mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 14:15:37 +00:00
psa: se: Create key context in SE key slots
In key slots containing the description of a key of a dynamically registered Secure Element (SE), store the key slot number in a key context as defined in the PSA driver interface for opaque drivers. That way transparent key data and slot numbers are , in a key slot, both stored in a dynamically allocated buffer. The `data` union in structures of type psa_key_slot_t to distinguish between the storage of transparent key data and slot numbers is consequently not necessary anymore and thus removed. This alignement of some part of the code dedicated to dynamically registered SE with the PSA driver interface specification is done to ease the support of both dynamically registered and statically defined secure elements. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
0dbbf1e27f
commit
ea0f8a6d1a
|
@ -749,8 +749,8 @@ exit:
|
|||
}
|
||||
|
||||
/* On success, store the allocated export-formatted key. */
|
||||
slot->data.key.data = output;
|
||||
slot->data.key.bytes = data_length;
|
||||
slot->key.data = output;
|
||||
slot->key.bytes = data_length;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
@ -983,8 +983,8 @@ exit:
|
|||
}
|
||||
|
||||
/* On success, store the allocated export-formatted key. */
|
||||
slot->data.key.data = output;
|
||||
slot->data.key.bytes = data_length;
|
||||
slot->key.data = output;
|
||||
slot->key.bytes = data_length;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
@ -1017,14 +1017,14 @@ static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
|
|||
static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
|
||||
size_t buffer_length )
|
||||
{
|
||||
if( slot->data.key.data != NULL )
|
||||
if( slot->key.data != NULL )
|
||||
return( PSA_ERROR_ALREADY_EXISTS );
|
||||
|
||||
slot->data.key.data = mbedtls_calloc( 1, buffer_length );
|
||||
if( slot->data.key.data == NULL )
|
||||
slot->key.data = mbedtls_calloc( 1, buffer_length );
|
||||
if( slot->key.data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
slot->data.key.bytes = buffer_length;
|
||||
slot->key.bytes = buffer_length;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
@ -1037,7 +1037,7 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
memcpy( slot->data.key.data, data, data_length );
|
||||
memcpy( slot->key.data, data, data_length );
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
@ -1342,23 +1342,14 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
|
|||
/** Wipe key data from a slot. Preserve metadata such as the policy. */
|
||||
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) &&
|
||||
psa_key_slot_is_external( slot ) )
|
||||
{
|
||||
/* No key material to clean. */
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
{
|
||||
/* Data pointer will always be either a valid pointer or NULL in an
|
||||
* initialized slot, so we can just free it. */
|
||||
if( slot->data.key.data != NULL )
|
||||
mbedtls_platform_zeroize( slot->data.key.data, slot->data.key.bytes);
|
||||
mbedtls_free( slot->data.key.data );
|
||||
slot->data.key.data = NULL;
|
||||
slot->data.key.bytes = 0;
|
||||
}
|
||||
/* Data pointer will always be either a valid pointer or NULL in an
|
||||
* initialized slot, so we can just free it. */
|
||||
if( slot->key.data != NULL )
|
||||
mbedtls_platform_zeroize( slot->key.data, slot->key.bytes);
|
||||
|
||||
mbedtls_free( slot->key.data );
|
||||
slot->key.data = NULL;
|
||||
slot->key.bytes = 0;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
@ -1443,7 +1434,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
|
|||
* three actions. */
|
||||
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
|
||||
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
|
||||
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
|
||||
psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number( slot );
|
||||
psa_crypto_transaction.key.id = slot->attr.id;
|
||||
status = psa_crypto_save_transaction( );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
@ -1460,7 +1451,8 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_destroy_se_key( driver, slot->data.se.slot_number );
|
||||
status = psa_destroy_se_key( driver,
|
||||
psa_key_slot_get_slot_number( slot ) );
|
||||
if( overall_status == PSA_SUCCESS )
|
||||
overall_status = status;
