Do not persist transactions on volatile external keys
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
parent
c59de6ab7e
commit
bbeaf18eac
1 changed files with 20 additions and 13 deletions
|
@ -1593,11 +1593,14 @@ static psa_status_t psa_start_key_creation(
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
/* For a key in a secure element, we need to do three things
|
/* For a key in a secure element, we need to do three things
|
||||||
* when creating or registering a key:
|
* when creating or registering a persistent key:
|
||||||
* create the key file in internal storage, create the
|
* create the key file in internal storage, create the
|
||||||
* key inside the secure element, and update the driver's
|
* key inside the secure element, and update the driver's
|
||||||
* persistent data. Start a transaction that will encompass these
|
* persistent data. This is done by starting a transaction that will
|
||||||
* three actions. */
|
* encompass these three actions.
|
||||||
|
* For registering a volatile key, we just need to find an appropriate
|
||||||
|
* slot number inside the SE. Since the key is designated volatile, creating
|
||||||
|
* a transaction is not required. */
|
||||||
/* The first thing to do is to find a slot number for the new key.
|
/* The first thing to do is to find a slot number for the new key.
|
||||||
* We save the slot number in persistent storage as part of the
|
* We save the slot number in persistent storage as part of the
|
||||||
* transaction data. It will be needed to recover if the power
|
* transaction data. It will be needed to recover if the power
|
||||||
|
@ -1612,15 +1615,19 @@ static psa_status_t psa_start_key_creation(
|
||||||
&slot->data.se.slot_number );
|
&slot->data.se.slot_number );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
|
|
||||||
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
|
if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
|
||||||
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
|
|
||||||
psa_crypto_transaction.key.id = slot->attr.id;
|
|
||||||
status = psa_crypto_save_transaction( );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
{
|
{
|
||||||
(void) psa_crypto_stop_transaction( );
|
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
|
||||||
return( status );
|
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
|
||||||
|
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
|
||||||
|
psa_crypto_transaction.key.id = slot->attr.id;
|
||||||
|
status = psa_crypto_save_transaction( );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
(void) psa_crypto_stop_transaction( );
|
||||||
|
return( status );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1708,8 +1715,8 @@ static psa_status_t psa_finish_key_creation(
|
||||||
/* Finish the transaction for a key creation. This does not
|
/* Finish the transaction for a key creation. This does not
|
||||||
* happen when registering an existing key. Detect this case
|
* happen when registering an existing key. Detect this case
|
||||||
* by checking whether a transaction is in progress (actual
|
* by checking whether a transaction is in progress (actual
|
||||||
* creation of a key in a secure element requires a transaction,
|
* creation of a persistent key in a secure element requires a transaction,
|
||||||
* but registration doesn't use one). */
|
* but registration or volatile key creation doesn't use one). */
|
||||||
if( driver != NULL &&
|
if( driver != NULL &&
|
||||||
psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
|
psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue