SE support: Use a transaction when registering a key When registering a key in a secure element, go through the transaction mechanism. This makes the code simpler, at the expense of a few extra storage operations. Given that registering a key is typically very rare over the lifetime of a device, this is an acceptable loss. Drivers must now have a p_validate_slot_number method, otherwise registering a key is not possible. This reduces the risk that due to a mistake during the integration of a device, an application might claim a slot in a way that is not supported by the driver.

commit: 3efcebbc5e9852082f06590f9325d53cf405e80f [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 01 14:18:35 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 01 14:18:35 2019 +0200
tree: 6518520563d23d1f471ba1ccbfe9d99747b52595
parent: 37b5c831b41cd41456caa979f1444234c51e4c51 [diff]
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index f0e4782..99bb063 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h

@@ -186,6 +186,9 @@
  * \retval #PSA_ERROR_ALREADY_EXISTS
  *         There is already a key with the identifier specified in
  *         \p attributes.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         The secure element driver for the specified lifetime does not
+ *         support registering a key.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p attributes specifies a lifetime which is not located
  *         in a secure element.
commit	3efcebbc5e9852082f06590f9325d53cf405e80f	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Oct 01 14:18:35 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Oct 01 14:18:35 2019 +0200
tree	6518520563d23d1f471ba1ccbfe9d99747b52595
parent	37b5c831b41cd41456caa979f1444234c51e4c51 [diff]