static CK_RV prvSaveDerKeyToPal()

in source/portable/mbedtls/core_pkcs11_mbedtls.c [1242:1351]

• 91 lines of code
• 15 McCabe index (conditional complexity)

static CK_RV prvSaveDerKeyToPal( mbedtls_pk_context * pxMbedContext,
                                 CK_OBJECT_HANDLE_PTR pxObject,
                                 CK_ATTRIBUTE * pxLabel,
                                 CK_KEY_TYPE xKeyType,
                                 CK_BBOOL xIsPrivate )
{
    CK_RV xResult = CKR_OK;
    CK_BYTE_PTR pxDerKey = NULL;
    int32_t lDerKeyLength = 0;
    uint32_t ulActualKeyLength = 0;
    CK_OBJECT_HANDLE xPalHandle = CK_INVALID_HANDLE;
    uint32_t ulDerBufSize = 0;

    /* See explanation in prvCheckValidSessionAndModule for this exception. */
    /* coverity[misra_c_2012_rule_10_5_violation] */
    if( xIsPrivate == ( CK_BBOOL ) CK_TRUE )
    {
        LogDebug( ( "Key was private type." ) );

        if( xKeyType == CKK_EC )
        {
            LogDebug( ( "Received EC key type." ) );
            ulDerBufSize = pkcs11_MAX_EC_PRIVATE_KEY_DER_SIZE;
        }
        else
        {
            LogDebug( ( "Received RSA key type." ) );
            ulDerBufSize = pkcs11_MAX_PRIVATE_KEY_DER_SIZE;
        }
    }
    else
    {
        LogDebug( ( "Key was public type." ) );

        if( xKeyType == CKK_EC )
        {
            LogDebug( ( "Received EC key type." ) );
            ulDerBufSize = pkcs11_MAX_EC_PUBLIC_KEY_DER_SIZE;
        }
        else
        {
            LogDebug( ( "Received RSA key type." ) );
            ulDerBufSize = pkcs11_PUBLIC_RSA_2048_DER_SIZE;
        }
    }

    LogDebug( ( "Allocating a %lu bytes sized buffer to write the key to.", ( unsigned long int ) ulDerBufSize ) );
    pxDerKey = mbedtls_calloc( 1, ulDerBufSize );

    if( pxDerKey == NULL )
    {
        LogError( ( "Failed saving DER formatted key to flash. Failed to malloc a buffer to contain the key for the mbed TLS context." ) );
        xResult = CKR_HOST_MEMORY;
    }
    else
    {
        /* See explanation in prvCheckValidSessionAndModule for this exception. */
        /* coverity[misra_c_2012_rule_10_5_violation] */
        if( xIsPrivate == ( CK_BBOOL ) CK_TRUE )
        {
            lDerKeyLength = mbedtls_pk_write_key_der( pxMbedContext, pxDerKey, ulDerBufSize );
        }
        else
        {
            lDerKeyLength = mbedtls_pk_write_pubkey_der( pxMbedContext, pxDerKey, ulDerBufSize );
        }
    }

    if( lDerKeyLength < 0 )
    {
        LogError( ( "Failed saving DER formatted key to flash. mbed TLS pk_write failed: mbed TLS error = %s : %s.",
                    mbedtlsHighLevelCodeOrDefault( lDerKeyLength ),
                    mbedtlsLowLevelCodeOrDefault( lDerKeyLength ) ) );
        xResult = CKR_FUNCTION_FAILED;
    }
    else
    {
        /* Cast to unsigned int as the result was not negative. */
        ulActualKeyLength = ( uint32_t ) lDerKeyLength;
    }

    /* See explanation in prvCheckValidSessionAndModule for this exception. */
    /* coverity[misra_c_2012_rule_10_5_violation] */
    if( ( xResult == CKR_OK ) && ( xIsPrivate == ( CK_BBOOL ) CK_TRUE ) && ( xKeyType == CKK_EC ) )
    {
        xResult = prvAppendEmptyECDerKey( pxDerKey, ulDerBufSize, lDerKeyLength, &ulActualKeyLength );
    }

    if( ( xResult == CKR_OK ) && ( lDerKeyLength > 0 ) && ( ( uint32_t ) lDerKeyLength < ulDerBufSize ) )
    {
        xPalHandle = PKCS11_PAL_SaveObject( pxLabel,
                                            pxDerKey + ( ulDerBufSize - ( uint32_t ) lDerKeyLength ),
                                            ulActualKeyLength );

        if( xPalHandle == CK_INVALID_HANDLE )
        {
            LogError( ( "Failed saving DER formatted key to flash. Failed to write DER formatted key to the PKCS #11 PAL." ) );
            xResult = CKR_DEVICE_MEMORY;
        }
    }

    if( xResult == CKR_OK )
    {
        xResult = prvAddObjectToList( xPalHandle, pxObject, pxLabel->pValue, pxLabel->ulValueLen );
    }

    mbedtls_free( pxDerKey );

    return xResult;
}