Prevent mbedtls_psa_register_se_key with volatile keys mbedtls_psa_register_se_key() is not usable with volatile keys, since there is no way to return the implementation-chosen key identifier which would be needed to use the key. Document this limitation. Reject an attempt to create such an unusable key. Fixes #9253. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 37a4fcc5b4b22d39c78e2bcd82c994e3b4629762 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 13 16:06:45 2024 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Aug 07 11:17:32 2024 +0200
tree: 53c2154701e9c575aa39268a6315e10bec990225
parent: f555a4e26f9909322e0cb382c5133ee403c9d674 [diff] [blame]
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index a1b2af7..4039acf 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h

@@ -155,6 +155,14 @@
  * specified in \p attributes.
  *
  * \param[in] attributes        The attributes of the existing key.
+ *                              - The lifetime must be a persistent lifetime
+ *                                in a secure element. Volatile lifetimes are
+ *                                not currently supported.
+ *                              - The key identifier must be in the valid
+ *                                range for persistent keys.
+ *                              - The key type and size must be specified and
+ *                                must be consistent with the key material
+ *                                in the secure element.
  *
  * \retval #PSA_SUCCESS
  *         The key was successfully registered.
commit	37a4fcc5b4b22d39c78e2bcd82c994e3b4629762	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 13 16:06:45 2024 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Aug 07 11:17:32 2024 +0200
tree	53c2154701e9c575aa39268a6315e10bec990225
parent	f555a4e26f9909322e0cb382c5133ee403c9d674 [diff] [blame]