commit cf56a0a320469a28d8b825f7f028fa5ea01c2ac3
author Ronald Cron <ronald.cron@arm.com> Tue Aug 04 09:51:30 2020 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Nov 10 16:00:41 2020 +0100
tree 0cd43a8e9d659c43019ddb19d76f57b12dd1dc85
parent e4f6d5c5fe5b2ac9fa93c067d4553754f6a8a02b

psa: Move from key handle to key identifier

Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/pk_wrap.c

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index a40734b..107e912 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -543,7 +543,7 @@
     mbedtls_ecdsa_context *ctx = ctx_arg;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT;
+    psa_key_id_t key_id = 0;
     psa_status_t status;
     mbedtls_pk_context key;
     int key_len;
@@ -576,7 +576,7 @@
 
     status = psa_import_key( &attributes,
                              buf + sizeof( buf ) - key_len, key_len,
-                             &key_handle );
+                             &key_id );
     if( status != PSA_SUCCESS )
     {
         ret = mbedtls_psa_err_translate_pk( status );
@@ -598,7 +598,7 @@
         goto cleanup;
     }
 
-    if( psa_verify_hash( key_handle, psa_sig_md,
+    if( psa_verify_hash( key_id, psa_sig_md,
                          hash, hash_len,
                          buf, 2 * signature_part_size )
          != PSA_SUCCESS )
@@ -615,7 +615,7 @@
     ret = 0;
 
 cleanup:
-    psa_destroy_key( key_handle );
+    psa_destroy_key( key_id );
     return( ret );
 }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -870,7 +870,7 @@
 
 static void *pk_opaque_alloc_wrap( void )
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) );
+    void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) );
 
     /* no _init() function to call, an calloc() already zeroized */
 
@@ -879,13 +879,13 @@
 
 static void pk_opaque_free_wrap( void *ctx )
 {
-    mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) );
+    mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) );
     mbedtls_free( ctx );
 }
 
 static size_t pk_opaque_get_bitlen( const void *ctx )
 {
-    const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
+    const psa_key_id_t *key = (const psa_key_id_t *) ctx;
     size_t bits;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -1008,7 +1008,7 @@
     ((void) p_rng);
     return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 #else /* !MBEDTLS_ECDSA_C */
-    const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
+    const psa_key_id_t *key = (const psa_key_id_t *) ctx;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
     size_t buf_len;