NCBI C++ ToolKit
psa_crypto_slot_management.c
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /*
2  * PSA crypto layer on top of Mbed TLS crypto
3  */
4 /*
5  * Copyright The Mbed TLS Contributors
6  * SPDX-License-Identifier: Apache-2.0
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License"); you may
9  * not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 
21 #include "common.h"
22 
23 #if defined(MBEDTLS_PSA_CRYPTO_C)
24 
25 #include "psa/crypto.h"
26 
27 #include "psa_crypto_core.h"
30 #include "psa_crypto_storage.h"
31 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
32 #include "psa_crypto_se.h"
33 #endif
34 
35 #include <stdlib.h>
36 #include <string.h>
37 #include "mbedtls/platform.h"
38 
39 #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
40 
41 typedef struct {
43  unsigned key_slots_initialized : 1;
45 
47 
49 {
51 
52  if ((PSA_KEY_ID_USER_MIN <= key_id) &&
53  (key_id <= PSA_KEY_ID_USER_MAX)) {
54  return 1;
55  }
56 
57  if (vendor_ok &&
58  (PSA_KEY_ID_VENDOR_MIN <= key_id) &&
59  (key_id <= PSA_KEY_ID_VENDOR_MAX)) {
60  return 1;
61  }
62 
63  return 0;
64 }
65 
66 /** Get the description in memory of a key given its identifier and lock it.
67  *
68  * The descriptions of volatile keys and loaded persistent keys are
69  * stored in key slots. This function returns a pointer to the key slot
70  * containing the description of a key given its identifier.
71  *
72  * The function searches the key slots containing the description of the key
73  * with \p key identifier. The function does only read accesses to the key
74  * slots. The function does not load any persistent key thus does not access
75  * any storage.
76  *
77  * For volatile key identifiers, only one key slot is queried as a volatile
78  * key with identifier key_id can only be stored in slot of index
79  * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ).
80  *
81  * On success, the function locks the key slot. It is the responsibility of
82  * the caller to unlock the key slot when it does not access it anymore.
83  *
84  * \param key Key identifier to query.
85  * \param[out] p_slot On success, `*p_slot` contains a pointer to the
86  * key slot containing the description of the key
87  * identified by \p key.
88  *
89  * \retval #PSA_SUCCESS
90  * The pointer to the key slot containing the description of the key
91  * identified by \p key was returned.
92  * \retval #PSA_ERROR_INVALID_HANDLE
93  * \p key is not a valid key identifier.
94  * \retval #PSA_ERROR_DOES_NOT_EXIST
95  * There is no key with key identifier \p key in the key slots.
96  */
99 {
102  size_t slot_idx;
103  psa_key_slot_t *slot = NULL;
104 
105  if (psa_key_id_is_volatile(key_id)) {
107 
108  /*
109  * Check if both the PSA key identifier key_id and the owner
110  * identifier of key match those of the key slot.
111  *
112  * Note that, if the key slot is not occupied, its PSA key identifier
113  * is equal to zero. This is an invalid value for a PSA key identifier
114  * and thus cannot be equal to the valid PSA key identifier key_id.
115  */
116  status = mbedtls_svc_key_id_equal(key, slot->attr.id) ?
118  } else {
119  if (!psa_is_valid_key_id(key, 1)) {
121  }
122 
123  for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
124  slot = &global_data.key_slots[slot_idx];
125  if (mbedtls_svc_key_id_equal(key, slot->attr.id)) {
126  break;
127  }
128  }
129  status = (slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT) ?
