yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-04 14:08:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

SE support: Use a transaction when registering a key

Browse source 
When registering a key in a secure element, go through the transaction
mechanism. This makes the code simpler, at the expense of a few extra
storage operations. Given that registering a key is typically very
rare over the lifetime of a device, this is an acceptable loss.

Drivers must now have a p_validate_slot_number method, otherwise
registering a key is not possible. This reduces the risk that due to a
mistake during the integration of a device, an application might claim
a slot in a way that is not supported by the driver.
This commit is contained in:
Gilles Peskine 2019-10-01 14:18:35 +02:00
parent 37b5c831b4
commit 3efcebbc5e
4 changed files with 30 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

3
include/psa/crypto_extra.h
View file

@ -186,6 +186,9 @@ static inline void psa_clear_key_slot_number(
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key with the identifier specified in
* \p attributes.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The secure element driver for the specified lifetime does not
* support registering a key.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p attributes specifies a lifetime which is not located
* in a secure element.