Mistake on this page?
Report an issue in GitHub or email us
psa_crypto_slot_management.h
1 /*
2  * PSA crypto layer on top of Mbed TLS crypto
3  */
4 /* Copyright (C) 2018, ARM Limited, All Rights Reserved
5  * SPDX-License-Identifier: Apache-2.0
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License"); you may
8  * not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  *
19  * This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 
22 #ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
23 #define PSA_CRYPTO_SLOT_MANAGEMENT_H
24 
25 #include "psa/crypto.h"
26 #include "psa_crypto_se.h"
27 
28 /* Number of key slots (plus one because 0 is not used).
29  * The value is a compile-time constant for now, for simplicity. */
30 #define PSA_KEY_SLOT_COUNT 32
31 
32 /** Access a key slot at the given handle.
33  *
34  * \param handle Key handle to query.
35  * \param[out] p_slot On success, `*p_slot` contains a pointer to the
36  * key slot in memory designated by \p handle.
37  *
38  * \retval PSA_SUCCESS
39  * Success: \p handle is a handle to `*p_slot`. Note that `*p_slot`
40  * may be empty or occupied.
41  * \retval PSA_ERROR_INVALID_HANDLE
42  * \p handle is out of range or is not in use.
43  * \retval PSA_ERROR_BAD_STATE
44  * The library has not been initialized.
45  */
46 psa_status_t psa_get_key_slot( psa_key_handle_t handle,
47  psa_key_slot_t **p_slot );
48 
49 /** Initialize the key slot structures.
50  *
51  * \retval PSA_SUCCESS
52  * Currently this function always succeeds.
53  */
54 psa_status_t psa_initialize_key_slots( void );
55 
56 /** Delete all data from key slots in memory.
57  *
58  * This does not affect persistent storage. */
59 void psa_wipe_all_key_slots( void );
60 
61 /** Find a free key slot.
62  *
63  * This function returns a key slot that is available for use and is in its
64  * ground state (all-bits-zero).
65  *
66  * \param[out] handle On success, a slot number that can be used as a
67  * handle to the slot.
68  * \param[out] p_slot On success, a pointer to the slot.
69  *
70  * \retval #PSA_SUCCESS
71  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
72  * \retval #PSA_ERROR_BAD_STATE
73  */
74 psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
75  psa_key_slot_t **p_slot );
76 
77 /** Test whether a lifetime designates a key in an external cryptoprocessor.
78  *
79  * \param lifetime The lifetime to test.
80  *
81  * \retval 1
82  * The lifetime designates an external key. There should be a
83  * registered driver for this lifetime, otherwise the key cannot
84  * be created or manipulated.
85  * \retval 0
86  * The lifetime designates a key that is volatile or in internal
87  * storage.
88  */
89 static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
90 {
91  return( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
92  lifetime != PSA_KEY_LIFETIME_PERSISTENT );
93 }
94 
95 /** Test whether the given parameters are acceptable for a persistent key.
96  *
97  * This function does not access the storage in any way. It only tests
98  * whether the parameters are meaningful and permitted by general policy.
99  * It does not test whether the a file by the given id exists or could be
100  * created.
101  *
102  * If the key is in external storage, this function returns the corresponding
103  * driver.
104  *
105  * \param lifetime The lifetime to test.
106  * \param id The key id to test.
107  * \param[out] p_drv On output, if \p lifetime designates a key
108  * in an external processor, \c *p_drv is a pointer
109  * to the driver table entry fot this lifetime.
110  * If \p lifetime designates a transparent key,
111  * \c *p_drv is \c NULL.
112  * \param creating 0 if attempting to open an existing key.
113  * Nonzero if attempting to create a key.
114  *
115  * \retval PSA_SUCCESS
116  * The given parameters are valid.
117  * \retval PSA_ERROR_INVALID_ARGUMENT
118  * \p lifetime is volatile or is invalid.
119  * \retval PSA_ERROR_INVALID_ARGUMENT
120  * \p id is invalid.
121  */
122 psa_status_t psa_validate_persistent_key_parameters(
123  psa_key_lifetime_t lifetime,
124  psa_key_file_id_t id,
125  psa_se_drv_table_entry_t **p_drv,
126  int creating );
127 
128 
129 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
#define PSA_KEY_LIFETIME_VOLATILE
A volatile key only exists as long as the handle to it is not closed.
#define PSA_KEY_LIFETIME_PERSISTENT
The default storage area for persistent keys.
uint32_t psa_key_lifetime_t
Encoding of key lifetimes.
int32_t psa_status_t
Function return status.
The data structure representing a key slot, containing key material and metadata for one key...
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.