131  }
132 
133  if (status == PSA_SUCCESS) {
134  status = psa_lock_key_slot(slot);
135  if (status == PSA_SUCCESS) {
136  *p_slot = slot;
137  }
138  }
139 
140  return status;
141 }
142 
144 {
145  /* Nothing to do: program startup and psa_wipe_all_key_slots() both
146  * guarantee that the key slots are initialized to all-zero, which
147  * means that all the key slots are in a valid, empty state. */
149  return PSA_SUCCESS;
150 }
151 
153 {
154  size_t slot_idx;
155 
156  for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
157  psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
158  slot->lock_count = 1;
159  (void) psa_wipe_key_slot(slot);
160  }
162 }
163 
165  psa_key_slot_t **p_slot)
166 {
168  size_t slot_idx;
169  psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot;
170 
172  status = PSA_ERROR_BAD_STATE;
173  goto error;
174  }
175 
176  selected_slot = unlocked_persistent_key_slot = NULL;
177  for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
178  psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
179  if (!psa_is_key_slot_occupied(slot)) {
180  selected_slot = slot;
181  break;
182  }
183 
184  if ((unlocked_persistent_key_slot == NULL) &&
186  (!psa_is_key_slot_locked(slot))) {
187  unlocked_persistent_key_slot = slot;
188  }
189  }
190 
191  /*
192  * If there is no unused key slot and there is at least one unlocked key
193  * slot containing the description of a persistent key, recycle the first
194  * such key slot we encountered. If we later need to operate on the
195  * persistent key we are evicting now, we will reload its description from
196  * storage.
197  */
198  if ((selected_slot == NULL) &&
199  (unlocked_persistent_key_slot != NULL)) {
200  selected_slot = unlocked_persistent_key_slot;
201  selected_slot->lock_count = 1;
202  psa_wipe_key_slot(selected_slot);
203  }
204 
205  if (selected_slot != NULL) {
206  status = psa_lock_key_slot(selected_slot);
207  if (status != PSA_SUCCESS) {
208  goto error;
209  }
210 
211  *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
212  ((psa_key_id_t) (selected_slot - global_data.key_slots));
213  *p_slot = selected_slot;
214 
215  return PSA_SUCCESS;
216  }
218 
219 error:
220  *p_slot = NULL;
221  *volatile_key_id = 0;
222 
223  return status;
224 }
225 
226 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
228 {
229  psa_status_t status = PSA_SUCCESS;
230  uint8_t *key_data = NULL;
231  size_t key_data_length = 0;
232 
233  status = psa_load_persistent_key(&slot->attr,
234  &key_data, &key_data_length);
235  if (status != PSA_SUCCESS) {
236  goto exit;
237  }
238 
239 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
240  /* Special handling is required for loading keys associated with a
241  * dynamically registered SE interface. */
242  const psa_drv_se_t *drv;
243  psa_drv_se_context_t *drv_context;
244  if (psa_get_se_driver(slot->attr.lifetime, &drv, &drv_context)) {
246 
247  if (key_data_length != sizeof(*data)) {
248  status = PSA_ERROR_DATA_INVALID;
249  goto exit;
250  }
251  data = (psa_se_key_data_storage_t *) key_data;
253  slot, data->slot_number, sizeof(data->slot_number));
254  goto exit;
255  }
256 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
257 
258  status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
259 
260 exit:
261  psa_free_persistent_key_data(key_data, key_data_length);
262  return status;
263 }
264 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
265 
266 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
267 
268 static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
269 {
273  psa_drv_slot_number_t slot_number = 0;
274  size_t key_buffer_size = 0;
275  size_t key_buffer_length = 0;
276 
277  if (!psa_key_id_is_builtin(
280  }
281 
282  /* Check the platform function to see whether this key actually exists */
283  status = mbedtls_psa_platform_get_builtin_key(
284  slot->attr.id, &lifetime, &slot_number);
285  if (status != PSA_SUCCESS) {
286  return status;
287  }
288 
289  /* Set required key attributes to ensure get_builtin_key can retrieve the
290  * full attributes. */
291  psa_set_key_id(&attributes, slot->attr.id);
292  psa_set_key_lifetime(&attributes, lifetime);
293 
294  /* Get the full key attributes from the driver in order to be able to
295  * calculate the required buffer size. */
297  slot_number, &attributes,
298  NULL, 0, NULL);
299  if (status != PSA_ERROR_BUFFER_TOO_SMALL) {
300  /* Builtin keys cannot be defined by the attributes alone */
301  if (status == PSA_SUCCESS) {
303  }
304  return status;
305  }
306 
307  /* If the key should exist according to the platform, then ask the driver
308  * what its expected size is. */
310  &key_buffer_size);
311  if (status != PSA_SUCCESS) {
312  return status;
313  }
314 
315  /* Allocate a buffer of the required size and load the builtin key directly
316  * into the (now properly sized) slot buffer. */
317  status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
318  if (status != PSA_SUCCESS) {
319  return status;
320  }
321 
323  slot_number, &attributes,
324  slot->key.data, slot->key.bytes, &key_buffer_length);
325  if (status != PSA_SUCCESS) {
326  goto exit;
327  }
328 
329  /* Copy actual key length and core attributes into the slot on success */
330  slot->key.bytes = key_buffer_length;
331  slot->attr = attributes.core;
332 
333 exit:
334  if (status != PSA_SUCCESS) {
336  }
337  return status;
338 }
339 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
340 
342  psa_key_slot_t **p_slot)
343 {
345 
346  *p_slot = NULL;
348  return PSA_ERROR_BAD_STATE;
349  }
350 
351  /*
352  * On success, the pointer to the slot is passed directly to the caller
353  * thus no need to unlock the key slot here.
