psa: Move from key handle to key identifier

Move all the PSA crypto APIs using key handles to use key identifiers but psa_key_open() and psa_key_close(). This is done without modifying any test as key handles and key identifiers are now the same. Update the library modules using PSA crypto APIs to get rid of key handles. Programs and unit tests are updated to not use key handles in subsequent commits, not in this one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-08-04 09:51:30 +02:00 · 2020-08-04 09:51:30 +02:00 · cf56a0a320
commit cf56a0a320
parent e4f6d5c5fe
20 changed files with 445 additions and 415 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1063,11 +1063,12 @@ struct mbedtls_ssl_config
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK.
-                                  *   This field should only be set via
-                                  *   mbedtls_ssl_conf_psk_opaque().
-                                  *   If either no PSK or a raw PSK have
-                                  *   been configured, this has value \c 0. */
+    psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
+                              *   should only be set via
+                              *   mbedtls_ssl_conf_psk_opaque().
+                              *   If either no PSK or a raw PSK have been
+                              *   configured, this has value \c 0.
+                              */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

    unsigned char *psk;      /*!< The raw pre-shared key. This field should
@ -2814,7 +2815,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
 * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
 */
 int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
-                                 psa_key_handle_t psk,
+                                 psa_key_id_t psk,
                                 const unsigned char *psk_identity,
                                 size_t psk_identity_len );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -2860,7 +2861,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
 * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
 */
 int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
-                                   psa_key_handle_t psk );
+                                   psa_key_id_t psk );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

 /**