Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes

Check unused attributes in import and copy
2019-05-13 11:48:40 +01:00 · 2019-05-13 11:48:40 +01:00 · 1fe90fab30
commit 1fe90fab30
parent d22b6c4f89 4a6446482a
4 changed files with 205 additions and 68 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@ -583,9 +583,10 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
 * according to a different format.
 *
 * \param[in] attributes    The attributes for the new key.
- *                          The key size field in \p attributes is
- *                          ignored; the actual key size is determined
- *                          from the \p data buffer.
+ *                          The key size is always determined from the
+ *                          \p data buffer.
+ *                          If the key size in \p attributes is nonzero,
+ *                          it must be equal to the size from \p data.
 * \param[out] handle       On success, a handle to the newly created key.
 *                          \c 0 on failure.
 * \param[in] data    Buffer containing the key data. The content of this
@ -612,8 +613,12 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
 *         The key type or key size is not supported, either by the
 *         implementation in general or in this particular persistent location.
 * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key attributes, as a whole, are invalid,
- *         or the key data is not correctly formatted.
+ *         The key attributes, as a whole, are invalid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The key data is not correctly formatted.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The size in \p attributes is nonzero and does not match the size
+ *         of the key data.
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
 * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@ -859,9 +864,12 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
 *                          occupied slot.
 * \param[in] attributes    The attributes for the new key.
 *                          They are used as follows:
- *                          - The key type, key size and domain parameters
- *                            are ignored. This information is copied
- *                            from the source key.
+ *                          - The key type and size may be 0. If either is
+ *                            nonzero, it must match the corresponding
+ *                            attribute of the source key.
+ *                          - If \p attributes contains domain parameters,
+ *                            they must match the domain parameters of
+ *                            the source key.
 *                          - The key location (the lifetime and, for
 *                            persistent keys, the key identifier) is
 *                            used directly.
@ -884,6 +892,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
 * \retval #PSA_ERROR_INVALID_ARGUMENT
 *         The policy constraints on the source and specified in
 *         \p attributes are incompatible.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p attributes specifies a key type, domain parameters or key size
+ *         which does not match the attributes of the source key.
 * \retval #PSA_ERROR_NOT_PERMITTED
 *         The source key is not exportable and its lifetime does not
 *         allow copying it to the target's lifetime.