yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 23:35:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

psa: Move from validate_key to import_key entry point

Browse Source 
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-11-22 14:02:39 +01:00
parent ea0f8a6d1a
commit 8328287956
5 changed files with 60 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
library/psa_crypto.c
View File

@ -1104,27 +1104,40 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
else if( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
{
/* Try validation through accelerators first. */
bit_size = slot->attr.bits;
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_driver_wrapper_validate_key( &attributes,
data,
data_length,
&bit_size );
status = psa_allocate_buffer_to_slot( slot, data_length );
if( status != PSA_SUCCESS )
return( status );
bit_size = slot->attr.bits;
status = psa_driver_wrapper_import_key( &attributes,
data, data_length,
slot->key.data,
slot->key.bytes,
&slot->key.bytes,
&bit_size );
if( status == PSA_SUCCESS )
{
/* Key has been validated successfully by an accelerator.
* Copy key material into slot. */
status = psa_copy_key_material_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS )
return( status );
if( slot->attr.bits == 0 )
slot->attr.bits = (psa_key_bits_t) bit_size;
else if( bit_size != slot->attr.bits )
return( PSA_ERROR_INVALID_ARGUMENT );
slot->attr.bits = (psa_key_bits_t) bit_size;
return( PSA_SUCCESS );
}
else if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
else
{
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
mbedtls_platform_zeroize( slot->key.data, data_length );
mbedtls_free( slot->key.data );
slot->key.data = NULL;
slot->key.bytes = 0;
/* Key format is not supported by any accelerator, try software fallback
* if present. */

23
library/psa_crypto_driver_wrappers.c
View File

@ -409,19 +409,23 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
size_t *bits )
psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits )
{
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators in turn */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_validate_key( attributes,
data,
data_length,
bits );
status = test_transparent_import_key( attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@ -432,6 +436,9 @@ psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attrib
(void) attributes;
(void) data;
(void) data_length;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
(void) bits;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */

9
library/psa_crypto_driver_wrappers.h
View File

@ -50,10 +50,11 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot );
psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
size_t *bits );
psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits );
psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
uint8_t *data,

15
tests/include/test/drivers/key_management.h
View File

@ -58,12 +58,6 @@ psa_status_t test_opaque_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
psa_status_t test_transparent_validate_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
size_t *bits);
psa_status_t test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@ -74,5 +68,14 @@ psa_status_t test_opaque_export_public_key(
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
psa_status_t test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */

7
tests/src/drivers/key_management.c
View File

@ -137,11 +137,14 @@ psa_status_t test_opaque_generate_key(
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t test_transparent_validate_key(
psa_status_t test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
size_t *bits )
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits)
{
++test_driver_key_management_hooks.hits;