mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-25 18:35:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change signature of mbedtls_psa_platform_get_builtin_key

Browse Source 
Instead of the full attributes struct, it now only takes/returns what it
actually needs to.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-03-18 20:48:06 +01:00
parent 4b51925ede
commit c8b9534378
3 changed files with 50 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
include/psa/crypto_extra.h
View File

@ -759,14 +759,13 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
}
/** Platform function to obtain the data of a built-in key.
/** Platform function to obtain the location and slot of a built-in key.
*
* An application-specific implementation of this function must be provided if
* #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided
* as part of a platform's system image.
*
* Call psa_get_key_id(\p attributes) to obtain the key identifier \c key_id.
* #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) is in the range from
* #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) needs to be in the range from
* #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.
*
* In a multi-application configuration
@ -774,16 +773,15 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
* this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(\p key_id)
* is allowed to use the given key.
*
* \param[in,out] attributes On entry, this is #PSA_KEY_ATTRIBUTES_INIT or
* an equivalent value, except that the key
* identifier field is set.
* On successful return, this function must set
* the attributes of the key: lifetime, type,
* bit-size, usage policy.
* \param[out] slot_number On successful return, this function must set
* this to the slot number known to the driver for
* the lifetime location reported through
* \p attributes which corresponds to the
* \param key_id The key ID for which to retrieve the
* location and slot attributes.
* \param[out] lifetime On success, the lifetime associated with the key
* corresponding to \p key_id. Lifetime is a
* combination of which driver contains the key,
* and with what lifecycle the key can be used.
* \param[out] slot_number On success, the slot number known to the driver
* registered at the lifetime location reported
* through \p location which corresponds to the
* requested built-in key.
*
* \retval #PSA_SUCCESS
@ -801,7 +799,9 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
* is not allowed to access it.
*/
psa_status_t mbedtls_psa_platform_get_builtin_key(
psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number );
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
psa_drv_slot_number_t *slot_number );
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/** @} */

7
library/psa_crypto_slot_management.c
View File

@ -281,6 +281,7 @@ static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
psa_drv_slot_number_t slot_number = 0;
uint8_t *key_buffer = NULL;
size_t key_buffer_size = 0;
@ -295,10 +296,14 @@ static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
/* Check the platform function to see whether this key actually exists */
psa_set_key_id( &attributes, slot->attr.id );
status = mbedtls_psa_platform_get_builtin_key( &attributes, &slot_number );
status = mbedtls_psa_platform_get_builtin_key(
slot->attr.id, &lifetime, &slot_number );
if( status != PSA_SUCCESS )
return( status );
/* Set mapped lifetime on the attributes */
psa_set_key_lifetime( &attributes, lifetime );
/* If the key should exist according to the platform, load it through the
* driver interface. */
status = psa_driver_wrapper_get_key_buffer_size( &attributes,

50
tests/src/drivers/platform_builtin_keys.c
View File

@ -30,7 +30,7 @@
typedef struct
{
psa_key_id_t builtin_key_id;
psa_key_location_t location;
psa_key_lifetime_t lifetime;
psa_drv_slot_number_t slot_number;
} mbedtls_psa_builtin_key_description_t;
@ -38,28 +38,41 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
#if defined(PSA_CRYPTO_DRIVER_TEST)
/* For testing, assign the AES builtin key slot to the boundary values.
* ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
#else
{0, 0, 0}
#endif
};
psa_status_t mbedtls_psa_platform_get_builtin_key(
psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number )
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
psa_drv_slot_number_t *slot_number )
{
mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes );
psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id );
psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id );
const mbedtls_psa_builtin_key_description_t *builtin_key;
for( size_t i = 0;
@ -68,10 +81,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
builtin_key = &builtin_keys[i];
if( builtin_key->builtin_key_id == app_key_id )
{
psa_set_key_lifetime( attributes,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY,
builtin_key->location ) );
*lifetime = builtin_key->lifetime;
*slot_number = builtin_key->slot_number;
return( PSA_SUCCESS );
}