Now that the type definitions that are useful for driver are in a
separate header file from the application interface function
declarations, include that header file in crypto_driver.h.
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.
No functional changes, code was only moved from crypto.h to the new headers.
GCC 4.8 warns that some variables may be used without having been
initialized. They aren't, but determining that takes nontrivial
analysis, so initialize them at the point of definition.
Define psa_status_t to int32_t unconditionally. There's no reason to
refer to psa_error_t here: psa_error_t is int32_t if it's present. We
would only need a conditional definition if psa_defs.h and
psa_crypto.h used the same type name.
Keep the conditional definition of PSA_SUCCESS. Although the C
preprocessor allows a duplicate definition for a macro, it has to be
the exact same token sequence, not merely an equivalent way to build
the same value.
Change the way some lines are wrapped to cut at a more logical place.
This commit mainly rewrites multi-line calls to TEST_EQUAL, and also a
few calls to PSA_ASSERT.
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):
perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==([^;=]*)\);$/${1}TEST_EQUAL($2,$3);/gm' tests/suites/test_suite_psa_*.function
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):
perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==\s*PSA_SUCCESS\s*\);$/${1}PSA_ASSERT($2 );/gm' tests/suites/test_suite_psa_*.function
Cause a compilation error on ARRAY_LENGTH(p) where p is a pointer as
opposed to an array. This only works under GCC and compatible
compilers such as Clang. On other compilers, ARRAY_LENGTH works but
doesn't check the type of its argument.
Some of the documentation is obsolete in its reference to key slots
when it should discuss key handles. This may require a further pass,
possibly with some reorganization of error codes.
Update the documentation of functions that modify key slots (key
material creation and psa_set_key_policy()) to discuss how they affect
storage.
Move psa_load_persistent_key_into_slot,
psa_internal_make_key_persistent and psa_internal_release_key_slot to
the slot management module.
Expose psa_import_key_into_slot from the core.
After this commit, there are no longer any functions declared in
psa_crypto_slot_management.h and defined in psa_crypto.c. There are
still function calls in both directions between psa_crypto.c and
psa_crypto_slot_management.c.
Move the key slot array and its initialization and wiping to the slot
management module.
Also move the lowest-level key slot access function psa_get_key_slot
and the auxiliary function for slot allocation
psa_internal_allocate_key_slot to the slot management module.
Since Mbed TLS 2.10, there is a single copy of
mbedtls_platform_zeroize for the whole library instead of one per
module. Update the PSA crypto module accordingly.
This commit finishes the removal of support for direct access to key
slots in psa_crypto.c.
This marks the end of the necessary phase of the transition to key
handles. The code should subsequently be refactored to move key slot
management from psa_crypto.c to psa_crypto_slot_management.c.
This commit marks the beginning of the removal of support for direct
access to key slots. From this commit on, programs that use
psa_key_slot_t will no longer compile.
Subsequent commits will remove the now-unused legacy support in
psa_crypto.c.
Switch from the direct use of slot numbers to handles allocated by
psa_allocate_key.
The general principle for each function is:
* Change `psa_key_slot_t slot` to `psa_key_handle_t handle` or
`psa_key_id_t key_id` depending on whether it's used as a handle to
an open slot or as a persistent name for a key.
* Call psa_create_key() before using a slot, instead of calling
psa_set_key_lifetime to make a slot persistent.
Remove the unit test persistent_key_is_configurable which is no longer
relevant.
The code only worked if psa_key_id_t (formerly psa_key_slot_t)
promoted to int and every value fit in int. Now the code only assumes
that psa_key_id_t is less wide than unsigned long, which is the case
since psa_key_id_t is a 32-bit type in our implementation.
Move the persistent storage implementation from psa_key_slot_t to
psa_key_id_t. For the most part, this just means changing the types of
function arguments.
Update the documentation of some functions to reflect the fact that
the slot identifier is purely a storage identifier and is not related
to how the slot is designated in memory.
Switch from the direct use of slot numbers to handles allocated by
psa_allocate_key.
This commit does not affect persistent key tests except for the one
test function in test_suite_psa_crypto that uses persistent keys
(persistent_key_load_key_from_storage).
The general principle for each function is:
* Change `psa_key_slot_t slot` to `psa_key_handle_t handle`.
* Call psa_allocate_key() before setting the policy of the slot,
or before creating key material in functions that don't set a policy.
* Some PSA_ERROR_EMPTY_SLOT errors become PSA_ERROR_INVALID_HANDLE
because there is now a distinction between not having a valid
handle, and having a valid handle to a slot that doesn't contain key
material.
* In tests that use symmetric keys, calculate the max_bits parameters
of psa_allocate_key() from the key data size. In tests where the key
may be asymmetric, call an auxiliary macro KEY_BITS_FROM_DATA which
returns an overapproximation. There's no good way to find a good
value for max_bits with the API, I think the API should be tweaked.
Many places in the code called psa_remove_key_data_from_memory (which
preserves metadata for the sake of failues in psa_import_key) followed
by clearing the slot data. Use an auxiliary function for this.
Access the slot directly rather than going through psa_get_key_slot.
Unlike other places where key slots are accessed through
psa_get_key_slot, here, we know where all the slots are and there are
no policy or permission considerations.
This resolves a memory leak: allocated slots were not getting freed
because psa_get_key_slot rejected the attempt of accessing them
directly rather than via a handle.