mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-04 04:32:24 -05:00
SE keys: save the bit size in storage
For a key in a secure element, save the bit size alongside the slot number. This is a quick-and-dirty implementation where the storage format depends on sizeof(size_t), which is fragile. This should be replaced by a more robust implementation before going into production.
This commit is contained in:
Gilles Peskine
parent
1801740a7c
commit
e60d1d08a4
@ -1538,40 +1538,32 @@ static psa_status_t psa_finish_key_creation(
|
|||||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||||
if( slot->lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
if( slot->lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
||||||
{
|
{
|
||||||
uint8_t *buffer = NULL;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
size_t buffer_size = 0;
|
psa_get_key_slot_attributes( slot, &attributes );
|
||||||
size_t length = 0;
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
if( driver != NULL )
|
if( driver != NULL )
|
||||||
{
|
{
|
||||||
buffer = (uint8_t*) &slot->data.se.slot_number;
|
status = psa_save_persistent_key( &attributes,
|
||||||
length = sizeof( slot->data.se.slot_number );
|
(uint8_t*) &slot->data.se,
|
||||||
|
sizeof( slot->data.se ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
{
|
{
|
||||||
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
|
size_t buffer_size =
|
||||||
psa_get_key_slot_bits( slot ) );
|
PSA_KEY_EXPORT_MAX_SIZE( slot->type,
|
||||||
buffer = mbedtls_calloc( 1, buffer_size );
|
psa_get_key_bits( &attributes ) );
|
||||||
|
uint8_t *buffer = mbedtls_calloc( 1, buffer_size );
|
||||||
|
size_t length = 0;
|
||||||
if( buffer == NULL && buffer_size != 0 )
|
if( buffer == NULL && buffer_size != 0 )
|
||||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||||
status = psa_internal_export_key( slot,
|
status = psa_internal_export_key( slot,
|
||||||
buffer, buffer_size, &length,
|
buffer, buffer_size, &length,
|
||||||
0 );
|
0 );
|
||||||
}
|
if( status == PSA_SUCCESS )
|
||||||
|
status = psa_save_persistent_key( &attributes, buffer, length );
|
||||||
|
|
||||||
if( status == PSA_SUCCESS )
|
|
||||||
{
|
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
||||||
psa_get_key_slot_attributes( slot, &attributes );
|
|
||||||
status = psa_save_persistent_key( &attributes, buffer, length );
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
||||||
if( driver == NULL )
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
|
||||||
{
|
|
||||||
if( buffer_size != 0 )
|
if( buffer_size != 0 )
|
||||||
mbedtls_platform_zeroize( buffer, buffer_size );
|
mbedtls_platform_zeroize( buffer, buffer_size );
|
||||||
mbedtls_free( buffer );
|
mbedtls_free( buffer );
|
||||||
|
|||||||
@ -138,13 +138,12 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
|
|||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
if( psa_key_lifetime_is_external( p_slot->lifetime ) )
|
if( psa_key_lifetime_is_external( p_slot->lifetime ) )
|
||||||
{
|
{
|
||||||
if( key_data_length != sizeof( p_slot->data.se.slot_number ) )
|
if( key_data_length != sizeof( p_slot->data.se ) )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_STORAGE_FAILURE;
|
status = PSA_ERROR_STORAGE_FAILURE;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
memcpy( &p_slot->data.se.slot_number, key_data,
|
memcpy( &p_slot->data.se, key_data, sizeof( p_slot->data.se ) );
|
||||||
sizeof( p_slot->data.se.slot_number ) );
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user