commit e88c2c1338e57cfae2c793eab111860e01c77edc
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Aug 05 16:44:14 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Aug 09 14:59:31 2019 +0200
tree 2fcedb27f79e3ee8f7a387420936bfad1ccd6bf9
parent df17914e01f923dd1c32c9e6067ca46cd4d8e1cd

Pass the key creation method to drivers

Pass the key creation method (import/generate/derive/copy) to the
driver methods to allocate or validate a slot number. This allows
drivers to enforce policies such as "this key slot can only be used
for keys generated inside the secure element".

library/psa_crypto_se.c

diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index ca38e20..523c621 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -197,6 +197,7 @@
 
 psa_status_t psa_find_se_slot_for_key(
     const psa_key_attributes_t *attributes,
+    psa_key_creation_method_t method,
     psa_se_drv_table_entry_t *driver,
     psa_key_slot_number_t *slot_number )
 {
@@ -220,7 +221,8 @@
             driver->methods->key_management->p_validate_slot_number;
         if( p_validate_slot_number == NULL )
             return( PSA_ERROR_NOT_SUPPORTED );
-        status = p_validate_slot_number( &driver->context, attributes,
+        status = p_validate_slot_number( &driver->context,
+                                         attributes, method,
                                          *slot_number );
     }
     else
@@ -233,7 +235,7 @@
             return( PSA_ERROR_NOT_SUPPORTED );
         status = p_allocate( &driver->context,
                              driver->internal.persistent_data,
-                             attributes,
+                             attributes, method,
                              slot_number );
     }
     return( status );