Add volatile key identifiers

Volatile key identifiers are introduced in
PSA Crypto API v1.0.0. They are returned by the APIs
when importing or generating or deriving a volatile key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-07-17 14:13:26 +02:00
parent d2ed4815da
commit 2a99315cc5
3 changed files with 33 additions and 6 deletions

View file

@ -1851,6 +1851,7 @@ static psa_status_t psa_start_key_creation(
psa_se_drv_table_entry_t **p_drv )
{
psa_status_t status;
psa_key_id_t volatile_key_id;
psa_key_slot_t *slot;
(void) method;
@ -1860,7 +1861,7 @@ static psa_status_t psa_start_key_creation(
if( status != PSA_SUCCESS )
return( status );
status = psa_get_empty_key_slot( handle, p_slot );
status = psa_get_empty_key_slot( handle, &volatile_key_id, p_slot );
if( status != PSA_SUCCESS )
return( status );
slot = *p_slot;

View file

@ -114,7 +114,8 @@ void psa_wipe_all_key_slots( void )
}
psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
psa_key_slot_t **p_slot )
psa_key_id_t *volatile_key_id,
psa_key_slot_t **p_slot )
{
if( ! global_data.key_slots_initialized )
return( PSA_ERROR_BAD_STATE );
@ -123,7 +124,11 @@ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
{
*p_slot = &global_data.key_slots[*handle - 1];
if( ! psa_is_key_slot_occupied( *p_slot ) )
{
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( *handle ) - 1;
return( PSA_SUCCESS );
}
}
*p_slot = NULL;
return( PSA_ERROR_INSUFFICIENT_MEMORY );
@ -215,6 +220,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
psa_key_id_t volatile_key_id;
psa_key_slot_t *slot;
*handle = 0;
@ -223,7 +229,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
if( status != PSA_SUCCESS )
return( status );
status = psa_get_empty_key_slot( handle, &slot );
status = psa_get_empty_key_slot( handle, &volatile_key_id, &slot );
if( status != PSA_SUCCESS )
return( status );

View file

@ -28,6 +28,23 @@
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
/** Range of volatile key identifiers.
*
* The last PSA_KEY_SLOT_COUNT identifiers of the implementation range
* of key identifiers are reserved for volatile key identifiers.
* A volatile key identifier is equal to PSA_KEY_ID_VOLATILE_MIN plus the
* index of the key slot containing the volatile key definition.
*/
/** The minimum value for a volatile key identifier.
*/
#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \
PSA_KEY_SLOT_COUNT + 1 )
/** The maximum value for a volatile key identifier.
*/
#define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX
/** Access a key slot at the given handle.
*
* \param handle Key handle to query.
@ -62,15 +79,18 @@ void psa_wipe_all_key_slots( void );
* This function returns a key slot that is available for use and is in its
* ground state (all-bits-zero).
*
* \param[out] handle On success, a slot number that can be used as a
* handle to the slot.
* \param[out] p_slot On success, a pointer to the slot.
* \param[out] handle On success, a slot number that can be used
* as a handle to the slot.
* \param[out] volatile_key_id On success, volatile key identifier
* associated to the returned slot.
* \param[out] p_slot On success, a pointer to the slot.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
*/
psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
psa_key_id_t *volatile_key_id,
psa_key_slot_t **p_slot );
/** Test whether a lifetime designates a key in an external cryptoprocessor.