mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 01:41:05 +00:00
psa: Move key identifier return to psa_finish_key_creation()
Move the return of the identifier of a created key from psa_start_key_creation() to psa_finish_key_creation(). That way in case of creation error, it is less likely to return the identifier that was temporarily assigned to the key while trying to create it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
5097294be9
commit
81709fc78e
|
@ -1911,9 +1911,6 @@ static psa_status_t psa_validate_key_attributes(
|
||||||
*
|
*
|
||||||
* \param method An identification of the calling function.
|
* \param method An identification of the calling function.
|
||||||
* \param[in] attributes Key attributes for the new key.
|
* \param[in] attributes Key attributes for the new key.
|
||||||
* \param[out] key On success, identifier of the key. Note that the
|
|
||||||
* key identifier is also stored in the prepared
|
|
||||||
* slot.
|
|
||||||
* \param[out] p_slot On success, a pointer to the prepared slot.
|
* \param[out] p_slot On success, a pointer to the prepared slot.
|
||||||
* \param[out] p_drv On any return, the driver for the key, if any.
|
* \param[out] p_drv On any return, the driver for the key, if any.
|
||||||
* NULL for a transparent key.
|
* NULL for a transparent key.
|
||||||
|
@ -1926,7 +1923,6 @@ static psa_status_t psa_validate_key_attributes(
|
||||||
static psa_status_t psa_start_key_creation(
|
static psa_status_t psa_start_key_creation(
|
||||||
psa_key_creation_method_t method,
|
psa_key_creation_method_t method,
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
mbedtls_svc_key_id_t *key,
|
|
||||||
psa_key_slot_t **p_slot,
|
psa_key_slot_t **p_slot,
|
||||||
psa_se_drv_table_entry_t **p_drv )
|
psa_se_drv_table_entry_t **p_drv )
|
||||||
{
|
{
|
||||||
|
@ -2018,7 +2014,6 @@ static psa_status_t psa_start_key_creation(
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
|
|
||||||
*key = slot->attr.id;
|
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2037,6 +2032,8 @@ static psa_status_t psa_start_key_creation(
|
||||||
* \param[in,out] slot Pointer to the slot with key material.
|
* \param[in,out] slot Pointer to the slot with key material.
|
||||||
* \param[in] driver The secure element driver for the key,
|
* \param[in] driver The secure element driver for the key,
|
||||||
* or NULL for a transparent key.
|
* or NULL for a transparent key.
|
||||||
|
* \param[out] key On success, identifier of the key. Note that the
|
||||||
|
* key identifier is also stored in the key slot.
|
||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* The key was successfully created.
|
* The key was successfully created.
|
||||||
|
@ -2045,7 +2042,8 @@ static psa_status_t psa_start_key_creation(
|
||||||
*/
|
*/
|
||||||
static psa_status_t psa_finish_key_creation(
|
static psa_status_t psa_finish_key_creation(
|
||||||
psa_key_slot_t *slot,
|
psa_key_slot_t *slot,
|
||||||
psa_se_drv_table_entry_t *driver )
|
psa_se_drv_table_entry_t *driver,
|
||||||
|
mbedtls_svc_key_id_t *key)
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_SUCCESS;
|
psa_status_t status = PSA_SUCCESS;
|
||||||
(void) slot;
|
(void) slot;
|
||||||
|
@ -2101,7 +2099,12 @@ static psa_status_t psa_finish_key_creation(
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
|
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
*key = slot->attr.id;
|
||||||
status = psa_decrement_key_slot_access_count( slot );
|
status = psa_decrement_key_slot_access_count( slot );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
}
|
||||||
|
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
@ -2228,6 +2231,8 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
||||||
psa_key_slot_t *slot = NULL;
|
psa_key_slot_t *slot = NULL;
|
||||||
psa_se_drv_table_entry_t *driver = NULL;
|
psa_se_drv_table_entry_t *driver = NULL;
|
||||||
|
|
||||||
|
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
/* Reject zero-length symmetric keys (including raw data key objects).
|
/* Reject zero-length symmetric keys (including raw data key objects).
