mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 11:05:29 +00:00
Support encoding an owner in key file IDs
Differentiate between _key identifiers_, which are always `uint32_t`, and _key file identifiers_, which are platform-dependent. Normally, the two are the same. In `psa/crypto_platform.h`, define `psa_app_key_id_t` (which is always 32 bits, the standard key identifier type) and `psa_key_file_id_t` (which will be different in some service builds). A subsequent commit will introduce a platform where the two are different. It would make sense for the function declarations in `psa/crypto.h` to use `psa_key_file_id_t`. However this file is currently part of the PSA Crypto API specification, so it must stick to the standard type `psa_key_id_t`. Hence, as long as the specification and Mbed Crypto are not separate, use the implementation-specific file `psa/crypto_platform.h` to define `psa_key_id_t` as `psa_key_file_id_t`. In the library, systematically use `psa_key_file_id_t`. perl -i -pe 's/psa_key_id_t/psa_key_file_id_t/g' library/*.[hc]
This commit is contained in:
parent
e988a66b5b
commit
5b229a06f4
|
@ -49,4 +49,27 @@
|
|||
/* Integral type representing a key handle. */
|
||||
typedef uint16_t psa_key_handle_t;
|
||||
|
||||
/* This implementation distinguishes *application key identifiers*, which
|
||||
* are the key identifiers specified by the application, from
|
||||
* *key file identifiers*, which are the key identifiers that the library
|
||||
* sees internally. The two types can be different if there is a remote
|
||||
* call layer between the application and the library which supports
|
||||
* multiple client applications that do not have access to each others'
|
||||
* keys. The point of having different types is that the key file
|
||||
* identifier may encode not only the key identifier specified by the
|
||||
* application, but also the the identity of the application.
|
||||
*
|
||||
* Note that this is an internal concept of the library and the remote
|
||||
* call layer. The application itself never sees anything other than
|
||||
* #psa_app_key_id_t with its standard definition.
|
||||
*/
|
||||
|
||||
/* The application key identifier is always what the application sees as
|
||||
* #psa_key_id_t. */
|
||||
typedef uint32_t psa_app_key_id_t;
|
||||
|
||||
/* By default, a key file identifier is just the application key identifier. */
|
||||
typedef psa_app_key_id_t psa_key_file_id_t;
|
||||
#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
|
||||
|
||||
#endif /* PSA_CRYPTO_PLATFORM_H */
|
||||
|
|
|
@ -41,7 +41,7 @@ typedef struct
|
|||
psa_key_type_t type;
|
||||
psa_key_policy_t policy;
|
||||
psa_key_lifetime_t lifetime;
|
||||
psa_key_id_t persistent_storage_id;
|
||||
psa_key_file_id_t persistent_storage_id;
|
||||
unsigned allocated : 1;
|
||||
union
|
||||
{
|
||||
|
|
|
@ -189,12 +189,13 @@ exit:
|
|||
* past released version must remain valid, unless a migration path
|
||||
* is provided.
|
||||
*
|
||||
* \param key_id The key identifier to check.
|
||||
* \param file_id The key identifier to check.
|
||||
*
|
||||
* \return 1 if \p key_id is acceptable, otherwise 0.
|
||||
* \return 1 if \p file_id is acceptable, otherwise 0.
|
||||
*/
|
||||
static int psa_is_key_id_valid( psa_key_id_t key_id )
|
||||
static int psa_is_key_id_valid( psa_key_file_id_t file_id )
|
||||
{
|
||||
psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
|
||||
/* Reject id=0 because by general library conventions, 0 is an invalid
|
||||
* value wherever possible. */
|
||||
if( key_id == 0 )
|
||||
|
@ -226,7 +227,7 @@ static int psa_is_key_id_valid( psa_key_id_t key_id )
|
|||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
|
||||
psa_key_id_t id )
|
||||
psa_key_file_id_t id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
psa_key_slot_t *slot;
|
||||
|
@ -253,7 +254,7 @@ static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
|
|||
}
|
||||
|
||||
static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
|
||||
psa_key_id_t id,
|
||||
psa_key_file_id_t id,
|
||||
psa_key_handle_t *handle,
|
||||
psa_status_t wanted_load_status )
|
||||
{
|
||||
|
@ -278,14 +279,14 @@ static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
|
|||
}
|
||||
|
||||
psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
|
||||
psa_key_id_t id,
|
||||
psa_key_file_id_t id,
|
||||
psa_key_handle_t *handle )
|
||||
{
|
||||
return( persistent_key_setup( lifetime, id, handle, PSA_SUCCESS ) );
|
||||
}
|
||||
|
||||
psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
|
||||
psa_key_id_t id,
|
||||
psa_key_file_id_t id,
|
||||
psa_key_handle_t *handle )
|
||||
{
|
||||
psa_status_t status;
|
||||
|
|
|
@ -148,7 +148,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
|
||||
psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
|
||||
const psa_key_type_t type,
|
||||
const psa_key_policy_t *policy,
|
||||
const uint8_t *data,
|
||||
|
