Allow loading wrapped keys even when SE support is compiled in
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7ea2a1a..e0ed35f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2325,34 +2325,45 @@
if( status != PSA_SUCCESS )
goto exit;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( driver != NULL )
+ if( psa_key_lifetime_is_external( psa_get_key_lifetime( attributes ) ) )
{
- const psa_drv_se_t *drv = psa_get_se_driver_methods( driver );
- /* The driver should set the number of key bits, however in
- * case it doesn't, we initialize bits to an invalid value. */
- size_t bits = PSA_MAX_KEY_BITS + 1;
- if( drv->key_management == NULL ||
- drv->key_management->p_import == NULL )
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
{
- status = PSA_ERROR_NOT_SUPPORTED;
+ const psa_drv_se_t *drv = psa_get_se_driver_methods( driver );
+ /* The driver should set the number of key bits, however in
+ * case it doesn't, we initialize bits to an invalid value. */
+ size_t bits = PSA_MAX_KEY_BITS + 1;
+ if( drv->key_management == NULL ||
+ drv->key_management->p_import == NULL )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = drv->key_management->p_import(
+ psa_get_se_driver_context( driver ),
+ slot->data.se.slot_number, attributes, data, data_length,
+ &bits );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ if( bits > PSA_MAX_KEY_BITS )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ slot->attr.bits = (psa_key_bits_t) bits;
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ /* Importing a key with external lifetime through the driver wrapper
+ * interface is not yet supported. Return as if this was an invalid
+ * lifetime. */
+ status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = drv->key_management->p_import(
- psa_get_se_driver_context( driver ),
- slot->data.se.slot_number, attributes, data, data_length,
- &bits );
- if( status != PSA_SUCCESS )
- goto exit;
- if( bits > PSA_MAX_KEY_BITS )
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
- slot->attr.bits = (psa_key_bits_t) bits;
}
else
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
status = psa_import_key_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS )
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 4c4ad03..f30b75a 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -247,25 +247,42 @@
if( status != PSA_SUCCESS )
goto exit;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_lifetime_is_external( slot->attr.lifetime ) )
{
- psa_se_key_data_storage_t *data;
- if( key_data_length != sizeof( *data ) )
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ const psa_drv_se_t *drv;
+ psa_drv_se_context_t *drv_context;
+ if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
{
- status = PSA_ERROR_STORAGE_FAILURE;
- goto exit;
+ psa_se_key_data_storage_t *data;
+ if( key_data_length != sizeof( *data ) )
+ {
+ status = PSA_ERROR_STORAGE_FAILURE;
+ goto exit;
+ }
+ data = (psa_se_key_data_storage_t *) key_data;
+ memcpy( &slot->data.se.slot_number, &data->slot_number,
+ sizeof( slot->data.se.slot_number ) );
}
- data = (psa_se_key_data_storage_t *) key_data;
- memcpy( &slot->data.se.slot_number, &data->slot_number,
- sizeof( slot->data.se.slot_number ) );
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ /* A key that is successfully loaded from storage with an
+ * external lifetime, but doesn't belong to an SE driver,
+ * must be a PSA driver-associated key which we can just
+ * load like an internal key. */
+ if ( key_data == NULL )
+ {
+ status = PSA_ERROR_STORAGE_FAILURE;
+ goto exit;
+ }
+
+ status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
+ }
}
else
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
- if( status != PSA_SUCCESS )
- goto exit;
}
exit:
@@ -345,7 +362,14 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
if( driver == NULL )
+ {
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
+ /* Key location for external keys gets checked by the wrapper */
+ return( PSA_SUCCESS );
+#else
return( PSA_ERROR_INVALID_ARGUMENT );
+#endif
+ }
else
{
if (p_drv != NULL)
@@ -354,7 +378,12 @@
}
#else
(void) p_drv;
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
+ /* Key location for external keys gets checked by the wrapper */
+ return( PSA_SUCCESS );
+#else
return( PSA_ERROR_INVALID_ARGUMENT );
+#endif
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
else