Pass the key creation method to drivers

Pass the key creation method (import/generate/derive/copy) to the driver methods to allocate or validate a slot number. This allows drivers to enforce policies such as "this key slot can only be used for keys generated inside the secure element".
2025-07-30 22:43:08 +03:00 · 2019-08-05 16:44:14 +02:00
parent df17914e01
commit e88c2c1338
5 changed files with 47 additions and 24 deletions
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@ -197,6 +197,7 @@ psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime )

 psa_status_t psa_find_se_slot_for_key(
    const psa_key_attributes_t *attributes,
+    psa_key_creation_method_t method,
    psa_se_drv_table_entry_t *driver,
    psa_key_slot_number_t *slot_number )
 {
@ -220,7 +221,8 @@ psa_status_t psa_find_se_slot_for_key(
            driver->methods->key_management->p_validate_slot_number;
        if( p_validate_slot_number == NULL )
            return( PSA_ERROR_NOT_SUPPORTED );
-        status = p_validate_slot_number( &driver->context, attributes,
+        status = p_validate_slot_number( &driver->context,
+                                         attributes, method,
                                         *slot_number );
    }
    else
@ -233,7 +235,7 @@ psa_status_t psa_find_se_slot_for_key(
            return( PSA_ERROR_NOT_SUPPORTED );
        status = p_allocate( &driver->context,
                             driver->internal.persistent_data,
-                             attributes,
+                             attributes, method,
                             slot_number );
    }
    return( status );