Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.
The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6303473..8ef851b 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -64,36 +64,41 @@
( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
return( PSA_SUCCESS );
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return( PSA_ERROR_INVALID_HANDLE );
}
-/* Access a key slot at the given handle. The handle of a key slot is
- * the index of the slot in the global slot array, plus one so that handles
- * start at 1 and not 0. */
-psa_status_t psa_get_key_slot( psa_key_handle_t handle,
- psa_key_slot_t **p_slot )
+static psa_key_slot_t* psa_get_slot_from_volatile_key_id(
+ mbedtls_svc_key_id_t key )
{
- psa_key_slot_t *slot = NULL;
+ psa_key_slot_t *slot;
+ psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
- if( ! global_data.key_slots_initialized )
- return( PSA_ERROR_BAD_STATE );
+ if( ( key_id < PSA_KEY_ID_VOLATILE_MIN ) ||
+ ( key_id > PSA_KEY_ID_VOLATILE_MAX ) )
+ return( NULL );
- /* 0 is not a valid handle under any circumstance. This
- * implementation provides slots number 1 to N where N is the
- * number of available slots. */
- if( psa_key_handle_is_null( handle ) ||
- ( handle > ARRAY_LENGTH( global_data.key_slots ) ) )
- return( PSA_ERROR_INVALID_HANDLE );
- slot = &global_data.key_slots[handle - 1];
+ slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ];
- /* If the slot isn't occupied, the handle is invalid. */
- if( ! psa_is_key_slot_occupied( slot ) )
- return( PSA_ERROR_INVALID_HANDLE );
-
- *p_slot = slot;
- return( PSA_SUCCESS );
+ return( mbedtls_svc_key_id_equal( key, slot->attr.id ) ? slot : NULL );
}
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+static psa_key_slot_t* psa_get_slot_from_key_id(
+ mbedtls_svc_key_id_t key )
+{
+ psa_key_slot_t *slot = &global_data.key_slots[ PSA_KEY_SLOT_COUNT ];
+
+ while( slot > &global_data.key_slots[ 0 ] )
+ {
+ slot--;
+ if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
+ return( slot );
+ }
+
+ return( NULL );
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
psa_status_t psa_initialize_key_slots( void )
{
/* Nothing to do: program startup and psa_wipe_all_key_slots() both
@@ -115,8 +120,7 @@
global_data.key_slots_initialized = 0;
}
-psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
- psa_key_id_t *volatile_key_id,
+psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
psa_key_slot_t **p_slot )
{
size_t slot_idx;
@@ -129,7 +133,6 @@
*p_slot = &global_data.key_slots[ slot_idx - 1 ];
if( ! psa_is_key_slot_occupied( *p_slot ) )
{
- *handle = (psa_key_handle_t)slot_idx;
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
( (psa_key_id_t)slot_idx ) - 1;
@@ -177,8 +180,50 @@
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
}
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+
+psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key,
+ psa_key_slot_t **p_slot )
+{
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+ *p_slot = NULL;
+ if( ! global_data.key_slots_initialized )
+ return( PSA_ERROR_BAD_STATE );
+
+ status = psa_validate_key_id( key, 1 );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ *p_slot = psa_get_slot_from_volatile_key_id( key );
+ if( *p_slot != NULL )
+ return( PSA_SUCCESS );
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_key_id_t volatile_key_id;
+
+ *p_slot = psa_get_slot_from_key_id( key );
+ if( *p_slot != NULL )
+ return( PSA_SUCCESS );
+
+ status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+ (*p_slot)->attr.id = key;
+
+ status = psa_load_persistent_key_into_slot( *p_slot );
+ if( status != PSA_SUCCESS )
+ psa_wipe_key_slot( *p_slot );
+
+ return( status );
+#else
+ return( PSA_ERROR_DOES_NOT_EXIST );
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+}
+
psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
psa_se_drv_table_entry_t **p_drv )
{
@@ -226,29 +271,18 @@
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
- psa_key_id_t volatile_key_id;
psa_key_slot_t *slot;
- *handle = 0;
-
- status = psa_validate_key_id( key, 1 );
- if( status != PSA_SUCCESS )
- return( status );
-
- status = psa_get_empty_key_slot( handle, &volatile_key_id, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
- slot->attr.id = key;
-
- status = psa_load_persistent_key_into_slot( slot );
+ status = psa_get_key_slot( key, &slot );
if( status != PSA_SUCCESS )
{
- psa_wipe_key_slot( slot );
*handle = PSA_KEY_HANDLE_INIT;
+ return( status );
}
- return( status );
+
+ *handle = key;
+
+ return( PSA_SUCCESS );
#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
(void) key;