TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4a231b8d3b195abad1e8ef28d564a1f69c733a8d^! / .
commit4a231b8d3b195abad1e8ef28d564a1f69c733a8d[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon May 06 18:56:14 2019 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Mon May 06 18:56:14 2019 +0200
treefa873ab1f43876545fdfaba83401c101b4852f98
parent225010fdf77debcdcd8697c330d62038dac20a4e [diff]
Break up key identifiers into user, vendor and reserved ranges

Define a range of key identifiers for use by the application
(0..2^30-1), a range for use by implementations (2^30..2^31), and a
range that is reserved for future use (2^31..2^32-1).

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 424c16e..a62dd8b 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h

@@ -512,6 +512,10 @@
  *
  * Open a handle to a key which was previously created with psa_create_key().
  *
+ * Implementations may provide additional keys that can be opened with
+ * psa_open_key(). Such keys have a key identifier in the vendor range,
+ * as documented in the description of #psa_key_id_t.
+ *
  * \param id            The persistent identifier of the key.
  * \param[out] handle   On success, a handle to a key slot which contains
  *                      the data and metadata loaded from the specified

diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index da6e6b9..44c7c66 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h

@@ -102,6 +102,13 @@
 typedef uint32_t psa_key_lifetime_t;
 
 /** Encoding of identifiers of persistent keys.
+ *
+ * - Applications may freely choose key identifiers in the range
+ *   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+ * - Implementations may define additional key identifiers in the range
+ *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+ * - Key identifiers outside these ranges are reserved for future use
+ *   in future versions of this specification.
  */
 /* Implementation-specific quirk: The Mbed Crypto library can be built as
  * part of a multi-client service that exposes the PSA Crypto API in each

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index eddf632..40172b3 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h

@@ -1440,6 +1440,19 @@
  */
 #define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000001)
 
+/** The minimum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_USER_MIN                     ((psa_key_id_t)0x00000000)
+/** The minimum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_USER_MAX                     ((psa_key_id_t)0x3fffffff)
+/** The minimum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_VENDOR_MIN                   ((psa_key_id_t)0x40000000)
+/** The minimum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_VENDOR_MAX                   ((psa_key_id_t)0x7fffffff)
+
 /**@}*/
 
 /** \defgroup policy Key policies