SE keys: store the slot number in the memory slot

library/psa_crypto.c

@@ -363,6 +363,13 @@ static psa_status_t mbedtls_to_psa_error( int ret )
 /* Key management */
 /****************************************************************/
 
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+static inline int psa_key_slot_is_external( const psa_key_slot_t *slot )
+{
+    return( psa_key_lifetime_is_external( slot->lifetime ) );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
 #if defined(MBEDTLS_ECP_C)
 static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
 {
@@ -867,6 +874,13 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
 /** Wipe key data from a slot. Preserve metadata such as the policy. */
 static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    if( psa_key_slot_is_external( slot ) )
+    {
+        /* No key material to clean. */
+    }
+    else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
     if( slot->type == PSA_KEY_TYPE_NONE )
     {
         /* No key material to clean. */

library/psa_crypto_core.h

@@ -29,6 +29,7 @@
 #endif
 
 #include "psa/crypto.h"
+#include "psa/crypto_se_driver.h"
 
 #include "mbedtls/ecp.h"
 #include "mbedtls/rsa.h"
@@ -45,17 +46,25 @@ typedef struct
     unsigned allocated : 1;
     union
     {
+        /* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */
         struct raw_data
         {
             uint8_t *data;
             size_t bytes;
         } raw;
 #if defined(MBEDTLS_RSA_C)
+        /* RSA public key or key pair */
         mbedtls_rsa_context *rsa;
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_ECP_C)
+        /* EC public key or key pair */
         mbedtls_ecp_keypair *ecp;
 #endif /* MBEDTLS_ECP_C */
+        /* Any key type in a secure element */
+        struct se
+        {
+            psa_key_slot_number_t slot_number;
+        } se;
     } data;
 } psa_key_slot_t;