Split 'validate persistent key parameters' into independent validation
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a0851c7..aea4924 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1498,16 +1498,15 @@
const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t **p_drv )
{
- psa_status_t status;
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
- {
- status = psa_validate_persistent_key_parameters(
- attributes->core.lifetime, attributes->core.id,
- p_drv, 1 );
- if( status != PSA_SUCCESS )
- return( status );
- }
+ status = psa_validate_key_location( attributes, p_drv );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_validate_key_persistence( attributes );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_validate_key_policy( &attributes->core.policy );
if( status != PSA_SUCCESS )
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 193959a..01fd048 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -183,39 +183,54 @@
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-psa_status_t psa_validate_persistent_key_parameters(
- psa_key_lifetime_t lifetime,
- psa_key_file_id_t id,
- psa_se_drv_table_entry_t **p_drv,
- int creating )
+psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
+ psa_se_drv_table_entry_t **p_drv )
{
- if( p_drv != NULL )
- *p_drv = NULL;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( psa_key_lifetime_is_external( lifetime ) )
+ psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
+ if ( psa_key_lifetime_is_external( lifetime ) )
{
- *p_drv = psa_get_se_driver_entry( lifetime );
- if( *p_drv == NULL )
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime );
+ if( p_drv_e == NULL )
return( PSA_ERROR_INVALID_ARGUMENT );
+ else
+ {
+ if (p_drv != NULL)
+ *p_drv = p_drv_e;
+ return( PSA_SUCCESS );
+ }
+#else
+ (void) p_drv;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
else
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- if( ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
- != PSA_KEY_LOCATION_LOCAL_STORAGE ) ||
- ( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime )
- != PSA_KEY_PERSISTENCE_DEFAULT ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ /* Local/internal keys are always valid */
+ return( PSA_SUCCESS );
+}
+psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes )
+{
+ psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
+
+ if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+ {
+ /* Volatile keys are always supported */
+ return( PSA_SUCCESS );
+ }
+ else
+ {
+ /* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( ! psa_is_key_id_valid( id, ! creating ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- return( PSA_SUCCESS );
-
+ if( psa_is_key_id_valid( psa_get_key_id( attributes ),
+ psa_key_lifetime_is_external( lifetime ) ) )
+ return( PSA_SUCCESS );
+ else
+ return( PSA_ERROR_INVALID_ARGUMENT );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
- (void) id;
- (void) creating;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+ }
}
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
@@ -226,10 +241,8 @@
*handle = 0;
- status = psa_validate_persistent_key_parameters(
- PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ if( ! psa_is_key_id_valid( id, 1 ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index db2aa96..8841284 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -92,38 +92,33 @@
!= PSA_KEY_LOCATION_LOCAL_STORAGE );
}
-/** Test whether the given parameters are acceptable for a persistent key.
+/** Validate that a key's attributes point to a known location.
*
- * This function does not access the storage in any way. It only tests
- * whether the parameters are meaningful and permitted by general policy.
- * It does not test whether the a file by the given id exists or could be
- * created.
+ * This function checks whether the key's attributes point to a location that
+ * is known to the PSA Core, and returns the driver function table if the key
+ * is to be found in an external location.
*
- * If the key is in external storage, this function returns the corresponding
- * driver.
+ * \param[in] attributes The key attributes.
+ * \param[out] p_drv On success, when a key is located in external
+ * storage, returns a pointer to the driver table
+ * associated with the key's storage location.
*
- * \param lifetime The lifetime to test.
- * \param id The key id to test.
- * \param[out] p_drv On output, if \p lifetime designates a key
- * in an external processor, \c *p_drv is a pointer
- * to the driver table entry fot this lifetime.
- * If \p lifetime designates a transparent key,
- * \c *p_drv is \c NULL.
- * \param creating 0 if attempting to open an existing key.
- * Nonzero if attempting to create a key.
- *
- * \retval PSA_SUCCESS
- * The given parameters are valid.
- * \retval PSA_ERROR_INVALID_ARGUMENT
- * \p lifetime is volatile or is invalid.
- * \retval PSA_ERROR_INVALID_ARGUMENT
- * \p id is invalid.
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
*/
-psa_status_t psa_validate_persistent_key_parameters(
- psa_key_lifetime_t lifetime,
- psa_key_file_id_t id,
- psa_se_drv_table_entry_t **p_drv,
- int creating );
+psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
+ psa_se_drv_table_entry_t **p_drv );
+
+/** Validate that a key's persistence is consistent.
+ *
+ * This function checks whether a key's persistence attribute is consistent.
+ *
+ * \param[in] attributes The key attributes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ */
+psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */