yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 00:34:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve comments

Browse Source
This commit is contained in:
Gilles Peskine 2019-07-25 11:32:45 +02:00
parent 725f22a545
commit 60450a4812
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
library/psa_crypto.c
View File

@ -876,8 +876,8 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
* A transparent key is a key for which the key material is directly * A transparent key is a key for which the key material is directly
* available, as opposed to a key in a secure element. * available, as opposed to a key in a secure element.
* *
* This is a temporary function until secure element support is * This is a temporary function to use instead of psa_get_key_from_slot()
* fully implemented. * until secure element support is fully implemented.
*/ */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
static psa_status_t psa_get_transparent_key( psa_key_handle_t handle, static psa_status_t psa_get_transparent_key( psa_key_handle_t handle,
@ -981,6 +981,11 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
driver = psa_get_se_driver_entry( slot->lifetime ); driver = psa_get_se_driver_entry( slot->lifetime );
if( driver != NULL ) if( driver != NULL )
{ {
/* For a key in a secure element, we need to do three things:
* remove the key file in internal storage, destroy the
* key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these
* three actions. */
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY ); psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
psa_crypto_transaction.key.lifetime = slot->lifetime; psa_crypto_transaction.key.lifetime = slot->lifetime;
psa_crypto_transaction.key.slot = slot->data.se.slot_number; psa_crypto_transaction.key.slot = slot->data.se.slot_number;
@ -1454,9 +1459,18 @@ static psa_status_t psa_start_key_creation(
slot->type = attributes->type; slot->type = attributes->type;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Find a slot number for the new key. Save the slot number in /* For a key in a secure element, we need to do three things:
* persistent storage, but do not yet save the driver's persistent * create the key file in internal storage, create the
* state, so that if the power fails during the key creation process, * key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these
* three actions. */
/* The first thing to do is to find a slot number for the new key.
* We save the slot number in persistent storage as part of the
* transaction data. It will be needed to recover if the power
* fails during the key creation process, to clean up on the secure
* element side after restarting. Obtaining a slot number from the
* secure element driver updates its persistent state, but we do not yet
* save the driver's persistent state, so that if the power fails,
* we can roll back to a state where the key doesn't exist. */ * we can roll back to a state where the key doesn't exist. */
if( *p_drv != NULL ) if( *p_drv != NULL )
{ {