Adapt programs to PSA openless APIs

PSA and SSL programs are PSA clients thus should use
psa_key_id_t as the type for key identifiers, not
mbedtls_svc_key_id_t.

As a consequence, PSA, ssl_server2 and ssl_client2
programs cannot compile and must not be compiled if
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined.
Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
compilation guard to those programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-09-16 16:49:27 +02:00
parent c3623dbc76
commit adc2ff28b0
4 changed files with 102 additions and 100 deletions

View file

@ -45,13 +45,15 @@
#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
!defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
!defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
!defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
{
printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
"MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
"and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
"not defined.\r\n" );
"not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
" defined.\r\n" );
return( 0 );
}
#else
@ -92,7 +94,7 @@ exit:
return( status );
}
static psa_status_t cipher_encrypt( psa_key_handle_t key_handle,
static psa_status_t cipher_encrypt( psa_key_id_t key,
psa_algorithm_t alg,
uint8_t * iv,
size_t iv_size,
@ -108,7 +110,7 @@ static psa_status_t cipher_encrypt( psa_key_handle_t key_handle,
size_t iv_len = 0;
memset( &operation, 0, sizeof( operation ) );
status = psa_cipher_encrypt_setup( &operation, key_handle, alg );
status = psa_cipher_encrypt_setup( &operation, key, alg );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
@ -123,7 +125,7 @@ exit:
return( status );
}
static psa_status_t cipher_decrypt( psa_key_handle_t key_handle,
static psa_status_t cipher_decrypt( psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t * iv,
size_t iv_size,
@ -138,7 +140,7 @@ static psa_status_t cipher_decrypt( psa_key_handle_t key_handle,
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
memset( &operation, 0, sizeof( operation ) );
status = psa_cipher_decrypt_setup( &operation, key_handle, alg );
status = psa_cipher_decrypt_setup( &operation, key, alg );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_cipher_set_iv( &operation, iv, iv_size );
@ -165,7 +167,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT;
psa_key_id_t key = 0;
size_t output_len = 0;
uint8_t iv[block_size];
uint8_t input[block_size];
@ -181,15 +183,15 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, key_bits );
status = psa_generate_key( &attributes, &key_handle );
status = psa_generate_key( &attributes, &key );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
status = cipher_encrypt( key, alg, iv, sizeof( iv ),
input, sizeof( input ), part_size,
encrypt, sizeof( encrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
status = cipher_decrypt( key, alg, iv, sizeof( iv ),
encrypt, output_len, part_size,
decrypt, sizeof( decrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
@ -198,7 +200,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
ASSERT_STATUS( status, PSA_SUCCESS );
exit:
psa_destroy_key( key_handle );
psa_destroy_key( key );
return( status );
}
@ -215,7 +217,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT;
psa_key_id_t key = 0;
size_t output_len = 0;
uint8_t iv[block_size], input[input_size],
encrypt[input_size + block_size], decrypt[input_size + block_size];
@ -229,15 +231,15 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, key_bits );
status = psa_generate_key( &attributes, &key_handle );
status = psa_generate_key( &attributes, &key );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
status = cipher_encrypt( key, alg, iv, sizeof( iv ),
input, sizeof( input ), part_size,
encrypt, sizeof( encrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
status = cipher_decrypt( key, alg, iv, sizeof( iv ),
encrypt, output_len, part_size,
decrypt, sizeof( decrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
@ -246,7 +248,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
ASSERT_STATUS( status, PSA_SUCCESS );
exit:
psa_destroy_key( key_handle );
psa_destroy_key( key );
return( status );
}
@ -262,7 +264,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT;
psa_key_id_t key = 0;
size_t output_len = 0;
uint8_t iv[block_size], input[input_size], encrypt[input_size],
decrypt[input_size];
@ -276,15 +278,15 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, key_bits );
status = psa_generate_key( &attributes, &key_handle );
status = psa_generate_key( &attributes, &key );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
status = cipher_encrypt( key, alg, iv, sizeof( iv ),
input, sizeof( input ), part_size,
encrypt, sizeof( encrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
status = cipher_decrypt( key, alg, iv, sizeof( iv ),
encrypt, output_len, part_size,
decrypt, sizeof( decrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
@ -293,7 +295,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
ASSERT_STATUS( status, PSA_SUCCESS );
exit:
psa_destroy_key( key_handle );
psa_destroy_key( key );
return( status );
}

