diff options
| author | Gilles Peskine <Gilles.Peskine@arm.com> | 2024-02-14 23:07:33 +0100 |
|---|---|---|
| committer | Gilles Peskine <Gilles.Peskine@arm.com> | 2024-02-15 11:57:48 +0100 |
| commit | 69f11c8dfb9c5338fd05e5c1f2d872f295cce9ea (patch) | |
| tree | 18a1e3e098867f409dfda37a80cd594948af6fb2 /scripts | |
| parent | c81393b2ed29f95648ee77698490a597a1362ca6 (diff) | |
| download | mbedtls-69f11c8dfb9c5338fd05e5c1f2d872f295cce9ea.zip mbedtls-69f11c8dfb9c5338fd05e5c1f2d872f295cce9ea.tar.gz mbedtls-69f11c8dfb9c5338fd05e5c1f2d872f295cce9ea.tar.bz2 | |
generate key ext: skip driver invocation with non-default method
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():
* Invoke the built-in code if using a non-default method, even if there
might be an accelerator. This is ok because we only support non-default
methods for RSA and we don't support driver-only RSA, therefore a
non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
driver.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index b1a952b..10843c3 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -738,8 +738,18 @@ static inline psa_status_t psa_driver_wrapper_generate_key( psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); - /* TODO: if method is non-default, we need a driver that supports - * passing a method. */ +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) + int is_default_method = + psa_key_generation_method_is_default(method, method_data_length); + if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_method ) + { + /* We don't support passing a custom method to drivers yet. */ + return PSA_ERROR_NOT_SUPPORTED; + } +#else + int is_default_method = 1; + (void) is_default_method; +#endif /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -766,8 +776,10 @@ static inline psa_status_t psa_driver_wrapper_generate_key( { case PSA_KEY_LOCATION_LOCAL_STORAGE: #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - /* Transparent drivers are limited to generating asymmetric keys */ - if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) + /* Transparent drivers are limited to generating asymmetric keys. */ + /* We don't support passing a custom method to drivers yet. */ + if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) && + is_default_method ) { /* Cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) |