generate key ext: skip driver invocation with non-default method
In the driver wrapper for psa_generate_key() and psa_generate_key_ext(): * Invoke the built-in code if using a non-default method, even if there might be an accelerator. This is ok because we only support non-default methods for RSA and we don't support driver-only RSA, therefore a non-default method will always have built-in code behind it. * Return NOT_SUPPORTED if trying to use a non-default method with an opaque driver. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
c81393b2ed
commit
69f11c8dfb
3 changed files with 29 additions and 5 deletions
|
@ -6025,7 +6025,7 @@ exit:
|
|||
|
||||
static const psa_key_generation_method_t default_method = PSA_KEY_GENERATION_METHOD_INIT;
|
||||
|
||||
static int psa_key_generation_method_is_default(
|
||||
int psa_key_generation_method_is_default(
|
||||
const psa_key_generation_method_t *method,
|
||||
size_t method_data_length)
|
||||
{
|
||||
|
|
|
@ -396,6 +396,18 @@ psa_status_t psa_export_public_key_internal(
|
|||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length);
|
||||
|
||||
/** Whether a key generation method is the default.
|
||||
*
|
||||
* Calls to a key generation driver with a non-default method
|
||||
* require a driver supporting custom methods.
|
||||
*
|
||||
* \param[in] method The key generation method to check.
|
||||
* \param method_data_length Size of `method.data` in bytes.
|
||||
*/
|
||||
int psa_key_generation_method_is_default(
|
||||
const psa_key_generation_method_t *method,
|
||||
size_t method_data_length);
|
||||
|
||||
/**
|
||||
* \brief Generate a key.
|
||||
*
|
||||
|
|
|
@ -738,8 +738,18 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
|||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
|
||||
|
||||
/* TODO: if method is non-default, we need a driver that supports
|
||||
* passing a method. */
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
int is_default_method =
|
||||
psa_key_generation_method_is_default(method, method_data_length);
|
||||
if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_method )
|
||||
{
|
||||
/* We don't support passing a custom method to drivers yet. */
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
#else
|
||||
int is_default_method = 1;
|
||||
(void) is_default_method;
|
||||
#endif
|
||||
|
||||
/* Try dynamically-registered SE interface first */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
|
@ -766,8 +776,10 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
|||
{
|
||||
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
/* Transparent drivers are limited to generating asymmetric keys */
|
||||
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
|
||||
/* Transparent drivers are limited to generating asymmetric keys. */
|
||||
/* We don't support passing a custom method to drivers yet. */
|
||||
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) &&
|
||||
is_default_method )
|
||||
{
|
||||
/* Cycle through all known transparent accelerators */
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
|
Loading…
Reference in a new issue