SE keys: allocate a slot before creating the key
This commit is contained in:
parent
73167e128f
commit
cbaff467ef
3 changed files with 68 additions and 0 deletions
|
@ -1348,6 +1348,18 @@ static psa_status_t psa_start_key_creation(
|
|||
}
|
||||
slot->type = attributes->type;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/* Find a slot number. Don't yet mark it as allocated in case
|
||||
* the key creation fails or there is a power failure. */
|
||||
if( *p_drv != NULL )
|
||||
{
|
||||
status = psa_find_se_slot_for_key( attributes, *p_drv,
|
||||
&slot->data.se.slot_number );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
@ -1405,6 +1417,18 @@ static psa_status_t psa_finish_key_creation(
|
|||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( driver != NULL )
|
||||
{
|
||||
status = psa_save_se_persistent_data( driver );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_destroy_persistent_key( slot->persistent_storage_id );
|
||||
return( status );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
|
|
@ -130,6 +130,35 @@ psa_status_t psa_save_se_persistent_data(
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_find_se_slot_for_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_se_drv_table_entry_t *driver,
|
||||
psa_key_slot_number_t *slot_number )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_drv_se_allocate_key_t p_allocate = NULL;
|
||||
|
||||
/* If the lifetime is wrong, it's a bug in the library. */
|
||||
if( driver->lifetime != attributes->lifetime )
|
||||
return( PSA_ERROR_CORRUPTION_DETECTED );
|
||||
|
||||
/* If the driver doesn't support key creation in any way, give up now. */
|
||||
if( driver->methods->key_management == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
p_allocate = driver->methods->key_management->p_allocate;
|
||||
|
||||
/* If the driver doesn't tell us how to allocate a slot, that's
|
||||
* not supported for the time being. */
|
||||
if( p_allocate == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
status = ( *p_allocate )( &driver->context,
|
||||
driver->internal.persistent_data,
|
||||
attributes,
|
||||
slot_number );
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
|
|
|
@ -99,6 +99,21 @@ const psa_drv_se_t *psa_get_se_driver_methods(
|
|||
psa_drv_se_context_t *psa_get_se_driver_context(
|
||||
psa_se_drv_table_entry_t *driver );
|
||||
|
||||
/** Find a free slot for a key that is to be created.
|
||||
*
|
||||
* This function calls the relevant method in the driver to find a suitable
|
||||
* slot for a key with the given attributes.
|
||||
*
|
||||
* \param[in] attributes Metadata about the key that is about to be created.
|
||||
* \param[in] driver The driver table entry to query.
|
||||
* \param[out] slot_number On success, a slot number that is free in this
|
||||
* secure element.
|
||||
*/
|
||||
psa_status_t psa_find_se_slot_for_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_se_drv_table_entry_t *driver,
|
||||
psa_key_slot_number_t *slot_number );
|
||||
|
||||
/** Load the persistent data of a secure element driver.
|
||||
*
|
||||
* \param driver The driver table entry containing the persistent
|
||||
|
|
Loading…
Reference in a new issue