yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-19 11:27:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

PSA crypto service: encode the key owner (ITS backend only)

Browse source 
When building for the PSA crypto service (defined(PSA_CRYPTO_SECURE)),
define psa_key_owner_id_t as int32_t, which is how a PSA platform
encodes partition identity. Note that this only takes effect when the
build option MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is active.

Support this configuration in the ITS backend.
This commit is contained in:
Gilles Peskine 2019-02-19 14:16:17 +01:00
parent 69d7c8b2d7
commit 572f067205
2 changed files with 27 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/psa/crypto_platform.h
View file

@ -70,6 +70,12 @@ typedef uint32_t psa_app_key_id_t;
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
#if defined(PSA_CRYPTO_SECURE)
/* Building for the PSA Crypto service on a PSA platform. */
/* A key owner is a PSA partition identifier. */
typedef int32_t psa_key_owner_id_t;
#endif
typedef struct typedef struct
{ {
uint32_t key_id; uint32_t key_id;

23
library/psa_crypto_storage_its.c
View file

@ -36,9 +36,28 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#endif #endif
static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t key ) /* Determine a file name (ITS file identifier) for the given key file
* identifier. The file name must be distinct from any file that is used
* for a purpose other than storing a key. Currently, the only such file
* is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
* and whose value is 0xFFFFFF52. */
static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
{ {
return( key ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
defined(PSA_CRYPTO_SECURE)
/* Encode the owner in the upper 32 bits. This means that if
* owner values are nonzero (as they are on a PSA platform),
* no key file will ever have a value less than 0x100000000, so
* the whole range 0..0xffffffff is available for non-key files. */
uint32_t unsigned_owner = (uint32_t) file_id.owner;
return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
#else
/* Use the key id directly as a file name.
* psa_is_key_file_id_valid() in psa_crypto_slot_management.c
* is responsible for ensuring that key identifiers do not have a
* value that is reserved for non-key files. */
return( file_id );
#endif
} }
psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data, psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,