yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 12:35:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t

Browse Source 
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.

The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.

The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.

As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
  MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-08-28 19:01:50 +02:00
parent 72f65fc6e9
commit 71016a9ea7
19 changed files with 131 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
configs/config-psa-crypto.h
View File

@ -1144,20 +1144,20 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
* In PSA key storage, encode the owner of the key.
* Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
* multi-client service. When you activate this option, you must provide
* an implementation of the type mbedtls_key_owner_id_t and a translation
* from psa_key_file_id_t to file name in all the storage backends that
* multi-client service. When you activate this option, you must provide an
* implementation of the type mbedtls_key_owner_id_t and a translation from
* mbedtls_svc_key_id_t to file name in all the storage backends that you
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG

10
docs/architecture/mbed-crypto-storage-specification.md
View File

@ -107,14 +107,12 @@ Backward compatibility commitments: TBD
### Key names for 1.0.0
Information about each key is stored in a dedicated file designated by a _key file identifier_ (`psa_key_file_id_t`). The key file identifier is constructed from the 32-bit key identifier (`psa_key_id_t`) and, if applicable, an identifier of the owner of the key. In integrations where there is no concept of key owner (in particular, in library integrations), the key file identifier is exactly the key identifier. When the library is integrated into a service, the service determines the semantics of the owner identifier.
Information about each key is stored in a dedicated file designated by the key identifier. In integrations where there is no concept of key owner (in particular, in library integrations), the key identifier is exactly the key identifier as defined in the PSA Cryptography API specification (`psa_key_id_t`). In integrations where there is a concept of key owner (integration into a service for example), the key identifier is made of an owner identifier (its semantics and type are integration specific) and of the key identifier (`psa_key_id_t`) from the key owner point of view.
The way in which the file name is constructed from the key file identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0).
The way in which the file name is constructed from the key identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0).
The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid.
* Library integration: the key file name is just the key identifer. This is a 32-bit value.
* PSA service integration: the key file identifier is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier specified by the application and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value.
* Library integration: the key file name is just the key identifier as defined in the PSA crypto specification. This is a 32-bit value.
* PSA service integration: the key file name is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier from the owner point of view and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value.
### Key file format for 1.0.0

12
include/mbedtls/config.h
View File

@ -1258,20 +1258,20 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
* In PSA key storage, encode the owner of the key.
* Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
* multi-client service. When you activate this option, you must provide
* an implementation of the type mbedtls_key_owner_id_t and a translation
* from psa_key_file_id_t to file name in all the storage backends that
* multi-client service. When you activate this option, you must provide an
* implementation of the type mbedtls_key_owner_id_t and a translation from
* mbedtls_svc_key_id_t to file name in all the storage backends that you
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG

11
include/psa/crypto.h
View File

@ -149,8 +149,8 @@ static psa_key_attributes_t psa_key_attributes_init(void);
* \param[out] attributes The attribute structure to write to.
* \param key The persistent identifier for the key.
*/
static void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_file_id_t key);
static void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key );
/** Set the location of a persistent key.
*
@ -192,7 +192,8 @@ static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
* This value is unspecified if the attribute structure declares
* the key as volatile.
*/
static psa_key_file_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
static mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes);
/** Retrieve the lifetime from key attributes.
*
@ -437,8 +438,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_open_key(psa_key_file_id_t key, psa_key_handle_t *handle);
psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
psa_key_handle_t *handle );
/** Close a key handle.
*

4
include/psa/crypto_platform.h
View File

@ -47,7 +47,7 @@
/* Integral type representing a key handle. */
typedef uint16_t psa_key_handle_t;
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
#if defined(PSA_CRYPTO_SECURE)
/* Building for the PSA Crypto service on a PSA platform. */
@ -55,6 +55,6 @@ typedef uint16_t psa_key_handle_t;
typedef int32_t mbedtls_key_owner_id_t;
#endif
#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#endif /* PSA_CRYPTO_PLATFORM_H */

12
include/psa/crypto_struct.h
View File

@ -330,12 +330,12 @@ typedef struct
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
psa_key_file_id_t id;
mbedtls_svc_key_id_t id;
psa_key_policy_t policy;
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
struct psa_key_attributes_s
{
@ -359,15 +359,15 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
return( v );
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_file_id_t key)
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
attributes->core.id = key;
if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
}
static inline psa_key_file_id_t psa_get_key_id(
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
return( attributes->core.id );
@ -379,7 +379,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
attributes->core.lifetime = lifetime;
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0;
#else
attributes->core.id = 0;

