diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e0ed35f0a..4f7be40ec 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2325,43 +2325,41 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; - if( psa_key_lifetime_is_external( psa_get_key_lifetime( attributes ) ) ) - { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) + if( driver != NULL ) + { + const psa_drv_se_t *drv = psa_get_se_driver_methods( driver ); + /* The driver should set the number of key bits, however in + * case it doesn't, we initialize bits to an invalid value. */ + size_t bits = PSA_MAX_KEY_BITS + 1; + if( drv->key_management == NULL || + drv->key_management->p_import == NULL ) { - const psa_drv_se_t *drv = psa_get_se_driver_methods( driver ); - /* The driver should set the number of key bits, however in - * case it doesn't, we initialize bits to an invalid value. */ - size_t bits = PSA_MAX_KEY_BITS + 1; - if( drv->key_management == NULL || - drv->key_management->p_import == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->key_management->p_import( - psa_get_se_driver_context( driver ), - slot->data.se.slot_number, attributes, data, data_length, - &bits ); - if( status != PSA_SUCCESS ) - goto exit; - if( bits > PSA_MAX_KEY_BITS ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - slot->attr.bits = (psa_key_bits_t) bits; - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - { - /* Importing a key with external lifetime through the driver wrapper - * interface is not yet supported. Return as if this was an invalid - * lifetime. */ - status = PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_NOT_SUPPORTED; goto exit; } + status = drv->key_management->p_import( + psa_get_se_driver_context( driver ), + slot->data.se.slot_number, attributes, data, data_length, + &bits ); + if( status != PSA_SUCCESS ) + goto exit; + if( bits > PSA_MAX_KEY_BITS ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + slot->attr.bits = (psa_key_bits_t) bits; + } + else +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + if( psa_key_lifetime_is_external( psa_get_key_lifetime( attributes ) ) ) + { + /* Importing a key with external lifetime through the driver wrapper + * interface is not yet supported. Return as if this was an invalid + * lifetime. */ + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } else { diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index f30b75ada..3797dea9c 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -247,43 +247,35 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) if( status != PSA_SUCCESS ) goto exit; - if( psa_key_lifetime_is_external( slot->attr.lifetime ) ) - { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - psa_se_key_data_storage_t *data; - if( key_data_length != sizeof( *data ) ) - { - status = PSA_ERROR_STORAGE_FAILURE; - goto exit; - } - data = (psa_se_key_data_storage_t *) key_data; - memcpy( &slot->data.se.slot_number, &data->slot_number, - sizeof( slot->data.se.slot_number ) ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - { - /* A key that is successfully loaded from storage with an - * external lifetime, but doesn't belong to an SE driver, - * must be a PSA driver-associated key which we can just - * load like an internal key. */ - if ( key_data == NULL ) - { - status = PSA_ERROR_STORAGE_FAILURE; - goto exit; - } - - status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); - } - } - else + /* Special handling is required for loading keys associated with a + * dynamically registered SE interface. */ + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) { - status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); + psa_se_key_data_storage_t *data; + if( key_data_length != sizeof( *data ) ) + { + status = PSA_ERROR_STORAGE_FAILURE; + goto exit; + } + data = (psa_se_key_data_storage_t *) key_data; + memcpy( &slot->data.se.slot_number, &data->slot_number, + sizeof( slot->data.se.slot_number ) ); + + status = PSA_SUCCESS; + goto exit; } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + if ( key_data == NULL ) + { + status = PSA_ERROR_STORAGE_FAILURE; + goto exit; + } + + status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); exit: psa_free_persistent_key_data( key_data, key_data_length ); @@ -360,31 +352,26 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, if ( psa_key_lifetime_is_external( lifetime ) ) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) + /* Check whether a driver is registered against this lifetime */ psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime ); - if( driver == NULL ) - { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) - /* Key location for external keys gets checked by the wrapper */ - return( PSA_SUCCESS ); -#else - return( PSA_ERROR_INVALID_ARGUMENT ); -#endif - } - else + if( driver != NULL ) { if (p_drv != NULL) *p_drv = driver; return( PSA_SUCCESS ); } -#else +#else /* MBEDTLS_PSA_CRYPTO_SE_C */ (void) p_drv; +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Key location for external keys gets checked by the wrapper */ return( PSA_SUCCESS ); -#else +#else /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + /* No support for external lifetimes at all, or dynamic interface + * did not find driver for requested lifetime. */ return( PSA_ERROR_INVALID_ARGUMENT ); -#endif -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ } else /* Local/internal keys are always valid */