SE keys: store the bit size internally (partial implementation)

gilles-peskine-arm · gilles-peskine-arm · commit 424f89453b27 · 2019-07-29T17:06:06.000+02:00
This commit blindingly copies the size from the attributes. This is
not correct for copy and import.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
@@ -1035,6 +1035,11 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
 /* Return the size of the key in the given slot, in bits. */
 static size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    if( psa_get_se_driver( slot->lifetime, NULL, NULL ) )
+        return( slot->data.se.bits );
+#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */
+
     if( key_type_is_raw_bytes( slot->type ) )
         return( slot->data.raw.bytes * 8 );
 #if defined(MBEDTLS_RSA_C)
@@ -1489,6 +1494,10 @@ static psa_status_t psa_start_key_creation(
             (void) psa_crypto_stop_transaction( );
             return( status );
         }
+
+        /* TOnogrepDO: validate bits. How to do this depends on the key
+         * creation method, so setting bits might not belong here. */
+        slot->data.se.bits = psa_get_key_bits( attributes );
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
@@ -64,6 +64,7 @@ typedef struct
         struct se
         {
             psa_key_slot_number_t slot_number;
+            size_t bits;
         } se;
     } data;
 } psa_key_slot_t;

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ typedef struct`
`64`	`64`	`struct se`
`65`	`65`	`{`
`66`	`66`	`psa_key_slot_number_t slot_number;`
	`67`	`+ size_t bits;`
`67`	`68`	`} se;`
`68`	`69`	`} data;`
`69`	`70`	`} psa_key_slot_t;`