354  */
355  status = psa_get_and_lock_key_slot_in_memory(key, p_slot);
356  if (status != PSA_ERROR_DOES_NOT_EXIST) {
357  return status;
358  }
359 
360  /* Loading keys from storage requires support for such a mechanism */
361 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
362  defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
363  psa_key_id_t volatile_key_id;
364 
365  status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
366  if (status != PSA_SUCCESS) {
367  return status;
368  }
369 
370  (*p_slot)->attr.id = key;
371  (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
372 
373  status = PSA_ERROR_DOES_NOT_EXIST;
374 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
375  /* Load keys in the 'builtin' range through their own interface */
376  status = psa_load_builtin_key_into_slot(*p_slot);
377 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
378 
379 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
380  if (status == PSA_ERROR_DOES_NOT_EXIST) {
381  status = psa_load_persistent_key_into_slot(*p_slot);
382  }
383 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
384 
385  if (status != PSA_SUCCESS) {
386  psa_wipe_key_slot(*p_slot);
387  if (status == PSA_ERROR_DOES_NOT_EXIST) {
388  status = PSA_ERROR_INVALID_HANDLE;
389  }
390  } else {
391  /* Add implicit usage flags. */
392  psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage);
393  }
394 
395  return status;
396 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
398 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
399 }
400 
402 {
403  if (slot == NULL) {
404  return PSA_SUCCESS;
405  }
406 
407  if (slot->lock_count > 0) {
408  slot->lock_count--;
409  return PSA_SUCCESS;
410  }
411 
412  /*
413  * As the return error code may not be handled in case of multiple errors,
414  * do our best to report if the lock counter is equal to zero: if
415  * available call MBEDTLS_PARAM_FAILED that may terminate execution (if
416  * called as part of the execution of a unit test suite this will stop the
417  * test suite execution).
418  */
419 #ifdef MBEDTLS_CHECK_PARAMS
420  MBEDTLS_PARAM_FAILED(slot->lock_count > 0);
421 #endif
422 
424 }
425 
427  psa_se_drv_table_entry_t **p_drv)
428 {
429  if (psa_key_lifetime_is_external(lifetime)) {
430 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
431  /* Check whether a driver is registered against this lifetime */
433  if (driver != NULL) {
434  if (p_drv != NULL) {
435  *p_drv = driver;
436  }
437  return PSA_SUCCESS;
438  }
439 #else /* MBEDTLS_PSA_CRYPTO_SE_C */
440  (void) p_drv;
441 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
442 
443 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
444  /* Key location for external keys gets checked by the wrapper */
445  return PSA_SUCCESS;
446 #else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
447  /* No support for external lifetimes at all, or dynamic interface
448  * did not find driver for requested lifetime. */
450 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
451  } else {
452  /* Local/internal keys are always valid */
453  return PSA_SUCCESS;
454  }
455 }
456 
458 {
459  if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
460  /* Volatile keys are always supported */
461  return PSA_SUCCESS;
462  } else {
463  /* Persistent keys require storage support */
464 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
465  if (PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)) {
467  } else {
468  return PSA_SUCCESS;
469  }
470 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
472 #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
473  }
474 }
475 
477 {
478 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
479  defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
480  psa_status_t status;
481  psa_key_slot_t *slot;
482 
483  status = psa_get_and_lock_key_slot(key, &slot);
484  if (status != PSA_SUCCESS) {
485  *handle = PSA_KEY_HANDLE_INIT;
486  if (status == PSA_ERROR_INVALID_HANDLE) {
487  status = PSA_ERROR_DOES_NOT_EXIST;
488  }
