commit 354f7671f48945ffa9e68e0a4564e7f16279a152
author Gilles Peskine <Gilles.Peskine@arm.com> Fri Jul 12 23:46:38 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Jul 12 23:46:38 2019 +0200
tree c5d61776727d9c5be007b71d6bc0c1d407145c58
parent cbaff467efd1f81cc09dd81ae10c48e872f32360

SE keys: support destroy

When destroying a key in a secure element, call the driver's destroy
method and update the driver's persistent data in storage.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 93c9ce4..70ef9be 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -939,10 +939,20 @@
     psa_key_slot_t *slot;
     psa_status_t status = PSA_SUCCESS;
     psa_status_t storage_status = PSA_SUCCESS;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    psa_se_drv_table_entry_t *driver;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
     status = psa_get_key_slot( handle, &slot );
     if( status != PSA_SUCCESS )
         return( status );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    driver = psa_get_se_driver_entry( slot->lifetime );
+    if( driver != NULL )
+        status = psa_destroy_se_key( driver, slot->data.se.slot_number );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
     {
@@ -950,6 +960,7 @@
             psa_destroy_persistent_key( slot->persistent_storage_id );
     }
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
     status = psa_wipe_key_slot( slot );
     if( status != PSA_SUCCESS )
         return( status );