View file

@ -67,13 +67,15 @@
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
{
printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
"not defined.\n");
"not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
"defined.\n" );
return( 0 );
}
#else
@ -167,7 +169,7 @@ enum program_mode
/* Save a key to a file. In the real world, you may want to export a derived
* key sometimes, to share it with another party. */
static psa_status_t save_key( psa_key_handle_t key_handle,
static psa_status_t save_key( psa_key_id_t key,
const char *output_file_name )
{
psa_status_t status = PSA_SUCCESS;
@ -175,7 +177,7 @@ static psa_status_t save_key( psa_key_handle_t key_handle,
size_t key_size;
FILE *key_file = NULL;
PSA_CHECK( psa_export_key( key_handle,
PSA_CHECK( psa_export_key( key,
key_data, sizeof( key_data ),
&key_size ) );
SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
@ -197,7 +199,7 @@ exit:
static psa_status_t generate( const char *key_file_name )
{
psa_status_t status = PSA_SUCCESS;
psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT;
psa_key_id_t key = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes,
@ -206,12 +208,12 @@ static psa_status_t generate( const char *key_file_name )
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
PSA_CHECK( psa_generate_key( &attributes, &key_handle ) );
PSA_CHECK( psa_generate_key( &attributes, &key ) );
PSA_CHECK( save_key( key_handle, key_file_name ) );
PSA_CHECK( save_key( key, key_file_name ) );
exit:
(void) psa_destroy_key( key_handle );
(void) psa_destroy_key( key );
return( status );
}
@ -223,7 +225,7 @@ exit:
static psa_status_t import_key_from_file( psa_key_usage_t usage,
psa_algorithm_t alg,
const char *key_file_name,
psa_key_handle_t *master_key_handle )
psa_key_id_t *master_key )
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -232,8 +234,6 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
FILE *key_file = NULL;
unsigned char extra_byte;
*master_key_handle = PSA_KEY_HANDLE_INIT;
SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
key_file ) ) != 0 );
@ -250,8 +250,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
PSA_CHECK( psa_import_key( &attributes, key_data, key_size,
master_key_handle ) );
PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) );
exit:
if( key_file != NULL )
fclose( key_file );
@ -259,21 +258,22 @@ exit:
if( status != PSA_SUCCESS )
{
/* If the key creation hasn't happened yet or has failed,
* *master_key_handle is 0. psa_destroy_key(0) is guaranteed to do
* nothing and return PSA_ERROR_INVALID_HANDLE. */
(void) psa_destroy_key( *master_key_handle );
*master_key_handle = PSA_KEY_HANDLE_INIT;
* *master_key is null. psa_destroy_key( 0 ) is
* guaranteed to do nothing and return PSA_SUCCESS. */
(void) psa_destroy_key( *master_key );
*master_key = 0;
}
return( status );
}
/* Derive the intermediate keys, using the list of labels provided on
* the command line. On input, *key_handle is a handle to the master key.
* This function closes the master key. On successful output, *key_handle
* is a handle to the final derived key. */
* the command line. On input, *key is the master key identifier.
* This function destroys the master key. On successful output, *key
* is the identifier of the final derived key.
*/
static psa_status_t derive_key_ladder( const char *ladder[],
size_t ladder_depth,
psa_key_handle_t *key_handle )
psa_key_id_t *key )
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -297,17 +297,17 @@ static psa_status_t derive_key_ladder( const char *ladder[],
DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) );
PSA_CHECK( psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
*key_handle ) );
*key ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
(uint8_t*) ladder[i], strlen( ladder[i] ) ) );
/* When the parent key is not the master key, destroy it,
* since it is no longer needed. */
PSA_CHECK( psa_close_key( *key_handle ) );
*key_handle = PSA_KEY_HANDLE_INIT;
PSA_CHECK( psa_destroy_key( *key ) );
*key = 0;
/* Derive the next intermediate key from the parent key. */
PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
key_handle ) );
key ) );
PSA_CHECK( psa_key_derivation_abort( &operation ) );
}
@ -315,22 +315,22 @@ exit:
psa_key_derivation_abort( &operation );
if( status != PSA_SUCCESS )
{
