Declare a psa_key_file_id_t layout with an owner field
Declare the owner as psa_key_owner_id_t, of which an implementation must be provided separately. Make this a configuration option MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER, to make the conditional compilation flow easier to follow. Declare it in config.h to pacify check_names.sh. Support for a specific implementation of psa_key_owner_id_t in storage backends will come in a subsequent commit.
This commit is contained in:
parent
5b229a06f4
commit
69d7c8b2d7
@ -1156,6 +1156,21 @@
|
||||
*/
|
||||
//#define MBEDTLS_PSA_HAS_ITS_IO
|
||||
|
||||
/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
|
||||
*
|
||||
* In PSA key storage, encode the owner of the key.
|
||||
*
|
||||
* This is only meaningful when building the library as part of a
|
||||
* multi-client service. When you activate this option, you must provide
|
||||
* an implementation of the type psa_key_owner_id_t and a translation
|
||||
* from psa_key_file_id_t to file name in all the storage backends that
|
||||
* you wish to support.
|
||||
*
|
||||
* Note that this option is meant for internal use only and may be removed
|
||||
* without notice.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_MEMORY_DEBUG
|
||||
*
|
||||
|
@ -68,8 +68,28 @@ typedef uint16_t psa_key_handle_t;
|
||||
* #psa_key_id_t. */
|
||||
typedef uint32_t psa_app_key_id_t;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint32_t key_id;
|
||||
psa_key_owner_id_t owner;
|
||||
} psa_key_file_id_t;
|
||||
#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id )
|
||||
|
||||
/* Since crypto.h is used as part of the PSA Cryptography API specification,
|
||||
* it must use standard types for things like the argument of psa_open_key().
|
||||
* If it wasn't for that constraint, psa_open_key() would take a
|
||||
* `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an
|
||||
* alias for `psa_key_file_id_t` when building for a multi-client service. */
|
||||
typedef psa_key_file_id_t psa_key_id_t;
|
||||
|
||||
#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
|
||||
|
||||
/* By default, a key file identifier is just the application key identifier. */
|
||||
typedef psa_app_key_id_t psa_key_file_id_t;
|
||||
#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
|
||||
|
||||
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
|
||||
|
||||
#endif /* PSA_CRYPTO_PLATFORM_H */
|
||||
|
@ -90,7 +90,14 @@ typedef uint32_t psa_key_lifetime_t;
|
||||
|
||||
/** Encoding of identifiers of persistent keys.
|
||||
*/
|
||||
/* Implementation-specific quirk: The Mbed Crypto library can be built as
|
||||
* part of a multi-client service that exposes the PSA Crypto API in each
|
||||
* client and encodes the client identity in the key id argument of functions
|
||||
* such as psa_open_key(). In this build configuration, we define
|
||||
* psa_key_id_t in crypto_platform.h instead of here. */
|
||||
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
|
||||
typedef uint32_t psa_key_id_t;
|
||||
#endif
|
||||
|
||||
/**@}*/
|
||||
|
||||
|
@ -411,6 +411,9 @@ static const char *features[] = {
|
||||
#if defined(MBEDTLS_PSA_HAS_ITS_IO)
|
||||
"MBEDTLS_PSA_HAS_ITS_IO",
|
||||
#endif /* MBEDTLS_PSA_HAS_ITS_IO */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
|
||||
"MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
"MBEDTLS_MEMORY_DEBUG",
|
||||
#endif /* MBEDTLS_MEMORY_DEBUG */
|
||||
|
@ -100,6 +100,7 @@ MBEDTLS_NO_UDBL_DIVISION
|
||||
MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
MBEDTLS_PSA_CRYPTO_SPM
|
||||
MBEDTLS_PSA_HAS_ITS_IO
|
||||
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
|
||||
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||
MBEDTLS_USE_PSA_CRYPTO
|
||||
_ALT\s*$
|
||||
|
Loading…
Reference in New Issue
Block a user