Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-02-15 14:03:19 +01:00
parent 1f968fdf19
commit 863470a5f9
7 changed files with 30 additions and 30 deletions

View file

@ -1,5 +1,5 @@
Features Features
* The PSA crypto subsystem can now be configured to use less static RAM by * The PSA crypto subsystem can now be configured to use less static RAM by
tweaking the setting for the maximum amount of keys simultaneously in RAM. tweaking the setting for the maximum amount of keys simultaneously in RAM.
PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that can MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that
exist simultaneously. It has a sensible default if not overridden. can exist simultaneously. It has a sensible default if not overridden.

View file

@ -3671,7 +3671,7 @@
*/ */
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
/** \def PSA_KEY_SLOT_COUNT /** \def MBEDTLS_PSA_KEY_SLOT_COUNT
* Restrict the PSA library to supporting a maximum amount of simultaneously * Restrict the PSA library to supporting a maximum amount of simultaneously
* loaded keys. A loaded key is a key stored by the PSA Crypto core as a * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
* volatile key, or a persistent key which is loaded temporarily by the * volatile key, or a persistent key which is loaded temporarily by the
@ -3680,7 +3680,7 @@
* If this option is unset, the library will fall back to a default value of * If this option is unset, the library will fall back to a default value of
* 32 keys. * 32 keys.
*/ */
//#define PSA_KEY_SLOT_COUNT 32 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
/* SSL Cache options */ /* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */

View file

@ -40,8 +40,8 @@ extern "C" {
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
/* See config.h for definition */ /* See config.h for definition */
#if !defined(PSA_KEY_SLOT_COUNT) #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
#define PSA_KEY_SLOT_COUNT 32 #define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif #endif
/** \addtogroup attributes /** \addtogroup attributes

View file

@ -45,7 +45,7 @@
typedef struct typedef struct
{ {
psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT]; psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1; unsigned key_slots_initialized : 1;
} psa_global_data_t; } psa_global_data_t;
@ -128,13 +128,13 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory(
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
{ {
slot = &global_data.key_slots[ slot_idx ]; slot = &global_data.key_slots[ slot_idx ];
if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
break; break;
} }
status = ( slot_idx < PSA_KEY_SLOT_COUNT ) ? status = ( slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT ) ?
PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
} }
@ -161,7 +161,7 @@ void psa_wipe_all_key_slots( void )
{ {
size_t slot_idx; size_t slot_idx;
for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
{ {
psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
slot->lock_count = 1; slot->lock_count = 1;
@ -184,7 +184,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
} }
selected_slot = unlocked_persistent_key_slot = NULL; selected_slot = unlocked_persistent_key_slot = NULL;
for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
{ {
psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
if( ! psa_is_key_slot_occupied( slot ) ) if( ! psa_is_key_slot_occupied( slot ) )
@ -453,7 +453,7 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
memset( stats, 0, sizeof( *stats ) ); memset( stats, 0, sizeof( *stats ) );
for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
{ {
const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
if( psa_is_key_slot_locked( slot ) ) if( psa_is_key_slot_locked( slot ) )

View file

@ -27,8 +27,8 @@
/** Range of volatile key identifiers. /** Range of volatile key identifiers.
* *
* The last PSA_KEY_SLOT_COUNT identifiers of the implementation range * The last #MBEDTLS_PSA_KEY_SLOT_COUNT identifiers of the implementation
* of key identifiers are reserved for volatile key identifiers. * range of key identifiers are reserved for volatile key identifiers.
* A volatile key identifier is equal to #PSA_KEY_ID_VOLATILE_MIN plus the * A volatile key identifier is equal to #PSA_KEY_ID_VOLATILE_MIN plus the
* index of the key slot containing the volatile key definition. * index of the key slot containing the volatile key definition.
*/ */
@ -36,7 +36,7 @@
/** The minimum value for a volatile key identifier. /** The minimum value for a volatile key identifier.
*/ */
#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \ #define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \
PSA_KEY_SLOT_COUNT + 1 ) MBEDTLS_PSA_KEY_SLOT_COUNT + 1 )
/** The maximum value for a volatile key identifier. /** The maximum value for a volatile key identifier.
*/ */

View file

@ -49,7 +49,7 @@ extern "C" {
* - Using the ITS backend, all key ids are ok except 0xFFFFFF52 * - Using the ITS backend, all key ids are ok except 0xFFFFFF52
* (#PSA_CRYPTO_ITS_RANDOM_SEED_UID) for which the file contains the * (#PSA_CRYPTO_ITS_RANDOM_SEED_UID) for which the file contains the
* device's random seed (if this feature is enabled). * device's random seed (if this feature is enabled).
* - Only key ids from 1 to #PSA_KEY_SLOT_COUNT are actually used. * - Only key ids from 1 to #MBEDTLS_PSA_KEY_SLOT_COUNT are actually used.
* *
* Since we need to preserve the random seed, avoid using that key slot. * Since we need to preserve the random seed, avoid using that key slot.
* Reserve a whole range of key slots just in case something else comes up. * Reserve a whole range of key slots just in case something else comes up.

