diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 39144a378..fccb80077 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -749,8 +749,8 @@ exit: } /* On success, store the allocated export-formatted key. */ - slot->data.key.data = output; - slot->data.key.bytes = data_length; + slot->key.data = output; + slot->key.bytes = data_length; return( PSA_SUCCESS ); } @@ -983,8 +983,8 @@ exit: } /* On success, store the allocated export-formatted key. */ - slot->data.key.data = output; - slot->data.key.bytes = data_length; + slot->key.data = output; + slot->key.bytes = data_length; return( PSA_SUCCESS ); } @@ -1017,14 +1017,14 @@ static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot ) static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot, size_t buffer_length ) { - if( slot->data.key.data != NULL ) + if( slot->key.data != NULL ) return( PSA_ERROR_ALREADY_EXISTS ); - slot->data.key.data = mbedtls_calloc( 1, buffer_length ); - if( slot->data.key.data == NULL ) + slot->key.data = mbedtls_calloc( 1, buffer_length ); + if( slot->key.data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - slot->data.key.bytes = buffer_length; + slot->key.bytes = buffer_length; return( PSA_SUCCESS ); } @@ -1037,7 +1037,7 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, if( status != PSA_SUCCESS ) return( status ); - memcpy( slot->data.key.data, data, data_length ); + memcpy( slot->key.data, data, data_length ); return( PSA_SUCCESS ); } @@ -1342,23 +1342,14 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( /** Wipe key data from a slot. Preserve metadata such as the policy. */ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) { -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) && - psa_key_slot_is_external( slot ) ) - { - /* No key material to clean. */ - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - { - /* Data pointer will always be either a valid pointer or NULL in an - * initialized slot, so we can just free it. */ - if( slot->data.key.data != NULL ) - mbedtls_platform_zeroize( slot->data.key.data, slot->data.key.bytes); - mbedtls_free( slot->data.key.data ); - slot->data.key.data = NULL; - slot->data.key.bytes = 0; - } + /* Data pointer will always be either a valid pointer or NULL in an + * initialized slot, so we can just free it. */ + if( slot->key.data != NULL ) + mbedtls_platform_zeroize( slot->key.data, slot->key.bytes); + + mbedtls_free( slot->key.data ); + slot->key.data = NULL; + slot->key.bytes = 0; return( PSA_SUCCESS ); } @@ -1443,7 +1434,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) * three actions. */ psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY ); psa_crypto_transaction.key.lifetime = slot->attr.lifetime; - psa_crypto_transaction.key.slot = slot->data.se.slot_number; + psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number( slot ); psa_crypto_transaction.key.id = slot->attr.id; status = psa_crypto_save_transaction( ); if( status != PSA_SUCCESS ) @@ -1460,7 +1451,8 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) goto exit; } - status = psa_destroy_se_key( driver, slot->data.se.slot_number ); + status = psa_destroy_se_key( driver, + psa_key_slot_get_slot_number( slot ) ); if( overall_status == PSA_SUCCESS ) overall_status = status; } @@ -1616,7 +1608,8 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( psa_key_slot_is_external( slot ) ) - psa_set_key_slot_number( attributes, slot->data.se.slot_number ); + psa_set_key_slot_number( attributes, + psa_key_slot_get_slot_number( slot ) ); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ switch( slot->attr.type ) @@ -1637,8 +1630,8 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, mbedtls_rsa_context *rsa = NULL; status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) break; @@ -1684,12 +1677,12 @@ static psa_status_t psa_internal_export_key_buffer( const psa_key_slot_t *slot, size_t data_size, size_t *data_length ) { - if( slot->data.key.bytes > data_size ) + if( slot->key.bytes > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, slot->data.key.data, slot->data.key.bytes ); - memset( data + slot->data.key.bytes, 0, - data_size - slot->data.key.bytes ); - *data_length = slot->data.key.bytes; + memcpy( data, slot->key.data, slot->key.bytes ); + memset( data + slot->key.bytes, 0, + data_size - slot->key.bytes ); + *data_length = slot->key.bytes; return( PSA_SUCCESS ); } @@ -1727,7 +1720,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, if( method == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); return( method( drv_context, - slot->data.se.slot_number, + psa_key_slot_get_slot_number( slot ), data, data_size, data_length ) ); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -1768,8 +1761,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, mbedtls_rsa_context *rsa = NULL; status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) return( status ); @@ -1797,8 +1790,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, mbedtls_ecp_keypair *ecp = NULL; status = psa_load_ecp_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &ecp ); if( status != PSA_SUCCESS ) return( status ); @@ -2071,8 +2064,9 @@ static psa_status_t psa_start_key_creation( * we can roll back to a state where the key doesn't exist. */ if( *p_drv != NULL ) { + psa_key_slot_number_t slot_number; status = psa_find_se_slot_for_key( attributes, method, *p_drv, - &slot->data.se.slot_number ); + &slot_number ); if( status != PSA_SUCCESS ) return( status ); @@ -2080,7 +2074,7 @@ static psa_status_t psa_start_key_creation( { psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY ); psa_crypto_transaction.key.lifetime = slot->attr.lifetime; - psa_crypto_transaction.key.slot = slot->data.se.slot_number; + psa_crypto_transaction.key.slot = slot_number; psa_crypto_transaction.key.id = slot->attr.id; status = psa_crypto_save_transaction( ); if( status != PSA_SUCCESS ) @@ -2089,6 +2083,9 @@ static psa_status_t psa_start_key_creation( return( status ); } } + + status = psa_copy_key_material_into_slot( + slot, (uint8_t *)( &slot_number ), sizeof( slot_number ) ); } if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER ) @@ -2140,13 +2137,15 @@ static psa_status_t psa_finish_key_creation( if( driver != NULL ) { psa_se_key_data_storage_t data; + psa_key_slot_number_t slot_number = + psa_key_slot_get_slot_number( slot ) ; + #if defined(static_assert) - static_assert( sizeof( slot->data.se.slot_number ) == + static_assert( sizeof( slot_number ) == sizeof( data.slot_number ), "Slot number size does not match psa_se_key_data_storage_t" ); #endif - memcpy( &data.slot_number, &slot->data.se.slot_number, - sizeof( slot->data.se.slot_number ) ); + memcpy( &data.slot_number, &slot_number, sizeof( slot_number ) ); status = psa_save_persistent_key( &slot->attr, (uint8_t*) &data, sizeof( data ) ); @@ -2157,8 +2156,8 @@ static psa_status_t psa_finish_key_creation( /* Key material is saved in export representation in the slot, so * just pass the slot buffer for storage. */ status = psa_save_persistent_key( &slot->attr, - slot->data.key.data, - slot->data.key.bytes ); + slot->key.data, + slot->key.bytes ); } } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -2264,8 +2263,8 @@ static psa_status_t psa_validate_optional_attributes( psa_status_t status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) return( status ); @@ -2345,8 +2344,8 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, } status = drv->key_management->p_import( psa_get_se_driver_context( driver ), - slot->data.se.slot_number, attributes, data, data_length, - &bits ); + psa_key_slot_get_slot_number( slot ), + attributes, data, data_length, &bits ); if( status != PSA_SUCCESS ) goto exit; if( bits > PSA_MAX_KEY_BITS ) @@ -2423,8 +2422,8 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, psa_key_slot_t *target ) { psa_status_t status = psa_copy_key_material_into_slot( target, - source->data.key.data, - source->data.key.bytes ); + source->key.data, + source->key.bytes ); if( status != PSA_SUCCESS ) return( status ); @@ -3236,7 +3235,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation, return( ret ); ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, - slot->data.key.data, + slot->key.data, key_bits ); return( ret ); } @@ -3382,8 +3381,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, } status = psa_hmac_setup_internal( &operation->ctx.hmac, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, hash_alg ); } else @@ -3969,8 +3968,8 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, mbedtls_rsa_context *rsa = NULL; status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -4001,8 +4000,8 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, { mbedtls_ecp_keypair *ecp = NULL; status = psa_load_ecp_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &ecp ); if( status != PSA_SUCCESS ) goto exit; @@ -4079,8 +4078,8 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, mbedtls_rsa_context *rsa = NULL; status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -4104,8 +4103,8 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, { mbedtls_ecp_keypair *ecp = NULL; status = psa_load_ecp_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &ecp ); if( status != PSA_SUCCESS ) goto exit; @@ -4188,8 +4187,8 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, { mbedtls_rsa_context *rsa = NULL; status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) goto rsa_exit; @@ -4294,8 +4293,8 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, { mbedtls_rsa_context *rsa = NULL; status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -4455,8 +4454,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ uint8_t keys[24]; - memcpy( keys, slot->data.key.data, 16 ); - memcpy( keys + 16, slot->data.key.data, 8 ); + memcpy( keys, slot->key.data, 16 ); + memcpy( keys + 16, slot->key.data, 8 ); ret = mbedtls_cipher_setkey( &operation->ctx.cipher, keys, 192, cipher_operation ); @@ -4465,7 +4464,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, #endif { ret = mbedtls_cipher_setkey( &operation->ctx.cipher, - slot->data.key.data, + slot->key.data, (int) key_bits, cipher_operation ); } if( ret != 0 ) @@ -4964,7 +4963,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_ccm_init( &operation->ctx.ccm ); status = mbedtls_to_psa_error( mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id, - operation->slot->data.key.data, + operation->slot->key.data, (unsigned int) key_bits ) ); if( status != 0 ) goto cleanup; @@ -4986,7 +4985,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_gcm_init( &operation->ctx.gcm ); status = mbedtls_to_psa_error( mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id, - operation->slot->data.key.data, + operation->slot->key.data, (unsigned int) key_bits ) ); if( status != 0 ) goto cleanup; @@ -5006,7 +5005,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_chachapoly_init( &operation->ctx.chachapoly ); status = mbedtls_to_psa_error( mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, - operation->slot->data.key.data ) ); + operation->slot->key.data ) ); if( status != 0 ) goto cleanup; break; @@ -6129,8 +6128,8 @@ psa_status_t psa_key_derivation_input_key( status = psa_key_derivation_input_internal( operation, step, slot->attr.type, - slot->data.key.data, - slot->data.key.bytes ); + slot->key.data, + slot->key.bytes ); unlock_status = psa_unlock_key_slot( slot ); @@ -6215,8 +6214,8 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, mbedtls_ecp_keypair *ecp = NULL; psa_status_t status = psa_load_ecp_representation( private_key->attr.type, - private_key->data.key.data, - private_key->data.key.bytes, + private_key->key.data, + private_key->key.bytes, &ecp ); if( status != PSA_SUCCESS ) return( status ); @@ -6558,16 +6557,16 @@ static psa_status_t psa_generate_key_internal( if( status != PSA_SUCCESS ) return( status ); - status = psa_generate_random( slot->data.key.data, - slot->data.key.bytes ); + status = psa_generate_random( slot->key.data, + slot->key.bytes ); if( status != PSA_SUCCESS ) return( status ); slot->attr.bits = (psa_key_bits_t) bits; #if defined(MBEDTLS_DES_C) if( type == PSA_KEY_TYPE_DES ) - psa_des_set_key_parity( slot->data.key.data, - slot->data.key.bytes ); + psa_des_set_key_parity( slot->key.data, + slot->key.bytes ); #endif /* MBEDTLS_DES_C */ } else @@ -6611,9 +6610,9 @@ static psa_status_t psa_generate_key_internal( status = psa_export_rsa_key( type, &rsa, - slot->data.key.data, + slot->key.data, bytes, - &slot->data.key.bytes ); + &slot->key.bytes ); mbedtls_rsa_free( &rsa ); if( status != PSA_SUCCESS ) psa_remove_key_data_from_memory( slot ); @@ -6657,11 +6656,11 @@ static psa_status_t psa_generate_key_internal( } status = mbedtls_to_psa_error( - mbedtls_ecp_write_key( &ecp, slot->data.key.data, bytes ) ); + mbedtls_ecp_write_key( &ecp, slot->key.data, bytes ) ); mbedtls_ecp_keypair_free( &ecp ); if( status != PSA_SUCCESS ) { - memset( slot->data.key.data, 0, bytes ); + memset( slot->key.data, 0, bytes ); psa_remove_key_data_from_memory( slot ); } return( status ); diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index f61ef9550..3f266f392 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -62,23 +62,13 @@ typedef struct */ size_t lock_count; - union + /* Dynamically allocated key data buffer. + * Format as specified in psa_export_key(). */ + struct key_data { - /* Dynamically allocated key data buffer. - * Format as specified in psa_export_key(). */ - struct key_data - { - uint8_t *data; - size_t bytes; - } key; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - /* Any key type in a secure element */ - struct se - { - psa_key_slot_number_t slot_number; - } se; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - } data; + uint8_t *data; + size_t bytes; + } key; } psa_key_slot_t; /* A mask of key attribute flags used only internally. @@ -163,6 +153,20 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot, slot->attr.flags &= ~mask; } +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +/** Get the SE slot number of a key from the key slot storing its description. + * + * \param[in] slot The key slot to query. This must be a key slot storing + * the description of a key of a dynamically registered + * secure element, otherwise the behaviour is undefined. + */ +static inline psa_key_slot_number_t psa_key_slot_get_slot_number( + const psa_key_slot_t *slot ) +{ + return( *( (psa_key_slot_number_t *)( slot->key.data ) ) ); +} +#endif + /** Completely wipe a slot in memory, including its policy. * * Persistent storage is not affected. diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 1243bd387..2d433830d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -80,7 +80,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->asymmetric->p_sign( drv_context, - slot->data.se.slot_number, + psa_key_slot_get_slot_number( slot ), alg, hash, hash_length, signature, signature_size, @@ -103,8 +103,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, hash, hash_length, @@ -121,8 +121,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, hash, hash_length, @@ -172,7 +172,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->asymmetric->p_verify( drv_context, - slot->data.se.slot_number, + psa_key_slot_get_slot_number( slot ), alg, hash, hash_length, signature, signature_length ) ); @@ -194,8 +194,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, hash, hash_length, @@ -211,8 +211,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, hash, hash_length, @@ -330,9 +330,8 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->key_management->p_generate( - drv_context, - slot->data.se.slot_number, attributes, - NULL, 0, &pubkey_length ) ); + drv_context, psa_key_slot_get_slot_number( slot ), + attributes, NULL, 0, &pubkey_length ) ); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -346,10 +345,10 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib if( status != PSA_SUCCESS ) return( status ); - slot->data.key.data = mbedtls_calloc(1, export_size); - if( slot->data.key.data == NULL ) + slot->key.data = mbedtls_calloc(1, export_size); + if( slot->key.data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - slot->data.key.bytes = export_size; + slot->key.bytes = export_size; switch( location ) { @@ -365,9 +364,9 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib } #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_generate_key( attributes, - slot->data.key.data, - slot->data.key.bytes, - &slot->data.key.bytes ); + slot->key.data, + slot->key.bytes, + &slot->key.bytes ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) break; @@ -379,9 +378,9 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: status = test_opaque_generate_key( attributes, - slot->data.key.data, - slot->data.key.bytes, - &slot->data.key.bytes ); + slot->key.data, + slot->key.bytes, + &slot->key.bytes ); break; #endif /* PSA_CRYPTO_DRIVER_TEST */ default: @@ -393,9 +392,9 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib if( status != PSA_SUCCESS ) { /* free allocated buffer */ - mbedtls_free( slot->data.key.data ); - slot->data.key.data = NULL; - slot->data.key.bytes = 0; + mbedtls_free( slot->key.data ); + slot->key.data = NULL; + slot->key.bytes = 0; } return( status ); @@ -457,8 +456,8 @@ psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_export_public_key( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, data, data_size, data_length ); @@ -472,8 +471,8 @@ psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_export_public_key( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, data, data_size, data_length ) ); @@ -517,8 +516,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_cipher_encrypt( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, input, input_length, @@ -535,8 +534,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_cipher_encrypt( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, input, input_length, @@ -584,8 +583,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_cipher_decrypt( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, input, input_length, @@ -602,8 +601,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_cipher_decrypt( &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg, input, input_length, @@ -652,8 +651,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( status = test_transparent_cipher_encrypt_setup( operation->ctx, &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) @@ -680,8 +679,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( status = test_opaque_cipher_encrypt_setup( operation->ctx, &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg ); if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; @@ -733,8 +732,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( status = test_transparent_cipher_decrypt_setup( operation->ctx, &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) @@ -761,8 +760,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( status = test_opaque_cipher_decrypt_setup( operation->ctx, &attributes, - slot->data.key.data, - slot->data.key.bytes, + slot->key.data, + slot->key.bytes, alg ); if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 39d6dbb36..1188ce6e4 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -255,16 +255,15 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) { psa_se_key_data_storage_t *data; + if( key_data_length != sizeof( *data ) ) { status = PSA_ERROR_STORAGE_FAILURE; goto exit; } data = (psa_se_key_data_storage_t *) key_data; - memcpy( &slot->data.se.slot_number, &data->slot_number, - sizeof( slot->data.se.slot_number ) ); - - status = PSA_SUCCESS; + status = psa_copy_key_material_into_slot( + slot, data->slot_number, sizeof( data->slot_number ) ); goto exit; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */