lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

psa: Use psa_key_file_id_t as the key id type

Browse Source 
The purpose of this commit and the following is for
psa_key_id_t to always be as defined by the PSA
Cryptography API specification.

Currently psa_key_id_t departs from its specification
definition when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration flag is set. In that configuration, it is set
to be equal to psa_key_file_id_t which in that configuration
encodes an owner identifier along the key identifier.

Type psa_key_file_id_t was meant to be the key identifier type
used throughout the library code. If
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set it
includes both a key and owner identifier, otherwise it is
equal to psa_key_id_t.

It has not been the key identifier type throughout the
library so far because when the PSA Cryptography
specification was developped the library Doxygen
documentation was used to generate the PSA Cryptography API
specification thus the need to use psa_key_id_t and not
psa_key_file_id_t.

As this constraint does not hold anymore, move
to psa_key_file_id_t as the key identifier type throughout
the library code.

By the way, this commit updates the key identifier
initialization in the tests to be compatible with a
composit key identifier. A psa_key_id_make()
inline function is introduced to initialize key
identifiers (composit ot not) at runtime.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2020-07-23 12:30:41 +02:00
parent 80b95101a9
commit 27238fcbd8
13 changed files with 96 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/psa_crypto_se.h
View File

@ -45,13 +45,13 @@
/** The base of the range of ITS file identifiers for secure element
* driver persistent data.
*
* We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
* We use a slice of the implementation reserved range 0xffff0000..0xffffffff,
* specifically the range 0xfffffe00..0xfffffeff. The length of this range
* drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is
* actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
* which doesn't have a driver.
*/
#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_app_key_id_t) 0xfffffe00 )
/** The maximum number of registered secure element driver locations. */
#define PSA_MAX_SE_DRIVERS 4

14
library/psa_crypto_slot_management.c
View File

@ -204,7 +204,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
}
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
psa_key_id_t key_id )
psa_key_file_id_t key )
{
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
@ -215,19 +215,19 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( psa_is_key_id_valid( key_id,
if( psa_is_key_id_valid( key,
psa_key_lifetime_is_external( lifetime ) ) )
return( PSA_SUCCESS );
else
return( PSA_ERROR_INVALID_ARGUMENT );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) key_id;
(void) key;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
}
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
psa_status_t psa_open_key( psa_key_file_id_t key, psa_key_handle_t *handle )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
@ -235,7 +235,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
*handle = 0;
if( ! psa_is_key_id_valid( id, 1 ) )
if( ! psa_is_key_id_valid( key, 1 ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( handle, &slot );
@ -243,7 +243,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
return( status );
slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
slot->attr.id = id;
slot->attr.id = key;
status = psa_load_persistent_key_into_slot( slot );
if( status != PSA_SUCCESS )
@ -254,7 +254,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
return( status );
#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
(void) id;
(void) key;
*handle = 0;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */

6
library/psa_crypto_slot_management.h
View File

@ -113,14 +113,14 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
* This function checks whether a key's declared persistence level and key ID
* attributes are valid and known to the PSA Core in its actual configuration.
*
* \param[in] lifetime The key lifetime attribute.
* \param[in] key_id The key ID attribute
* \param[in] lifetime The key lifetime attribute.
* \param[in] key The key identifier.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
psa_key_id_t key_id );
psa_key_file_id_t key );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */

2
library/psa_crypto_storage.c
View File

@ -394,7 +394,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
psa_key_id_t key = attr->id;
psa_key_file_id_t key = attr->id;
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
if( status != PSA_SUCCESS )

4
library/psa_crypto_storage.h
View File

@ -292,7 +292,7 @@ typedef union
uint16_t unused1;
psa_key_lifetime_t lifetime;
psa_key_slot_number_t slot;
psa_key_id_t id;
psa_key_file_id_t id;
} key;
} psa_crypto_transaction_t;
@ -361,7 +361,7 @@ psa_status_t psa_crypto_stop_transaction( void );
*
* 0xffffffNN = special file; 0x74 = 't' for transaction.
*/
#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_app_key_id_t) 0xffffff74 )
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */