Add namespaced key ids to crypto provider
To allow for partitioning of keys stored by an instance of the
crypto provider, a new namespaced_key_id type has been introduced.
Different crypto backends may have their own way or dealing with
key store partitioning or will not support it at all. For example,
mbedtls uses its own key_id type at the psa crypto API that gets
specialized for different build configurations. A crypto client
backend that just exposes the standard psa crypto API doesn't
support any form of partitioning. Functionality is unchanged
by this commit but it prepares for enabling the mbedtls key
owner facility.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: Ia6f25caf231662bf8609b38820ea5afdb9d984c9
diff --git a/components/service/crypto/backend/crypto_backend.h b/components/service/crypto/backend/crypto_backend.h
new file mode 100644
index 0000000..ceb223a
--- /dev/null
+++ b/components/service/crypto/backend/crypto_backend.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CRYPTO_BACKEND_H
+#define CRYPTO_BACKEND_H
+
+/**
+ * The crypto backend implements the backend interface used by a crypto
+ * provider. By default, the backend interface is the standard psa
+ * crypto api with additional functions to provide a common interface
+ * for partitioning the keystore into separate namespaces. Alternative
+ * backends can provide their own version of the interface with overridden
+ * types and keystore namespacing functions.
+ */
+#ifdef ALTERNATIVE_CRYPTO_BACKEND
+#include ALTERNATIVE_CRYPTO_BACKEND
+#else
+#include "default_psa_crypto_backend.h"
+#endif
+
+#endif /* CRYPTO_BACKEND_H */
diff --git a/components/service/crypto/backend/default_psa_crypto_backend.h b/components/service/crypto/backend/default_psa_crypto_backend.h
new file mode 100644
index 0000000..4637010
--- /dev/null
+++ b/components/service/crypto/backend/default_psa_crypto_backend.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef DEFAULT_PSA_CRYPTO_BACKEND_H
+#define DEFAULT_PSA_CRYPTO_BACKEND_H
+
+#include <stdint.h>
+
+/**
+ * Provides the common crypto backend interface, based on the psa crypto
+ * API. To accommodate backend specific overrides to API types, a
+ * backend may provide its own API definitions.
+ */
+#include <psa/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Crypto frontends that support some kind of key id namespacing, should
+ * use this type for key ids. Namespacing allows for partitioning of
+ * the key id namespace. The nature of the partitioning is up to a
+ * crypto frontend. Note that a backend may override this typedef to
+ * suite the backend's handling of namespaces.
+ */
+typedef psa_key_id_t namespaced_key_id_t;
+#define NAMESPACED_KEY_ID_INIT PSA_KEY_ID_NULL
+
+/**
+ * An overridable type for a key id namespace.
+ */
+typedef int32_t key_id_namespace_t;
+#define KEY_ID_NAMESPACE_INIT 0
+
+/**
+ * \brief Initialize a namespaced key id
+ *
+ * This default implementation just discards the namespace.
+ *
+ * \param namespaced_key_id The object to initialize
+ * \param key_namespace The namespace
+ * \param key_id The key id
+ */
+static inline void namespaced_key_id_init(namespaced_key_id_t *namespaced_key_id,
+ key_id_namespace_t key_namespace,
+ psa_key_id_t key_id)
+{
+ (void)key_namespace;
+ *namespaced_key_id = key_id;
+}
+
+/**
+ * \brief Get the key id from a namespaced_key_id_t
+ *
+ * \param namespaced_key_id Namespaced key id
+ * \return Key id without namespace
+ */
+static inline psa_key_id_t namespaced_key_id_get_key_id(namespaced_key_id_t namespaced_key_id)
+{
+ return namespaced_key_id;
+}
+
+/**
+ * \brief Set the key id namespace associated with a key attributes object
+ *
+ * The default implementation discards the namespace
+ *
+ * \param attributes Key attributes object
+ * \param key_namespace Key id namespace
+ */
+static inline void namespaced_key_id_set_namespace(psa_key_attributes_t *attributes,
+ key_id_namespace_t key_namespace)
+{
+ (void)attributes;
+ (void)key_namespace;
+}
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* DEFAULT_PSA_CRYPTO_BACKEND_H */