psa: Use psa_key_file_id_t as the key id type
The purpose of this commit and the following is for
psa_key_id_t to always be as defined by the PSA
Cryptography API specification.
Currently psa_key_id_t departs from its specification
definition when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration flag is set. In that configuration, it is set
to be equal to psa_key_file_id_t which in that configuration
encodes an owner identifier along the key identifier.
Type psa_key_file_id_t was meant to be the key identifier type
used throughout the library code. If
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set it
includes both a key and owner identifier, otherwise it is
equal to psa_key_id_t.
It has not been the key identifier type throughout the
library so far because when the PSA Cryptography
specification was developped the library Doxygen
documentation was used to generate the PSA Cryptography API
specification thus the need to use psa_key_id_t and not
psa_key_file_id_t.
As this constraint does not hold anymore, move
to psa_key_file_id_t as the key identifier type throughout
the library code.
By the way, this commit updates the key identifier
initialization in the tests to be compatible with a
composit key identifier. A psa_key_id_make()
inline function is introduced to initialize key
identifiers (composit ot not) at runtime.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index a316166..c8eb08b 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -146,11 +146,11 @@
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once.
*
- * \param[out] attributes The attribute structure to write to.
- * \param id The persistent identifier for the key.
+ * \param[out] attributes The attribute structure to write to.
+ * \param key The persistent identifier for the key.
*/
static void psa_set_key_id(psa_key_attributes_t *attributes,
- psa_key_id_t id);
+ psa_key_file_id_t key);
/** Set the location of a persistent key.
*
@@ -192,7 +192,7 @@
* This value is unspecified if the attribute structure declares
* the key as volatile.
*/
-static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
+static psa_key_file_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
/** Retrieve the lifetime from key attributes.
*
@@ -392,8 +392,9 @@
* with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
* always has a nonzero key identifier, set with psa_set_key_id() when
* creating the key. Implementations may provide additional pre-provisioned
- * keys that can be opened with psa_open_key(). Such keys have a key identifier
- * in the vendor range, as documented in the description of #psa_key_id_t.
+ * keys that can be opened with psa_open_key(). Such keys have an application
+ * key identifier in the vendor range, as documented in the description of
+ * #psa_key_id_t.
*
* The application must eventually close the handle with psa_close_key() or
* psa_destroy_key() to release associated resources. If the application dies
@@ -408,7 +409,7 @@
* portable to implementations that only permit a single key handle to be
* opened. See also :ref:\`key-handles\`.
*
- * \param id The persistent identifier of the key.
+ * \param key The persistent identifier of the key.
* \param[out] handle On success, a handle to the key.
*
* \retval #PSA_SUCCESS
@@ -436,8 +437,7 @@
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_open_key(psa_key_id_t id,
- psa_key_handle_t *handle);
+psa_status_t psa_open_key(psa_key_file_id_t key, psa_key_handle_t *handle);
/** Close a key handle.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 67c53db..267b050 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -330,7 +330,7 @@
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
- psa_key_id_t id;
+ psa_key_file_id_t id;
psa_key_policy_t policy;
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
@@ -360,14 +360,14 @@
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
- psa_key_id_t id)
+ psa_key_file_id_t key)
{
- attributes->core.id = id;
+ attributes->core.id = key;
if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
}
-static inline psa_key_id_t psa_get_key_id(
+static inline psa_key_file_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
return( attributes->core.id );
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index f8811ad..4603a1d 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -37,6 +37,11 @@
#include <stdint.h>
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
/** \defgroup error Error codes
* @{
*/
@@ -125,7 +130,7 @@
* implementation-specific device management event occurs (for example,
* a factory reset).
*
- * Persistent keys have a key identifier of type #psa_key_id_t.
+ * Persistent keys have a key identifier of type #psa_key_file_id_t.
* This identifier remains valid throughout the lifetime of the key,
* even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
@@ -239,6 +244,19 @@
#define PSA_KEY_ID_INIT 0
#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
+/** Utility to initialize a key file identifier at runtime.
+ *
+ * \param unused Unused parameter.
+ * \param key_id Identifier of the key.
+ */
+static inline psa_key_file_id_t psa_key_file_id_make(
+ unsigned int unused, psa_key_id_t key_id )
+{
+ (void)unused;
+
+ return( key_id );
+}
+
#else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
typedef struct
{
@@ -246,16 +264,21 @@
psa_key_owner_id_t owner;
} psa_key_file_id_t;
-/* Since crypto.h is used as part of the PSA Cryptography API specification,
- * it must use standard types for things like the argument of psa_open_key().
- * If it wasn't for that constraint, psa_open_key() would take a
- * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an
- * alias for `psa_key_file_id_t` when building for a multi-client service. */
-typedef psa_key_file_id_t psa_key_id_t;
-
#define PSA_KEY_ID_INIT {0, 0}
#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id )
+/** Utility to initialize a key file identifier at runtime.
+ *
+ * \param owner_id Identifier of the key owner.
+ * \param key_id Identifier of the key.
+ */
+static inline psa_key_file_id_t psa_key_file_id_make(
+ psa_key_owner_id_t owner_id, uint32_t key_id )
+{
+ return( (psa_key_file_id_t){ .key_id = key_id,
+ .owner = owner_id } );
+}
+
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
/**@}*/