|
||||
}
|
||||
|
@ -1616,7 +1608,8 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
|
|||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( psa_key_slot_is_external( slot ) )
|
||||
psa_set_key_slot_number( attributes, slot->data.se.slot_number );
|
||||
psa_set_key_slot_number( attributes,
|
||||
psa_key_slot_get_slot_number( slot ) );
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
switch( slot->attr.type )
|
||||
|
@ -1637,8 +1630,8 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
|
|||
mbedtls_rsa_context *rsa = NULL;
|
||||
|
||||
status = psa_load_rsa_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
break;
|
||||
|
@ -1684,12 +1677,12 @@ static psa_status_t psa_internal_export_key_buffer( const psa_key_slot_t *slot,
|
|||
size_t data_size,
|
||||
size_t *data_length )
|
||||
{
|
||||
if( slot->data.key.bytes > data_size )
|
||||
if( slot->key.bytes > data_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
memcpy( data, slot->data.key.data, slot->data.key.bytes );
|
||||
memset( data + slot->data.key.bytes, 0,
|
||||
data_size - slot->data.key.bytes );
|
||||
*data_length = slot->data.key.bytes;
|
||||
memcpy( data, slot->key.data, slot->key.bytes );
|
||||
memset( data + slot->key.bytes, 0,
|
||||
data_size - slot->key.bytes );
|
||||
*data_length = slot->key.bytes;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
@ -1727,7 +1720,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
|||
if( method == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
return( method( drv_context,
|
||||
slot->data.se.slot_number,
|
||||
psa_key_slot_get_slot_number( slot ),
|
||||
data, data_size, data_length ) );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
@ -1768,8 +1761,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
|||
mbedtls_rsa_context *rsa = NULL;
|
||||
status = psa_load_rsa_representation(
|
||||
slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
@ -1797,8 +1790,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
|||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
status = psa_load_ecp_representation(
|
||||
slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&ecp );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
@ -2071,8 +2064,9 @@ static psa_status_t psa_start_key_creation(
|
|||
* we can roll back to a state where the key doesn't exist. */
|
||||
if( *p_drv != NULL )
|
||||
{
|
||||
psa_key_slot_number_t slot_number;
|
||||
status = psa_find_se_slot_for_key( attributes, method, *p_drv,
|
||||
&slot->data.se.slot_number );
|
||||
&slot_number );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
|
@ -2080,7 +2074,7 @@ static psa_status_t psa_start_key_creation(
|
|||
{
|
||||
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
|
||||
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
|
||||
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
|
||||
psa_crypto_transaction.key.slot = slot_number;
|
||||
psa_crypto_transaction.key.id = slot->attr.id;
|
||||
status = psa_crypto_save_transaction( );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
@ -2089,6 +2083,9 @@ static psa_status_t psa_start_key_creation(
|
|||
return( status );
|
||||
}
|
||||
}
|
||||
|
||||
status = psa_copy_key_material_into_slot(
|
||||
slot, (uint8_t *)( &slot_number ), sizeof( slot_number ) );
|
||||
}
|
||||
|
||||
if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER )
|
||||
|
@ -2140,13 +2137,15 @@ static psa_status_t psa_finish_key_creation(
|
|||
if( driver != NULL )
|
||||
{
|
||||
psa_se_key_data_storage_t data;
|
||||
psa_key_slot_number_t slot_number =
|
||||
psa_key_slot_get_slot_number( slot ) ;
|
||||
|
||||
#if defined(static_assert)
|
||||
static_assert( sizeof( slot->data.se.slot_number ) ==
|
||||
static_assert( sizeof( slot_number ) ==
|
||||
sizeof( data.slot_number ),
|
||||
"Slot number size does not match psa_se_key_data_storage_t" );
|
||||
#endif
|
||||
memcpy( &data.slot_number, &slot->data.se.slot_number,
|
||||
sizeof( slot->data.se.slot_number ) );
|
||||
memcpy( &data.slot_number, &slot_number, sizeof( slot_number ) );
|
||||
status = psa_save_persistent_key( &slot->attr,
|
||||
(uint8_t*) &data,
|
||||
sizeof( data ) );
|
||||
|
@ -2157,8 +2156,8 @@ static psa_status_t psa_finish_key_creation(
|
|||
/* Key material is saved in export representation in the slot, so
|
||||
* just pass the slot buffer for storage. */
