TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5b229a06f4501147f5260a05c57b93e80ec0f2ca^! / . / include / psa
commit5b229a06f4501147f5260a05c57b93e80ec0f2ca[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Tue Feb 19 13:24:37 2019 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Feb 20 12:52:07 2019 +0100
tree5ea7904e9cd32f36537cc355478c9296ea1eb4a8
parente988a66b5b74629a15de043b9ceacf0d7209def7 [diff]
Support encoding an owner in key file IDs

Differentiate between _key identifiers_, which are always `uint32_t`,
and _key file identifiers_, which are platform-dependent. Normally,
the two are the same.

In `psa/crypto_platform.h`, define `psa_app_key_id_t` (which is always
32 bits, the standard key identifier type) and
`psa_key_file_id_t` (which will be different in some service builds).
A subsequent commit will introduce a platform where the two are different.

It would make sense for the function declarations in `psa/crypto.h` to
use `psa_key_file_id_t`. However this file is currently part of the
PSA Crypto API specification, so it must stick to the standard type
`psa_key_id_t`. Hence, as long as the specification and Mbed Crypto
are not separate, use the implementation-specific file
`psa/crypto_platform.h` to define `psa_key_id_t` as `psa_key_file_id_t`.

In the library, systematically use `psa_key_file_id_t`.

    perl -i -pe 's/psa_key_id_t/psa_key_file_id_t/g' library/*.[hc]

diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 50ca546..0f3ede8 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h

@@ -49,4 +49,27 @@
 /* Integral type representing a key handle. */
 typedef uint16_t psa_key_handle_t;
 
+/* This implementation distinguishes *application key identifiers*, which
+ * are the key identifiers specified by the application, from
+ * *key file identifiers*, which are the key identifiers that the library
+ * sees internally. The two types can be different if there is a remote
+ * call layer between the application and the library which supports
+ * multiple client applications that do not have access to each others'
+ * keys. The point of having different types is that the key file
+ * identifier may encode not only the key identifier specified by the
+ * application, but also the the identity of the application.
+ *
+ * Note that this is an internal concept of the library and the remote
+ * call layer. The application itself never sees anything other than
+ * #psa_app_key_id_t with its standard definition.
+ */
+
+/* The application key identifier is always what the application sees as
+ * #psa_key_id_t. */
+typedef uint32_t psa_app_key_id_t;
+
+/* By default, a key file identifier is just the application key identifier. */
+typedef psa_app_key_id_t psa_key_file_id_t;
+#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
+
 #endif /* PSA_CRYPTO_PLATFORM_H */