Move more slot management functions to the proper module
Move psa_load_persistent_key_into_slot,
psa_internal_make_key_persistent and psa_internal_release_key_slot to
the slot management module.
Expose psa_import_key_into_slot from the core.
After this commit, there are no longer any functions declared in
psa_crypto_slot_management.h and defined in psa_crypto.c. There are
still function calls in both directions between psa_crypto.c and
psa_crypto_slot_management.c.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0ac1c27..2c49ead 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -611,9 +611,9 @@
/** Import key data into a slot. `slot->type` must have been set
* previously. This function assumes that the slot does not contain
* any key material yet. On failure, the slot content is unchanged. */
-static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
- const uint8_t *data,
- size_t data_length )
+psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length )
{
psa_status_t status = PSA_SUCCESS;
@@ -692,27 +692,6 @@
return( PSA_SUCCESS );
}
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
-{
- psa_status_t status = PSA_SUCCESS;
- uint8_t *key_data = NULL;
- size_t key_data_length = 0;
-
- status = psa_load_persistent_key( p_slot->persistent_storage_id,
- &( p_slot )->type,
- &( p_slot )->policy, &key_data,
- &key_data_length );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_import_key_into_slot( p_slot,
- key_data, key_data_length );
-exit:
- psa_free_persistent_key_data( key_data, key_data_length );
- return( status );
-}
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
/* Retrieve an empty key slot (slot with no key data, but possibly
* with some metadata such as a policy). */
static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
@@ -817,51 +796,6 @@
return( status );
}
-psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
- psa_key_id_t id )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- psa_key_slot_t *slot;
- psa_status_t status;
-
- /* Reject id=0 because by general library conventions, 0 is an invalid
- * value wherever possible. */
- if( id == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- /* Reject high values because the file names are reserved for the
- * library's internal use. */
- if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- status = psa_get_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
- slot->persistent_storage_id = id;
- status = psa_load_persistent_key_into_slot( slot );
-
- return( status );
-
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
- (void) handle;
- (void) id;
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
-}
-
-psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
-{
- psa_key_slot_t *slot;
- psa_status_t status;
-
- status = psa_get_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- return( psa_wipe_key_slot( slot ) );
-}
-
psa_status_t psa_import_key( psa_key_handle_t handle,
psa_key_type_t type,
const uint8_t *data,
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index ba66235..24140b5 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -63,4 +63,11 @@
* Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+/** Import key data into a slot. `slot->type` must have been set
+ * previously. This function assumes that the slot does not contain
+ * any key material yet. On failure, the slot content is unchanged. */
+psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length );
+
#endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6d5c7d4..f623cc9 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -119,6 +119,28 @@
return( PSA_ERROR_INSUFFICIENT_MEMORY );
}
+/** Wipe a key slot and mark it as available.
+ *
+ * This does not affect persistent storage.
+ *
+ * \param handle The key slot number to release.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ return( psa_wipe_key_slot( slot ) );
+}
+
psa_status_t psa_allocate_key( psa_key_type_t type,
size_t max_bits,
psa_key_handle_t *handle )
@@ -130,6 +152,78 @@
return( psa_internal_allocate_key_slot( handle ) );
}
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
+{
+ psa_status_t status = PSA_SUCCESS;
+ uint8_t *key_data = NULL;
+ size_t key_data_length = 0;
+
+ status = psa_load_persistent_key( p_slot->persistent_storage_id,
+ &( p_slot )->type,
+ &( p_slot )->policy, &key_data,
+ &key_data_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = psa_import_key_into_slot( p_slot,
+ key_data, key_data_length );
+exit:
+ psa_free_persistent_key_data( key_data, key_data_length );
+ return( status );
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+/** Declare a slot as persistent and load it from storage.
+ *
+ * This function may only be called immediately after a successful call
+ * to psa_internal_allocate_key_slot().
+ *
+ * \param handle A handle to a key slot freshly allocated with
+ * psa_internal_allocate_key_slot().
+ *
+ * \retval #PSA_SUCCESS
+ * The slot content was loaded successfully.
+ * \retval #PSA_ERROR_EMPTY_SLOT
+ * There is no content for this slot in persistent storage.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p id is not acceptable.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ */
+static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
+ psa_key_id_t id )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ /* Reject id=0 because by general library conventions, 0 is an invalid
+ * value wherever possible. */
+ if( id == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ /* Reject high values because the file names are reserved for the
+ * library's internal use. */
+ if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+ slot->persistent_storage_id = id;
+ status = psa_load_persistent_key_into_slot( slot );
+
+ return( status );
+
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+ (void) handle;
+ (void) id;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+}
+
static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle,
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index ee37a20..a2e52ba 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -37,43 +37,4 @@
* storage. */
void psa_wipe_all_key_slots( void );
-/** \defgroup core_slot_management Internal functions exposed by the core
- * @{
- */
-
-/** Wipe an a key slot and mark it as available.
- *
- * This does not affect persistent storage.
- *
- * \param handle The key slot number to release.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle );
-
-/** Declare a slot as persistent and load it from storage.
- *
- * This function may only be called immediately after a successful call
- * to psa_internal_allocate_key_slot().
- *
- * \param handle A handle to a key slot freshly allocated with
- * psa_internal_allocate_key_slot().
- *
- * \retval #PSA_SUCCESS
- * The slot content was loaded successfully.
- * \retval #PSA_ERROR_EMPTY_SLOT
- * There is no content for this slot in persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p id is not acceptable.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_STORAGE_FAILURE
- */
-psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
- psa_key_id_t id );
-
-/**@}*/
-
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */