Split 'validate persistent key parameters' into independent validation

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-06-08 18:37:19 +02:00
parent a50f28338b
commit 81fe7c311a
3 changed files with 72 additions and 65 deletions

View File

@ -1498,16 +1498,15 @@ static psa_status_t psa_validate_key_attributes(
const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t **p_drv )
{
psa_status_t status;
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
{
status = psa_validate_persistent_key_parameters(
attributes->core.lifetime, attributes->core.id,
p_drv, 1 );
if( status != PSA_SUCCESS )
return( status );
}
status = psa_validate_key_location( attributes, p_drv );
if( status != PSA_SUCCESS )
return( status );
status = psa_validate_key_persistence( attributes );
if( status != PSA_SUCCESS )
return( status );
status = psa_validate_key_policy( &attributes->core.policy );
if( status != PSA_SUCCESS )

View File

@ -183,39 +183,54 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id,
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
psa_status_t psa_validate_persistent_key_parameters(
psa_key_lifetime_t lifetime,
psa_key_file_id_t id,
psa_se_drv_table_entry_t **p_drv,
int creating )
psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t **p_drv )
{
if( p_drv != NULL )
*p_drv = NULL;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_lifetime_is_external( lifetime ) )
psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
if ( psa_key_lifetime_is_external( lifetime ) )
{
*p_drv = psa_get_se_driver_entry( lifetime );
if( *p_drv == NULL )
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime );
if( p_drv_e == NULL )
return( PSA_ERROR_INVALID_ARGUMENT );
else
{
if (p_drv != NULL)
*p_drv = p_drv_e;
return( PSA_SUCCESS );
}
#else
(void) p_drv;
return( PSA_ERROR_INVALID_ARGUMENT );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
!= PSA_KEY_LOCATION_LOCAL_STORAGE ) ||
( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime )
!= PSA_KEY_PERSISTENCE_DEFAULT ) )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Local/internal keys are always valid */
return( PSA_SUCCESS );
}
psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes )
{
psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
/* Volatile keys are always supported */
return( PSA_SUCCESS );
}
else
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( ! psa_is_key_id_valid( id, ! creating ) )
return( PSA_ERROR_INVALID_ARGUMENT );
return( PSA_SUCCESS );
if( psa_is_key_id_valid( psa_get_key_id( attributes ),
psa_key_lifetime_is_external( lifetime ) ) )
return( PSA_SUCCESS );
else
return( PSA_ERROR_INVALID_ARGUMENT );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) id;
(void) creating;
return( PSA_ERROR_NOT_SUPPORTED );
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
}
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
@ -226,10 +241,8 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
*handle = 0;
status = psa_validate_persistent_key_parameters(
PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 );
if( status != PSA_SUCCESS )
return( status );
if( ! psa_is_key_id_valid( id, 1 ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( handle, &slot );
if( status != PSA_SUCCESS )

View File

@ -92,38 +92,33 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
!= PSA_KEY_LOCATION_LOCAL_STORAGE );
}
/** Test whether the given parameters are acceptable for a persistent key.
/** Validate that a key's attributes point to a known location.
*
* This function does not access the storage in any way. It only tests
* whether the parameters are meaningful and permitted by general policy.
* It does not test whether the a file by the given id exists or could be
* created.
* This function checks whether the key's attributes point to a location that
* is known to the PSA Core, and returns the driver function table if the key
* is to be found in an external location.
*
* If the key is in external storage, this function returns the corresponding
* driver.
* \param[in] attributes The key attributes.
* \param[out] p_drv On success, when a key is located in external
* storage, returns a pointer to the driver table
* associated with the key's storage location.
*
* \param lifetime The lifetime to test.
* \param id The key id to test.
* \param[out] p_drv On output, if \p lifetime designates a key
* in an external processor, \c *p_drv is a pointer
* to the driver table entry fot this lifetime.
* If \p lifetime designates a transparent key,
* \c *p_drv is \c NULL.
* \param creating 0 if attempting to open an existing key.
* Nonzero if attempting to create a key.
*
* \retval PSA_SUCCESS
* The given parameters are valid.
* \retval PSA_ERROR_INVALID_ARGUMENT
* \p lifetime is volatile or is invalid.
* \retval PSA_ERROR_INVALID_ARGUMENT
* \p id is invalid.
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_persistent_key_parameters(
psa_key_lifetime_t lifetime,
psa_key_file_id_t id,
psa_se_drv_table_entry_t **p_drv,
int creating );
psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t **p_drv );
/** Validate that a key's persistence is consistent.
*
* This function checks whether a key's persistence attribute is consistent.
*
* \param[in] attributes The key attributes.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */