eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #109 from gilles-peskine-arm/psa-key_attributes-set_persistent

Browse source 
Individual setters for persistent key attributes
This commit is contained in:
Jaeden Amero 2019-05-16 17:28:53 +01:00 committed by GitHub
commit d35249e66f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 126 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

57
include/psa/crypto.h
View file

@ -132,7 +132,8 @@ psa_status_t psa_crypto_init(void);
* psa_reset_key_attributes() on an attribute structure is optional if
* the structure has only been modified by the following functions
* since it was initialized or last reset with psa_reset_key_attributes():
* - psa_make_key_persistent()
* - psa_set_key_id()
* - psa_set_key_lifetime()
* - psa_set_key_type()
* - psa_set_key_bits()
* - psa_set_key_usage_flags()
@ -173,7 +174,9 @@ psa_status_t psa_crypto_init(void);
*
* A typical sequence to create a key is as follows:
* -# Create and initialize an attribute structure.
* -# If the key is persistent, call psa_make_key_persistent().
* -# If the key is persistent, call psa_set_key_id().
* Also call psa_set_key_lifetime() to place the key in a non-default
* location.
* -# Set the key policy with psa_set_key_usage_flags() and
* psa_set_key_algorithm().
* -# Set the key type with psa_set_key_type(). If the key type requires
@ -203,30 +206,56 @@ psa_status_t psa_crypto_init(void);
*/
typedef struct psa_key_attributes_s psa_key_attributes_t;
/** Declare a key as persistent.
/** Declare a key as persistent and set its key identifier.
*
* This function does not access storage, it merely fills the attribute
* structure with given values. The persistent key will be written to
* storage when the attribute structure is passed to a key creation
* function such as psa_import_key(), psa_generate_random_key(),
* If the attribute structure currently declares the key as volatile (which
* is the default content of an attribute structure), this function sets
* the lifetime attribute to #PSA_KEY_LIFETIME_PERSISTENT.
*
* This function does not access storage, it merely stores the given
* value in the structure.
* The persistent key will be written to storage when the attribute
* structure is passed to a key creation function such as
* psa_import_key(), psa_generate_random_key(),
* psa_generate_derived_key() or psa_copy_key().
*
* This function overwrites any identifier and lifetime values
* previously set in \p attributes.
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once.
*
* \param[out] attributes The attribute structure to write to.
* \param id The persistent identifier for the key.
*/
static void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t id);
/** Set the location of a persistent key.
*
* To make a key persistent, you must give it a persistent key identifier
* with psa_set_key_id(). By default, a key that has a persistent identifier
* is stored in the default storage area identifier by
* #PSA_KEY_LIFETIME_PERSISTENT. Call this function to choose a storage
* area, or to explicitly declare the key as volatile.
*
* This function does not access storage, it merely stores the given
* value in the structure.
* The persistent key will be written to storage when the attribute
* structure is passed to a key creation function such as
* psa_import_key(), psa_generate_random_key(),
* psa_generate_derived_key() or psa_copy_key().
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once.
*
* \param[out] attributes The attribute structure to write to.
* \param lifetime The lifetime for the key.
* If this is #PSA_KEY_LIFETIME_VOLATILE, the
* key will be volatile, and \p id is ignored.
* key will be volatile, and the key identifier
* attribute is reset to 0.
*/
static void psa_make_key_persistent(psa_key_attributes_t *attributes,
psa_key_id_t id,
psa_key_lifetime_t lifetime);
static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime);
/** Retrieve the key identifier from key attributes.
*

16
include/psa/crypto_struct.h
View file

@ -279,12 +279,12 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
return( v );
}
static inline void psa_make_key_persistent(psa_key_attributes_t *attributes,
psa_key_id_t id,
psa_key_lifetime_t lifetime)
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t id)
{
attributes->id = id;
attributes->lifetime = lifetime;
if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
}
static inline psa_key_id_t psa_get_key_id(
@ -293,6 +293,14 @@ static inline psa_key_id_t psa_get_key_id(
return( attributes->id );
}
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
attributes->lifetime = lifetime;
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->id = 0;
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{

6
include/psa/crypto_values.h
View file

@ -672,10 +672,8 @@
* Then you may create and use a key as follows:
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
* ```
* psa_key_policy_set_usage(&policy,
* PSA_KEY_USAGE_SIGN, //or PSA_KEY_USAGE_VERIFY
* PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
* psa_set_key_policy(handle, &policy);
* psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); // or VERIFY
* psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
* ```
* - Import or generate key material.
* - Call psa_asymmetric_sign() or psa_asymmetric_verify(), passing