lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Add infrastructure for key attribute flags

Browse Source 
Add infrastructure for internal, external and dual-use flags, with a
compile-time check (if static_assert is available) to ensure that the
same numerical value doesn't get declared for two different purposes
in crypto_struct.h (external or dual-use) and
psa_crypto_core.h (internal).
This commit is contained in:
Gilles Peskine
2019-08-02 19:19:39 +02:00
parent 0c77b0e2f9
commit 91e8c33f48
3 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
library/psa_crypto.c
View File

@ -1408,6 +1408,15 @@ psa_status_t psa_export_public_key( psa_key_handle_t handle,
data_length, 1 ) );
}
#if defined(static_assert)
static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
"One or more key attribute flag is listed as both external-only and dual-use" );
static_assert( ( MBEDTLS_PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
"One or more key attribute flag is listed as both external-only and dual-use" );
static_assert( ( MBEDTLS_PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0,
"One or more key attribute flag is listed as both internal-only and external-only" );
#endif
/** Validate that a key policy is internally well-formed.
*
* This function only rejects invalid policies. It does not validate the
@ -1467,6 +1476,11 @@ static psa_status_t psa_validate_key_attributes(
if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED );
/* Reject invalid flags. These should not be reachable through the API. */
if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
MBEDTLS_PSA_KA_MASK_DUAL_USE ) )
return( PSA_ERROR_INVALID_ARGUMENT );
return( PSA_SUCCESS );
}
@ -1523,6 +1537,10 @@ static psa_status_t psa_start_key_creation(
slot->attr = attributes->core;
/* Erase external-only flags from the internal copy. To access
* external-only flags, query `attributes`. */
slot->attr.flags |= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* For a key in a secure element, we need to do three things:
* create the key file in internal storage, create the