psa_crypto_storage.h File Reference

The type of transaction that is in progress.

Definition at line 210 of file psa_crypto_storage.h.

Backend side of mbedtls_psa_inject_entropy().

This function stores the supplied data into the entropy seed file.

Return values:

PSA_SUCCESS	Success
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_NOT_PERMITTED	The entropy seed file already exists.

Definition at line 470 of file psa_crypto_storage.c.

Load the transaction data from storage, if any.

This function is meant to be called from psa_crypto_init() to recover in case a transaction was interrupted by a system crash.

Return values:

PSA_SUCCESS	The data about the ongoing transaction has been loaded to psa_crypto_transaction.
PSA_ERROR_DOES_NOT_EXIST	There is no ongoing transaction.
PSA_ERROR_STORAGE_FAILURE

Definition at line 437 of file psa_crypto_storage.c.

Prepare for a transaction.

There must not be an ongoing transaction.

Parameters:

type	The type of transaction to start.

Definition at line 311 of file psa_crypto_storage.h.

Save the transaction data to storage.

You may call this function multiple times during a transaction to atomically update the transaction state.

Return values:

PSA_SUCCESS
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_STORAGE_FAILURE

Definition at line 418 of file psa_crypto_storage.c.

Indicate that the current transaction is finished.

Call this function at the very end of transaction processing. This function does not "commit" or "abort" the transaction: the storage subsystem has no concept of "commit" and "abort", just saving and removing the transaction information in storage.

This function erases the transaction data in storage (if any) and resets the transaction data in memory.

Return values:

PSA_SUCCESS	There was transaction data in storage.
PSA_ERROR_DOES_NOT_EXIST	There was no transaction data in storage.
PSA_ERROR_STORAGE_FAILURE	It was impossible to determine whether there was transaction data in storage, or the transaction data could not be erased.

Definition at line 451 of file psa_crypto_storage.c.

Remove persistent data for the given key slot number.

Parameters:

key	Persistent identifier of the key to remove from persistent storage.

Return values:

PSA_SUCCESS	The key was successfully removed, or the key did not exist.
PSA_ERROR_STORAGE_FAILURE

Definition at line 182 of file psa_crypto_storage.c.

Formats key data and metadata for persistent storage.

Parameters:

[in]	data	Buffer containing the key data.
	data_length	Length of the key data buffer.
[in]	attr	The core attributes of the key.
[out]	storage_data	Output buffer for the formatted data.

Definition at line 268 of file psa_crypto_storage.c.

Free the temporary buffer allocated by psa_load_persistent_key().

This function must be called at some point after psa_load_persistent_key() to zeroize and free the memory allocated to the buffer in that function.

Parameters:

key_data	Buffer for the key data.
key_data_length	Size of the key data buffer.

Definition at line 369 of file psa_crypto_storage.c.

Checks if persistent data is stored for the given key slot number.

This function checks if any key data or metadata exists for the key slot in the persistent storage.

Parameters:

key	Persistent identifier to check.

Return values:

0	No persistent data present for slot number
1	Persistent data present for slot number

Definition at line 118 of file psa_crypto_storage.c.

Parses key data and metadata and load persistent key for given key slot number.

This function reads from a storage backend, parses the key data and metadata and writes them to the appropriate output parameters.

Note: This function allocates a buffer and returns a pointer to it through the data parameter. psa_free_persistent_key_data() must be called after this function to zeroize and free this buffer, regardless of whether this function succeeds or fails.

Parameters:

[in,out]	attr	On input, the key identifier field identifies the key to load. Other fields are ignored. On success, the attribute structure contains the key metadata that was loaded from storage.
[out]	data	Pointer to an allocated key data buffer on return.
[out]	data_length	The number of bytes that make up the key data.

Return values:

PSA_SUCCESS
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DOES_NOT_EXIST

Definition at line 378 of file psa_crypto_storage.c.

Parses persistent storage data into key data and metadata.

Parameters:

[in]	storage_data	Buffer for the storage data.
	storage_data_length	Length of the storage data buffer
[out]	key_data	On output, pointer to a newly allocated buffer containing the key data. This must be freed using psa_free_persistent_key_data()
[out]	key_data_length	Length of the key data buffer
[out]	attr	On success, the attribute structure is filled with the loaded key metadata.

Return values:

PSA_SUCCESS
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_STORAGE_FAILURE

Definition at line 295 of file psa_crypto_storage.c.

Format key data and metadata and save to a location for given key slot.

This function formats the key data and metadata and saves it to a persistent storage backend. The storage location corresponding to the key slot must be empty, otherwise this function will fail. This function should be called after psa_import_key_into_slot() to ensure the persistent key is not saved into a storage location corresponding to an already occupied non-persistent key, as well as validating the key data.

Parameters:

[in]	attr	The attributes of the key to save. The key identifier field in the attributes determines the key's location.
[in]	data	Buffer containing the key data.
	data_length	The number of bytes that make up the key data.

Return values:

PSA_SUCCESS
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_ALREADY_EXISTS

Definition at line 343 of file psa_crypto_storage.c.

The single active transaction.

Definition at line 416 of file psa_crypto_storage.c.