diff --git a/MAINTAINERS.yml b/MAINTAINERS.yml index 7762faebf0c..1eeaacf4007 100644 --- a/MAINTAINERS.yml +++ b/MAINTAINERS.yml @@ -4341,6 +4341,7 @@ Secure storage: - tomi-font files: - subsys/secure_storage/ + - include/zephyr/psa/ - samples/psa/ - doc/services/secure_storage.rst - tests/subsys/secure_storage/ diff --git a/include/zephyr/psa/key_ids.h b/include/zephyr/psa/key_ids.h new file mode 100644 index 00000000000..851d1349812 --- /dev/null +++ b/include/zephyr/psa/key_ids.h @@ -0,0 +1,51 @@ +/* Copyright (c) 2025 Nordic Semiconductor + * SPDX-License-Identifier: Apache-2.0 + */ +#ifndef ZEPHYR_PSA_KEY_IDS_H_ +#define ZEPHYR_PSA_KEY_IDS_H_ + +/** + * @file zephyr/psa/key_ids.h + * + * @brief This file defines the key ID ranges of the existing users of the PSA Crypto API. + * + * In addition to the application, different subsystems store and use persistent keys through the + * PSA Crypto API. Because they are not aware of each other, collisions are avoided by having them + * use different ID ranges. + * This file acts as the registry of all the allocated PSA key ID ranges within Zephyr. + * + * The end-user application also has a dedicated range, `ZEPHYR_PSA_APPLICATION_KEY_ID_RANGE_BEGIN`. + * + * Some of the IDs below are based on previously existing and used values, while others + * are chosen to be somewhere in the PSA user key ID range to try to avoid collisions + * (avoiding, for example, the very beginning of the range). + */ + +#include +typedef uint32_t psa_key_id_t; + +/** PSA key ID range to be used by OpenThread. The base ID is equal to the default value upstream: + * https://github.com/openthread/openthread/blob/thread-reference-20230706/src/core/config/platform.h#L138 + */ +#define ZEPHYR_PSA_OPENTHREAD_KEY_ID_RANGE_BEGIN (psa_key_id_t)0x20000 +#define ZEPHYR_PSA_OPENTHREAD_KEY_ID_RANGE_SIZE 0x10000 /* 64 Ki */ + +/** PSA key ID range to be used by Matter. The base ID is equal to the default value upstream: + * https://github.com/project-chip/connectedhomeip/blob/v1.4.0.0/src/crypto/CHIPCryptoPALPSA.h#L55 + */ +#define ZEPHYR_PSA_MATTER_KEY_ID_RANGE_BEGIN (psa_key_id_t)0x30000 +#define ZEPHYR_PSA_MATTER_KEY_ID_RANGE_SIZE 0x10000 /* 64 Ki */ + +/** PSA key ID range to be used by Bluetooth Mesh. */ +#define ZEPHYR_PSA_BT_MESH_KEY_ID_RANGE_BEGIN (psa_key_id_t)0x20000000 +#define ZEPHYR_PSA_BT_MESH_KEY_ID_RANGE_SIZE 0xC000 /* 48 Ki */ + +/** PSA key ID range to be used by Wi-Fi credentials management. */ +#define ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN (psa_key_id_t)0x20010000 +#define ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_SIZE 0x100 /* 256 */ + +/** PSA key ID range to be used by the end-user application. */ +#define ZEPHYR_PSA_APPLICATION_KEY_ID_RANGE_BEGIN (psa_key_id_t)0x30000000 +#define ZEPHYR_PSA_APPLICATION_KEY_ID_RANGE_SIZE 0x100000 /* 1 Mi */ + +#endif /* ZEPHYR_PSA_KEY_IDS_H_ */ diff --git a/modules/openthread/Kconfig.thread b/modules/openthread/Kconfig.thread index 81c0ab20afc..2bababd4fee 100644 --- a/modules/openthread/Kconfig.thread +++ b/modules/openthread/Kconfig.thread @@ -250,11 +250,3 @@ config OPENTHREAD_MLE_CHILD_TIMEOUT default 240 help