lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

SE support: Use a transaction when registering a key

Browse Source 
When registering a key in a secure element, go through the transaction
mechanism. This makes the code simpler, at the expense of a few extra
storage operations. Given that registering a key is typically very
rare over the lifetime of a device, this is an acceptable loss.

Drivers must now have a p_validate_slot_number method, otherwise
registering a key is not possible. This reduces the risk that due to a
mistake during the integration of a device, an application might claim
a slot in a way that is not supported by the driver.
This commit is contained in:
Gilles Peskine
2019-10-01 14:18:35 +02:00
parent 37b5c831b4
commit 3efcebbc5e
4 changed files with 30 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/psa/crypto_extra.h
View File

@ -186,6 +186,9 @@ static inline void psa_clear_key_slot_number(
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key with the identifier specified in
* \p attributes.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The secure element driver for the specified lifetime does not
* support registering a key.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p attributes specifies a lifetime which is not located
* in a secure element.