Remove unused and duplicated erros, fix documentation and tests

Remove unused and duplicated erros, fix documentation and tests

include/psa/crypto.h

@@ -89,10 +89,6 @@ typedef enum {
     PSA_ERROR_INVALID_SIGNATURE,
     /** The decrypted padding is incorrect. */
     PSA_ERROR_INVALID_PADDING,
-    /** The key lifetime value is incorrect. */
-    PSA_ERROR_INVALID_LIFETIME,
-    /** The key lifetime can not be changed. */
-    PSA_ERROR_KEY_LIFETIME_CHANGE,
     /** An error occurred that does not correspond to any defined
         failure cause. */
     PSA_ERROR_UNKNOWN_ERROR,
@@ -582,15 +578,19 @@ psa_status_t psa_get_key_policy(psa_key_slot_t key,
  */
 typedef uint32_t psa_key_lifetime_t;
 
+/** An invalid key lifetime value.
+ */
+#define PSA_KEY_LIFETIME_NONE               ((psa_key_lifetime_t)0x00000000)
+
 /** A volatile key slot retains its content as long as the application is
  * running. It is guaranteed to be erased on a power reset.
  */
-#define PSA_KEY_LIFETIME_VOLATILE               ((psa_key_lifetime_t)0x00000000)
+#define PSA_KEY_LIFETIME_VOLATILE               ((psa_key_lifetime_t)0x00000001)
 
 /** A persistent key slot retains its content as long as it is not explicitly
  * destroyed.
  */
-#define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000001)
+#define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000002)
 
 /** A write-once key slot may not be modified once a key has been set.
  * It will retain its content as long as the device remains operational.
@@ -617,11 +617,10 @@ psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
                                   psa_key_lifetime_t *lifetime);
 
 /** \brief Change the lifetime of a key slot.
+ * Whether the lifetime of a key slot can be changed at all, and if so
+ * whether the lifetime of an occupied key slot can be changed, is
+ * implementation-dependent.
  * 
- * \note   In case a key slot has PSA_KEY_LIFETIME_WRITE_ONCE lifetime, 
- *         it can not be changed and trying to set new value will return
- *         an error
- *
  * \param key           Slot whose content is to be exported. This must
  *                      be an occupied key slot.
  * \param lifetime      The lifetime value to be set for the given key.
@@ -633,11 +632,6 @@ psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
  *         or the key data is not correctly formatted.
  * \retval PSA_ERROR_EMPTY_SLOT
  *         The key slot is not occupied.
- * \retval PSA_ERROR_INVALID_LIFETIME
- *         The lifetime value is not valid.
- * \retval PSA_ERROR_KEY_LIFETIME_CHANGE
- *         The key slot already has PSA_KEY_LIFETIME_WRITE_ONCE value,
- *         and can not be changed.
  */
 psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
                                   const psa_key_lifetime_t lifetime);

library/psa_crypto.c

@@ -363,7 +363,6 @@ psa_status_t psa_import_key(psa_key_slot_t key,
     }
 
     slot->type = type;
-    slot->lifetime = 0;
     return( PSA_SUCCESS );
 }
 
@@ -1292,17 +1291,17 @@ psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
     if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
+    if( lifetime != PSA_KEY_LIFETIME_VOLATILE && 
+        lifetime != PSA_KEY_LIFETIME_PERSISTENT && 
+        lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
     slot = &global_data.key_slots[key];
     if( slot->type == PSA_KEY_TYPE_NONE )
         return( PSA_ERROR_EMPTY_SLOT );
 
-    if( lifetime != PSA_KEY_LIFETIME_VOLATILE && 
-        lifetime != PSA_KEY_LIFETIME_PERSISTENT && 
-        lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
-        return( PSA_ERROR_INVALID_LIFETIME );
-
-    if ( slot->lifetime == PSA_KEY_LIFETIME_WRITE_ONCE )
-        return( PSA_ERROR_KEY_LIFETIME_CHANGE );
+    if ( lifetime != PSA_KEY_LIFETIME_VOLATILE )
+        return( PSA_ERROR_NOT_SUPPORTED );
         
     slot->lifetime = lifetime;
 

tests/suites/test_suite_psa_crypto.data

@@ -87,12 +87,6 @@ sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5
 PSA Key Lifetime set and get volatile
 key_lifetime:PSA_KEY_LIFETIME_VOLATILE
 
-PSA Key Lifetime set and get persistent
-key_lifetime:PSA_KEY_LIFETIME_PERSISTENT
-
-PSA Key Lifetime set and get write_once
-key_lifetime:PSA_KEY_LIFETIME_WRITE_ONCE
-
 PSA Key Lifetime set fail, invalid key slot
 key_lifetime_set_fail:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
 
@@ -100,7 +94,7 @@ PSA Key Lifetime set fail, unoccupied key slot
 key_lifetime_set_fail:2:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_EMPTY_SLOT
 
 PSA Key Lifetime set fail, can not change write_once lifetime
-key_lifetime_set_fail:1:PSA_KEY_LIFETIME_WRITE_ONCE:PSA_ERROR_KEY_LIFETIME_CHANGE
+key_lifetime_set_fail:1:PSA_KEY_LIFETIME_WRITE_ONCE:PSA_ERROR_NOT_SUPPORTED
 
 PSA Key Lifetime set fail, invalid key lifetime value
-key_lifetime_set_fail:1:PSA_KEY_LIFETIME_PERSISTENT+1:PSA_ERROR_INVALID_LIFETIME
+key_lifetime_set_fail:1:PSA_KEY_LIFETIME_PERSISTENT+1:PSA_ERROR_INVALID_ARGUMENT

tests/suites/test_suite_psa_crypto.function

@@ -378,10 +378,10 @@ void key_lifetime( int lifetime_arg )
                                  key, sizeof( key ) ) == PSA_SUCCESS );
 
     TEST_ASSERT( psa_set_key_lifetime( key_slot, 
-								 lifetime_set ) == PSA_SUCCESS );
+                                 lifetime_set ) == PSA_SUCCESS );
     
     TEST_ASSERT( psa_get_key_lifetime( key_slot, 
-								 &lifetime_get ) == PSA_SUCCESS );
+                                 &lifetime_get ) == PSA_SUCCESS );
 
     TEST_ASSERT( lifetime_get == lifetime_set );