psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fccb800..c35b2a6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1104,27 +1104,40 @@
else if( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
{
/* Try validation through accelerators first. */
- bit_size = slot->attr.bits;
psa_key_attributes_t attributes = {
.core = slot->attr
};
- status = psa_driver_wrapper_validate_key( &attributes,
- data,
- data_length,
- &bit_size );
+
+ status = psa_allocate_buffer_to_slot( slot, data_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ bit_size = slot->attr.bits;
+ status = psa_driver_wrapper_import_key( &attributes,
+ data, data_length,
+ slot->key.data,
+ slot->key.bytes,
+ &slot->key.bytes,
+ &bit_size );
if( status == PSA_SUCCESS )
{
- /* Key has been validated successfully by an accelerator.
- * Copy key material into slot. */
- status = psa_copy_key_material_into_slot( slot, data, data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ if( slot->attr.bits == 0 )
+ slot->attr.bits = (psa_key_bits_t) bit_size;
+ else if( bit_size != slot->attr.bits )
+ return( PSA_ERROR_INVALID_ARGUMENT );
- slot->attr.bits = (psa_key_bits_t) bit_size;
return( PSA_SUCCESS );
}
- else if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ else
+ {
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+
+ mbedtls_platform_zeroize( slot->key.data, data_length );
+ mbedtls_free( slot->key.data );
+ slot->key.data = NULL;
+ slot->key.bytes = 0;
/* Key format is not supported by any accelerator, try software fallback
* if present. */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 2d43383..0562756 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -409,19 +409,23 @@
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
-psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits )
+psa_status_t psa_driver_wrapper_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits )
{
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators in turn */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_validate_key( attributes,
- data,
- data_length,
- bits );
+ status = test_transparent_import_key( attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -432,6 +436,9 @@
(void) attributes;
(void) data;
(void) data_length;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_buffer_length;
(void) bits;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 6b51437..4c6cce9 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -50,10 +50,11 @@
psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot );
-psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits );
+psa_status_t psa_driver_wrapper_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data, size_t data_length,
+ uint8_t *key_buffer, size_t key_buffer_size,
+ size_t *key_buffer_length, size_t *bits );
psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
uint8_t *data,
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 90f8c58..7811fb4 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -58,12 +58,6 @@
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
-psa_status_t test_transparent_validate_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits);
-
psa_status_t test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@@ -74,5 +68,14 @@
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
+psa_status_t test_transparent_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits);
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
index 00d2b45..ab3210b 100644
--- a/tests/src/drivers/key_management.c
+++ b/tests/src/drivers/key_management.c
@@ -137,11 +137,14 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_transparent_validate_key(
+psa_status_t test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
- size_t *bits )
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits)
{
++test_driver_key_management_hooks.hits;