Prevent mbedtls_psa_register_se_key with volatile keys mbedtls_psa_register_se_key() is not usable with volatile keys, since there is no way to return the implementation-chosen key identifier which would be needed to use the key. Document this limitation. Reject an attempt to create such an unusable key. Fixes #9253. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 37a4fcc5b4b22d39c78e2bcd82c994e3b4629762 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 13 16:06:45 2024 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Aug 07 11:17:32 2024 +0200
tree: 53c2154701e9c575aa39268a6315e10bec990225
parent: f555a4e26f9909322e0cb382c5133ee403c9d674 [diff] [blame]
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index a2d547f..5096748 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h

@@ -130,6 +130,9 @@
  *
  * \param[out] attributes  The attribute structure to write to.
  * \param key              The persistent identifier for the key.
+ *                         This can be any value in the range from
+ *                         #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX
+ *                         inclusive.
  */
 static void psa_set_key_id(psa_key_attributes_t *attributes,
                            mbedtls_svc_key_id_t key);
commit	37a4fcc5b4b22d39c78e2bcd82c994e3b4629762	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 13 16:06:45 2024 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Aug 07 11:17:32 2024 +0200
tree	53c2154701e9c575aa39268a6315e10bec990225
parent	f555a4e26f9909322e0cb382c5133ee403c9d674 [diff] [blame]