SE keys: support destroy

When destroying a key in a secure element, call the driver's destroy
method and update the driver's persistent data in storage.
This commit is contained in:
Gilles Peskine 2019-07-12 23:46:38 +02:00
parent cbaff467ef
commit 354f7671f4
3 changed files with 35 additions and 0 deletions

View file

@ -939,10 +939,20 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
psa_key_slot_t *slot;
psa_status_t status = PSA_SUCCESS;
psa_status_t storage_status = PSA_SUCCESS;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_se_drv_table_entry_t *driver;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
driver = psa_get_se_driver_entry( slot->lifetime );
if( driver != NULL )
status = psa_destroy_se_key( driver, slot->data.se.slot_number );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
@ -950,6 +960,7 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
psa_destroy_persistent_key( slot->persistent_storage_id );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
status = psa_wipe_key_slot( slot );
if( status != PSA_SUCCESS )
return( status );

View file

@ -159,6 +159,22 @@ psa_status_t psa_find_se_slot_for_key(
return( status );
}
psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t slot_number )
{
psa_status_t status;
psa_status_t storage_status;
if( driver->methods->key_management == NULL ||
driver->methods->key_management->p_destroy == NULL )
return( PSA_ERROR_NOT_PERMITTED );
status = driver->methods->key_management->p_destroy(
&driver->context,
driver->internal.persistent_data,
slot_number );
storage_status = psa_save_se_persistent_data( driver );
return( status == PSA_SUCCESS ? storage_status : status );
}
/****************************************************************/

View file

@ -114,6 +114,14 @@ psa_status_t psa_find_se_slot_for_key(
psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t *slot_number );
/** Destoy a key in a secure element.
*
* This function calls the relevant driver method to destroy a key
* and updates the driver's persistent data.
*/
psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t slot_number );
/** Load the persistent data of a secure element driver.
*
* \param driver The driver table entry containing the persistent