diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 0a5805b62b..687269b079 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -147,7 +147,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, return( PSA_SUCCESS ); } -psa_status_t psa_save_persistent_key( const psa_key_slot_t key, +psa_status_t psa_save_persistent_key( const psa_key_id_t key, const psa_key_type_t type, const psa_key_policy_t *policy, const uint8_t *data, @@ -185,7 +185,7 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ) mbedtls_free( key_data ); } -psa_status_t psa_load_persistent_key( psa_key_slot_t key, +psa_status_t psa_load_persistent_key( psa_key_id_t key, psa_key_type_t *type, psa_key_policy_t *policy, uint8_t **data, diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 167b0db058..478daef8f9 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -56,20 +56,20 @@ extern "C" { * already occupied non-persistent key, as well as validating the key data. * * - * \param key Slot number of the key to be stored. This must be a - * valid slot for a key of the chosen type. This should be - * an occupied key slot with an unoccupied corresponding - * storage location. + * \param key Persistent identifier of the key to be stored. This + * should be an unoccupied storage location. * \param type Key type (a \c PSA_KEY_TYPE_XXX value). * \param[in] policy The key policy to save. * \param[in] data Buffer containing the key data. * \param data_length The number of bytes that make up the key data. * * \retval PSA_SUCCESS + * \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_OCCUPIED_SLOT */ -psa_status_t psa_save_persistent_key( const psa_key_slot_t key, +psa_status_t psa_save_persistent_key( const psa_key_id_t key, const psa_key_type_t type, const psa_key_policy_t *policy, const uint8_t *data, @@ -87,10 +87,8 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key, * this function to zeroize and free this buffer, regardless of whether this * function succeeds or fails. * - * \param key Slot number whose content is to be loaded. This - * must be an unoccupied key slot with an occupied - * corresponding storage location. The key slot - * lifetime must be set to persistent. + * \param key Persistent identifier of the key to be loaded. This + * should be an occupied storage location. * \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX * value). * \param[out] policy On success, the key's policy. @@ -100,8 +98,9 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key, * \retval PSA_SUCCESS * \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_EMPTY_SLOT */ -psa_status_t psa_load_persistent_key( psa_key_slot_t key, +psa_status_t psa_load_persistent_key( psa_key_id_t key, psa_key_type_t *type, psa_key_policy_t *policy, uint8_t **data, @@ -110,16 +109,18 @@ psa_status_t psa_load_persistent_key( psa_key_slot_t key, /** * \brief Remove persistent data for the given key slot number. * - * \param key Slot number whose content is to be removed + * \param key Persistent identifier of the key to remove * from persistent storage. * * \retval PSA_SUCCESS + * The key was successfully removed, + * or the key did not exist. * \retval PSA_ERROR_STORAGE_FAILURE */ -psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ); +psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ); /** - * \brief Zeroizes and frees the given buffer. + * \brief Free the temporary buffer allocated by psa_load_persistent_key(). * * This function must be called at some point after psa_load_persistent_key() * to zeroize and free the memory allocated to the buffer in that function. diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h index 3ca9a1d74f..47896b8726 100644 --- a/library/psa_crypto_storage_backend.h +++ b/library/psa_crypto_storage_backend.h @@ -47,15 +47,16 @@ extern "C" { * This function reads data from a storage backend and returns the data in a * buffer. * - * \param key Slot number whose content is to be loaded. This must - * be a key slot whose lifetime is set to persistent. - * \param[out] data Buffer where the data is to be written. - * \param data_size Size of the \c data buffer in bytes. + * \param key Persistent identifier of the key to be loaded. This + * should be an occupied storage location. + * \param[out] data Buffer where the data is to be written. + * \param data_size Size of the \c data buffer in bytes. * * \retval PSA_SUCCESS * \retval PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_EMPTY_SLOT */ -psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, +psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ); /** @@ -63,7 +64,8 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, * * This function stores the given data buffer to a persistent storage. * - * \param key Slot number whose content is to be stored. + * \param key Persistent identifier of the key to be stored. This + * should be an unoccupied storage location. * \param[in] data Buffer containing the data to be stored. * \param data_length The number of bytes * that make up the data. @@ -71,8 +73,9 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, * \retval PSA_SUCCESS * \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_OCCUPIED_SLOT */ -psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, +psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, size_t data_length ); @@ -82,26 +85,26 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, * This function checks if any key data or metadata exists for the key slot in * the persistent