psa: import: Move key buffer allocation

Move key buffer allocation from psa_import_key_into_slot()
function up to the two functions calling it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-11-28 15:14:42 +01:00
parent d6ec3035a4
commit dd04d423b5

View file

@ -595,8 +595,14 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
* Its `type` field must have previously been set to * Its `type` field must have previously been set to
* the desired key type. * the desired key type.
* It must not contain any key material yet. * It must not contain any key material yet.
* \param[in] data Buffer containing the key material to parse and import. * \param[in] data Buffer containing the key material to parse and
* import.
* \param data_length Size of \p data in bytes. * \param data_length Size of \p data in bytes.
* \param[out] key_buffer The buffer containing the export representation.
* \param[in] key_buffer_size The size of \p key_buffer in bytes. The size
* is greater or equal to \p data_length.
* \param[out] key_buffer_length The length of the data written in \p
* key_buffer in bytes.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INVALID_ARGUMENT
@ -605,7 +611,10 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
*/ */
static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
const uint8_t *data, const uint8_t *data,
size_t data_length ) size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length )
{ {
psa_status_t status = PSA_SUCCESS; psa_status_t status = PSA_SUCCESS;
size_t bit_size; size_t bit_size;
@ -631,10 +640,10 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
/* Allocate memory for the key */ /* Copy the key material. */
status = psa_copy_key_material_into_slot( slot, data, data_length ); memcpy( key_buffer, data, data_length );
if( status != PSA_SUCCESS ) *key_buffer_length = data_length;
return( status ); (void)key_buffer_size;
/* Write the actual key size to the slot. /* Write the actual key size to the slot.
* psa_start_key_creation() wrote the size declared by the * psa_start_key_creation() wrote the size declared by the
@ -650,16 +659,12 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
.core = slot->attr .core = slot->attr
}; };
status = psa_allocate_buffer_to_slot( slot, data_length );
if( status != PSA_SUCCESS )
return( status );
bit_size = slot->attr.bits; bit_size = slot->attr.bits;
status = psa_driver_wrapper_import_key( &attributes, status = psa_driver_wrapper_import_key( &attributes,
data, data_length, data, data_length,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
&slot->key.bytes, key_buffer_length,
&bit_size ); &bit_size );
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
{ {
@ -676,10 +681,7 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
return( status ); return( status );
} }
mbedtls_platform_zeroize( slot->key.data, data_length ); mbedtls_platform_zeroize( key_buffer, key_buffer_size );
mbedtls_free( slot->key.data );
slot->key.data = NULL;
slot->key.bytes = 0;
/* Key format is not supported by any accelerator, try software fallback /* Key format is not supported by any accelerator, try software fallback
* if present. */ * if present. */
@ -687,14 +689,10 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{ {
status = psa_allocate_buffer_to_slot( slot, data_length );
if( status != PSA_SUCCESS )
return( status );
status = mbedtls_psa_ecp_import_key( &attributes, status = mbedtls_psa_ecp_import_key( &attributes,
data, data_length, data, data_length,
slot->key.data, data_length, key_buffer, key_buffer_size,
&slot->key.bytes, key_buffer_length,
&bit_size ); &bit_size );
slot->attr.bits = (psa_key_bits_t) bit_size; slot->attr.bits = (psa_key_bits_t) bit_size;
return( status ); return( status );
@ -705,14 +703,10 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{ {
status = psa_allocate_buffer_to_slot( slot, data_length );
if( status != PSA_SUCCESS )
return( status );
status = mbedtls_psa_rsa_import_key( &attributes, status = mbedtls_psa_rsa_import_key( &attributes,
data, data_length, data, data_length,
slot->key.data, data_length, key_buffer, key_buffer_size,
&slot->key.bytes, key_buffer_length,
&bit_size ); &bit_size );
slot->attr.bits = (psa_key_bits_t) bit_size; slot->attr.bits = (psa_key_bits_t) bit_size;
return( status ); return( status );
@ -1931,7 +1925,14 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
} }
else else
{ {
status = psa_import_key_into_slot( slot, data, data_length ); status = psa_allocate_buffer_to_slot( slot, data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( slot, data, data_length,
slot->key.data,
slot->key.bytes,
&slot->key.bytes );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
} }
@ -5234,7 +5235,14 @@ static psa_status_t psa_generate_derived_key_internal(
if( slot->attr.type == PSA_KEY_TYPE_DES ) if( slot->attr.type == PSA_KEY_TYPE_DES )
psa_des_set_key_parity( data, bytes ); psa_des_set_key_parity( data, bytes );
#endif /* MBEDTLS_DES_C */ #endif /* MBEDTLS_DES_C */
status = psa_import_key_into_slot( slot, data, bytes );
status = psa_allocate_buffer_to_slot( slot, bytes );
if( status != PSA_SUCCESS )
return( status );
status = psa_import_key_into_slot( slot, data, bytes,
slot->key.data, slot->key.bytes,
&slot->key.bytes );
exit: exit:
mbedtls_free( data ); mbedtls_free( data );