The value of MLE child timeout in seconds. - -config OPENTHREAD_PSA_ITS_NVM_OFFSET - hex "NVM offset while using key refs" - default 0x20000 - help - The offset value in the PSA ITS non-volatile space is dedicated to OpenThread - key reference IDs. This offset must not overwrite any other ranges already in - use within the PSA ITS non-volatile space. diff --git a/modules/openthread/platform/openthread-core-zephyr-config.h b/modules/openthread/platform/openthread-core-zephyr-config.h index c495c8ca4ef..15688bf67a2 100644 --- a/modules/openthread/platform/openthread-core-zephyr-config.h +++ b/modules/openthread/platform/openthread-core-zephyr-config.h @@ -14,6 +14,7 @@ #define OPENTHREAD_CORE_ZEPHYR_CONFIG_H_ #include +#include #include /** @@ -516,8 +517,6 @@ * NVM offset while using key refs. * */ -#ifdef CONFIG_OPENTHREAD_PSA_ITS_NVM_OFFSET -#define OPENTHREAD_CONFIG_PSA_ITS_NVM_OFFSET CONFIG_OPENTHREAD_PSA_ITS_NVM_OFFSET -#endif +#define OPENTHREAD_CONFIG_PSA_ITS_NVM_OFFSET ZEPHYR_PSA_OPENTHREAD_KEY_ID_RANGE_BEGIN #endif /* OPENTHREAD_CORE_ZEPHYR_CONFIG_H_ */ diff --git a/samples/psa/persistent_key/src/main.c b/samples/psa/persistent_key/src/main.c index c79d8184f94..2f010a012ea 100644 --- a/samples/psa/persistent_key/src/main.c +++ b/samples/psa/persistent_key/src/main.c @@ -3,10 +3,11 @@ */ #include #include +#include LOG_MODULE_REGISTER(persistent_key); -#define SAMPLE_KEY_ID PSA_KEY_ID_USER_MIN +#define SAMPLE_KEY_ID ZEPHYR_PSA_APPLICATION_KEY_ID_RANGE_BEGIN #define SAMPLE_KEY_TYPE PSA_KEY_TYPE_AES #define SAMPLE_ALG PSA_ALG_CTR #define SAMPLE_KEY_BITS 256 diff --git a/subsys/bluetooth/mesh/Kconfig b/subsys/bluetooth/mesh/Kconfig index 49cc16fa7b6..a3f4b6c4bd1 100644 --- a/subsys/bluetooth/mesh/Kconfig +++ b/subsys/bluetooth/mesh/Kconfig @@ -1531,22 +1531,6 @@ config BT_MESH_USES_TFM_PSA endchoice -if BT_MESH_USES_MBEDTLS_PSA || BT_MESH_USES_TFM_PSA - -config BT_MESH_PSA_KEY_ID_USER_MIN_OFFSET - int "Offset of Bluetooth Mesh key id range regarding PSA_KEY_ID_USER_MIN" - default 0 - help - The PSA specification mandates to set key identifiers for keys - with persistent lifetime. The users of the PSA API is responsible - (Bluetooth Mesh is user of PSA API) to provide correct and unique identifiers. - The Bluetooth Mesh identifier range should be between PSA_KEY_ID_USER_MIN and - PSA_KEY_ID_USER_MAX. Bluetooth Mesh requires two ids for each subnetwork, two ids - for each application key, and two ids for the device key and device key candidate. - It should consider the Mesh Configuration Database instances if database enabled. - -endif # BT_MESH_USES_MBEDTLS_PSA || BT_MESH_USES_TFM_PSA - menu "Beacons" config BT_MESH_BEACON_ENABLED diff --git a/subsys/bluetooth/mesh/crypto_psa.c b/subsys/bluetooth/mesh/crypto_psa.c index 7267f064bc8..cc43293a3df 100644 --- a/subsys/bluetooth/mesh/crypto_psa.c +++ b/subsys/bluetooth/mesh/crypto_psa.c @@ -7,6 +7,7 @@ #include #include +#include #include #define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL @@ -26,13 +27,13 @@ LOG_MODULE_REGISTER(bt_mesh_crypto_psa); #else #define BT_MESH_CDB_KEY_ID_RANGE_SIZE 0 #endif -#define BT_MESH_KEY_ID_RANGE_SIZE (2 * CONFIG_BT_MESH_SUBNET_COUNT + \ - 2 * CONFIG_BT_MESH_APP_KEY_COUNT + 2 + BT_MESH_CDB_KEY_ID_RANGE_SIZE) -#define BT_MESH_PSA_KEY_ID_USER_MIN (PSA_KEY_ID_USER_MIN + \ - CONFIG_BT_MESH_PSA_KEY_ID_USER_MIN_OFFSET) -BUILD_ASSERT(BT_MESH_PSA_KEY_ID_USER_MIN + BT_MESH_KEY_ID_RANGE_SIZE <= PSA_KEY_ID_USER_MAX, - "Bluetooth Mesh PSA key id range overlaps maximum allowed boundary."); +#define BT_MESH_PSA_KEY_ID_MIN ZEPHYR_PSA_BT_MESH_KEY_ID_RANGE_BEGIN + +#define BT_MESH_PSA_KEY_ID_RANGE_SIZE (2 * CONFIG_BT_MESH_SUBNET_COUNT + \ + 2 * CONFIG_BT_MESH_APP_KEY_COUNT + 2 + BT_MESH_CDB_KEY_ID_RANGE_SIZE) +BUILD_ASSERT(BT_MESH_PSA_KEY_ID_RANGE_SIZE <= ZEPHYR_PSA_BT_MESH_KEY_ID_RANGE_SIZE, + "PSA key ID range exceeds officially allocated range."); BUILD_ASSERT(PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) == 16, "MAC length should be 16 bytes for 128-bits key for CMAC-AES"); @@ -46,7 +47,7 @@ static struct { uint8_t public_key_be[PUB_KEY_SIZE + 1]; } dh_pair; -static ATOMIC_DEFINE(pst_keys, BT_MESH_KEY_ID_RANGE_SIZE); +static ATOMIC_DEFINE(pst_keys, BT_MESH_PSA_KEY_ID_RANGE_SIZE); int bt_mesh_crypto_init(void) { @@ -354,10 +355,10 @@ end: __weak psa_key_id_t bt_mesh_user_keyid_alloc(void) { - for (int i = 0; i < BT_MESH_KEY_ID_RANGE_SIZE; i++) { + for (int i = 0; i < BT_MESH_PSA_KEY_ID_RANGE_SIZE; i++) { if (!atomic_test_bit(pst_keys, i)) { atomic_set_bit(pst_keys, i); - return BT_MESH_PSA_KEY_ID_USER_MIN + i; + return BT_MESH_PSA_KEY_ID_MIN + i; } } @@ -366,9 +367,9 @@ __weak psa_key_id_t bt_mesh_user_keyid_alloc(void) __weak int bt_mesh_user_keyid_free(psa_key_id_t key_id) { - if (IN_RANGE(key_id, BT_MESH_PSA_KEY_ID_USER_MIN, - BT_MESH_PSA_KEY_ID_USER_MIN + BT_MESH_KEY_ID_RANGE_SIZE - 1)) { - atomic_clear_bit(pst_keys, key_id - BT_MESH_PSA_KEY_ID_USER_MIN); + if (IN_RANGE(key_id, BT_MESH_PSA_KEY_ID_MIN, + BT_MESH_PSA_KEY_ID_MIN + BT_MESH_PSA_KEY_ID_RANGE_SIZE - 1)) { + atomic_clear_bit(pst_keys, key_id - BT_MESH_PSA_KEY_ID_MIN); return 0; } @@ -377,9 +378,9 @@ __weak int bt_mesh_user_keyid_free(psa_key_id_t key_id) __weak void bt_mesh_user_keyid_assign(psa_key_id_t key_id) { - if (IN_RANGE(key_id, BT_MESH_PSA_KEY_ID_USER_MIN, - BT_MESH_PSA_KEY_ID_USER_MIN + BT_MESH_KEY_ID_RANGE_SIZE - 1)) { - atomic_set_bit(pst_keys, key_id - BT_MESH_PSA_KEY_ID_USER_MIN); + if (IN_RANGE(key_id, BT_MESH_PSA_KEY_ID_MIN, + BT_MESH_PSA_KEY_ID_MIN + BT_MESH_PSA_KEY_ID_RANGE_SIZE - 1)) { + atomic_set_bit(pst_keys, key_id - BT_MESH_PSA_KEY_ID_MIN); } } diff --git a/subsys/net/lib/wifi_credentials/Kconfig b/subsys/net/lib/wifi_credentials/Kconfig index 3cfe87c29f2..2fc002f00b8 100644 --- a/subsys/net/lib/wifi_credentials/Kconfig +++ b/subsys/net/lib/wifi_credentials/Kconfig @@ -75,18 +75,6 @@ endif # WIFI_CREDENTIALS_CONNECT_STORED endif # WIFI_CREDENTIALS -if WIFI_CREDENTIALS_BACKEND_PSA - -config WIFI_CREDENTIALS_BACKEND_PSA_OFFSET - int "PSA_KEY_ID range offset" - default 0 - help - The PSA specification mandates to set key identifiers for keys - with persistent lifetime. The users of the PSA API are responsible (WIFI credentials - management is user of PSA API) to provide correct and unique identifiers. - -endif # WIFI_CREDENTIALS_BACKEND_PSA - config WIFI_CREDENTIALS_STATIC bool "Static Wi-Fi network configuration" diff --git a/subsys/net/lib/wifi_credentials/wifi_credentials_backend_psa.c b/subsys/net/lib/wifi_credentials/wifi_credentials_backend_psa.c index bf82ee72577..7ec3ae1056d 100644 --- a/subsys/net/lib/wifi_credentials/wifi_credentials_backend_psa.c +++ b/subsys/net/lib/wifi_credentials/wifi_credentials_backend_psa.c @@ -6,18 +6,15 @@ #include #include +#include #include "psa/crypto.h" #include "wifi_credentials_internal.h" LOG_MODULE_REGISTER(wifi_credentials_backend, CONFIG_WIFI_CREDENTIALS_LOG_LEVEL); -#define WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN \ - (PSA_KEY_ID_USER_MIN + CONFIG_WIFI_CREDENTIALS_BACKEND_PSA_OFFSET) - -BUILD_ASSERT((WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN + CONFIG_WIFI_CREDENTIALS_MAX_ENTRIES) <= - PSA_KEY_ID_USER_MAX, - "WIFI credentials management PSA key id range exceeds PSA_KEY_ID_USER_MAX."); +BUILD_ASSERT(CONFIG_WIFI_CREDENTIALS_MAX_ENTRIES <= ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_SIZE, + "Wi-Fi credentials management PSA key ID range exceeds officially allocated range."); int wifi_credentials_backend_init(void) { @@ -26,7 +23,7 @@ int wifi_credentials_backend_init(void) for (size_t i = 0; i < CONFIG_WIFI_CREDENTIALS_MAX_ENTRIES; ++i) { size_t length_read = 0; - size_t key_id = i + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN; + size_t key_id = i + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN; ret = psa_export_key(key_id, buf, ARRAY_SIZE(buf), &length_read); if (ret == PSA_SUCCESS && length_read == ENTRY_MAX_LEN) { @@ -46,7 +43,7 @@ int wifi_credentials_store_entry(size_t idx, const void *buf, size_t buf_len) psa_key_attributes_t key_attributes = {0}; psa_key_id_t key_id; - psa_set_key_id(&key_attributes, idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN); + psa_set_key_id(&key_attributes, idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_EXPORT); psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_PERSISTENT); psa_set_key_algorithm(&key_attributes, PSA_ALG_NONE); @@ -67,7 +64,7 @@ int wifi_credentials_store_entry(size_t idx, const void *buf, size_t buf_len) int wifi_credentials_delete_entry(size_t idx) { - psa_status_t ret = psa_destroy_key(idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN); + psa_status_t ret = psa_destroy_key(idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN); if (ret != PSA_SUCCESS) { LOG_ERR("psa_destroy_key failed, err: %d", ret); @@ -80,7 +77,7 @@ int wifi_credentials_delete_entry(size_t idx) int wifi_credentials_load_entry(size_t idx, void *buf, size_t buf_len) { size_t length_read = 0; - size_t key_id = idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN; + size_t key_id = idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN; psa_status_t ret; ret = psa_export_key(key_id, buf, buf_len, &length_read); diff --git a/tests/bsim/bluetooth/mesh/src/distribute_keyid.c b/tests/bsim/bluetooth/mesh/src/distribute_keyid.c index 8bfb0f6ced1..54a9a8feae2 100644 --- a/tests/bsim/bluetooth/mesh/src/distribute_keyid.c +++ b/tests/bsim/bluetooth/mesh/src/distribute_keyid.c @@ -6,6 +6,7 @@ #include #include +#include #include "argparse.h" #include "mesh/crypto.h" @@ -22,24 +23,23 @@ LOG_MODULE_REGISTER(LOG_MODULE_NAME); #else #define BT_MESH_CDB_KEY_ID_RANGE_SIZE 0 #endif -#define BT_MESH_KEY_ID_RANGE_SIZE (2 * CONFIG_BT_MESH_SUBNET_COUNT + \ - 2 * CONFIG_BT_MESH_APP_KEY_COUNT + 1 + BT_MESH_CDB_KEY_ID_RANGE_SIZE) -#define BT_MESH_PSA_KEY_ID_USER_MIN (PSA_KEY_ID_USER_MIN + \ - CONFIG_BT_MESH_PSA_KEY_ID_USER_MIN_OFFSET) -#define BT_MESH_TEST_PSA_KEY_ID_USER_MIN (BT_MESH_PSA_KEY_ID_USER_MIN + \ - BT_MESH_KEY_ID_RANGE_SIZE * get_device_nbr()) -static ATOMIC_DEFINE(pst_keys, BT_MESH_KEY_ID_RANGE_SIZE); +#define BT_MESH_PSA_KEY_ID_RANGE_SIZE (2 * CONFIG_BT_MESH_SUBNET_COUNT + \ + 2 * CONFIG_BT_MESH_APP_KEY_COUNT + 2 + BT_MESH_CDB_KEY_ID_RANGE_SIZE) +#define BT_MESH_TEST_PSA_KEY_ID_MIN (ZEPHYR_PSA_BT_MESH_KEY_ID_RANGE_BEGIN + \ + BT_MESH_PSA_KEY_ID_RANGE_SIZE * get_device_nbr()) + +static ATOMIC_DEFINE(pst_keys, BT_MESH_PSA_KEY_ID_RANGE_SIZE); psa_key_id_t bt_mesh_user_keyid_alloc(void) { - for (int i = 0; i < BT_MESH_KEY_ID_RANGE_SIZE; i++) { + for (int i = 0; i < BT_MESH_PSA_KEY_ID_RANGE_SIZE; i++) { if (!atomic_test_bit(pst_keys, i)) { atomic_set_bit(pst_keys, i); - LOG_INF("key id %d is allocated", BT_MESH_TEST_PSA_KEY_ID_USER_MIN + i); + LOG_INF("key id %d is allocated", BT_MESH_TEST_PSA_KEY_ID_MIN + i); - return BT_MESH_TEST_PSA_KEY_ID_USER_MIN + i; + return BT_MESH_TEST_PSA_KEY_ID_MIN + i; } } @@ -48,9 +48,9 @@ psa_key_id_t bt_mesh_user_keyid_alloc(void) int bt_mesh_user_keyid_free(psa_key_id_t key_id) { - if (IN_RANGE(key_id, BT_MESH_TEST_PSA_KEY_ID_USER_MIN, - BT_MESH_TEST_PSA_KEY_ID_USER_MIN + BT_MESH_KEY_ID_RANGE_SIZE - 1)) { - atomic_clear_bit(pst_keys, key_id - BT_MESH_TEST_PSA_KEY_ID_USER_MIN); + if (IN_RANGE(key_id, BT_MESH_TEST_PSA_KEY_ID_MIN, + BT_MESH_TEST_PSA_KEY_ID_MIN + BT_MESH_PSA_KEY_ID_RANGE_SIZE - 1)) { + atomic_clear_bit(pst_keys, key_id - BT_MESH_TEST_PSA_KEY_ID_MIN); LOG_INF("key id %d is freed", key_id); @@ -62,9 +62,9 @@ int bt_mesh_user_keyid_free(psa_key_id_t key_id) void bt_mesh_user_keyid_assign(psa_key_id_t key_id) { - if (IN_RANGE(key_id, BT_MESH_TEST_PSA_KEY_ID_USER_MIN, - BT_MESH_TEST_PSA_KEY_ID_USER_MIN + BT_MESH_KEY_ID_RANGE_SIZE - 1)) { - atomic_set_bit(pst_keys, key_id - BT_MESH_TEST_PSA_KEY_ID_USER_MIN); + if (IN_RANGE(key_id, BT_MESH_TEST_PSA_KEY_ID_MIN, + BT_MESH_TEST_PSA_KEY_ID_MIN + BT_MESH_PSA_KEY_ID_RANGE_SIZE - 1)) { + atomic_set_bit(pst_keys, key_id - BT_MESH_TEST_PSA_KEY_ID_MIN); LOG_INF("key id %d is assigned", key_id); } else { LOG_WRN("key id %d is out of the reserved id range", key_id); diff --git a/tests/net/lib/wifi_credentials_backend_psa/CMakeLists.txt b/tests/net/lib/wifi_credentials_backend_psa/CMakeLists.txt index 6ff95328fff..15bd547a82d 100644 --- a/tests/net/lib/wifi_credentials_backend_psa/CMakeLists.txt +++ b/tests/net/lib/wifi_credentials_backend_psa/CMakeLists.txt @@ -27,7 +27,6 @@ target_compile_options(app -DCONFIG_WIFI_CREDENTIALS_MAX_ENTRIES=2 -DCONFIG_WIFI_CREDENTIALS_SAE_PASSWORD_LENGTH=128 -DCONFIG_WIFI_CREDENTIALS_LOG_LEVEL=4 - -DCONFIG_WIFI_CREDENTIALS_BACKEND_PSA_OFFSET=5 ) set_property( diff --git a/tests/net/lib/wifi_credentials_backend_psa/src/main.c