View file

@ -933,9 +933,9 @@ void key_slot_eviction_to_import_new_key( int lifetime_arg )
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
/* /*
* Create PSA_KEY_SLOT_COUNT persistent keys. * Create MBEDTLS_PSA_KEY_SLOT_COUNT persistent keys.
*/ */
for( i = 0; i < PSA_KEY_SLOT_COUNT; i++ ) for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
{ {
key = mbedtls_svc_key_id_make( i, i + 1 ); key = mbedtls_svc_key_id_make( i, i + 1 );
psa_set_key_id( &attributes, key ); psa_set_key_id( &attributes, key );
@ -951,7 +951,7 @@ void key_slot_eviction_to_import_new_key( int lifetime_arg )
* is removed from the RAM key slots. This makes room to store its * is removed from the RAM key slots. This makes room to store its
* description in RAM. * description in RAM.
*/ */
i = PSA_KEY_SLOT_COUNT; i = MBEDTLS_PSA_KEY_SLOT_COUNT;
key = mbedtls_svc_key_id_make( i, i + 1 ); key = mbedtls_svc_key_id_make( i, i + 1 );
psa_set_key_id( &attributes, key ); psa_set_key_id( &attributes, key );
psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_lifetime( &attributes, lifetime );
@ -966,15 +966,15 @@ void key_slot_eviction_to_import_new_key( int lifetime_arg )
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( returned_key_id ) ) ); MBEDTLS_SVC_KEY_ID_GET_KEY_ID( returned_key_id ) ) );
/* /*
* Check that we can export all ( PSA_KEY_SLOT_COUNT + 1 ) keys, * Check that we can export all ( MBEDTLS_PSA_KEY_SLOT_COUNT + 1 ) keys,
* that they have the expected value and destroy them. In that process, * that they have the expected value and destroy them. In that process,
* the description of the persistent key that was evicted from the RAM * the description of the persistent key that was evicted from the RAM
* slots when creating the last key is restored in a RAM slot to export * slots when creating the last key is restored in a RAM slot to export
* its value. * its value.
*/ */
for( i = 0; i <= PSA_KEY_SLOT_COUNT; i++ ) for( i = 0; i <= MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
{ {
if( i < PSA_KEY_SLOT_COUNT ) if( i < MBEDTLS_PSA_KEY_SLOT_COUNT )
key = mbedtls_svc_key_id_make( i, i + 1 ); key = mbedtls_svc_key_id_make( i, i + 1 );
else else
key = returned_key_id; key = returned_key_id;
@ -1005,9 +1005,9 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( )
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t *keys = NULL; mbedtls_svc_key_id_t *keys = NULL;
TEST_ASSERT( PSA_KEY_SLOT_COUNT >= 1 ); TEST_ASSERT( MBEDTLS_PSA_KEY_SLOT_COUNT >= 1 );
ASSERT_ALLOC( keys, PSA_KEY_SLOT_COUNT ); ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT );
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, psa_set_key_usage_flags( &attributes,
@ -1027,10 +1027,10 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( )
TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, persistent_key ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, persistent_key ) );
/* /*
* Create PSA_KEY_SLOT_COUNT volatile keys * Create MBEDTLS_PSA_KEY_SLOT_COUNT volatile keys
*/ */
psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE ); psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE );
for( i = 0; i < PSA_KEY_SLOT_COUNT; i++ ) for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
{ {
PSA_ASSERT( psa_import_key( &attributes, PSA_ASSERT( psa_import_key( &attributes,
(uint8_t *) &i, sizeof( i ), (uint8_t *) &i, sizeof( i ),
@ -1050,12 +1050,12 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( )
* Check we can export the volatile key created last and that it has the * Check we can export the volatile key created last and that it has the
* expected value. Then, destroy it. * expected value. Then, destroy it.
*/ */
PSA_ASSERT( psa_export_key( keys[PSA_KEY_SLOT_COUNT - 1], PSA_ASSERT( psa_export_key( keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1],
exported, sizeof( exported ), exported, sizeof( exported ),
&exported_length ) ); &exported_length ) );
i = PSA_KEY_SLOT_COUNT - 1; i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1;
ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) ); ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) );
PSA_ASSERT( psa_destroy_key( keys[PSA_KEY_SLOT_COUNT - 1] ) ); PSA_ASSERT( psa_destroy_key( keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1] ) );
/* /*
* Check that we can now access the persistent key again. * Check that we can now access the persistent key again.
@ -1078,7 +1078,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( )
* Check we can export the remaining volatile keys and that they have the * Check we can export the remaining volatile keys and that they have the
* expected values. * expected values.
*/ */
for( i = 0; i < ( PSA_KEY_SLOT_COUNT - 1 ); i++ ) for( i = 0; i < ( MBEDTLS_PSA_KEY_SLOT_COUNT - 1 ); i++ )
{ {
PSA_ASSERT( psa_export_key( keys[i], PSA_ASSERT( psa_export_key( keys[i],
exported, sizeof( exported ), exported, sizeof( exported ),