diff --git a/library/psa_crypto.c b/library/psa_crypto.c index aea4924d3..a511c2774 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1500,11 +1500,13 @@ static psa_status_t psa_validate_key_attributes( { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - status = psa_validate_key_location( attributes, p_drv ); + status = psa_validate_key_location( psa_get_key_lifetime( attributes ), + p_drv ); if( status != PSA_SUCCESS ) return( status ); - status = psa_validate_key_persistence( attributes ); + status = psa_validate_key_persistence( psa_get_key_lifetime( attributes ), + psa_get_key_id( attributes ) ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 0cab75779..ab66b1213 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -183,10 +183,9 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id, } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ -psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, +psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ) { - psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); if ( psa_key_lifetime_is_external( lifetime ) ) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -209,10 +208,9 @@ psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, return( PSA_SUCCESS ); } -psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes ) +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, + psa_key_id_t key_id ) { - psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); - if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { /* Volatile keys are always supported */ @@ -222,7 +220,7 @@ psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attribute { /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( psa_is_key_id_valid( psa_get_key_id( attributes ), + if( psa_is_key_id_valid( key_id, psa_key_lifetime_is_external( lifetime ) ) ) return( PSA_SUCCESS ); else diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 46a73257b..e65de2e6a 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -92,13 +92,13 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) != PSA_KEY_LOCATION_LOCAL_STORAGE ); } -/** Validate that a key's attributes point to a known location. +/** Validate a key's location. * * This function checks whether the key's attributes point to a location that * is known to the PSA Core, and returns the driver function table if the key * is to be found in an external location. * - * \param[in] attributes The key attributes. + * \param[in] lifetime The key lifetime attribute. * \param[out] p_drv On success, when a key is located in external * storage, returns a pointer to the driver table * associated with the key's storage location. @@ -106,20 +106,22 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT */ -psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, +psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ); -/** Validate that a key's persistence is valid. +/** Validate that a key's persistence attributes are valid. * - * This function checks whether a key's declared persistence and key ID are - * valid and supported by the PSA Core in its actual configuration. + * This function checks whether a key's declared persistence level and key ID + * attributes are valid and known to the PSA Core in its actual configuration. * - * \param[in] attributes The key attributes. + * \param[in] lifetime The key lifetime attribute. + * \param[in] key_id The key ID attribute * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT */ -psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes ); +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, + psa_key_id_t key_id ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */