Add volatile key identifiers
Volatile key identifiers are introduced in PSA Crypto API v1.0.0. They are returned by the APIs when importing or generating or deriving a volatile key. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
d2ed4815da
commit
2a99315cc5
3 changed files with 33 additions and 6 deletions
|
@ -1851,6 +1851,7 @@ static psa_status_t psa_start_key_creation(
|
|||
psa_se_drv_table_entry_t **p_drv )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_id_t volatile_key_id;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
(void) method;
|
||||
|
@ -1860,7 +1861,7 @@ static psa_status_t psa_start_key_creation(
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
status = psa_get_empty_key_slot( handle, p_slot );
|
||||
status = psa_get_empty_key_slot( handle, &volatile_key_id, p_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
slot = *p_slot;
|
||||
|
|
|
@ -114,7 +114,8 @@ void psa_wipe_all_key_slots( void )
|
|||
}
|
||||
|
||||
psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
|
||||
psa_key_slot_t **p_slot )
|
||||
psa_key_id_t *volatile_key_id,
|
||||
psa_key_slot_t **p_slot )
|
||||
{
|
||||
if( ! global_data.key_slots_initialized )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
@ -123,7 +124,11 @@ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
|
|||
{
|
||||
*p_slot = &global_data.key_slots[*handle - 1];
|
||||
if( ! psa_is_key_slot_occupied( *p_slot ) )
|
||||
{
|
||||
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( *handle ) - 1;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
}
|
||||
*p_slot = NULL;
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
@ -215,6 +220,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
|
|||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
psa_status_t status;
|
||||
psa_key_id_t volatile_key_id;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
*handle = 0;
|
||||
|
@ -223,7 +229,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
status = psa_get_empty_key_slot( handle, &slot );
|
||||
status = psa_get_empty_key_slot( handle, &volatile_key_id, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
|
|
|
@ -28,6 +28,23 @@
|
|||
* The value is a compile-time constant for now, for simplicity. */
|
||||
#define PSA_KEY_SLOT_COUNT 32
|
||||
|
||||
/** Range of volatile key identifiers.
|
||||
*
|
||||
* The last PSA_KEY_SLOT_COUNT identifiers of the implementation range
|
||||
* of key identifiers are reserved for volatile key identifiers.
|
||||
* A volatile key identifier is equal to PSA_KEY_ID_VOLATILE_MIN plus the
|
||||
* index of the key slot containing the volatile key definition.
|
||||
*/
|
||||
|
||||
/** The minimum value for a volatile key identifier.
|
||||
*/
|
||||
#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \
|
||||
PSA_KEY_SLOT_COUNT + 1 )
|
||||
|
||||
/** The maximum value for a volatile key identifier.
|
||||
*/
|
||||
#define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX
|
||||
|
||||
/** Access a key slot at the given handle.
|
||||
*
|
||||
* \param handle Key handle to query.
|
||||
|
@ -62,15 +79,18 @@ void psa_wipe_all_key_slots( void );
|
|||
* This function returns a key slot that is available for use and is in its
|
||||
* ground state (all-bits-zero).
|
||||
*
|
||||
* \param[out] handle On success, a slot number that can be used as a
|
||||
* handle to the slot.
|
||||
* \param[out] p_slot On success, a pointer to the slot.
|
||||
* \param[out] handle On success, a slot number that can be used
|
||||
* as a handle to the slot.
|
||||
* \param[out] volatile_key_id On success, volatile key identifier
|
||||
* associated to the returned slot.
|
||||
* \param[out] p_slot On success, a pointer to the slot.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
*/
|
||||
psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
|
||||
psa_key_id_t *volatile_key_id,
|
||||
psa_key_slot_t **p_slot );
|
||||
|
||||
/** Test whether a lifetime designates a key in an external cryptoprocessor.
|
||||
|
|
Loading…
Reference in a new issue