psa_close_key( *key_handle );
*key_handle = PSA_KEY_HANDLE_INIT;
psa_destroy_key( *key );
*key = 0;
}
return( status );
}
/* Derive a wrapping key from the last intermediate key. */
static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
psa_key_handle_t derived_key_handle,
psa_key_handle_t *wrapping_key_handle )
psa_key_id_t derived_key,
psa_key_id_t *wrapping_key )
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
*wrapping_key_handle = PSA_KEY_HANDLE_INIT;
*wrapping_key = 0;
/* Set up a key derivation operation from the key derived from
* the master key. */
@ -340,7 +340,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) );
PSA_CHECK( psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
derived_key_handle ) );
derived_key ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
@ -351,7 +351,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
wrapping_key_handle ) );
wrapping_key ) );
exit:
psa_key_derivation_abort( &operation );
@ -360,7 +360,7 @@ exit:
static psa_status_t wrap_data( const char *input_file_name,
const char *output_file_name,
psa_key_handle_t wrapping_key_handle )
psa_key_id_t wrapping_key )
{
psa_status_t status;
FILE *input_file = NULL;
@ -408,7 +408,7 @@ static psa_status_t wrap_data( const char *input_file_name,
/* Wrap the data. */
PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) );
PSA_CHECK( psa_aead_encrypt( wrapping_key_handle, WRAPPING_ALG,
PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG,
header.iv, WRAPPING_IV_SIZE,
(uint8_t *) &header, sizeof( header ),
buffer, input_size,
@ -437,7 +437,7 @@ exit:
static psa_status_t unwrap_data( const char *input_file_name,
const char *output_file_name,
psa_key_handle_t wrapping_key_handle )
psa_key_id_t wrapping_key )
{
psa_status_t status;
FILE *input_file = NULL;
@ -489,7 +489,7 @@ static psa_status_t unwrap_data( const char *input_file_name,
input_file = NULL;
/* Unwrap the data. */
PSA_CHECK( psa_aead_decrypt( wrapping_key_handle, WRAPPING_ALG,
PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG,
header.iv, WRAPPING_IV_SIZE,
(uint8_t *) &header, sizeof( header ),
buffer, ciphertext_size,
@ -527,8 +527,8 @@ static psa_status_t run( enum program_mode mode,
const char *output_file_name )
{
psa_status_t status = PSA_SUCCESS;
psa_key_handle_t derivation_key_handle = PSA_KEY_HANDLE_INIT;
psa_key_handle_t wrapping_key_handle = PSA_KEY_HANDLE_INIT;
psa_key_id_t derivation_key = 0;
psa_key_id_t wrapping_key = 0;
/* Initialize the PSA crypto library. */
PSA_CHECK( psa_crypto_init( ) );
@ -541,30 +541,30 @@ static psa_status_t run( enum program_mode mode,
PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
KDF_ALG,
key_file_name,
&derivation_key_handle ) );
&derivation_key ) );
/* Calculate the derived key for this session. */
PSA_CHECK( derive_key_ladder( ladder, ladder_depth,
&derivation_key_handle ) );
&derivation_key ) );
switch( mode )
{
case MODE_SAVE:
PSA_CHECK( save_key( derivation_key_handle, output_file_name ) );
PSA_CHECK( save_key( derivation_key, output_file_name ) );
break;
case MODE_UNWRAP:
PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT,
derivation_key_handle,
&wrapping_key_handle ) );
derivation_key,
&wrapping_key ) );
PSA_CHECK( unwrap_data( input_file_name, output_file_name,
wrapping_key_handle ) );
wrapping_key ) );
break;
case MODE_WRAP:
PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT,
derivation_key_handle,
&wrapping_key_handle ) );
derivation_key,
&wrapping_key ) );
PSA_CHECK( wrap_data( input_file_name, output_file_name,
wrapping_key_handle ) );
wrapping_key ) );
break;
default:
/* Unreachable but some compilers don't realize it. */
@ -572,11 +572,11 @@ static psa_status_t run( enum program_mode mode,
}
exit:
/* Close any remaining key. Deinitializing the crypto library would do
* this anyway, but explicitly closing handles makes the code easier
* to reuse. */
(void) psa_close_key( derivation_key_handle );
(void) psa_close_key( wrapping_key_handle );
/* Destroy any remaining key. Deinitializing the crypto library would do
* this anyway since they are volatile keys, but explicitly destroying
* keys makes the code easier. */
(void) psa_destroy_key( derivation_key );
(void) psa_destroy_key( wrapping_key );
/* Deinitialize the PSA crypto library. */
mbedtls_psa_crypto_free( );
return( status );

