status = psa_read_encoded_key_slot_from_file(id, cbor_buf, sizeof(cbor_buf), &cbor_encoded_len); + psa_status_t status = psa_read_encoded_key_slot_from_file(id, cbor_buf, sizeof(cbor_buf), + &cbor_encoded_len); if (status != PSA_SUCCESS) { return status; } @@ -574,7 +575,6 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_ *key_data = NULL; *key_bytes = NULL; - if (!psa_key_lifetime_is_external(attr.lifetime)) { if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { #if PSA_SINGLE_KEY_COUNT