commit 5b229a06f4501147f5260a05c57b93e80ec0f2ca
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Feb 19 13:24:37 2019 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Feb 20 12:52:07 2019 +0100
tree 5ea7904e9cd32f36537cc355478c9296ea1eb4a8
parent e988a66b5b74629a15de043b9ceacf0d7209def7

Support encoding an owner in key file IDs

Differentiate between _key identifiers_, which are always `uint32_t`,
and _key file identifiers_, which are platform-dependent. Normally,
the two are the same.

In `psa/crypto_platform.h`, define `psa_app_key_id_t` (which is always
32 bits, the standard key identifier type) and
`psa_key_file_id_t` (which will be different in some service builds).
A subsequent commit will introduce a platform where the two are different.

It would make sense for the function declarations in `psa/crypto.h` to
use `psa_key_file_id_t`. However this file is currently part of the
PSA Crypto API specification, so it must stick to the standard type
`psa_key_id_t`. Hence, as long as the specification and Mbed Crypto
are not separate, use the implementation-specific file
`psa/crypto_platform.h` to define `psa_key_id_t` as `psa_key_file_id_t`.

In the library, systematically use `psa_key_file_id_t`.

    perl -i -pe 's/psa_key_id_t/psa_key_file_id_t/g' library/*.[hc]

library/psa_crypto_slot_management.c

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index a9458b0..227fb5f 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -189,12 +189,13 @@
  * past released version must remain valid, unless a migration path
  * is provided.
  *
- * \param key_id        The key identifier to check.
+ * \param file_id       The key identifier to check.
  *
- * \return              1 if \p key_id is acceptable, otherwise 0.
+ * \return              1 if \p file_id is acceptable, otherwise 0.
  */
-static int psa_is_key_id_valid( psa_key_id_t key_id )
+static int psa_is_key_id_valid( psa_key_file_id_t file_id )
 {
+    psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
     /* Reject id=0 because by general library conventions, 0 is an invalid
      * value wherever possible. */
     if( key_id == 0 )
@@ -226,7 +227,7 @@
  * \retval #PSA_ERROR_STORAGE_FAILURE
  */
 static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
-                                                      psa_key_id_t id )
+                                                      psa_key_file_id_t id )
 {
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     psa_key_slot_t *slot;
@@ -253,7 +254,7 @@
 }
 
 static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
-                                          psa_key_id_t id,
+                                          psa_key_file_id_t id,
                                           psa_key_handle_t *handle,
                                           psa_status_t wanted_load_status )
 {
@@ -278,14 +279,14 @@
 }
 
 psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
-                           psa_key_id_t id,
+                           psa_key_file_id_t id,
                            psa_key_handle_t *handle )
 {
     return( persistent_key_setup( lifetime, id, handle, PSA_SUCCESS ) );
 }
 
 psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
-                             psa_key_id_t id,
+                             psa_key_file_id_t id,
                              psa_key_handle_t *handle )
 {
     psa_status_t status;