yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-03 16:31:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

SE key registration: call p_validate_slot_number

Browse source 
When registering a key in a secure element, if the driver has a
p_validate_slot_number method, call it.
This commit is contained in:
Gilles Peskine 2019-08-05 16:46:18 +02:00
parent d772958ffc
commit a5f8749812
2 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
include/psa/crypto_se_driver.h
View file

@ -818,7 +818,27 @@ typedef enum
PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */ PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */ PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */
PSA_KEY_CREATION_COPY, /**< During psa_copy_key() */ PSA_KEY_CREATION_COPY, /**< During psa_copy_key() */
PSA_KEY_CREATION_REGISTER, /*TEMPORARY*/
#ifndef __DOXYGEN_ONLY__
/** A key is being registered with mbedtls_psa_register_se_key().
*
* The core only passes this value to
* psa_drv_se_key_management_t::p_validate_slot_number, not to
* psa_drv_se_key_management_t::p_allocate. The call to
* `p_validate_slot_number` is not followed by any other call to the
* driver: the key is considered successfully registered if the call to
* `p_validate_slot_number` succeeds, or if `p_validate_slot_number` is
* null.
*
* With this creation method, the driver must return #PSA_SUCCESS if
* the given attributes are compatible with the existing key in the slot,
* and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
* is no key with the specified slot number.
*
* This is an Mbed Crypto extension.
*/
PSA_KEY_CREATION_REGISTER,
#endif
} psa_key_creation_method_t; } psa_key_creation_method_t;
/** \brief A function that allocates a slot for a key. /** \brief A function that allocates a slot for a key.

15
library/psa_crypto.c
View file

@ -1902,6 +1902,21 @@ psa_status_t mbedtls_psa_register_se_key(
goto exit; goto exit;
} }
/* If the driver has a slot number validation method, call it.
* If it doesn't, it means the secure element is unable to validate
* anything and so we have to trust the application. */
if( drv->key_management != NULL &&
drv->key_management->p_validate_slot_number != NULL )
{
status = drv->key_management->p_validate_slot_number(
psa_get_se_driver_context( driver ),
attributes,
PSA_KEY_CREATION_REGISTER,
slot->data.se.slot_number );
if( status != PSA_SUCCESS )
goto exit;
}
status = psa_finish_key_creation( slot, driver ); status = psa_finish_key_creation( slot, driver );
exit: exit: