psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fccb800..c35b2a6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1104,27 +1104,40 @@
else if( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
{
/* Try validation through accelerators first. */
- bit_size = slot->attr.bits;
psa_key_attributes_t attributes = {
.core = slot->attr
};
- status = psa_driver_wrapper_validate_key( &attributes,
- data,
- data_length,
- &bit_size );
+
+ status = psa_allocate_buffer_to_slot( slot, data_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ bit_size = slot->attr.bits;
+ status = psa_driver_wrapper_import_key( &attributes,
+ data, data_length,
+ slot->key.data,
+ slot->key.bytes,
+ &slot->key.bytes,
+ &bit_size );
if( status == PSA_SUCCESS )
{
- /* Key has been validated successfully by an accelerator.
- * Copy key material into slot. */
- status = psa_copy_key_material_into_slot( slot, data, data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ if( slot->attr.bits == 0 )
+ slot->attr.bits = (psa_key_bits_t) bit_size;
+ else if( bit_size != slot->attr.bits )
+ return( PSA_ERROR_INVALID_ARGUMENT );
- slot->attr.bits = (psa_key_bits_t) bit_size;
return( PSA_SUCCESS );
}
- else if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
+ else
+ {
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+
+ mbedtls_platform_zeroize( slot->key.data, data_length );
+ mbedtls_free( slot->key.data );
+ slot->key.data = NULL;
+ slot->key.bytes = 0;
/* Key format is not supported by any accelerator, try software fallback
* if present. */