Adapt programs to PSA openless APIs

PSA and SSL programs are PSA clients thus should use psa_key_id_t as the type for key identifiers, not mbedtls_svc_key_id_t. As a consequence, PSA, ssl_server2 and ssl_client2 programs cannot compile and must not be compiled if MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined. Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER compilation guard to those programs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-16 16:49:27 +02:00 · 2020-09-16 16:49:27 +02:00 · adc2ff28b0
commit adc2ff28b0
parent c3623dbc76
4 changed files with 102 additions and 100 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -42,12 +42,14 @@

 #if !defined(MBEDTLS_ENTROPY_C) || \
    !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
+    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+    defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 int main( void )
 {
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
+    mbedtls_printf( "MBEDTLS_ENTROPY_C and/or "
           "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
-           "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
+           "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined "
+           " and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" );
    mbedtls_exit( 0 );
 }
 #else
@ -1285,7 +1287,7 @@ struct _psk_entry
    size_t key_len;
    unsigned char key[MBEDTLS_PSK_MAX_LEN];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_handle_t slot;
+    psa_key_id_t slot;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
    psk_entry *next;
 };
@ -1301,9 +1303,9 @@ int psk_free( psk_entry *head )
    {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
        psa_status_t status;
-        psa_key_handle_t const slot = head->slot;
+        psa_key_id_t const slot = head->slot;

-        if( ! psa_key_handle_is_null( slot ) )
+        if( slot != 0 )
        {
            status = psa_destroy_key( slot );
            if( status != PSA_SUCCESS )
@ -1376,7 +1378,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
            memcmp( name, cur->name, name_len ) == 0 )
        {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            if( ! psa_key_handle_is_null( cur->slot ) )
+            if( cur->slot != 0 )
                return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
            else
 #endif
@ -1711,7 +1713,7 @@ int idle( mbedtls_net_context *fd,
 }

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t *slot,
+static psa_status_t psa_setup_psk_key_slot( psa_key_id_t *slot,
                                            psa_algorithm_t alg,
                                            unsigned char *psk,
                                            size_t psk_len )
@ -1795,7 +1797,7 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_algorithm_t alg = 0;
-    psa_key_handle_t psk_slot = PSA_KEY_HANDLE_INIT;
+    psa_key_id_t psk_slot = 0;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
    unsigned char psk[MBEDTLS_PSK_MAX_LEN];
    size_t psk_len = 0;
@ -4518,10 +4520,8 @@ exit:
        if( ( status != PSA_SUCCESS ) &&
            ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
        {
-            mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d",
-                            MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psk_slot ),
-                            MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psk_slot ),
-                            (int) status );
+            mbedtls_printf( "Failed to destroy key slot %u - error was %d",
+                            (int) psk_slot, (int) status );
        }
    }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&