diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2a4369aeb1..10b55b8a9a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1575,7 +1575,7 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_export_key_internal( &attributes, + status = psa_driver_wrapper_export_key( &attributes, slot->key.data, slot->key.bytes, data, data_size, data_length ); @@ -1593,8 +1593,8 @@ psa_status_t psa_export_public_key_internal( size_t data_size, size_t *data_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = attributes->core.type; - psa_key_lifetime_t lifetime = attributes->core.lifetime; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -1625,16 +1625,6 @@ psa_status_t psa_export_public_key_internal( data, data_size, data_length ) ); } - /* Need to export the public part of a private key, - * so conversion is needed. Try the accelerators first. */ - psa_status_t status = psa_driver_wrapper_export_public_key( - attributes, key_buffer, key_buffer_size, - data, data_size, data_length ); - - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( lifetime ) ) - return( status ); - if( PSA_KEY_TYPE_IS_RSA( type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ @@ -1740,7 +1730,7 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_export_public_key_internal( + status = psa_driver_wrapper_export_public_key( &attributes, slot->key.data, slot->key.bytes, data, data_size, data_length ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index a58967a1d0..766cf108ad 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -444,13 +444,50 @@ psa_status_t psa_driver_wrapper_import_key( #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } +psa_status_t psa_driver_wrapper_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length ) + +{ + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( + psa_get_key_lifetime( attributes ) ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + return( psa_export_key_internal( attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length ) ); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_export_key( attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +} + psa_status_t psa_driver_wrapper_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) { -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); @@ -460,6 +497,7 @@ psa_status_t psa_driver_wrapper_export_public_key( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_export_public_key( attributes, key_buffer, @@ -471,9 +509,17 @@ psa_status_t psa_driver_wrapper_export_public_key( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( psa_export_public_key_internal( attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_export_public_key( attributes, @@ -483,19 +529,11 @@ psa_status_t psa_driver_wrapper_export_public_key( data_size, data_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ return( status ); } -#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) data; - (void) data_size; - (void) data_length; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } /* diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index fb32b8d14d..27d8b64eac 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -53,6 +53,11 @@ psa_status_t psa_driver_wrapper_import_key( uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); +psa_status_t psa_driver_wrapper_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length ); + psa_status_t psa_driver_wrapper_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 7811fb439d..9d51758151 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -58,6 +58,11 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); +psa_status_t test_opaque_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + psa_status_t test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index ab3210b71c..76d2b3fee3 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -252,6 +252,19 @@ ecp_exit: * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } +psa_status_t test_opaque_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} psa_status_t test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length,