@ -186,7 +186,7 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
|
|||
mbedtls_free( key_data );
|
||||
}
|
||||
|
||||
psa_status_t psa_load_persistent_key( psa_key_id_t key,
|
||||
psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
|
||||
psa_key_type_t *type,
|
||||
psa_key_policy_t *policy,
|
||||
uint8_t **data,
|
||||
|
|
|
@ -86,7 +86,7 @@ extern "C" {
|
|||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval PSA_ERROR_ALREADY_EXISTS
|
||||
*/
|
||||
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
|
||||
psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
|
||||
const psa_key_type_t type,
|
||||
const psa_key_policy_t *policy,
|
||||
const uint8_t *data,
|
||||
|
@ -117,7 +117,7 @@ psa_status_t psa_save_persistent_key( const psa_key_id_t key,
|
|||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval PSA_ERROR_DOES_NOT_EXIST
|
||||
*/
|
||||
psa_status_t psa_load_persistent_key( psa_key_id_t key,
|
||||
psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
|
||||
psa_key_type_t *type,
|
||||
psa_key_policy_t *policy,
|
||||
uint8_t **data,
|
||||
|
@ -134,7 +134,7 @@ psa_status_t psa_load_persistent_key( psa_key_id_t key,
|
|||
* or the key did not exist.
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key );
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key );
|
||||
|
||||
/**
|
||||
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
|
||||
|
|
|
@ -56,7 +56,7 @@ extern "C" {
|
|||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval PSA_ERROR_DOES_NOT_EXIST
|
||||
*/
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,
|
||||
size_t data_size );
|
||||
|
||||
/**
|
||||
|
@ -75,7 +75,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
|
|||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval PSA_ERROR_ALREADY_EXISTS
|
||||
*/
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
|
||||
const uint8_t *data,
|
||||
size_t data_length );
|
||||
|
||||
|
@ -92,7 +92,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
|
|||
* \retval 1
|
||||
* Persistent data present for slot number
|
||||
*/
|
||||
int psa_is_key_present_in_storage( const psa_key_id_t key );
|
||||
int psa_is_key_present_in_storage( const psa_key_file_id_t key );
|
||||
|
||||
/**
|
||||
* \brief Get data length for given key slot number.
|
||||
|
@ -104,7 +104,7 @@ int psa_is_key_present_in_storage( const psa_key_id_t key );
|
|||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key,
|
||||
size_t *data_length );
|
||||
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
|
||||
|
||||
static void key_id_to_location( const psa_key_id_t key,
|
||||
static void key_id_to_location( const psa_key_file_id_t key,
|
||||
char *location,
|
||||
size_t location_size )
|
||||
{
|
||||
|
@ -58,7 +58,7 @@ static void key_id_to_location( const psa_key_id_t key,
|
|||
(unsigned long) key );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,
|
||||
size_t data_size )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
|
@ -83,7 +83,7 @@ exit:
|
|||
return( status );
|
||||
}
|
||||
|
||||
int psa_is_key_present_in_storage( const psa_key_id_t key )
|
||||
int psa_is_key_present_in_storage( const psa_key_file_id_t key )
|
||||
{
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
FILE *file;
|
||||
|
@ -101,7 +101,7 @@ int psa_is_key_present_in_storage( const psa_key_id_t key )
|
|||
return( 1 );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
|
@ -156,7 +156,7 @@ exit:
|
|||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
|
||||
{
|
||||
FILE *file;
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
|
@ -175,7 +175,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key,
|
||||
size_t *data_length )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
|
|
|
@ -36,12 +36,12 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#endif
|
||||
|
||||
static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
|
||||
static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t key )
|
||||
{
|
||||
return( key );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,
|
||||
size_t data_size )
|
||||
{
|
||||
psa_status_t status;
|
||||
|
@ -57,7 +57,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
|
|||
return( status );
|
||||
}
|
||||
|
||||
int psa_is_key_present_in_storage( const psa_key_id_t key )
|
||||
int psa_is_key_present_in_storage( const psa_key_file_id_t key )
|
||||
{
|
||||
psa_status_t ret;
|
||||
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
|
||||
|
@ -70,7 +70,7 @@ int psa_is_key_present_in_storage( const psa_key_id_t key )
|
|||
return( 1 );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
|
@ -105,7 +105,7 @@ exit:
|
|||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
|
||||
{
|
||||
psa_status_t ret;
|
||||
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
|
||||
|
@ -125,7 +125,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key,
|
||||
size_t *data_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
|
|
Loading…
Reference in a new issue