489 
490  return status;
491  }
492 
493  *handle = key;
494 
495  return psa_unlock_key_slot(slot);
496 
497 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
498  (void) key;
499  *handle = PSA_KEY_HANDLE_INIT;
501 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
502 }
503 
505 {
506  psa_status_t status;
507  psa_key_slot_t *slot;
508 
509  if (psa_key_handle_is_null(handle)) {
510  return PSA_SUCCESS;
511  }
512 
513  status = psa_get_and_lock_key_slot_in_memory(handle, &slot);
514  if (status != PSA_SUCCESS) {
515  if (status == PSA_ERROR_DOES_NOT_EXIST) {
516  status = PSA_ERROR_INVALID_HANDLE;
517  }
518 
519  return status;
520  }
521  if (slot->lock_count <= 1) {
522  return psa_wipe_key_slot(slot);
523  } else {
524  return psa_unlock_key_slot(slot);
525  }
526 }
527 
529 {
530  psa_status_t status;
531  psa_key_slot_t *slot;
532 
533  status = psa_get_and_lock_key_slot_in_memory(key, &slot);
534  if (status != PSA_SUCCESS) {
535  return status;
536  }
537 
539  (slot->lock_count <= 1)) {
540  return psa_wipe_key_slot(slot);
541  } else {
542  return psa_unlock_key_slot(slot);
543  }
544 }
545 
547 {
548  size_t slot_idx;
549 
550  memset(stats, 0, sizeof(*stats));
551 
552  for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
553  const psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
554  if (psa_is_key_slot_locked(slot)) {
555  ++stats->locked_slots;
556  }
557  if (!psa_is_key_slot_occupied(slot)) {
558  ++stats->empty_slots;
559  continue;
560  }
562  ++stats->volatile_slots;
563  } else {
565  ++stats->persistent_slots;
566  if (id > stats->max_open_internal_key_id) {
567  stats->max_open_internal_key_id = id;
568  }
569  }
573  ++stats->external_slots;
574  if (id > stats->max_open_external_key_id) {
575  stats->max_open_external_key_id = id;
576  }
577  }
578  }
579 }
580 
581 #endif /* MBEDTLS_PSA_CRYPTO_C */
Platform Security Architecture cryptography module.
mbedtls_svc_key_id_t psa_key_handle_t
Definition: crypto_compat.h:43
#define PSA_KEY_HANDLE_INIT
Definition: crypto_compat.h:45
psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle)
Open a handle to an existing persistent key.
psa_status_t psa_close_key(psa_key_handle_t handle)
Close a key handle.
static int psa_key_handle_is_null(psa_key_handle_t handle)
Check whether a handle is null.
Definition: crypto_compat.h:53
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
Get statistics about resource consumption related to the PSA keystore.
#define MBEDTLS_PSA_KEY_SLOT_COUNT
Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the PSA crypto subsystem.
Definition: crypto_extra.h:45
static void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
static const struct attribute attributes[]
Definition: attributes.c:165
char data[12]
Definition: iconv.c:80
unsigned char uint8_t
#define NULL
Definition: ncbistd.hpp:225
static void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime)
Set the location of a persistent key.
#define PSA_KEY_ATTRIBUTES_INIT
This macro returns a suitable initializer for a key attribute structure of type psa_key_attributes_t.
static void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key)
Declare a key as persistent and set its key identifier.
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:62
#define PSA_ERROR_CORRUPTION_DETECTED
A tampering attempt was detected.
#define PSA_ERROR_DOES_NOT_EXIST
Asking for an item that doesn't exist.
#define PSA_ERROR_NOT_SUPPORTED
The requested operation or a parameter is not supported by this implementation.
Definition: crypto_values.h:84
#define PSA_SUCCESS
The action was completed successfully.
Definition: crypto_values.h:68
#define PSA_ERROR_BUFFER_TOO_SMALL
An output buffer is too small.
#define PSA_ERROR_INVALID_ARGUMENT
The parameters passed to the function are invalid.
#define PSA_ERROR_INSUFFICIENT_MEMORY
There is not enough runtime memory.
#define PSA_ERROR_BAD_STATE
The requested action cannot be performed in the current state.
#define PSA_ERROR_DATA_INVALID
Data read from storage is not valid for the implementation.
