commit 354f7671f48945ffa9e68e0a4564e7f16279a152
author Gilles Peskine <Gilles.Peskine@arm.com> Fri Jul 12 23:46:38 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Jul 12 23:46:38 2019 +0200
tree c5d61776727d9c5be007b71d6bc0c1d407145c58
parent cbaff467efd1f81cc09dd81ae10c48e872f32360

SE keys: support destroy

When destroying a key in a secure element, call the driver's destroy
method and update the driver's persistent data in storage.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 93c9ce4..70ef9be 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -939,10 +939,20 @@
     psa_key_slot_t *slot;
     psa_status_t status = PSA_SUCCESS;
     psa_status_t storage_status = PSA_SUCCESS;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    psa_se_drv_table_entry_t *driver;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
     status = psa_get_key_slot( handle, &slot );
     if( status != PSA_SUCCESS )
         return( status );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    driver = psa_get_se_driver_entry( slot->lifetime );
+    if( driver != NULL )
+        status = psa_destroy_se_key( driver, slot->data.se.slot_number );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
     {
@@ -950,6 +960,7 @@
             psa_destroy_persistent_key( slot->persistent_storage_id );
     }
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
     status = psa_wipe_key_slot( slot );
     if( status != PSA_SUCCESS )
         return( status );

library/psa_crypto_se.c

diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index fb57fc9..7287ac0 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -159,6 +159,22 @@
     return( status );
 }
 
+psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
+                                 psa_key_slot_number_t slot_number )
+{
+    psa_status_t status;
+    psa_status_t storage_status;
+    if( driver->methods->key_management == NULL ||
+        driver->methods->key_management->p_destroy == NULL )
+        return( PSA_ERROR_NOT_PERMITTED );
+    status = driver->methods->key_management->p_destroy(
+        &driver->context,
+        driver->internal.persistent_data,
+        slot_number );
+    storage_status = psa_save_se_persistent_data( driver );
+    return( status == PSA_SUCCESS ? storage_status : status );
+}
+
 
 
 /****************************************************************/

library/psa_crypto_se.h

diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 02819d9..f1d7e7c 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -114,6 +114,14 @@
     psa_se_drv_table_entry_t *driver,
     psa_key_slot_number_t *slot_number );
 
+/** Destoy a key in a secure element.
+ *
+ * This function calls the relevant driver method to destroy a key
+ * and updates the driver's persistent data.
+ */
+psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
+                                 psa_key_slot_number_t slot_number );
+
 /** Load the persistent data of a secure element driver.
  *
  * \param driver        The driver table entry containing the persistent