mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 00:44:20 +01:00
Improve comments
This commit is contained in:
parent
725f22a545
commit
60450a4812
@ -876,8 +876,8 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
|
|||||||
* A transparent key is a key for which the key material is directly
|
* A transparent key is a key for which the key material is directly
|
||||||
* available, as opposed to a key in a secure element.
|
* available, as opposed to a key in a secure element.
|
||||||
*
|
*
|
||||||
* This is a temporary function until secure element support is
|
* This is a temporary function to use instead of psa_get_key_from_slot()
|
||||||
* fully implemented.
|
* until secure element support is fully implemented.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
static psa_status_t psa_get_transparent_key( psa_key_handle_t handle,
|
static psa_status_t psa_get_transparent_key( psa_key_handle_t handle,
|
||||||
@ -981,6 +981,11 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
|
|||||||
driver = psa_get_se_driver_entry( slot->lifetime );
|
driver = psa_get_se_driver_entry( slot->lifetime );
|
||||||
if( driver != NULL )
|
if( driver != NULL )
|
||||||
{
|
{
|
||||||
|
/* For a key in a secure element, we need to do three things:
|
||||||
|
* remove the key file in internal storage, destroy the
|
||||||
|
* key inside the secure element, and update the driver's
|
||||||
|
* persistent data. Start a transaction that will encompass these
|
||||||
|
* three actions. */
|
||||||
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
|
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
|
||||||
psa_crypto_transaction.key.lifetime = slot->lifetime;
|
psa_crypto_transaction.key.lifetime = slot->lifetime;
|
||||||
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
|
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
|
||||||
@ -1454,9 +1459,18 @@ static psa_status_t psa_start_key_creation(
|
|||||||
slot->type = attributes->type;
|
slot->type = attributes->type;
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
/* Find a slot number for the new key. Save the slot number in
|
/* For a key in a secure element, we need to do three things:
|
||||||
* persistent storage, but do not yet save the driver's persistent
|
* create the key file in internal storage, create the
|
||||||
* state, so that if the power fails during the key creation process,
|
* key inside the secure element, and update the driver's
|
||||||
|
* persistent data. Start a transaction that will encompass these
|
||||||
|
* three actions. */
|
||||||
|
/* The first thing to do is to find a slot number for the new key.
|
||||||
|
* We save the slot number in persistent storage as part of the
|
||||||
|
* transaction data. It will be needed to recover if the power
|
||||||
|
* fails during the key creation process, to clean up on the secure
|
||||||
|
* element side after restarting. Obtaining a slot number from the
|
||||||
|
* secure element driver updates its persistent state, but we do not yet
|
||||||
|
* save the driver's persistent state, so that if the power fails,
|
||||||
* we can roll back to a state where the key doesn't exist. */
|
* we can roll back to a state where the key doesn't exist. */
|
||||||
if( *p_drv != NULL )
|
if( *p_drv != NULL )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user