storage. * - * \param key Slot number whose content is to be checked. + * \param key Persistent identifier to check. * * \retval 0 * No persistent data present for slot number * \retval 1 * Persistent data present for slot number */ -int psa_is_key_present_in_storage( const psa_key_slot_t key ); +int psa_is_key_present_in_storage( const psa_key_id_t key ); /** * \brief Get data length for given key slot number. * - * \param key Slot number whose stored data length is to be obtained. - * \param[out] data_length The number of bytes - * that make up the data. + * \param key Persistent identifier whose stored data length + * is to be obtained. + * \param[out] data_length The number of bytes that make up the data. * * \retval PSA_SUCCESS * \retval PSA_ERROR_STORAGE_FAILURE */ -psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, +psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, size_t *data_length ); diff --git a/library/psa_crypto_storage_file.c b/library/psa_crypto_storage_file.c index 03c711af30..95857fa406 100644 --- a/library/psa_crypto_storage_file.c +++ b/library/psa_crypto_storage_file.c @@ -48,15 +48,15 @@ enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 }; -static void key_slot_to_location( const psa_key_slot_t key, - char *location, - size_t location_size ) +static void key_id_to_location( const psa_key_id_t key, + char *location, + size_t location_size ) { mbedtls_snprintf( location, location_size, CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key ); } -psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, +psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ) { psa_status_t status = PSA_SUCCESS; @@ -64,7 +64,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, size_t num_read; char slot_location[MAX_LOCATION_LEN]; - key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); + key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); file = fopen( slot_location, "rb" ); if( file == NULL ) { @@ -81,12 +81,12 @@ exit: return( status ); } -int psa_is_key_present_in_storage( const psa_key_slot_t key ) +int psa_is_key_present_in_storage( const psa_key_id_t key ) { char slot_location[MAX_LOCATION_LEN]; FILE *file; - key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); + key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); file = fopen( slot_location, "r" ); if( file == NULL ) @@ -99,7 +99,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key ) return( 1 ); } -psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, +psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, size_t data_length ) { @@ -114,7 +114,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, * affect actual keys. */ const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0"; - key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); + key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); if( psa_is_key_present_in_storage( key ) == 1 ) return( PSA_ERROR_OCCUPIED_SLOT ); @@ -154,12 +154,12 @@ exit: return( status ); } -psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ) +psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ) { FILE *file; char slot_location[MAX_LOCATION_LEN]; - key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); + key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); /* Only try remove the file if it exists */ file = fopen( slot_location, "rb" ); @@ -173,7 +173,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ) return( PSA_SUCCESS ); } -psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, +psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, size_t *data_length ) { psa_status_t status = PSA_SUCCESS; @@ -181,7 +181,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, long file_size; char slot_location[MAX_LOCATION_LEN]; - key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); + key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); file = fopen( slot_location, "rb" ); if( file == NULL ) diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c index 29394b5d89..86e0e89f35 100644 --- a/library/psa_crypto_storage_its.c +++ b/library/psa_crypto_storage_its.c @@ -68,12 +68,12 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) } } -static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key ) +static uint32_t psa_its_identifier_of_slot( psa_key_id_t key ) { return( key ); } -psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, +psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ) { psa_its_status_t ret; @@ -92,7 +92,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, return( status ); } -int psa_is_key_present_in_storage( const psa_key_slot_t key ) +int psa_is_key_present_in_storage( const psa_key_id_t key ) { psa_its_status_t ret; uint32_t data_identifier = psa_its_identifier_of_slot( key ); @@ -105,7 +105,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key ) return( 1 ); } -psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, +psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, size_t data_length ) { @@ -143,7 +143,7 @@ exit: return( status ); } -psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ) +psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ) { psa_its_status_t ret; uint32_t data_identifier = psa_its_identifier_of_slot( key ); @@ -163,7 +163,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ) return( PSA_SUCCESS ); } -psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, +psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, size_t *data_length ) { psa_its_status_t ret;