commit 1df83d4f5b0e6c701a13acd7b795aad3313f2a0e
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Jul 23 16:13:14 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Jul 23 16:13:14 2019 +0200
tree ba6dc91f9e2cd33a7133230bde3f136f9b7f2bfe
parent 0e8d495bd9b1f63717ee146070430d32e0f82c27

SE keys: implement persistent storage

For a key in a secure element, persist the key slot.

This is implemented in the nominal case. Failures may not be handled
properly.

library/psa_crypto_slot_management.c

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 5326fbd..6b87ea0 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -131,10 +131,28 @@
                                       &key_data, &key_data_length );
     if( status != PSA_SUCCESS )
         goto exit;
+    p_slot->lifetime = psa_get_key_lifetime( &attributes );
     p_slot->type = psa_get_key_type( &attributes );
     p_slot->policy = attributes.policy;
-    status = psa_import_key_into_slot( p_slot,
-                                       key_data, key_data_length );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    if( psa_key_lifetime_is_external( p_slot->lifetime ) )
+    {
+        if( key_data_length != sizeof( p_slot->data.se.slot_number ) )
+        {
+            status = PSA_ERROR_STORAGE_FAILURE;
+            goto exit;
+        }
+        memcpy( &p_slot->data.se.slot_number, key_data,
+                sizeof( p_slot->data.se.slot_number ) );
+    }
+    else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+    {
+        status = psa_import_key_into_slot( p_slot,
+                                           key_data, key_data_length );
+    }
+
 exit:
     psa_free_persistent_key_data( key_data, key_data_length );
     return( status );