|
||||||
* This also rejects any key which might be encoded as an empty string,
|
* This also rejects any key which might be encoded as an empty string,
|
||||||
* which is never valid. */
|
* which is never valid. */
|
||||||
|
@ -2235,7 +2240,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
|
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
|
||||||
key, &slot, &driver );
|
&slot, &driver );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
|
@ -2276,13 +2281,10 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
status = psa_finish_key_creation( slot, driver );
|
status = psa_finish_key_creation( slot, driver, key );
|
||||||
exit:
|
exit:
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
|
||||||
psa_fail_key_creation( slot, driver );
|
psa_fail_key_creation( slot, driver );
|
||||||
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
@ -2306,11 +2308,11 @@ psa_status_t mbedtls_psa_register_se_key(
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
|
||||||
status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
|
status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
|
||||||
&key, &slot, &driver );
|
&slot, &driver );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
status = psa_finish_key_creation( slot, driver );
|
status = psa_finish_key_creation( slot, driver, &key );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
@ -2348,6 +2350,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
|
||||||
psa_key_attributes_t actual_attributes = *specified_attributes;
|
psa_key_attributes_t actual_attributes = *specified_attributes;
|
||||||
psa_se_drv_table_entry_t *driver = NULL;
|
psa_se_drv_table_entry_t *driver = NULL;
|
||||||
|
|
||||||
|
*target_key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
status = psa_get_transparent_key( source_key, &source_slot,
|
status = psa_get_transparent_key( source_key, &source_slot,
|
||||||
PSA_KEY_USAGE_COPY, 0 );
|
PSA_KEY_USAGE_COPY, 0 );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
@ -2363,9 +2367,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
status = psa_start_key_creation( PSA_KEY_CREATION_COPY,
|
status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes,
|
||||||
&actual_attributes,
|
&target_slot, &driver );
|
||||||
target_key, &target_slot, &driver );
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
|
@ -2382,13 +2385,10 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
status = psa_finish_key_creation( target_slot, driver );
|
status = psa_finish_key_creation( target_slot, driver, target_key );
|
||||||
exit:
|
exit:
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
|
||||||
psa_fail_key_creation( target_slot, driver );
|
psa_fail_key_creation( target_slot, driver );
|
||||||
*target_key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
||||||
}
|
|
||||||
|
|
||||||
decrement_status = psa_decrement_key_slot_access_count( source_slot );
|
decrement_status = psa_decrement_key_slot_access_count( source_slot );
|
||||||
|
|
||||||
|
@ -5516,6 +5516,8 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
||||||
psa_key_slot_t *slot = NULL;
|
psa_key_slot_t *slot = NULL;
|
||||||
psa_se_drv_table_entry_t *driver = NULL;
|
psa_se_drv_table_entry_t *driver = NULL;
|
||||||
|
|
||||||
|
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
/* Reject any attempt to create a zero-length key so that we don't
|
/* Reject any attempt to create a zero-length key so that we don't
|
||||||
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
|
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
|
||||||
if( psa_get_key_bits( attributes ) == 0 )
|
if( psa_get_key_bits( attributes ) == 0 )
|
||||||
|
@ -5524,8 +5526,8 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
||||||
if( ! operation->can_output_key )
|
if( ! operation->can_output_key )
|
||||||
return( PSA_ERROR_NOT_PERMITTED );
|
return( PSA_ERROR_NOT_PERMITTED );
|
||||||
|
|
||||||
status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
|
status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes,
|
||||||
attributes, key, &slot, &driver );
|
&slot, &driver );
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
if( driver != NULL )
|
if( driver != NULL )
|
||||||
{
|
{
|
||||||
|
@ -5540,12 +5542,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
||||||
operation );
|
operation );
|
||||||
}
|
}
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
status = psa_finish_key_creation( slot, driver );
|
status = psa_finish_key_creation( slot, driver, key );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
|
||||||
psa_fail_key_creation( slot, driver );
|
psa_fail_key_creation( slot, driver );
|
||||||
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
@ -6374,13 +6373,15 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
|
||||||
psa_key_slot_t *slot = NULL;
|
psa_key_slot_t *slot = NULL;
|
||||||
psa_se_drv_table_entry_t *driver = NULL;
|
psa_se_drv_table_entry_t *driver = NULL;
|
||||||
|
|
||||||
|
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
/* Reject any attempt to create a zero-length key so that we don't
|
/* Reject any attempt to create a zero-length key so that we don't
|
||||||
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
|
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
|
||||||
if( psa_get_key_bits( attributes ) == 0 )
|
if( psa_get_key_bits( attributes ) == 0 )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
|
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
|
||||||
attributes, key, &slot, &driver );
|
&slot, &driver );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
|
@ -6396,12 +6397,9 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
status = psa_finish_key_creation( slot, driver );
|
status = psa_finish_key_creation( slot, driver, key );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
|
||||||
psa_fail_key_creation( slot, driver );
|
psa_fail_key_creation( slot, driver );
|
||||||
*key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue