mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 16:24:14 +01:00
Split 'validate persistent key parameters' into independent validation
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
parent
a50f28338b
commit
81fe7c311a
@ -1498,16 +1498,15 @@ static psa_status_t psa_validate_key_attributes(
|
|||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
psa_se_drv_table_entry_t **p_drv )
|
psa_se_drv_table_entry_t **p_drv )
|
||||||
{
|
{
|
||||||
psa_status_t status;
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
|
||||||
if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
|
status = psa_validate_key_location( attributes, p_drv );
|
||||||
{
|
if( status != PSA_SUCCESS )
|
||||||
status = psa_validate_persistent_key_parameters(
|
return( status );
|
||||||
attributes->core.lifetime, attributes->core.id,
|
|
||||||
p_drv, 1 );
|
status = psa_validate_key_persistence( attributes );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
}
|
|
||||||
|
|
||||||
status = psa_validate_key_policy( &attributes->core.policy );
|
status = psa_validate_key_policy( &attributes->core.policy );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
@ -183,39 +183,54 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id,
|
|||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||||
|
|
||||||
psa_status_t psa_validate_persistent_key_parameters(
|
psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
|
||||||
psa_key_lifetime_t lifetime,
|
psa_se_drv_table_entry_t **p_drv )
|
||||||
psa_key_file_id_t id,
|
|
||||||
psa_se_drv_table_entry_t **p_drv,
|
|
||||||
int creating )
|
|
||||||
{
|
{
|
||||||
if( p_drv != NULL )
|
psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
|
||||||
*p_drv = NULL;
|
if ( psa_key_lifetime_is_external( lifetime ) )
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
||||||
if( psa_key_lifetime_is_external( lifetime ) )
|
|
||||||
{
|
{
|
||||||
*p_drv = psa_get_se_driver_entry( lifetime );
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
if( *p_drv == NULL )
|
psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime );
|
||||||
|
if( p_drv_e == NULL )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (p_drv != NULL)
|
||||||
|
*p_drv = p_drv_e;
|
||||||
|
return( PSA_SUCCESS );
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
(void) p_drv;
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
/* Local/internal keys are always valid */
|
||||||
if( ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
|
return( PSA_SUCCESS );
|
||||||
!= PSA_KEY_LOCATION_LOCAL_STORAGE ) ||
|
}
|
||||||
( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime )
|
|
||||||
!= PSA_KEY_PERSISTENCE_DEFAULT ) )
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
|
|
||||||
|
psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes )
|
||||||
|
{
|
||||||
|
psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
|
||||||
|
|
||||||
|
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
|
||||||
|
{
|
||||||
|
/* Volatile keys are always supported */
|
||||||
|
return( PSA_SUCCESS );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Persistent keys require storage support */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||||
if( ! psa_is_key_id_valid( id, ! creating ) )
|
if( psa_is_key_id_valid( psa_get_key_id( attributes ),
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
psa_key_lifetime_is_external( lifetime ) ) )
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
|
else
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||||
(void) id;
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
(void) creating;
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
|
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
|
||||||
@ -226,10 +241,8 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
|
|||||||
|
|
||||||
*handle = 0;
|
*handle = 0;
|
||||||
|
|
||||||
status = psa_validate_persistent_key_parameters(
|
if( ! psa_is_key_id_valid( id, 1 ) )
|
||||||
PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
return( status );
|
|
||||||
|
|
||||||
status = psa_get_empty_key_slot( handle, &slot );
|
status = psa_get_empty_key_slot( handle, &slot );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
@ -92,38 +92,33 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
|
|||||||
!= PSA_KEY_LOCATION_LOCAL_STORAGE );
|
!= PSA_KEY_LOCATION_LOCAL_STORAGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Test whether the given parameters are acceptable for a persistent key.
|
/** Validate that a key's attributes point to a known location.
|
||||||
*
|
*
|
||||||
* This function does not access the storage in any way. It only tests
|
* This function checks whether the key's attributes point to a location that
|
||||||
* whether the parameters are meaningful and permitted by general policy.
|
* is known to the PSA Core, and returns the driver function table if the key
|
||||||
* It does not test whether the a file by the given id exists or could be
|
* is to be found in an external location.
|
||||||
* created.
|
|
||||||
*
|
*
|
||||||
* If the key is in external storage, this function returns the corresponding
|
* \param[in] attributes The key attributes.
|
||||||
* driver.
|
* \param[out] p_drv On success, when a key is located in external
|
||||||
|
* storage, returns a pointer to the driver table
|
||||||
|
* associated with the key's storage location.
|
||||||
*
|
*
|
||||||
* \param lifetime The lifetime to test.
|
* \retval #PSA_SUCCESS
|
||||||
* \param id The key id to test.
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
* \param[out] p_drv On output, if \p lifetime designates a key
|
|
||||||
* in an external processor, \c *p_drv is a pointer
|
|
||||||
* to the driver table entry fot this lifetime.
|
|
||||||
* If \p lifetime designates a transparent key,
|
|
||||||
* \c *p_drv is \c NULL.
|
|
||||||
* \param creating 0 if attempting to open an existing key.
|
|
||||||
* Nonzero if attempting to create a key.
|
|
||||||
*
|
|
||||||
* \retval PSA_SUCCESS
|
|
||||||
* The given parameters are valid.
|
|
||||||
* \retval PSA_ERROR_INVALID_ARGUMENT
|
|
||||||
* \p lifetime is volatile or is invalid.
|
|
||||||
* \retval PSA_ERROR_INVALID_ARGUMENT
|
|
||||||
* \p id is invalid.
|
|
||||||
*/
|
*/
|
||||||
psa_status_t psa_validate_persistent_key_parameters(
|
psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
|
||||||
psa_key_lifetime_t lifetime,
|
psa_se_drv_table_entry_t **p_drv );
|
||||||
psa_key_file_id_t id,
|
|
||||||
psa_se_drv_table_entry_t **p_drv,
|
/** Validate that a key's persistence is consistent.
|
||||||
int creating );
|
*
|
||||||
|
* This function checks whether a key's persistence attribute is consistent.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The key attributes.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
*/
|
||||||
|
psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes );
|
||||||
|
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
|
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
|
||||||
|
Loading…
Reference in New Issue
Block a user