|
||||
status = psa_save_persistent_key( &slot->attr,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes );
|
||||
slot->key.data,
|
||||
slot->key.bytes );
|
||||
}
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
@ -2264,8 +2263,8 @@ static psa_status_t psa_validate_optional_attributes(
|
|||
|
||||
psa_status_t status = psa_load_rsa_representation(
|
||||
slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
@ -2345,8 +2344,8 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
|||
}
|
||||
status = drv->key_management->p_import(
|
||||
psa_get_se_driver_context( driver ),
|
||||
slot->data.se.slot_number, attributes, data, data_length,
|
||||
&bits );
|
||||
psa_key_slot_get_slot_number( slot ),
|
||||
attributes, data, data_length, &bits );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
if( bits > PSA_MAX_KEY_BITS )
|
||||
|
@ -2423,8 +2422,8 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
|
|||
psa_key_slot_t *target )
|
||||
{
|
||||
psa_status_t status = psa_copy_key_material_into_slot( target,
|
||||
source->data.key.data,
|
||||
source->data.key.bytes );
|
||||
source->key.data,
|
||||
source->key.bytes );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
|
@ -3236,7 +3235,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation,
|
|||
return( ret );
|
||||
|
||||
ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
|
||||
slot->data.key.data,
|
||||
slot->key.data,
|
||||
key_bits );
|
||||
return( ret );
|
||||
}
|
||||
|
@ -3382,8 +3381,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
|
|||
}
|
||||
|
||||
status = psa_hmac_setup_internal( &operation->ctx.hmac,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
hash_alg );
|
||||
}
|
||||
else
|
||||
|
@ -3969,8 +3968,8 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
|||
mbedtls_rsa_context *rsa = NULL;
|
||||
|
||||
status = psa_load_rsa_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
@ -4001,8 +4000,8 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
|||
{
|
||||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
status = psa_load_ecp_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&ecp );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
@ -4079,8 +4078,8 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
|||
mbedtls_rsa_context *rsa = NULL;
|
||||
|
||||
status = psa_load_rsa_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
@ -4104,8 +4103,8 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
|||
{
|
||||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
status = psa_load_ecp_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&ecp );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
@ -4188,8 +4187,8 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
|
|||
{
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
status = psa_load_rsa_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto rsa_exit;
|
||||
|
@ -4294,8 +4293,8 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
|
|||
{
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
status = psa_load_rsa_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
@ -4455,8 +4454,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
|||
{
|
||||
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
|
||||
uint8_t keys[24];
|
||||
memcpy( keys, slot->data.key.data, 16 );
|
||||
memcpy( keys + 16, slot->data.key.data, 8 );
|
||||
memcpy( keys, slot->key.data, 16 );
|
||||
memcpy( keys + 16, slot->key.data, 8 );
|
||||
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
|
||||
keys,
|
||||
192, cipher_operation );
|
||||
|
@ -4465,7 +4464,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
|||
#endif
|
||||
{
|
||||
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
|
||||
slot->data.key.data,
|
||||
slot->key.data,
|
||||
(int) key_bits, cipher_operation );
|
||||
}
|
||||
if( ret != 0 )
|
||||
|
@ -4964,7 +4963,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
|||
mbedtls_ccm_init( &operation->ctx.ccm );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
|
||||
operation->slot->data.key.data,
|
||||
operation->slot->key.data,
|
||||
(unsigned int) key_bits ) );
|
||||
if( status != 0 )
|
||||
goto cleanup;
|
||||
|
@ -4986,7 +4985,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
|||
mbedtls_gcm_init( &operation->ctx.gcm );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
|
||||