b/tests/net/lib/wifi_credentials_backend_psa/src/main.c index f0b2b6804ab..5e89079e116 100644 --- a/tests/net/lib/wifi_credentials_backend_psa/src/main.c +++ b/tests/net/lib/wifi_credentials_backend_psa/src/main.c @@ -10,6 +10,7 @@ #include #include #include +#include #include @@ -31,9 +32,6 @@ #define BSSID2 NULL #define FLAGS2 0 -#define WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN \ - (PSA_KEY_ID_USER_MIN + CONFIG_WIFI_CREDENTIALS_BACKEND_PSA_OFFSET) - DEFINE_FFF_GLOBALS; K_MUTEX_DEFINE(wifi_credentials_mutex); @@ -83,7 +81,7 @@ psa_status_t custom_psa_export_key(mbedtls_svc_key_id_t key, uint8_t *data, size static void custom_psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key) { - zassert_equal(idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN, key, "Key ID mismatch"); + zassert_equal(idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN, key, "Key ID mismatch"); } void custom_psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits) @@ -175,7 +173,7 @@ ZTEST(wifi_credentials_backend_psa, test_add) ZTEST(wifi_credentials_backend_psa, test_get) { int ret; - psa_key_id_t key_id = idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN; + psa_key_id_t key_id = idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN; uint8_t buf[ENTRY_MAX_LEN]; ret = wifi_credentials_load_entry(idx, buf, ARRAY_SIZE(buf)); @@ -186,7 +184,7 @@ ZTEST(wifi_credentials_backend_psa, test_get) zassert_equal(psa_export_key_fake.arg2_val, ARRAY_SIZE(buf), "Export key arg2 mismatch"); idx++; - key_id = idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN; + key_id = idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN; ret = wifi_credentials_load_entry(idx, buf, ARRAY_SIZE(buf)); @@ -205,7 +203,7 @@ ZTEST(wifi_credentials_backend_psa, test_delete) ret = wifi_credentials_delete_entry(idx); zassert_equal(0, ret, "Delete entry failed"); - zassert_equal(psa_destroy_key_fake.arg0_val, WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN, + zassert_equal(psa_destroy_key_fake.arg0_val, ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN, "Destroy key arg0 mismatch"); idx++; @@ -214,7 +212,7 @@ ZTEST(wifi_credentials_backend_psa, test_delete) zassert_equal(0, ret, "Delete entry failed"); zassert_equal(psa_destroy_key_fake.arg0_val, - idx + WIFI_CREDENTIALS_BACKEND_PSA_KEY_ID_USER_MIN, + idx + ZEPHYR_PSA_WIFI_CREDENTIALS_KEY_ID_RANGE_BEGIN, "Destroy key arg0 mismatch"); zassert_equal(psa_destroy_key_fake.call_count, 2, "Destroy key call count mismatch"); diff --git a/tests/subsys/secure_storage/psa/crypto/src/main.c b/tests/subsys/secure_storage/psa/crypto/src/main.c index 1a59f002796..04a29435cab 100644 --- a/tests/subsys/secure_storage/psa/crypto/src/main.c +++ b/tests/subsys/secure_storage/psa/crypto/src/main.c @@ -2,6 +2,7 @@ * SPDX-License-Identifier: Apache-2.0 */ #include +#include #include #include #include @@ -9,7 +10,7 @@ ZTEST_SUITE(secure_storage_psa_crypto, NULL, NULL, NULL, NULL, NULL); -#define ID PSA_KEY_ID_USER_MIN +#define ID ZEPHYR_PSA_APPLICATION_KEY_ID_RANGE_BEGIN #define KEY_TYPE PSA_KEY_TYPE_AES #define ALG PSA_ALG_CBC_NO_PADDING #define KEY_BITS 256