psa: Move key identifier return to psa_finish_key_creation()
Move the return of the identifier of a created key from
psa_start_key_creation() to psa_finish_key_creation().
That way in case of creation error, it is less likely to
return the identifier that was temporarily assigned to
the key while trying to create it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ac525d5..41a2263 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1911,9 +1911,6 @@
*
* \param method An identification of the calling function.
* \param[in] attributes Key attributes for the new key.
- * \param[out] key On success, identifier of the key. Note that the
- * key identifier is also stored in the prepared
- * slot.
* \param[out] p_slot On success, a pointer to the prepared slot.
* \param[out] p_drv On any return, the driver for the key, if any.
* NULL for a transparent key.
@@ -1926,7 +1923,6 @@
static psa_status_t psa_start_key_creation(
psa_key_creation_method_t method,
const psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t *key,
psa_key_slot_t **p_slot,
psa_se_drv_table_entry_t **p_drv )
{
@@ -2018,7 +2014,6 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- *key = slot->attr.id;
return( PSA_SUCCESS );
}
@@ -2037,6 +2032,8 @@
* \param[in,out] slot Pointer to the slot with key material.
* \param[in] driver The secure element driver for the key,
* or NULL for a transparent key.
+ * \param[out] key On success, identifier of the key. Note that the
+ * key identifier is also stored in the key slot.
*
* \retval #PSA_SUCCESS
* The key was successfully created.
@@ -2045,7 +2042,8 @@
*/
static psa_status_t psa_finish_key_creation(
psa_key_slot_t *slot,
- psa_se_drv_table_entry_t *driver )
+ psa_se_drv_table_entry_t *driver,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status = PSA_SUCCESS;
(void) slot;
@@ -2101,7 +2099,12 @@
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( status == PSA_SUCCESS )
+ {
+ *key = slot->attr.id;
status = psa_decrement_key_slot_access_count( slot );
+ if( status != PSA_SUCCESS )
+ *key = MBEDTLS_SVC_KEY_ID_INIT;
+ }
return( status );
}
@@ -2228,6 +2231,8 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ *key = MBEDTLS_SVC_KEY_ID_INIT;
+
/* Reject zero-length symmetric keys (including raw data key objects).
* This also rejects any key which might be encoded as an empty string,
* which is never valid. */
@@ -2235,7 +2240,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
- key, &slot, &driver );
+ &slot, &driver );
if( status != PSA_SUCCESS )
goto exit;
@@ -2276,13 +2281,10 @@
if( status != PSA_SUCCESS )
goto exit;
- status = psa_finish_key_creation( slot, driver );
+ status = psa_finish_key_creation( slot, driver, key );
exit:
if( status != PSA_SUCCESS )
- {
psa_fail_key_creation( slot, driver );
- *key = MBEDTLS_SVC_KEY_ID_INIT;
- }
return( status );
}
@@ -2306,11 +2308,11 @@
return( PSA_ERROR_NOT_SUPPORTED );
status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
- &key, &slot, &driver );
+ &slot, &driver );
if( status != PSA_SUCCESS )
goto exit;
- status = psa_finish_key_creation( slot, driver );
+ status = psa_finish_key_creation( slot, driver, &key );
exit:
if( status != PSA_SUCCESS )
@@ -2348,6 +2350,8 @@
psa_key_attributes_t actual_attributes = *specified_attributes;
psa_se_drv_table_entry_t *driver = NULL;
+ *target_key = MBEDTLS_SVC_KEY_ID_INIT;
+
status = psa_get_transparent_key( source_key, &source_slot,
PSA_KEY_USAGE_COPY, 0 );
if( status != PSA_SUCCESS )
@@ -2363,9 +2367,8 @@
if( status != PSA_SUCCESS )
goto exit;
- status = psa_start_key_creation( PSA_KEY_CREATION_COPY,
- &actual_attributes,
- target_key, &target_slot, &driver );
+ status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes,
+ &target_slot, &driver );
if( status != PSA_SUCCESS )
goto exit;
@@ -2382,13 +2385,10 @@
if( status != PSA_SUCCESS )
goto exit;
- status = psa_finish_key_creation( target_slot, driver );
+ status = psa_finish_key_creation( target_slot, driver, target_key );
exit:
if( status != PSA_SUCCESS )
- {
psa_fail_key_creation( target_slot, driver );
- *target_key = MBEDTLS_SVC_KEY_ID_INIT;
- }
decrement_status = psa_decrement_key_slot_access_count( source_slot );
@@ -5516,6 +5516,8 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ *key = MBEDTLS_SVC_KEY_ID_INIT;
+
/* Reject any attempt to create a zero-length key so that we don't
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
if( psa_get_key_bits( attributes ) == 0 )
@@ -5524,8 +5526,8 @@
if( ! operation->can_output_key )
return( PSA_ERROR_NOT_PERMITTED );
- status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
- attributes, key, &slot, &driver );
+ status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes,
+ &slot, &driver );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
@@ -5540,12 +5542,9 @@
operation );
}
if( status == PSA_SUCCESS )
- status = psa_finish_key_creation( slot, driver );
+ status = psa_finish_key_creation( slot, driver, key );
if( status != PSA_SUCCESS )
- {
psa_fail_key_creation( slot, driver );
- *key = MBEDTLS_SVC_KEY_ID_INIT;
- }
return( status );
}
@@ -6374,13 +6373,15 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ *key = MBEDTLS_SVC_KEY_ID_INIT;
+
/* Reject any attempt to create a zero-length key so that we don't
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
if( psa_get_key_bits( attributes ) == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
- attributes, key, &slot, &driver );
+ status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
+ &slot, &driver );
if( status != PSA_SUCCESS )
goto exit;
@@ -6396,12 +6397,9 @@
exit:
if( status == PSA_SUCCESS )
- status = psa_finish_key_creation( slot, driver );
+ status = psa_finish_key_creation( slot, driver, key );
if( status != PSA_SUCCESS )
- {
psa_fail_key_creation( slot, driver );
- *key = MBEDTLS_SVC_KEY_ID_INIT;
- }
return( status );
}