operation->slot->data.key.data,
|
||||
operation->slot->key.data,
|
||||
(unsigned int) key_bits ) );
|
||||
if( status != 0 )
|
||||
goto cleanup;
|
||||
|
@ -5006,7 +5005,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
|||
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
|
||||
operation->slot->data.key.data ) );
|
||||
operation->slot->key.data ) );
|
||||
if( status != 0 )
|
||||
goto cleanup;
|
||||
break;
|
||||
|
@ -6129,8 +6128,8 @@ psa_status_t psa_key_derivation_input_key(
|
|||
|
||||
status = psa_key_derivation_input_internal( operation,
|
||||
step, slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes );
|
||||
slot->key.data,
|
||||
slot->key.bytes );
|
||||
|
||||
unlock_status = psa_unlock_key_slot( slot );
|
||||
|
||||
|
@ -6215,8 +6214,8 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
|
|||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
psa_status_t status = psa_load_ecp_representation(
|
||||
private_key->attr.type,
|
||||
private_key->data.key.data,
|
||||
private_key->data.key.bytes,
|
||||
private_key->key.data,
|
||||
private_key->key.bytes,
|
||||
&ecp );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
@ -6558,16 +6557,16 @@ static psa_status_t psa_generate_key_internal(
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
status = psa_generate_random( slot->data.key.data,
|
||||
slot->data.key.bytes );
|
||||
status = psa_generate_random( slot->key.data,
|
||||
slot->key.bytes );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
slot->attr.bits = (psa_key_bits_t) bits;
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( type == PSA_KEY_TYPE_DES )
|
||||
psa_des_set_key_parity( slot->data.key.data,
|
||||
slot->data.key.bytes );
|
||||
psa_des_set_key_parity( slot->key.data,
|
||||
slot->key.bytes );
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
}
|
||||
else
|
||||
|
@ -6611,9 +6610,9 @@ static psa_status_t psa_generate_key_internal(
|
|||
|
||||
status = psa_export_rsa_key( type,
|
||||
&rsa,
|
||||
slot->data.key.data,
|
||||
slot->key.data,
|
||||
bytes,
|
||||
&slot->data.key.bytes );
|
||||
&slot->key.bytes );
|
||||
mbedtls_rsa_free( &rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_remove_key_data_from_memory( slot );
|
||||
|
@ -6657,11 +6656,11 @@ static psa_status_t psa_generate_key_internal(
|
|||
}
|
||||
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ecp_write_key( &ecp, slot->data.key.data, bytes ) );
|
||||
mbedtls_ecp_write_key( &ecp, slot->key.data, bytes ) );
|
||||
|
||||
mbedtls_ecp_keypair_free( &ecp );
|
||||
if( status != PSA_SUCCESS ) {
|
||||
memset( slot->data.key.data, 0, bytes );
|
||||
memset( slot->key.data, 0, bytes );
|
||||
psa_remove_key_data_from_memory( slot );
|
||||
}
|
||||
return( status );
|
||||
|
|
|
@ -62,23 +62,13 @@ typedef struct
|
|||
*/
|
||||
size_t lock_count;
|
||||
|
||||
union
|
||||
/* Dynamically allocated key data buffer.
|
||||
* Format as specified in psa_export_key(). */
|
||||
struct key_data
|
||||
{
|
||||
/* Dynamically allocated key data buffer.
|
||||
* Format as specified in psa_export_key(). */
|
||||
struct key_data
|
||||
{
|
||||
uint8_t *data;
|
||||
size_t bytes;
|
||||
} key;
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/* Any key type in a secure element */
|
||||
struct se
|
||||
{
|
||||
psa_key_slot_number_t slot_number;
|
||||
} se;
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
} data;
|
||||
uint8_t *data;
|
||||
size_t bytes;
|
||||
} key;
|
||||
} psa_key_slot_t;
|
||||
|
||||
/* A mask of key attribute flags used only internally.
|
||||
|
@ -163,6 +153,20 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
|
|||
slot->attr.flags &= ~mask;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/** Get the SE slot number of a key from the key slot storing its description.
|
||||
*
|
||||
* \param[in] slot The key slot to query. This must be a key slot storing
|
||||
* the description of a key of a dynamically registered
|
||||
* secure element, otherwise the behaviour is undefined.
|
||||
*/
|
||||
static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
|
||||
const psa_key_slot_t *slot )
|
||||
{
|
||||
return( *( (psa_key_slot_number_t *)( slot->key.data ) ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
/** Completely wipe a slot in memory, including its policy.
|
||||
*
|
||||
* Persistent storage is not affected.
