Move key buffer allocation out of psa_generate_key_internal()
Preparatory commit to eventually change
psa_generate_key_internal() signature to that of
a PSA driver generate_key entry point.
To be able to change the signature, the buffer to
store the generated key has to be allocated before
the call to psa_generate_key_internal().
This commit moves the allocation and clean-up in
case of error of the buffer to store the generated
key from psa_generate_key_internal() to
psa_generate_key().
This has the nice benefit of factorizing the key
buffer allocation and clean-up.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ab50d53..4fca808 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6049,21 +6049,12 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = slot->attr.type;
- size_t key_buffer_size;
if( domain_parameters == NULL && domain_parameters_size != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_get_key_buffer_size( slot->attr.type, bits, &key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
-
if( key_type_is_raw_bytes( type ) )
{
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
-
status = psa_generate_random( slot->key.data,
slot->key.bytes );
if( status != PSA_SUCCESS )
@@ -6089,6 +6080,7 @@
&exponent );
if( status != PSA_SUCCESS )
return( status );
+
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
ret = mbedtls_rsa_gen_key( &rsa,
mbedtls_psa_get_random,
@@ -6098,21 +6090,13 @@
if( ret != 0 )
return( mbedtls_to_psa_error( ret ) );
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
- {
- mbedtls_rsa_free( &rsa );
- return( status );
- }
-
status = mbedtls_psa_rsa_export_key( type,
&rsa,
slot->key.data,
slot->key.bytes,
&slot->key.bytes );
mbedtls_rsa_free( &rsa );
- if( status != PSA_SUCCESS )
- psa_remove_key_data_from_memory( slot );
+
return( status );
}
else
@@ -6142,23 +6126,11 @@
return( mbedtls_to_psa_error( ret ) );
}
-
- /* Make sure to always have an export representation available */
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
- {
- mbedtls_ecp_keypair_free( &ecp );
- return( status );
- }
-
status = mbedtls_to_psa_error(
mbedtls_ecp_write_key( &ecp, slot->key.data, slot->key.bytes ) );
mbedtls_ecp_keypair_free( &ecp );
- if( status != PSA_SUCCESS ) {
- memset( slot->key.data, 0, slot->key.bytes );
- psa_remove_key_data_from_memory( slot );
- }
+
return( status );
}
else
@@ -6176,6 +6148,7 @@
psa_status_t status;
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ size_t key_buffer_size;
*key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -6195,10 +6168,23 @@
psa_key_lifetime_is_external( attributes->core.lifetime ) )
goto exit;
+ status = psa_get_key_buffer_size( attributes->core.type,
+ attributes->core.bits,
+ &key_buffer_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
status = psa_generate_key_internal(
slot, attributes->core.bits,
attributes->domain_parameters, attributes->domain_parameters_size );
+ if( status != PSA_SUCCESS )
+ psa_remove_key_data_from_memory( slot );
+
exit:
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( slot, driver, key );