fixup! fixup! fixup! fixup! fixup! fixup! fixup! sys/psa_crypto: ed25…

…519 private key {ex,im}port explicitly restrict psa_key_export() to ed25519
RIOT-OS · Apr 3, 2024 · ecfcf76 · ecfcf76
1 parent c83a919
commit ecfcf76
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c
@@ -1289,8 +1289,24 @@ psa_status_t psa_export_key(psa_key_id_t key,
 
     psa_key_lifetime_t lifetime = psa_get_key_lifetime(&slot->attr);
     if (psa_key_lifetime_is_external(lifetime)) {
-        // key export from an external device is currently not supported
-        return PSA_ERROR_NOT_SUPPORTED;
+        /* key export from an external device is currently not supported */
+        status = PSA_ERROR_NOT_SUPPORTED;
+        unlock_status = psa_unlock_key_slot(slot);
+        if (unlock_status != PSA_SUCCESS) {
+            status = unlock_status;
+        }
+        return status;
+    }
+
+    if (!PSA_KEY_TYPE_IS_ECC(slot->attr.type) ||
+            PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type) != PSA_ECC_FAMILY_TWISTED_EDWARDS) {
+        /* key export is currently only supported for ed25519 keys */
+        status = PSA_ERROR_NOT_SUPPORTED;
+        unlock_status = psa_unlock_key_slot(slot);
+        if (unlock_status != PSA_SUCCESS) {
+            status = unlock_status;
+        }
+        return status;
     }
 
     psa_get_key_data_from_key_slot(slot, &privkey_data, &privkey_data_len);