SE keys: store the bit size internally (partial implementation) This commit blindingly copies the size from the attributes. This is not correct for copy and import.

commit: 424f89453b27091a1fc7e51c8f9848a1a8a944e6 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Jul 15 21:59:53 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Jul 29 17:06:06 2019 +0200
tree: 97ba7ad623a79e8487d6c578a5cb39fe278c8482
parent: adb1c52149932121d5fc1649e4a9f5159cdd4b7d [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0b33d76..fc9161d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1035,6 +1035,11 @@
 /* Return the size of the key in the given slot, in bits. */
 static size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    if( psa_get_se_driver( slot->lifetime, NULL, NULL ) )
+        return( slot->data.se.bits );
+#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */
+
     if( key_type_is_raw_bytes( slot->type ) )
         return( slot->data.raw.bytes * 8 );
 #if defined(MBEDTLS_RSA_C)
@@ -1489,6 +1494,10 @@
             (void) psa_crypto_stop_transaction( );
             return( status );
         }
+
+        /* TOnogrepDO: validate bits. How to do this depends on the key
+         * creation method, so setting bits might not belong here. */
+        slot->data.se.bits = psa_get_key_bits( attributes );
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
commit	424f89453b27091a1fc7e51c8f9848a1a8a944e6	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Jul 15 21:59:53 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Jul 29 17:06:06 2019 +0200
tree	97ba7ad623a79e8487d6c578a5cb39fe278c8482
parent	adb1c52149932121d5fc1649e4a9f5159cdd4b7d [diff] [blame]