Persistent storage implementation: psa_key_slot_t -> psa_key_id_t
Move the persistent storage implementation from psa_key_slot_t to
psa_key_id_t. For the most part, this just means changing the types of
function arguments.
Update the documentation of some functions to reflect the fact that
the slot identifier is purely a storage identifier and is not related
to how the slot is designated in memory.
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 0a5805b..687269b 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -147,7 +147,7 @@
return( PSA_SUCCESS );
}
-psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
+psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const uint8_t *data,
@@ -185,7 +185,7 @@
mbedtls_free( key_data );
}
-psa_status_t psa_load_persistent_key( psa_key_slot_t key,
+psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
uint8_t **data,
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 167b0db..478daef 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -56,20 +56,20 @@
* already occupied non-persistent key, as well as validating the key data.
*
*
- * \param key Slot number of the key to be stored. This must be a
- * valid slot for a key of the chosen type. This should be
- * an occupied key slot with an unoccupied corresponding
- * storage location.
+ * \param key Persistent identifier of the key to be stored. This
+ * should be an unoccupied storage location.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] policy The key policy to save.
* \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data.
*
* \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_OCCUPIED_SLOT
*/
-psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
+psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const uint8_t *data,
@@ -87,10 +87,8 @@
* this function to zeroize and free this buffer, regardless of whether this
* function succeeds or fails.
*
- * \param key Slot number whose content is to be loaded. This
- * must be an unoccupied key slot with an occupied
- * corresponding storage location. The key slot
- * lifetime must be set to persistent.
+ * \param key Persistent identifier of the key to be loaded. This
+ * should be an occupied storage location.
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
* value).
* \param[out] policy On success, the key's policy.
@@ -100,8 +98,9 @@
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_EMPTY_SLOT
*/
-psa_status_t psa_load_persistent_key( psa_key_slot_t key,
+psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
uint8_t **data,
@@ -110,16 +109,18 @@
/**
* \brief Remove persistent data for the given key slot number.
*
- * \param key Slot number whose content is to be removed
+ * \param key Persistent identifier of the key to remove
* from persistent storage.
*
* \retval PSA_SUCCESS
+ * The key was successfully removed,
+ * or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE
*/
-psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key );
+psa_status_t psa_destroy_persistent_key( const psa_key_id_t key );
/**
- * \brief Zeroizes and frees the given buffer.
+ * \brief Free the temporary buffer allocated by psa_load_persistent_key().
*
* This function must be called at some point after psa_load_persistent_key()
* to zeroize and free the memory allocated to the buffer in that function.
diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h
index 3ca9a1d..47896b8 100644
--- a/library/psa_crypto_storage_backend.h
+++ b/library/psa_crypto_storage_backend.h
@@ -47,15 +47,16 @@
* This function reads data from a storage backend and returns the data in a
* buffer.
*
- * \param key Slot number whose content is to be loaded. This must
- * be a key slot whose lifetime is set to persistent.
- * \param[out] data Buffer where the data is to be written.
- * \param data_size Size of the \c data buffer in bytes.
+ * \param key Persistent identifier of the key to be loaded. This
+ * should be an occupied storage location.
+ * \param[out] data Buffer where the data is to be written.
+ * \param data_size Size of the \c data buffer in bytes.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_EMPTY_SLOT
*/
-psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
+psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size );
/**
@@ -63,7 +64,8 @@
*
* This function stores the given data buffer to a persistent storage.
*
- * \param key Slot number whose content is to be stored.
+ * \param key Persistent identifier of the key to be stored. This
+ * should be an unoccupied storage location.
* \param[in] data Buffer containing the data to be stored.
* \param data_length The number of bytes
* that make up the data.
@@ -71,8 +73,9 @@
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_OCCUPIED_SLOT
*/
-psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
+psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length );
@@ -82,26 +85,26 @@
* This function checks if any key data or metadata exists for the key slot in
* the persistent storage.
*
- * \param key Slot number whose content is to be checked.
+ * \param key Persistent identifier to check.
*
* \retval 0
* No persistent data present for slot number
* \retval 1
* Persistent data present for slot number
*/
-int psa_is_key_present_in_storage( const psa_key_slot_t key );
+int psa_is_key_present_in_storage( const psa_key_id_t key );
/**
* \brief Get data length for given key slot number.
*
- * \param key Slot number whose stored data length is to be obtained.
- * \param[out] data_length The number of bytes
- * that make up the data.
+ * \param key Persistent identifier whose stored data length
+ * is to be obtained.
+ * \param[out] data_length The number of bytes that make up the data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
*/
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
+psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length );
diff --git a/library/psa_crypto_storage_file.c b/library/psa_crypto_storage_file.c
index 03c711a..95857fa 100644
--- a/library/psa_crypto_storage_file.c
+++ b/library/psa_crypto_storage_file.c
@@ -48,15 +48,15 @@
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
-static void key_slot_to_location( const psa_key_slot_t key,
- char *location,
- size_t location_size )
+static void key_id_to_location( const psa_key_id_t key,
+ char *location,
+ size_t location_size )
{
mbedtls_snprintf( location, location_size,
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key );
}
-psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
+psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size )
{
psa_status_t status = PSA_SUCCESS;
@@ -64,7 +64,7 @@
size_t num_read;
char slot_location[MAX_LOCATION_LEN];
- key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
+ key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )
{
@@ -81,12 +81,12 @@
return( status );
}
-int psa_is_key_present_in_storage( const psa_key_slot_t key )
+int psa_is_key_present_in_storage( const psa_key_id_t key )
{
char slot_location[MAX_LOCATION_LEN];
FILE *file;
- key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
+ key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "r" );
if( file == NULL )
@@ -99,7 +99,7 @@
return( 1 );
}
-psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
+psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@@ -114,7 +114,7 @@
* affect actual keys. */
const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
- key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
+ key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
@@ -154,12 +154,12 @@
return( status );
}
-psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
+psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
FILE *file;
char slot_location[MAX_LOCATION_LEN];
- key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
+ key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
/* Only try remove the file if it exists */
file = fopen( slot_location, "rb" );
@@ -173,7 +173,7 @@
return( PSA_SUCCESS );
}
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
+psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length )
{
psa_status_t status = PSA_SUCCESS;
@@ -181,7 +181,7 @@
long file_size;
char slot_location[MAX_LOCATION_LEN];
- key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
+ key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )
diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c
index 29394b5..86e0e89 100644
--- a/library/psa_crypto_storage_its.c
+++ b/library/psa_crypto_storage_its.c
@@ -68,12 +68,12 @@
}
}
-static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key )
+static uint32_t psa_its_identifier_of_slot( psa_key_id_t key )
{
return( key );
}
-psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
+psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size )
{
psa_its_status_t ret;
@@ -92,7 +92,7 @@
return( status );
}
-int psa_is_key_present_in_storage( const psa_key_slot_t key )
+int psa_is_key_present_in_storage( const psa_key_id_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
@@ -105,7 +105,7 @@
return( 1 );
}
-psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
+psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@@ -143,7 +143,7 @@
return( status );
}
-psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
+psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
@@ -163,7 +163,7 @@
return( PSA_SUCCESS );
}
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
+psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length )
{
psa_its_status_t ret;