41
include/psa/crypto_types.h
View File

@ -130,7 +130,7 @@ typedef uint32_t psa_algorithm_t;
* implementation-specific device management event occurs (for example,
* a factory reset).
*
* Persistent keys have a key identifier of type #psa_key_file_id_t.
* Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
* This identifier remains valid throughout the lifetime of the key,
* even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
@ -235,17 +235,18 @@ typedef uint32_t psa_key_location_t;
*/
typedef uint32_t psa_key_id_t;
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
typedef psa_key_id_t psa_key_file_id_t;
#define PSA_KEY_ID_INIT 0
#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
typedef psa_key_id_t mbedtls_svc_key_id_t;
/** Utility to initialize a key file identifier at runtime.
#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
/** Utility to initialize a key identifier at runtime.
*
* \param unused Unused parameter.
* \param key_id Identifier of the key.
*/
static inline psa_key_file_id_t psa_key_file_id_make(
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
unsigned int unused, psa_key_id_t key_id )
{
(void)unused;
@ -253,34 +254,34 @@ static inline psa_key_file_id_t psa_key_file_id_make(
return( key_id );
}
#else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
/* Implementation-specific: The Mbed Crypto library can be built as
* part of a multi-client service that exposes the PSA Crypto API in each
* client and encodes the client identity in the key id argument of functions
* such as psa_open_key().
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/* Implementation-specific: The Mbed Cryptography library can be built as
* part of a multi-client service that exposes the PSA Cryptograpy API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
*/
typedef struct
{
psa_key_id_t key_id;
mbedtls_key_owner_id_t owner;
} psa_key_file_id_t;
} mbedtls_svc_key_id_t;
#define PSA_KEY_ID_INIT {0, 0}
#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id )
#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
/** Utility to initialize a key file identifier at runtime.
/** Utility to initialize a key identifier at runtime.
*
* \param owner_id Identifier of the key owner.
* \param key_id Identifier of the key.
*/
static inline psa_key_file_id_t psa_key_file_id_make(
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
{
return( (psa_key_file_id_t){ .key_id = key_id,
.owner = owner_id } );
return( (mbedtls_svc_key_id_t){ .key_id = key_id,
.owner = owner_id } );
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/**@}*/

21
library/psa_crypto_slot_management.c
View File

@ -157,16 +157,15 @@ exit:
* past released version must remain valid, unless a migration path
* is provided.
*
* \param file_id The key identifier to check.
* \param vendor_ok Nonzero to allow key ids in the vendor range.
* 0 to allow only key ids in the application range.
* \param key The key identifier to check.
* \param vendor_ok Nonzero to allow key ids in the vendor range.
* 0 to allow only key ids in the application range.
*
* \return 1 if \p file_id is acceptable, otherwise 0.
* \return 1 if \p key is acceptable, otherwise 0.
*/
static int psa_is_key_id_valid( psa_key_file_id_t file_id,
int vendor_ok )
static int psa_is_key_id_valid( mbedtls_svc_key_id_t key, int vendor_ok )
{
psa_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
return( 1 );
else if( vendor_ok &&
@ -204,7 +203,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
}
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
psa_key_file_id_t key )
mbedtls_svc_key_id_t key )
{
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
@ -227,7 +226,7 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
}
}
psa_status_t psa_open_key( psa_key_file_id_t key, psa_key_handle_t *handle )
psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
@ -291,14 +290,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
++stats->volatile_slots;
else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->persistent_slots;
if( id > stats->max_open_internal_key_id )
stats->max_open_internal_key_id = id;
}
else
{
psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->external_slots;
if( id > stats->max_open_external_key_id )
stats->max_open_external_key_id = id;

3
library/psa_crypto_slot_management.h
View File

@ -120,7 +120,6 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
psa_key_file_id_t key );
mbedtls_svc_key_id_t key );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */

37
library/psa_crypto_storage.c
View File

@ -55,27 +55,27 @@
/* Key storage */
/****************************************************************/
/* Determine a file name (ITS file identifier) for the given key file
* identifier. The file name must be distinct from any file that is used
* for a purpose other than storing a key. Currently, the only such file
* is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
* and whose value is 0xFFFFFF52. */
static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
/* Determine a file name (ITS file identifier) for the given key identifier.
* The file name must be distinct from any file that is used for a purpose
* other than storing a key. Currently, the only such file is the random seed
* file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
* 0xFFFFFF52. */
static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
{
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
defined(PSA_CRYPTO_SECURE)
/* Encode the owner in the upper 32 bits. This means that if
* owner values are nonzero (as they are on a PSA platform),
* no key file will ever have a value less than 0x100000000, so
* the whole range 0..0xffffffff is available for non-key files. */
uint32_t unsigned_owner = (uint32_t) file_id.owner;
return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
uint32_t unsigned_owner = (uint32_t) key.owner;
return( (uint64_t) unsigned_owner << 32 | key.key_id );
#else
/* Use the key id directly as a file name.
* psa_is_key_file_id_valid() in psa_crypto_slot_management.c
* psa_is_key_id_valid() in psa_crypto_slot_management.c
* is responsible for ensuring that key identifiers do not have a
* value that is reserved for non-key files. */
return( file_id );
return( key );
#endif
}
@ -94,9 +94,8 @@ static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
uint8_t *data,
size_t data_size )
static psa_status_t psa_crypto_storage_load(
const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
{
psa_status_t status;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@ -114,7 +113,7 @@ static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
return( status );
}
int psa_is_key_present_in_storage( const psa_key_file_id_t key )
int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
{
psa_status_t ret;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@ -143,7 +142,7 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key )
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_ALREADY_EXISTS
*/
static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@ -184,7 +183,7 @@ exit:
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
{
psa_status_t ret;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@ -215,7 +214,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
* \retval PSA_ERROR_STORAGE_FAILURE
*/
static psa_status_t psa_crypto_storage_get_data_length(
const psa_key_file_id_t key,
const mbedtls_svc_key_id_t key,
size_t *data_length )
{
psa_status_t status;
@ -394,7 +393,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
psa_key_file_id_t key = attr->id;
mbedtls_svc_key_id_t key = attr->id;
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
if( status != PSA_SUCCESS )

6
library/psa_crypto_storage.h
View File

@ -72,7 +72,7 @@ extern "C" {
* \retval 1
* Persistent data present for slot number
*/
int psa_is_key_present_in_storage( const psa_key_file_id_t key );
int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
/**
* \brief Format key data and metadata and save to a location for given key
@ -141,7 +141,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
* or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key );
psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
/**
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
@ -292,7 +292,7 @@ typedef union
uint16_t unused1;
psa_key_lifetime_t lifetime;
psa_key_slot_number_t slot;
psa_key_file_id_t id;
mbedtls_svc_key_id_t id;
} key;
} psa_crypto_transaction_t;

6
library/version_features.c
View File

@ -417,9 +417,9 @@ static const char * const features[] = {
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
"MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER",
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
"MBEDTLS_MEMORY_DEBUG",
#endif /* MBEDTLS_MEMORY_DEBUG */

8
programs/test/query_config.c
View File

@ -1168,13 +1168,13 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 )
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER );
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER );
return( 0 );
}
#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 )

2
scripts/config.py
View File

@ -184,7 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time)
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time)
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature

13
tests/suites/test_suite_psa_crypto.function
View File

@ -233,7 +233,7 @@ int check_key_attributes_sanity( psa_key_handle_t key )
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_lifetime_t lifetime;
psa_key_file_id_t id;
mbedtls_svc_key_id_t id;
psa_key_type_t type;
psa_key_type_t bits;
@ -1326,7 +1326,7 @@ void attributes_set_get( int id_arg, int lifetime_arg,
int type_arg, int bits_arg )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
@ -1370,10 +1370,11 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg,
int expected_id_arg, int expected_lifetime_arg )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_file_id_t id1 = psa_key_file_id_make( 1, id1_arg );
mbedtls_svc_key_id_t id1 = mbedtls_svc_key_id_make( 1, id1_arg );
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_file_id_t id2 = psa_key_file_id_make( 1, id2_arg );
psa_key_file_id_t expected_id = psa_key_file_id_make( 1, expected_id_arg );
mbedtls_svc_key_id_t id2 = mbedtls_svc_key_id_make( 1, id2_arg );
mbedtls_svc_key_id_t expected_id =
mbedtls_svc_key_id_make( 1, expected_id_arg );
psa_key_lifetime_t expected_lifetime = expected_lifetime_arg;
if( id1_arg != -1 )
@ -5584,7 +5585,7 @@ void persistent_key_load_key_from_storage( data_t *data,
int usage_flags_arg, int alg_arg,
int generation_method )
{
psa_key_file_id_t key_id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t handle = 0;
psa_key_handle_t base_key = 0;

