mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 15:05:41 +00:00
Allow loading wrapped keys even when SE support is compiled in
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
parent
a51e1dbe76
commit
98435ddf84
|
@ -2325,6 +2325,8 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
|||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
if( psa_key_lifetime_is_external( psa_get_key_lifetime( attributes ) ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( driver != NULL )
|
||||
{
|
||||
|
@ -2353,6 +2355,15 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
|||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
{
|
||||
/* Importing a key with external lifetime through the driver wrapper
|
||||
* interface is not yet supported. Return as if this was an invalid
|
||||
* lifetime. */
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
status = psa_import_key_into_slot( slot, data, data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
|
|
@ -247,8 +247,12 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
|
|||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
||||
{
|
||||
psa_se_key_data_storage_t *data;
|
||||
if( key_data_length != sizeof( *data ) )
|
||||
|
@ -263,11 +267,24 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
|
|||
else
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
{
|
||||
status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
/* A key that is successfully loaded from storage with an
|
||||
* external lifetime, but doesn't belong to an SE driver,
|
||||
* must be a PSA driver-associated key which we can just
|
||||
* load like an internal key. */
|
||||
if ( key_data == NULL )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
|
||||
}
|
||||
|
||||
exit:
|
||||
psa_free_persistent_key_data( key_data, key_data_length );
|
||||
return( status );
|
||||
|
@ -345,7 +362,14 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
|
|||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
|
||||
if( driver == NULL )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
|
||||
/* Key location for external keys gets checked by the wrapper */
|
||||
return( PSA_SUCCESS );
|
||||
#else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
if (p_drv != NULL)
|
||||
|
@ -354,7 +378,12 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
|
|||
}
|
||||
#else
|
||||
(void) p_drv;
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
|
||||
/* Key location for external keys gets checked by the wrapper */
|
||||
return( PSA_SUCCESS );
|
||||
#else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
#endif
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
}
|
||||
else
|
||||
|
|
|
@ -107,10 +107,15 @@ Open failure: non-existent identifier
|
|||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
open_fail:1:PSA_ERROR_DOES_NOT_EXIST
|
||||
|
||||
Create failure: invalid lifetime
|
||||
create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
Create failure: invalid lifetime for a persistent key
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
create_fail:0x7fffffff:1:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Create failure: invalid key id (0)
|
||||
Create failure: invalid lifetime for a volatile key
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
create_fail:0x7fffff00:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Create failure: invalid key id (0) for a persistent key
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_HANDLE
|
||||
|
||||
|
|
Loading…
Reference in a new issue