SE keys: implement persistent storage
For a key in a secure element, persist the key slot.
This is implemented in the nominal case. Failures may not be handled
properly.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e048e9f..84b6911 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1469,20 +1469,30 @@
(void) driver;
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ if( slot->lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
uint8_t *buffer = NULL;
size_t buffer_size = 0;
- size_t length;
+ size_t length = 0;
- buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
- psa_get_key_slot_bits( slot ) );
- buffer = mbedtls_calloc( 1, buffer_size );
- if( buffer == NULL && buffer_size != 0 )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- status = psa_internal_export_key( slot,
- buffer, buffer_size, &length,
- 0 );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
+ {
+ buffer = (uint8_t*) &slot->data.se.slot_number;
+ length = sizeof( slot->data.se.slot_number );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
+ psa_get_key_slot_bits( slot ) );
+ buffer = mbedtls_calloc( 1, buffer_size );
+ if( buffer == NULL && buffer_size != 0 )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ status = psa_internal_export_key( slot,
+ buffer, buffer_size, &length,
+ 0 );
+ }
if( status == PSA_SUCCESS )
{
@@ -1491,9 +1501,14 @@
status = psa_save_persistent_key( &attributes, buffer, length );
}
- if( buffer_size != 0 )
- mbedtls_platform_zeroize( buffer, buffer_size );
- mbedtls_free( buffer );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver == NULL )
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ if( buffer_size != 0 )
+ mbedtls_platform_zeroize( buffer, buffer_size );
+ mbedtls_free( buffer );
+ }
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 5326fbd..6b87ea0 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -131,10 +131,28 @@
&key_data, &key_data_length );
if( status != PSA_SUCCESS )
goto exit;
+ p_slot->lifetime = psa_get_key_lifetime( &attributes );
p_slot->type = psa_get_key_type( &attributes );
p_slot->policy = attributes.policy;
- status = psa_import_key_into_slot( p_slot,
- key_data, key_data_length );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_key_lifetime_is_external( p_slot->lifetime ) )
+ {
+ if( key_data_length != sizeof( p_slot->data.se.slot_number ) )
+ {
+ status = PSA_ERROR_STORAGE_FAILURE;
+ goto exit;
+ }
+ memcpy( &p_slot->data.se.slot_number, key_data,
+ sizeof( p_slot->data.se.slot_number ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ status = psa_import_key_into_slot( p_slot,
+ key_data, key_data_length );
+ }
+
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );