AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Break up key identifiers into user, vendor and reserved ranges

Browse Source 
Define a range of key identifiers for use by the application
(0..2^30-1), a range for use by implementations (2^30..2^31), and a
range that is reserved for future use (2^31..2^32-1).
This commit is contained in:
Gilles Peskine 2019-05-06 18:56:14 +02:00
parent 225010fdf7
commit 4a231b8d3b
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/psa/crypto.h
View File

@ -512,6 +512,10 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* *
* Open a handle to a key which was previously created with psa_create_key(). * Open a handle to a key which was previously created with psa_create_key().
* *
* Implementations may provide additional keys that can be opened with
* psa_open_key(). Such keys have a key identifier in the vendor range,
* as documented in the description of #psa_key_id_t.
*
* \param id The persistent identifier of the key. * \param id The persistent identifier of the key.
* \param[out] handle On success, a handle to a key slot which contains * \param[out] handle On success, a handle to a key slot which contains
* the data and metadata loaded from the specified * the data and metadata loaded from the specified

7
include/psa/crypto_types.h
View File

@ -102,6 +102,13 @@ typedef uint32_t psa_algorithm_t;
typedef uint32_t psa_key_lifetime_t; typedef uint32_t psa_key_lifetime_t;
/** Encoding of identifiers of persistent keys. /** Encoding of identifiers of persistent keys.
*
* - Applications may freely choose key identifiers in the range
* #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
* - Implementations may define additional key identifiers in the range
* #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
* - Key identifiers outside these ranges are reserved for future use
* in future versions of this specification.
*/ */
/* Implementation-specific quirk: The Mbed Crypto library can be built as /* Implementation-specific quirk: The Mbed Crypto library can be built as
* part of a multi-client service that exposes the PSA Crypto API in each * part of a multi-client service that exposes the PSA Crypto API in each

13
include/psa/crypto_values.h
View File

@ -1440,6 +1440,19 @@
*/ */
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000000)
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
/**@}*/ /**@}*/
/** \defgroup policy Key policies /** \defgroup policy Key policies