Change PSA_MAX_PERSISTENT_KEY_IDENTIFIER to 64 bits when using ITS

itayzafrir · itayzafrir · commit 919b89ec656c · 2019-02-03T12:41:23.000+02:00
When compiling for SPM with ITS backend, the value of
PSA_MAX_PERSISTENT_KEY_IDENTIFIER must be a 64 bit value instead of the
default 32 bit. ITS UIDs are 64 bits and are expected to contain the
partition id (32 bits) in the lower 32 bits, and the psa_key_id_t
(32 bits) in the upper 32 bits of the ITS UID. In SPM, the NSPE
partition id is defined as 0xffffffff, and since the crypto
implementation reserves a range (0xffff0000-0xffffffff) of key ids for
internal/future use, crypto key ids must be smaller than 0xffff0000ffffffff.
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
@@ -59,7 +59,11 @@ extern "C" {
  * This limitation will probably become moot when we implement client
  * separation for key storage.
  */
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
+#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000ffffffff
+#else
 #define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000
+#endif
 
 /**
  * \brief Format key data and metadata and save to a location for given key
