From 039a98b5989519722e4709f634061dedcca90f72 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Jul 2020 16:07:42 +0200 Subject: [PATCH] Define always psa_key_id_t as defined in PSA crypto spec Define always psa_key_id_t as defined in the PSA Cryptography API specification independently of whether the MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER configuration file is set or not. As a consequence, get rid of `psa_app_key_id_t` that is not needed anymore. Signed-off-by: Ronald Cron --- include/psa/crypto_extra.h | 4 ++-- include/psa/crypto_platform.h | 19 ------------------- include/psa/crypto_types.h | 17 +++++++++-------- include/psa/crypto_values.h | 8 ++++---- library/psa_crypto_se.h | 2 +- library/psa_crypto_slot_management.c | 6 +++--- library/psa_crypto_storage.h | 2 +- ...st_suite_psa_crypto_se_driver_hal.function | 2 +- ...te_psa_crypto_se_driver_hal_mocks.function | 2 +- 9 files changed, 22 insertions(+), 40 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f0c7979a81..71adb9355b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -232,9 +232,9 @@ typedef struct mbedtls_psa_stats_s /** Number of slots that are not used for anything. */ size_t empty_slots; /** Largest key id value among open keys in internal persistent storage. */ - psa_app_key_id_t max_open_internal_key_id; + psa_key_id_t max_open_internal_key_id; /** Largest key id value among open keys in secure elements. */ - psa_app_key_id_t max_open_external_key_id; + psa_key_id_t max_open_external_key_id; } mbedtls_psa_stats_t; /** \brief Get statistics about diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index bd3dc10eaa..0bebb08b64 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -47,25 +47,6 @@ /* Integral type representing a key handle. */ typedef uint16_t psa_key_handle_t; -/* This implementation distinguishes *application key identifiers*, which - * are the key identifiers specified by the application, from - * *key file identifiers*, which are the key identifiers that the library - * sees internally. The two types can be different if there is a remote - * call layer between the application and the library which supports - * multiple client applications that do not have access to each others' - * keys. The point of having different types is that the key file - * identifier may encode not only the key identifier specified by the - * application, but also the the identity of the application. - * - * Note that this is an internal concept of the library and the remote - * call layer. The application itself never sees anything other than - * #psa_app_key_id_t with its standard definition. - */ - -/* The application key identifier is always what the application sees as - * #psa_key_id_t. */ -typedef uint32_t psa_app_key_id_t; - #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) #if defined(PSA_CRYPTO_SECURE) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 4603a1d1a6..a8becb7b86 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -233,14 +233,10 @@ typedef uint32_t psa_key_location_t; * - 0 is reserved as an invalid key identifier. * - Key identifiers outside these ranges are reserved for future use. */ -/* Implementation-specific quirk: The Mbed Crypto library can be built as - * part of a multi-client service that exposes the PSA Crypto API in each - * client and encodes the client identity in the key id argument of functions - * such as psa_open_key(). */ -#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) typedef uint32_t psa_key_id_t; -typedef psa_key_id_t psa_key_file_id_t; +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) +typedef psa_key_id_t psa_key_file_id_t; #define PSA_KEY_ID_INIT 0 #define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) @@ -258,9 +254,14 @@ static inline psa_key_file_id_t psa_key_file_id_make( } #else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +/* Implementation-specific: The Mbed Crypto library can be built as + * part of a multi-client service that exposes the PSA Crypto API in each + * client and encodes the client identity in the key id argument of functions + * such as psa_open_key(). + */ typedef struct { - uint32_t key_id; + psa_key_id_t key_id; psa_key_owner_id_t owner; } psa_key_file_id_t; @@ -273,7 +274,7 @@ typedef struct * \param key_id Identifier of the key. */ static inline psa_key_file_id_t psa_key_file_id_make( - psa_key_owner_id_t owner_id, uint32_t key_id ) + psa_key_owner_id_t owner_id, psa_key_id_t key_id ) { return( (psa_key_file_id_t){ .key_id = key_id, .owner = owner_id } ); diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a940711803..02e9c00760 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1636,16 +1636,16 @@ /** The minimum value for a key identifier chosen by the application. */ -#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001) +#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001) /** The maximum value for a key identifier chosen by the application. */ -#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff) +#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff) /** The minimum value for a key identifier chosen by the implementation. */ -#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000) +#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000) /** The maximum value for a key identifier chosen by the implementation. */ -#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff) +#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff) /**@}*/ diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 258c211af8..56917383cf 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -51,7 +51,7 @@ * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE * which doesn't have a driver. */ -#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_app_key_id_t) 0xfffffe00 ) +#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 ) /** The maximum number of registered secure element driver locations. */ #define PSA_MAX_SE_DRIVERS 4 diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3600e1a376..a9b8624798 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -166,7 +166,7 @@ exit: static int psa_is_key_id_valid( psa_key_file_id_t file_id, int vendor_ok ) { - psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id ); + psa_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id ); if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX ) return( 1 ); else if( vendor_ok && @@ -291,14 +291,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) ++stats->volatile_slots; else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT ) { - psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); ++stats->persistent_slots; if( id > stats->max_open_internal_key_id ) stats->max_open_internal_key_id = id; } else { - psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); ++stats->external_slots; if( id > stats->max_open_external_key_id ) stats->max_open_external_key_id = id; diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 6fcae272e1..c9270a913c 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -361,7 +361,7 @@ psa_status_t psa_crypto_stop_transaction( void ); * * 0xffffffNN = special file; 0x74 = 't' for transaction. */ -#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_app_key_id_t) 0xffffff74 ) +#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 ) #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index e7c26d22ca..992e5dfd0f 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -760,7 +760,7 @@ exit: #define MAX_KEY_ID_FOR_TEST 10 static void psa_purge_storage( void ) { - psa_app_key_id_t id; + psa_key_id_t id; psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 618bd15467..8f1f9689b6 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -89,7 +89,7 @@ static struct #define MAX_KEY_ID_FOR_TEST 10 static void psa_purge_storage( void ) { - psa_app_key_id_t id; + psa_key_id_t id; psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id