|
||||
|
|
|
@ -80,7 +80,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
|||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
return( drv->asymmetric->p_sign( drv_context,
|
||||
slot->data.se.slot_number,
|
||||
psa_key_slot_get_slot_number( slot ),
|
||||
alg,
|
||||
hash, hash_length,
|
||||
signature, signature_size,
|
||||
|
@ -103,8 +103,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
|||
* cycle through all known transparent accelerators */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
status = test_transparent_signature_sign_hash( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
hash,
|
||||
hash_length,
|
||||
|
@ -121,8 +121,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
|||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||
return( test_opaque_signature_sign_hash( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
hash,
|
||||
hash_length,
|
||||
|
@ -172,7 +172,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
|||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
return( drv->asymmetric->p_verify( drv_context,
|
||||
slot->data.se.slot_number,
|
||||
psa_key_slot_get_slot_number( slot ),
|
||||
alg,
|
||||
hash, hash_length,
|
||||
signature, signature_length ) );
|
||||
|
@ -194,8 +194,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
|||
* cycle through all known transparent accelerators */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
status = test_transparent_signature_verify_hash( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
hash,
|
||||
hash_length,
|
||||
|
@ -211,8 +211,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
|||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||
return( test_opaque_signature_verify_hash( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
hash,
|
||||
hash_length,
|
||||
|
@ -330,9 +330,8 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
|
|||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
return( drv->key_management->p_generate(
|
||||
drv_context,
|
||||
slot->data.se.slot_number, attributes,
|
||||
NULL, 0, &pubkey_length ) );
|
||||
drv_context, psa_key_slot_get_slot_number( slot ),
|
||||
attributes, NULL, 0, &pubkey_length ) );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
|
@ -346,10 +345,10 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
slot->data.key.data = mbedtls_calloc(1, export_size);
|
||||
if( slot->data.key.data == NULL )
|
||||
slot->key.data = mbedtls_calloc(1, export_size);
|
||||
if( slot->key.data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
slot->data.key.bytes = export_size;
|
||||
slot->key.bytes = export_size;
|
||||
|
||||
switch( location )
|
||||
{
|
||||
|
@ -365,9 +364,9 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
|
|||
}
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
status = test_transparent_generate_key( attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
&slot->data.key.bytes );
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&slot->key.bytes );
|
||||
/* Declared with fallback == true */
|
||||
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||
break;
|
||||
|
@ -379,9 +378,9 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
|
|||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||
status = test_opaque_generate_key( attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
&slot->data.key.bytes );
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
&slot->key.bytes );
|
||||
break;
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
default:
|
||||
|
@ -393,9 +392,9 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
|
|||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
/* free allocated buffer */
|
||||
mbedtls_free( slot->data.key.data );
|
||||
slot->data.key.data = NULL;
|
||||
slot->data.key.bytes = 0;
|
||||
mbedtls_free( slot->key.data );
|
||||
slot->key.data = NULL;
|
||||
slot->key.bytes = 0;
|
||||
}
|
||||
|
||||
return( status );
|
||||
|
@ -457,8 +456,8 @@ psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
|
|||
* cycle through all known transparent accelerators */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
status = test_transparent_export_public_key( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
data,
|
||||
data_size,
|
||||
data_length );
|
||||
|
@ -472,8 +471,8 @@ psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
|
|||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||
return( test_opaque_export_public_key( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
data,
|
||||
data_size,
|
||||
data_length ) );
|
||||
|
@ -517,8 +516,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
|||
* cycle through all known transparent accelerators */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
status = test_transparent_cipher_encrypt( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
input,
|
||||
input_length,
|
||||
|
@ -535,8 +534,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
|||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||
return( test_opaque_cipher_encrypt( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
input,
|
||||
input_length,
|
||||
|
@ -584,8 +583,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
|
|||
* cycle through all known transparent accelerators */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
status = test_transparent_cipher_decrypt( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
input,
|
||||
input_length,
|
||||
|
@ -602,8 +601,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
|
|||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||
return( test_opaque_cipher_decrypt( &attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg,
|
||||
input,
|
||||
input_length,
|
||||
|
@ -652,8 +651,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
|
||||
status = test_transparent_cipher_encrypt_setup( operation->ctx,
|
||||
&attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg );
|
||||
/* Declared with fallback == true */
|
||||
if( status == PSA_SUCCESS )
|
||||
|
@ -680,8 +679,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
|
||||
status = test_opaque_cipher_encrypt_setup( operation->ctx,
|
||||
&attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg );
|
||||
if( status == PSA_SUCCESS )
|
||||
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
||||
|
@ -733,8 +732,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
|
||||
status = test_transparent_cipher_decrypt_setup( operation->ctx,
|
||||
&attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg );
|
||||
/* Declared with fallback == true */
|
||||
if( status == PSA_SUCCESS )
|
||||
|
@ -761,8 +760,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
|
||||
status = test_opaque_cipher_decrypt_setup( operation->ctx,
|
||||
&attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg );
|
||||
if( status == PSA_SUCCESS )
|
||||
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
||||
|
|
|
@ -255,16 +255,15 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
|
|||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
||||
{
|
||||
psa_se_key_data_storage_t *data;
|
||||
|
||||
if( key_data_length != sizeof( *data ) )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
data = (psa_se_key_data_storage_t *) key_data;
|
||||
memcpy( &slot->data.se.slot_number, &data->slot_number,
|
||||
sizeof( slot->data.se.slot_number ) );
|
||||
|
||||
status = PSA_SUCCESS;
|
||||
status = psa_copy_key_material_into_slot(
|
||||
slot, data->slot_number, sizeof( data->slot_number ) );
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
|
Loading…
Reference in a new issue