Mbed-TLS · gilles-peskine-arm · Sep 15, 2020 · Aug 28, 2020 · Jul 23, 2020 · Jul 23, 2020
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
@@ -232,9 +232,9 @@ typedef struct mbedtls_psa_stats_s
     /** Number of slots that are not used for anything. */
     size_t empty_slots;
     /** Largest key id value among open keys in internal persistent storage. */
-    psa_app_key_id_t max_open_internal_key_id;
+    psa_key_id_t max_open_internal_key_id;
     /** Largest key id value among open keys in secure elements. */
-    psa_app_key_id_t max_open_external_key_id;
+    psa_key_id_t max_open_external_key_id;
 } mbedtls_psa_stats_t;
 
 /** \brief Get statistics about

diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
@@ -47,25 +47,6 @@
 /* Integral type representing a key handle. */
 typedef uint16_t psa_key_handle_t;
 
-/* This implementation distinguishes *application key identifiers*, which
- * are the key identifiers specified by the application, from
- * *key file identifiers*, which are the key identifiers that the library
- * sees internally. The two types can be different if there is a remote
- * call layer between the application and the library which supports
- * multiple client applications that do not have access to each others'
- * keys. The point of having different types is that the key file
- * identifier may encode not only the key identifier specified by the
- * application, but also the the identity of the application.
- *
- * Note that this is an internal concept of the library and the remote
- * call layer. The application itself never sees anything other than
- * #psa_app_key_id_t with its standard definition.
- */
-
-/* The application key identifier is always what the application sees as
- * #psa_key_id_t. */
-typedef uint32_t psa_app_key_id_t;
-
 #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
 
 #if defined(PSA_CRYPTO_SECURE)

diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
@@ -233,14 +233,10 @@ typedef uint32_t psa_key_location_t;
  * - 0 is reserved as an invalid key identifier.
  * - Key identifiers outside these ranges are reserved for future use.
  */
-/* Implementation-specific quirk: The Mbed Crypto library can be built as
- * part of a multi-client service that exposes the PSA Crypto API in each
- * client and encodes the client identity in the key id argument of functions
- * such as psa_open_key(). */
-#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
 typedef uint32_t psa_key_id_t;
-typedef psa_key_id_t psa_key_file_id_t;
 
+#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+typedef psa_key_id_t psa_key_file_id_t;
 #define PSA_KEY_ID_INIT 0
 #define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
 
@@ -258,9 +254,14 @@ static inline psa_key_file_id_t psa_key_file_id_make(
 }
 
 #else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+/* Implementation-specific: The Mbed Crypto library can be built as
+ * part of a multi-client service that exposes the PSA Crypto API in each
+ * client and encodes the client identity in the key id argument of functions
+ * such as psa_open_key().
+ */
 typedef struct
 {
-    uint32_t key_id;
+    psa_key_id_t key_id;
     psa_key_owner_id_t owner;
 } psa_key_file_id_t;
 
@@ -273,7 +274,7 @@ typedef struct
  * \param key_id   Identifier of the key.
  */
 static inline psa_key_file_id_t psa_key_file_id_make(
-    psa_key_owner_id_t owner_id, uint32_t key_id )
+    psa_key_owner_id_t owner_id, psa_key_id_t key_id )
 {
     return( (psa_key_file_id_t){ .key_id = key_id,
                                  .owner = owner_id } );

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
@@ -1636,16 +1636,16 @@
 
 /** The minimum value for a key identifier chosen by the application.
  */
-#define PSA_KEY_ID_USER_MIN                     ((psa_app_key_id_t)0x00000001)
+#define PSA_KEY_ID_USER_MIN                     ((psa_key_id_t)0x00000001)
 /** The maximum value for a key identifier chosen by the application.
  */
-#define PSA_KEY_ID_USER_MAX                     ((psa_app_key_id_t)0x3fffffff)
+#define PSA_KEY_ID_USER_MAX                     ((psa_key_id_t)0x3fffffff)
 /** The minimum value for a key identifier chosen by the implementation.
  */
-#define PSA_KEY_ID_VENDOR_MIN                   ((psa_app_key_id_t)0x40000000)
+#define PSA_KEY_ID_VENDOR_MIN                   ((psa_key_id_t)0x40000000)
 /** The maximum value for a key identifier chosen by the implementation.
  */
-#define PSA_KEY_ID_VENDOR_MAX                   ((psa_app_key_id_t)0x7fffffff)
+#define PSA_KEY_ID_VENDOR_MAX                   ((psa_key_id_t)0x7fffffff)
 
 /**@}*/
 

diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
@@ -51,7 +51,7 @@
  * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
  * which doesn't have a driver.
  */
-#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_app_key_id_t) 0xfffffe00 )
+#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
 
 /** The maximum number of registered secure element driver locations. */
 #define PSA_MAX_SE_DRIVERS 4

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
@@ -166,7 +166,7 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
 static int psa_is_key_id_valid( psa_key_file_id_t file_id,
                                 int vendor_ok )
 {
-    psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
+    psa_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
     if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
         return( 1 );
     else if( vendor_ok &&
@@ -291,14 +291,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
             ++stats->volatile_slots;
         else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
         {
-            psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
+            psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
             ++stats->persistent_slots;
             if( id > stats->max_open_internal_key_id )
                 stats->max_open_internal_key_id = id;
         }
         else
         {
-            psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
+            psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
             ++stats->external_slots;
             if( id > stats->max_open_external_key_id )
                 stats->max_open_external_key_id = id;

diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
@@ -361,7 +361,7 @@ psa_status_t psa_crypto_stop_transaction( void );
  *
  * 0xffffffNN = special file; 0x74 = 't' for transaction.
  */
-#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_app_key_id_t) 0xffffff74 )
+#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
 
 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
 

diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -760,7 +760,7 @@ exit:
 #define MAX_KEY_ID_FOR_TEST 10
 static void psa_purge_storage( void )
 {
-    psa_app_key_id_t id;
+    psa_key_id_t id;
     psa_key_location_t location;
     /* The tests may have potentially created key ids from 1 to
      * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id

diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -89,7 +89,7 @@ static struct
 #define MAX_KEY_ID_FOR_TEST 10
 static void psa_purge_storage( void )
 {
-    psa_app_key_id_t id;
+    psa_key_id_t id;
     psa_key_location_t location;
     /* The tests may have potentially created key ids from 1 to
      * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id