yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 04:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

SE driver: report the bit size on key import

Browse source 
Add a parameter to the key import method of a secure element driver to
make it report the key size in bits. This is necessary (otherwise the
core has no idea what the bit-size is), and making import report it is
easier than adding a separate method (for other key creation methods,
this information is an input, not an output).
This commit is contained in:
Gilles Peskine 2019-07-24 20:25:59 +02:00
parent dc5bfe9784
commit 1801740a7c
3 changed files with 21 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/psa/crypto_se_driver.h
View file

@ -833,14 +833,18 @@ typedef psa_status_t (*psa_drv_se_allocate_key_t)(
* *
* \param[in,out] drv_context The driver context structure. * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Slot where the key will be stored * \param[in] key_slot Slot where the key will be stored
* This must be a valid slot for a key of the chosen * This must be a valid slot for a key of the
* type. It must be unoccupied. * chosen type. It must be unoccupied.
* \param[in] lifetime The required lifetime of the key storage * \param[in] lifetime The required lifetime of the key storage
* \param[in] type Key type (a \c PSA_KEY_TYPE_XXX value) * \param[in] type Key type (a \c PSA_KEY_TYPE_XXX value)
* \param[in] algorithm Key algorithm (a \c PSA_ALG_XXX value) * \param[in] algorithm Key algorithm (a \c PSA_ALG_XXX value)
* \param[in] usage The allowed uses of the key * \param[in] usage The allowed uses of the key
* \param[in] p_data Buffer containing the key data * \param[in] p_data Buffer containing the key data
* \param[in] data_length Size of the `data` buffer in bytes * \param[in] data_length Size of the `data` buffer in bytes
* \param[out] bits On success, the key size in bits. The driver
* must determine this value after parsing the
* key according to the key type.
* This value is not used if the function fails.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* Success. * Success.
@ -852,7 +856,8 @@ typedef psa_status_t (*psa_drv_se_import_key_t)(psa_drv_se_context_t *drv_contex
psa_algorithm_t algorithm, psa_algorithm_t algorithm,
psa_key_usage_t usage, psa_key_usage_t usage,
const uint8_t *p_data, const uint8_t *p_data,
size_t data_length); size_t data_length,
size_t *bits);
/** /**
* \brief A function that destroys a secure element key and restore the slot to * \brief A function that destroys a secure element key and restore the slot to

10
library/psa_crypto.c
View file

@ -1711,8 +1711,8 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
psa_get_se_driver_context( driver ), psa_get_se_driver_context( driver ),
slot->data.se.slot_number, slot->data.se.slot_number,
slot->lifetime, slot->type, slot->policy.alg, slot->policy.usage, slot->lifetime, slot->type, slot->policy.alg, slot->policy.usage,
data, data_length ); data, data_length,
/* TOnogrepDO: psa_check_key_slot_attributes? */ &slot->data.se.bits );
} }
else else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
@ -1720,10 +1720,10 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
status = psa_import_key_into_slot( slot, data, data_length ); status = psa_import_key_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
status = psa_check_key_slot_attributes( slot, attributes );
if( status != PSA_SUCCESS )
goto exit;
} }
status = psa_check_key_slot_attributes( slot, attributes );
if( status != PSA_SUCCESS )
goto exit;
status = psa_finish_key_creation( slot, driver ); status = psa_finish_key_creation( slot, driver );
exit: exit:

11
tests/suites/test_suite_psa_crypto_se_driver_hal.function
View file

@ -62,7 +62,8 @@ static psa_status_t null_import( psa_drv_se_context_t *context,
psa_algorithm_t algorithm, psa_algorithm_t algorithm,
psa_key_usage_t usage, psa_key_usage_t usage,
const uint8_t *p_data, const uint8_t *p_data,
size_t data_length ) size_t data_length,
size_t *bits )
{ {
(void) context; (void) context;
(void) slot_number; (void) slot_number;
@ -71,7 +72,9 @@ static psa_status_t null_import( psa_drv_se_context_t *context,
(void) algorithm; (void) algorithm;
(void) usage; (void) usage;
(void) p_data; (void) p_data;
(void) data_length; /* We're supposed to return a key size. Return one that's correct for
* plain data keys. */
*bits = PSA_BYTES_TO_BITS( data_length );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
@ -110,7 +113,8 @@ static psa_status_t ram_import( psa_drv_se_context_t *context,
psa_algorithm_t algorithm, psa_algorithm_t algorithm,
psa_key_usage_t usage, psa_key_usage_t usage,
const uint8_t *p_data, const uint8_t *p_data,
size_t data_length ) size_t data_length,
size_t *bits )
{ {
(void) context; (void) context;
DRIVER_ASSERT( slot_number < ARRAY_LENGTH( ram_slots ) ); DRIVER_ASSERT( slot_number < ARRAY_LENGTH( ram_slots ) );
@ -119,6 +123,7 @@ static psa_status_t ram_import( psa_drv_se_context_t *context,
ram_slots[slot_number].lifetime = lifetime; ram_slots[slot_number].lifetime = lifetime;
ram_slots[slot_number].type = type; ram_slots[slot_number].type = type;
ram_slots[slot_number].bits = PSA_BYTES_TO_BITS( data_length ); ram_slots[slot_number].bits = PSA_BYTES_TO_BITS( data_length );
*bits = PSA_BYTES_TO_BITS( data_length );
(void) algorithm; (void) algorithm;
(void) usage; (void) usage;
memcpy( ram_slots[slot_number].content, p_data, data_length ); memcpy( ram_slots[slot_number].content, p_data, data_length );