Split 'validate persistent key parameters' into independent validation

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-06-08 18:37:19 +02:00
parent a50f28338b
commit 81fe7c311a
3 changed files with 72 additions and 65 deletions

View File

@ -1498,16 +1498,15 @@ static psa_status_t psa_validate_key_attributes(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t **p_drv ) psa_se_drv_table_entry_t **p_drv )
{ {
psa_status_t status; psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) ) status = psa_validate_key_location( attributes, p_drv );
{ if( status != PSA_SUCCESS )
status = psa_validate_persistent_key_parameters( return( status );
attributes->core.lifetime, attributes->core.id,
p_drv, 1 ); status = psa_validate_key_persistence( attributes );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
}
status = psa_validate_key_policy( &attributes->core.policy ); status = psa_validate_key_policy( &attributes->core.policy );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )

View File

@ -183,39 +183,54 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id,
} }
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
psa_status_t psa_validate_persistent_key_parameters( psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv )
psa_key_file_id_t id,
psa_se_drv_table_entry_t **p_drv,
int creating )
{ {
if( p_drv != NULL ) psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
*p_drv = NULL; if ( psa_key_lifetime_is_external( lifetime ) )
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_lifetime_is_external( lifetime ) )
{ {
*p_drv = psa_get_se_driver_entry( lifetime ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( *p_drv == NULL ) psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime );
if( p_drv_e == NULL )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
else
{
if (p_drv != NULL)
*p_drv = p_drv_e;
return( PSA_SUCCESS );
}
#else
(void) p_drv;
return( PSA_ERROR_INVALID_ARGUMENT );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
} }
else else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /* Local/internal keys are always valid */
if( ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) return( PSA_SUCCESS );
!= PSA_KEY_LOCATION_LOCAL_STORAGE ) || }
( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime )
!= PSA_KEY_PERSISTENCE_DEFAULT ) )
return( PSA_ERROR_INVALID_ARGUMENT );
psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes )
{
psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
/* Volatile keys are always supported */
return( PSA_SUCCESS );
}
else
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( ! psa_is_key_id_valid( id, ! creating ) ) if( psa_is_key_id_valid( psa_get_key_id( attributes ),
return( PSA_ERROR_INVALID_ARGUMENT ); psa_key_lifetime_is_external( lifetime ) ) )
return( PSA_SUCCESS ); return( PSA_SUCCESS );
else
return( PSA_ERROR_INVALID_ARGUMENT );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) id; return( PSA_ERROR_NOT_SUPPORTED );
(void) creating;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
} }
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
@ -226,10 +241,8 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
*handle = 0; *handle = 0;
status = psa_validate_persistent_key_parameters( if( ! psa_is_key_id_valid( id, 1 ) )
PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 ); return( PSA_ERROR_INVALID_ARGUMENT );
if( status != PSA_SUCCESS )
return( status );
status = psa_get_empty_key_slot( handle, &slot ); status = psa_get_empty_key_slot( handle, &slot );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )

View File

@ -92,38 +92,33 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
!= PSA_KEY_LOCATION_LOCAL_STORAGE ); != PSA_KEY_LOCATION_LOCAL_STORAGE );
} }
/** Test whether the given parameters are acceptable for a persistent key. /** Validate that a key's attributes point to a known location.
* *
* This function does not access the storage in any way. It only tests * This function checks whether the key's attributes point to a location that
* whether the parameters are meaningful and permitted by general policy. * is known to the PSA Core, and returns the driver function table if the key
* It does not test whether the a file by the given id exists or could be * is to be found in an external location.
* created.
* *
* If the key is in external storage, this function returns the corresponding * \param[in] attributes The key attributes.
* driver. * \param[out] p_drv On success, when a key is located in external
* storage, returns a pointer to the driver table
* associated with the key's storage location.
* *
* \param lifetime The lifetime to test. * \retval #PSA_SUCCESS
* \param id The key id to test. * \retval #PSA_ERROR_INVALID_ARGUMENT
* \param[out] p_drv On output, if \p lifetime designates a key
* in an external processor, \c *p_drv is a pointer
* to the driver table entry fot this lifetime.
* If \p lifetime designates a transparent key,
* \c *p_drv is \c NULL.
* \param creating 0 if attempting to open an existing key.
* Nonzero if attempting to create a key.
*
* \retval PSA_SUCCESS
* The given parameters are valid.
* \retval PSA_ERROR_INVALID_ARGUMENT
* \p lifetime is volatile or is invalid.
* \retval PSA_ERROR_INVALID_ARGUMENT
* \p id is invalid.
*/ */
psa_status_t psa_validate_persistent_key_parameters( psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv );
psa_key_file_id_t id,
psa_se_drv_table_entry_t **p_drv, /** Validate that a key's persistence is consistent.
int creating ); *
* This function checks whether a key's persistence attribute is consistent.
*
* \param[in] attributes The key attributes.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */