psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.
Update the library modules using PSA crypto APIs
to get rid of key handles.
Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index d283108..2484c01 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -134,7 +134,7 @@
typedef struct
{
psa_algorithm_t alg;
- psa_key_handle_t slot;
+ psa_key_id_t slot;
mbedtls_cipher_psa_key_ownership slot_state;
} mbedtls_cipher_context_psa;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 22fab13..7d0f977 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -331,12 +331,13 @@
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key handle).
+ * (context already used, invalid key identifier).
* \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
* ECC key pair.
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key );
+int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
+ const psa_key_id_t key );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -858,9 +859,9 @@
*
* \param pk Input: the EC key to import to a PSA key.
* Output: a PK context wrapping that PSA key.
- * \param handle Output: a PSA key handle.
+ * \param key Output: a PSA key identifier.
* It's the caller's responsibility to call
- * psa_destroy_key() on that handle after calling
+ * psa_destroy_key() on that key identifier after calling
* mbedtls_pk_free() on the PK context.
* \param hash_alg The hash algorithm to allow for use with that key.
*
@@ -868,7 +869,7 @@
* \return An Mbed TLS error code otherwise.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_handle_t *handle,
+ psa_key_id_t *key,
psa_algorithm_t hash_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1b4e163..e4af30a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1063,11 +1063,12 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK.
- * This field should only be set via
- * mbedtls_ssl_conf_psk_opaque().
- * If either no PSK or a raw PSK have
- * been configured, this has value \c 0. */
+ psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
+ * should only be set via
+ * mbedtls_ssl_conf_psk_opaque().
+ * If either no PSK or a raw PSK have been
+ * configured, this has value \c 0.
+ */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< The raw pre-shared key. This field should
@@ -2814,7 +2815,7 @@
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_handle_t psk,
+ psa_key_id_t psk,
const unsigned char *psk_identity,
size_t psk_identity_len );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -2860,7 +2861,7 @@
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_handle_t psk );
+ psa_key_id_t psk );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 015b53c..9f8d717 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -443,7 +443,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t ecdh_psa_type;
uint16_t ecdh_bits;
- psa_key_handle_t ecdh_psa_privkey;
+ psa_key_id_t ecdh_psa_privkey;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -462,7 +462,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_handle_t psk_opaque; /*!< Opaque PSK from the callback */
+ psa_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< PSK from the callback */
size_t psk_len; /*!< Length of PSK from callback */
@@ -1061,16 +1061,16 @@
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
* Return an opaque PSK
*/
-static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk(
+static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
const mbedtls_ssl_context *ssl )
{
- if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) )
+ if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
return( ssl->handshake->psk_opaque );
- if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) )
+ if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
return( ssl->conf->psk_opaque );
- return( PSA_KEY_HANDLE_INIT );
+ return( MBEDTLS_SVC_KEY_ID_INIT );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */