Crypto: Support key ID without encoding key owner ID
Enable dealing with Mbed TLS key ID without encoding key owner ID when
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is deselected.
Deselect MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in TF-M Profile Small.
It is usually not enforced to isolate clients in non-secure or secure
side in very simple usage scenario on platforms with ultra-constrainted
resource.
Also disable handle_owner[] if MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
is deselected. Modify the crypto_key.c implementation accordingly.
Change-Id: Ie890473126be62d9f07c618b757d3818dfc4f8dd
Signed-off-by: David Hu <david.hu@arm.com>
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index 2e1d7f8..38fda1b 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -339,7 +339,7 @@
psa_key_derivation_operation_t *operation = NULL;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id, NULL);
+ status = tfm_crypto_check_handle_owner(key_id);
if (status != PSA_SUCCESS) {
return status;
}
@@ -421,7 +421,11 @@
status = psa_key_derivation_output_key(&key_attributes, operation,
&encoded_key);
}
+#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*key_handle = encoded_key.key_id;
+#else
+ *key_handle = (psa_key_id_t)encoded_key;
+#endif
if (status == PSA_SUCCESS) {
status = tfm_crypto_set_key_storage(index, *key_handle);
@@ -509,7 +513,7 @@
psa_key_derivation_step_t step = iov->step;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(private_key, NULL);
+ status = tfm_crypto_check_handle_owner(private_key);
if (status != PSA_SUCCESS) {
return status;
}
@@ -557,7 +561,7 @@
size_t peer_key_length = in_vec[1].len;
mbedtls_svc_key_id_t encoded_key;
- psa_status_t status = tfm_crypto_check_handle_owner(private_key, NULL);
+ psa_status_t status = tfm_crypto_check_handle_owner(private_key);
if (status != PSA_SUCCESS) {
return status;