psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.
The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.
The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.
As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index a9b8624..e526560 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -157,16 +157,15 @@
* past released version must remain valid, unless a migration path
* is provided.
*
- * \param file_id The key identifier to check.
- * \param vendor_ok Nonzero to allow key ids in the vendor range.
- * 0 to allow only key ids in the application range.
+ * \param key The key identifier to check.
+ * \param vendor_ok Nonzero to allow key ids in the vendor range.
+ * 0 to allow only key ids in the application range.
*
- * \return 1 if \p file_id is acceptable, otherwise 0.
+ * \return 1 if \p key is acceptable, otherwise 0.
*/
-static int psa_is_key_id_valid( psa_key_file_id_t file_id,
- int vendor_ok )
+static int psa_is_key_id_valid( mbedtls_svc_key_id_t key, int vendor_ok )
{
- psa_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
+ psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
return( 1 );
else if( vendor_ok &&
@@ -204,7 +203,7 @@
}
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
- psa_key_file_id_t key )
+ mbedtls_svc_key_id_t key )
{
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
@@ -227,7 +226,7 @@
}
}
-psa_status_t psa_open_key( psa_key_file_id_t key, psa_key_handle_t *handle )
+psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
@@ -291,14 +290,14 @@
++stats->volatile_slots;
else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
- psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
+ psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->persistent_slots;
if( id > stats->max_open_internal_key_id )
stats->max_open_internal_key_id = id;
}
else
{
- psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
+ psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->external_slots;
if( id > stats->max_open_external_key_id )
stats->max_open_external_key_id = id;
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 58e7f7c..c6fecbb 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -120,7 +120,6 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
- psa_key_file_id_t key );
-
+ mbedtls_svc_key_id_t key );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 18889a1..b94cfd0 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -55,27 +55,27 @@
/* Key storage */
/****************************************************************/
-/* Determine a file name (ITS file identifier) for the given key file
- * identifier. The file name must be distinct from any file that is used
- * for a purpose other than storing a key. Currently, the only such file
- * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
- * and whose value is 0xFFFFFF52. */
-static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
+/* Determine a file name (ITS file identifier) for the given key identifier.
+ * The file name must be distinct from any file that is used for a purpose
+ * other than storing a key. Currently, the only such file is the random seed
+ * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
+ * 0xFFFFFF52. */
+static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
{
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
defined(PSA_CRYPTO_SECURE)
/* Encode the owner in the upper 32 bits. This means that if
* owner values are nonzero (as they are on a PSA platform),
* no key file will ever have a value less than 0x100000000, so
* the whole range 0..0xffffffff is available for non-key files. */
- uint32_t unsigned_owner = (uint32_t) file_id.owner;
- return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
+ uint32_t unsigned_owner = (uint32_t) key.owner;
+ return( (uint64_t) unsigned_owner << 32 | key.key_id );
#else
/* Use the key id directly as a file name.
- * psa_is_key_file_id_valid() in psa_crypto_slot_management.c
+ * psa_is_key_id_valid() in psa_crypto_slot_management.c
* is responsible for ensuring that key identifiers do not have a
* value that is reserved for non-key files. */
- return( file_id );
+ return( key );
#endif
}
@@ -94,9 +94,8 @@
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
-static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
- uint8_t *data,
- size_t data_size )
+static psa_status_t psa_crypto_storage_load(
+ const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
{
psa_status_t status;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@@ -114,7 +113,7 @@
return( status );
}
-int psa_is_key_present_in_storage( const psa_key_file_id_t key )
+int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
{
psa_status_t ret;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@@ -143,7 +142,7 @@
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_ALREADY_EXISTS
*/
-static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
+static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@@ -184,7 +183,7 @@
return( status );
}
-psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
+psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
{
psa_status_t ret;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@@ -215,7 +214,7 @@
* \retval PSA_ERROR_STORAGE_FAILURE
*/
static psa_status_t psa_crypto_storage_get_data_length(
- const psa_key_file_id_t key,
+ const mbedtls_svc_key_id_t key,
size_t *data_length )
{
psa_status_t status;
@@ -394,7 +393,7 @@
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
- psa_key_file_id_t key = attr->id;
+ mbedtls_svc_key_id_t key = attr->id;
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
if( status != PSA_SUCCESS )
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index c9270a9..de845a7 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -72,7 +72,7 @@
* \retval 1
* Persistent data present for slot number
*/
-int psa_is_key_present_in_storage( const psa_key_file_id_t key );
+int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
/**
* \brief Format key data and metadata and save to a location for given key
@@ -141,7 +141,7 @@
* or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE
*/
-psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key );
+psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
/**
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
@@ -292,7 +292,7 @@
uint16_t unused1;
psa_key_lifetime_t lifetime;
psa_key_slot_number_t slot;
- psa_key_file_id_t id;
+ mbedtls_svc_key_id_t id;
} key;
} psa_crypto_transaction_t;
diff --git a/library/version_features.c b/library/version_features.c
index d2840fa..80263f7 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -417,9 +417,9 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
- "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
-#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+ "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER",
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
"MBEDTLS_MEMORY_DEBUG",
#endif /* MBEDTLS_MEMORY_DEBUG */