View file

@ -42,12 +42,14 @@
#if !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
{
mbedtls_printf( "MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined "
" and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" );
mbedtls_exit( 0 );
}
#else
@ -1207,7 +1209,7 @@ int main( int argc, char *argv[] )
const char *pers = "ssl_client2";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_handle_t slot = PSA_KEY_HANDLE_INIT;
psa_key_id_t slot = 0;
psa_algorithm_t alg = 0;
psa_key_attributes_t key_attributes;
psa_status_t status;
@ -1232,7 +1234,7 @@ int main( int argc, char *argv[] )
mbedtls_x509_crt clicert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_handle_t key_slot = PSA_KEY_HANDLE_INIT; /* invalid key slot */
psa_key_id_t key_slot = 0; /* invalid key slot */
#endif
#endif
char *p, *q;
@ -3577,10 +3579,8 @@ exit:
if( ( status != PSA_SUCCESS ) &&
( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
{
mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d",
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( slot ),
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot ),
(int) status );
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
(int) slot, (int) status );
if( ret == 0 )
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}

View file

@ -42,12 +42,14 @@
#if !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
{
mbedtls_printf( "MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined "
" and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" );
mbedtls_exit( 0 );
}
#else
@ -1285,7 +1287,7 @@ struct _psk_entry
size_t key_len;
unsigned char key[MBEDTLS_PSK_MAX_LEN];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_handle_t slot;
psa_key_id_t slot;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
psk_entry *next;
};
@ -1301,9 +1303,9 @@ int psk_free( psk_entry *head )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_key_handle_t const slot = head->slot;
psa_key_id_t const slot = head->slot;
if( ! psa_key_handle_is_null( slot ) )
if( slot != 0 )
{
status = psa_destroy_key( slot );
if( status != PSA_SUCCESS )
@ -1376,7 +1378,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
memcmp( name, cur->name, name_len ) == 0 )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! psa_key_handle_is_null( cur->slot ) )
if( cur->slot != 0 )
return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
else
#endif
@ -1711,7 +1713,7 @@ int idle( mbedtls_net_context *fd,
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t *slot,
static psa_status_t psa_setup_psk_key_slot( psa_key_id_t *slot,
psa_algorithm_t alg,
unsigned char *psk,
size_t psk_len )
@ -1795,7 +1797,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg = 0;
psa_key_handle_t psk_slot = PSA_KEY_HANDLE_INIT;
psa_key_id_t psk_slot = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
@ -4518,10 +4520,8 @@ exit:
if( ( status != PSA_SUCCESS ) &&
( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
{
mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d",
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psk_slot ),
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psk_slot ),
(int) status );
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
(int) psk_slot, (int) status );
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&