SE driver: report the bit size on key import
Add a parameter to the key import method of a secure element driver to
make it report the key size in bits. This is necessary (otherwise the
core has no idea what the bit-size is), and making import report it is
easier than adding a separate method (for other key creation methods,
this information is an input, not an output).
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 9aebc45..f95eaeb 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -833,14 +833,18 @@
*
* \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Slot where the key will be stored
- * This must be a valid slot for a key of the chosen
- * type. It must be unoccupied.
+ * This must be a valid slot for a key of the
+ * chosen type. It must be unoccupied.
* \param[in] lifetime The required lifetime of the key storage
* \param[in] type Key type (a \c PSA_KEY_TYPE_XXX value)
* \param[in] algorithm Key algorithm (a \c PSA_ALG_XXX value)
* \param[in] usage The allowed uses of the key
* \param[in] p_data Buffer containing the key data
* \param[in] data_length Size of the `data` buffer in bytes
+ * \param[out] bits On success, the key size in bits. The driver
+ * must determine this value after parsing the
+ * key according to the key type.
+ * This value is not used if the function fails.
*
* \retval #PSA_SUCCESS
* Success.
@@ -852,7 +856,8 @@
psa_algorithm_t algorithm,
psa_key_usage_t usage,
const uint8_t *p_data,
- size_t data_length);
+ size_t data_length,
+ size_t *bits);
/**
* \brief A function that destroys a secure element key and restore the slot to
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b3a6f8a..b2e863e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1711,8 +1711,8 @@
psa_get_se_driver_context( driver ),
slot->data.se.slot_number,
slot->lifetime, slot->type, slot->policy.alg, slot->policy.usage,
- data, data_length );
- /* TOnogrepDO: psa_check_key_slot_attributes? */
+ data, data_length,
+ &slot->data.se.bits );
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
@@ -1720,10 +1720,10 @@
status = psa_import_key_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS )
goto exit;
- status = psa_check_key_slot_attributes( slot, attributes );
- if( status != PSA_SUCCESS )
- goto exit;
}
+ status = psa_check_key_slot_attributes( slot, attributes );
+ if( status != PSA_SUCCESS )
+ goto exit;
status = psa_finish_key_creation( slot, driver );
exit:
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index f6b480f..2610582 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -62,7 +62,8 @@
psa_algorithm_t algorithm,
psa_key_usage_t usage,
const uint8_t *p_data,
- size_t data_length )
+ size_t data_length,
+ size_t *bits )
{
(void) context;
(void) slot_number;
@@ -71,7 +72,9 @@
(void) algorithm;
(void) usage;
(void) p_data;
- (void) data_length;
+ /* We're supposed to return a key size. Return one that's correct for
+ * plain data keys. */
+ *bits = PSA_BYTES_TO_BITS( data_length );
return( PSA_SUCCESS );
}
@@ -110,7 +113,8 @@
psa_algorithm_t algorithm,
psa_key_usage_t usage,
const uint8_t *p_data,
- size_t data_length )
+ size_t data_length,
+ size_t *bits )
{
(void) context;
DRIVER_ASSERT( slot_number < ARRAY_LENGTH( ram_slots ) );
@@ -119,6 +123,7 @@
ram_slots[slot_number].lifetime = lifetime;
ram_slots[slot_number].type = type;
ram_slots[slot_number].bits = PSA_BYTES_TO_BITS( data_length );
+ *bits = PSA_BYTES_TO_BITS( data_length );
(void) algorithm;
(void) usage;
memcpy( ram_slots[slot_number].content, p_data, data_length );