Change signature of mbedtls_psa_platform_get_builtin_key
Instead of the full attributes struct, it now only takes/returns what it
actually needs to.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 34436e4..38d6c20 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -759,14 +759,13 @@
( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
}
-/** Platform function to obtain the data of a built-in key.
+/** Platform function to obtain the location and slot of a built-in key.
*
* An application-specific implementation of this function must be provided if
* #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided
* as part of a platform's system image.
*
- * Call psa_get_key_id(\p attributes) to obtain the key identifier \c key_id.
- * #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) is in the range from
+ * #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) needs to be in the range from
* #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.
*
* In a multi-application configuration
@@ -774,16 +773,15 @@
* this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(\p key_id)
* is allowed to use the given key.
*
- * \param[in,out] attributes On entry, this is #PSA_KEY_ATTRIBUTES_INIT or
- * an equivalent value, except that the key
- * identifier field is set.
- * On successful return, this function must set
- * the attributes of the key: lifetime, type,
- * bit-size, usage policy.
- * \param[out] slot_number On successful return, this function must set
- * this to the slot number known to the driver for
- * the lifetime location reported through
- * \p attributes which corresponds to the
+ * \param key_id The key ID for which to retrieve the
+ * location and slot attributes.
+ * \param[out] lifetime On success, the lifetime associated with the key
+ * corresponding to \p key_id. Lifetime is a
+ * combination of which driver contains the key,
+ * and with what lifecycle the key can be used.
+ * \param[out] slot_number On success, the slot number known to the driver
+ * registered at the lifetime location reported
+ * through \p location which corresponds to the
* requested built-in key.
*
* \retval #PSA_SUCCESS
@@ -801,7 +799,9 @@
* is not allowed to access it.
*/
psa_status_t mbedtls_psa_platform_get_builtin_key(
- psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number );
+ mbedtls_svc_key_id_t key_id,
+ psa_key_lifetime_t *lifetime,
+ psa_drv_slot_number_t *slot_number );
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/** @} */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 68943c1..232e544 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -281,6 +281,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
psa_drv_slot_number_t slot_number = 0;
uint8_t *key_buffer = NULL;
size_t key_buffer_size = 0;
@@ -295,10 +296,14 @@
/* Check the platform function to see whether this key actually exists */
psa_set_key_id( &attributes, slot->attr.id );
- status = mbedtls_psa_platform_get_builtin_key( &attributes, &slot_number );
+ status = mbedtls_psa_platform_get_builtin_key(
+ slot->attr.id, &lifetime, &slot_number );
if( status != PSA_SUCCESS )
return( status );
+ /* Set mapped lifetime on the attributes */
+ psa_set_key_lifetime( &attributes, lifetime );
+
/* If the key should exist according to the platform, load it through the
* driver interface. */
status = psa_driver_wrapper_get_key_buffer_size( &attributes,
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
index 131343a..feccbfd 100644
--- a/tests/src/drivers/platform_builtin_keys.c
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -30,7 +30,7 @@
typedef struct
{
psa_key_id_t builtin_key_id;
- psa_key_location_t location;
+ psa_key_lifetime_t lifetime;
psa_drv_slot_number_t slot_number;
} mbedtls_psa_builtin_key_description_t;
@@ -38,28 +38,41 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
/* For testing, assign the AES builtin key slot to the boundary values.
* ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
#else
{0, 0, 0}
#endif
};
psa_status_t mbedtls_psa_platform_get_builtin_key(
- psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number )
+ mbedtls_svc_key_id_t key_id,
+ psa_key_lifetime_t *lifetime,
+ psa_drv_slot_number_t *slot_number )
{
- mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes );
- psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id );
+ psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id );
const mbedtls_psa_builtin_key_description_t *builtin_key;
for( size_t i = 0;
@@ -68,10 +81,7 @@
builtin_key = &builtin_keys[i];
if( builtin_key->builtin_key_id == app_key_id )
{
- psa_set_key_lifetime( attributes,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY,
- builtin_key->location ) );
+ *lifetime = builtin_key->lifetime;
*slot_number = builtin_key->slot_number;
return( PSA_SUCCESS );
}