Implement and test the new key identifier range Only allow creating keys in the application (user) range. Allow opening keys in the implementation (vendor) range as well. Compared with what the implementation allowed, which was undocumented: 0 is now allowed; values from 0x40000000 to 0xfffeffff are now forbidden.

commit: f9666595e147cdb9efcc680cc39d9653f3a61f4c [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon May 06 18:56:30 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon May 06 18:56:30 2019 +0200
tree: bb9b7e0fda86419a4e93cb021c7d09e951f86c2d
parent: 4a231b8d3b195abad1e8ef28d564a1f69c733a8d [diff] [blame]
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 914e2d5..2e459d1 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h

@@ -64,6 +64,8 @@
  *
  * \param lifetime      The lifetime to test.
  * \param id            The key id to test.
+ * \param creating      0 if attempting to open an existing key.
+ *                      Nonzero if attempting to create a key.
  *
  * \retval PSA_SUCCESS
  *         The given parameters are valid.
@@ -74,7 +76,8 @@
  */
 psa_status_t psa_validate_persistent_key_parameters(
     psa_key_lifetime_t lifetime,
-    psa_key_file_id_t id );
+    psa_key_file_id_t id,
+    int creating );
 
 
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
commit	f9666595e147cdb9efcc680cc39d9653f3a61f4c	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon May 06 18:56:30 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon May 06 18:56:30 2019 +0200
tree	bb9b7e0fda86419a4e93cb021c7d09e951f86c2d
parent	4a231b8d3b195abad1e8ef28d564a1f69c733a8d [diff] [blame]