yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 05:35:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not persist transactions on volatile external keys

Browse Source 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-06-08 18:29:44 +02:00
parent c59de6ab7e
commit bbeaf18eac
1 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
library/psa_crypto.c
View File

@ -1593,11 +1593,14 @@ static psa_status_t psa_start_key_creation(
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* For a key in a secure element, we need to do three things /* For a key in a secure element, we need to do three things
* when creating or registering a key: * when creating or registering a persistent key:
* create the key file in internal storage, create the * create the key file in internal storage, create the
* key inside the secure element, and update the driver's * key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these * persistent data. This is done by starting a transaction that will
* three actions. */ * encompass these three actions.
* For registering a volatile key, we just need to find an appropriate
* slot number inside the SE. Since the key is designated volatile, creating
* a transaction is not required. */
/* The first thing to do is to find a slot number for the new key. /* The first thing to do is to find a slot number for the new key.
* We save the slot number in persistent storage as part of the * We save the slot number in persistent storage as part of the
* transaction data. It will be needed to recover if the power * transaction data. It will be needed to recover if the power
@ -1612,6 +1615,9 @@ static psa_status_t psa_start_key_creation(
&slot->data.se.slot_number ); &slot->data.se.slot_number );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
{
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY ); psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
psa_crypto_transaction.key.lifetime = slot->attr.lifetime; psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
psa_crypto_transaction.key.slot = slot->data.se.slot_number; psa_crypto_transaction.key.slot = slot->data.se.slot_number;
@ -1623,6 +1629,7 @@ static psa_status_t psa_start_key_creation(
return( status ); return( status );
} }
} }
}
if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER ) if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER )
{ {
@ -1708,8 +1715,8 @@ static psa_status_t psa_finish_key_creation(
/* Finish the transaction for a key creation. This does not /* Finish the transaction for a key creation. This does not
* happen when registering an existing key. Detect this case * happen when registering an existing key. Detect this case
* by checking whether a transaction is in progress (actual * by checking whether a transaction is in progress (actual
* creation of a key in a secure element requires a transaction, * creation of a persistent key in a secure element requires a transaction,
* but registration doesn't use one). */ * but registration or volatile key creation doesn't use one). */
if( driver != NULL && if( driver != NULL &&
psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY ) psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
{ {