8
tests/suites/test_suite_psa_crypto_persistent_key.function
View File

@ -112,7 +112,7 @@ exit:
/* BEGIN_CASE */
void save_large_persistent_key( int data_length_arg, int expected_status )
{
psa_key_file_id_t key_id = psa_key_file_id_make( 1, 42 );
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
psa_key_handle_t handle = 0;
uint8_t *data = NULL;
size_t data_length = data_length_arg;
@ -143,7 +143,7 @@ void persistent_key_destroy( int key_id_arg, int restart,
int first_type_arg, data_t *first_data,
int second_type_arg, data_t *second_data )
{
psa_key_file_id_t key_id = psa_key_file_id_make( 1, key_id_arg );
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, key_id_arg );
psa_key_handle_t handle = 0;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
@ -196,7 +196,7 @@ exit:
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
int restart, int expected_status )
{
psa_key_file_id_t key_id = psa_key_file_id_make( 1, key_id_arg );
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, key_id_arg );
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -245,7 +245,7 @@ void import_export_persistent_key( data_t *data, int type_arg,
int expected_bits,
int restart, int key_not_exist )
{
psa_key_file_id_t key_id = psa_key_file_id_make( 1, 42 );
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
unsigned char *exported = NULL;

16
tests/suites/test_suite_psa_crypto_se_driver_hal.function
View File

@ -766,7 +766,7 @@ static void psa_purge_storage( void )
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
psa_destroy_persistent_key( psa_key_file_id_make( 1, id ) );
psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) );
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
@ -853,7 +853,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -985,7 +985,7 @@ void key_creation_in_chosen_slot( int slot_arg,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -1067,7 +1067,7 @@ void import_key_smoke( int type_arg, int alg_arg,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1139,7 +1139,7 @@ void generate_key_not_supported( int type_arg, int bits_arg )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1178,7 +1178,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1258,7 +1258,7 @@ void sign_verify( int flow,
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t drv_handle = 0; /* key managed by the driver */
psa_key_handle_t sw_handle = 0; /* transparent key */
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1420,7 +1420,7 @@ void register_key_smoke_test( int lifetime_arg,
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
size_t bit_size = 48;
psa_key_slot_number_t wanted_slot = 0x123456789;
psa_key_handle_t handle = 0;

14
tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
View File

@ -95,7 +95,7 @@ static void psa_purge_storage( void )
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
psa_destroy_persistent_key( psa_key_file_id_make( 1, id ) );
psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) );
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
@ -330,7 +330,7 @@ void mock_import( int mock_alloc_return_value,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -387,7 +387,7 @@ void mock_export( int mock_export_return_value, int expected_result )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -441,7 +441,7 @@ void mock_generate( int mock_alloc_return_value,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -496,7 +496,7 @@ void mock_export_public( int mock_export_public_return_value,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -546,7 +546,7 @@ void mock_sign( int mock_sign_return_value, int expected_result )
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -607,7 +607,7 @@ void mock_verify( int mock_verify_return_value, int expected_result )
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_file_id_t id = psa_key_file_id_make( 1, 1 );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};

24
tests/suites/test_suite_psa_crypto_slot_management.function
View File

@ -34,11 +34,11 @@ typedef enum
* code. */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_key_file_id_t key_ids_used_in_test[9];
static mbedtls_svc_key_id_t key_ids_used_in_test[9];
static size_t num_key_ids_used;
/* Record a key id as potentially used in a test case. */
static int test_uses_key_id( psa_key_file_id_t key_id )
static int test_uses_key_id( mbedtls_svc_key_id_t key_id )
{
size_t i;
if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
int close_method_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
psa_key_usage_t usage_flags = usage_arg;
@ -296,7 +296,7 @@ void create_existent( int lifetime_arg, int id_arg,
int reopen_policy_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_key_handle_t handle1 = 0, handle2 = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
@ -363,7 +363,7 @@ exit:
void open_fail( int id_arg,
int expected_status_arg )
{
psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
@ -382,7 +382,7 @@ void create_fail( int lifetime_arg, int id_arg,
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
@ -420,14 +420,16 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
int expected_alg_arg, int expected_alg2_arg )
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
psa_key_file_id_t source_id = psa_key_file_id_make( 1, source_id_arg );
mbedtls_svc_key_id_t source_id =
mbedtls_svc_key_id_make( 1, source_id_arg );
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0;
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t source_type = type_arg;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_file_id_t target_id = psa_key_file_id_make( 1, target_id_arg );
mbedtls_svc_key_id_t target_id =
mbedtls_svc_key_id_make( 1, target_id_arg );
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0;
@ -534,13 +536,15 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
int target_type_arg, data_t *target_material )
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
psa_key_file_id_t source_id = psa_key_file_id_make( 1, source_id_arg );
mbedtls_svc_key_id_t source_id =
mbedtls_svc_key_id_make( 1, source_id_arg );
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0;
psa_key_type_t source_type = source_type_arg;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_file_id_t target_id = psa_key_file_id_make( 1, target_id_arg );
mbedtls_svc_key_id_t target_id =
mbedtls_svc_key_id_make( 1, target_id_arg );
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0;