#define PSA_ERROR_INVALID_HANDLE
The key identifier is not valid.
uint32_t psa_key_id_t
Encoding of identifiers of persistent keys.
Definition: crypto_types.h:278
#define PSA_KEY_ID_VENDOR_MIN
The minimum value for a key identifier chosen by the implementation.
#define PSA_KEY_ID_USER_MIN
The minimum value for a key identifier chosen by the application.
#define PSA_KEY_LIFETIME_PERSISTENT
The default lifetime for persistent keys.
#define PSA_KEY_ID_VENDOR_MAX
The maximum value for a key identifier chosen by the implementation.
#define PSA_KEY_LOCATION_LOCAL_STORAGE
The local storage area for persistent keys.
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime)
#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)
Whether a key lifetime indicates that the key is volatile.
uint32_t psa_key_lifetime_t
Encoding of key lifetimes.
Definition: crypto_types.h:186
#define PSA_KEY_LIFETIME_VOLATILE
The default lifetime for volatile keys.
#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)
Whether a key lifetime indicates that the key is read-only.
psa_key_id_t mbedtls_svc_key_id_t
Encoding of key identifiers as seen inside the PSA Crypto implementation.
Definition: crypto_types.h:295
#define PSA_KEY_ID_USER_MAX
The maximum value for a key identifier chosen by the application.
static int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)
Compare two key identifiers.
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
Remove non-essential copies of key material from memory.
uint64_t psa_drv_slot_number_t
A slot number identifying a key in a driver.
Definition: crypto_extra.h:740
exit(2)
const struct ncbi::grid::netcache::search::fields::KEY key
#define psa_validate_key_location
#define psa_allocate_buffer_to_slot
#define psa_get_empty_key_slot
#define psa_is_valid_key_id
#define psa_remove_key_data_from_memory
#define psa_get_and_lock_key_slot
#define psa_initialize_key_slots
#define psa_copy_key_material_into_slot
#define psa_wipe_key_slot
#define psa_validate_key_persistence
#define psa_wipe_all_key_slots
#define psa_unlock_key_slot
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
static int psa_is_key_slot_occupied(const psa_key_slot_t *slot)
Test whether a key slot is occupied.
static int psa_is_key_slot_locked(const psa_key_slot_t *slot)
Test whether a key slot is locked.
psa_status_t psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
psa_status_t psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t *attributes, size_t *key_buffer_size)
psa_se_drv_table_entry_t * psa_get_se_driver_entry(psa_key_lifetime_t lifetime)
Return the secure element driver table entry for a lifetime value.
int psa_get_se_driver(psa_key_lifetime_t lifetime, const psa_drv_se_t **p_methods, psa_drv_se_context_t **p_drv_context)
Return the secure element driver information for a lifetime value.
struct psa_se_drv_table_entry_s psa_se_drv_table_entry_t
A structure that describes a registered secure element driver.
Definition: psa_crypto_se.h:78
static psa_status_t psa_get_and_lock_key_slot_in_memory(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot)
Get the description in memory of a key given its identifier and lock it.
static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
static psa_global_data_t global_data
static psa_status_t psa_lock_key_slot(psa_key_slot_t *slot)
Lock a key slot.
static int psa_key_lifetime_is_external(psa_key_lifetime_t lifetime)
Test whether a lifetime designates a key in an external cryptoprocessor.
#define PSA_KEY_ID_VOLATILE_MIN
Range of volatile key identifiers.
static int psa_key_id_is_volatile(psa_key_id_t key_id)
Test whether a key identifier is a volatile key identifier.
PSA cryptography module: Mbed TLS key storage.
psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, uint8_t **data, size_t *data_length)
Parses key data and metadata and load persistent key for given key slot number.
void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
Free the temporary buffer allocated by psa_load_persistent_key().
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:224
mbedtls_svc_key_id_t id
psa_key_lifetime_t lifetime
Driver context structure.
A structure containing pointers to all the entry points of a secure element driver.
psa_key_slot_t key_slots[32]
The data structure representing a key slot, containing key material and metadata for one key.
struct psa_key_slot_t::key_data key
psa_core_key_attributes_t attr
The storage representation of a key whose data is in a secure element.
Modified on Sun Apr 14 05:24:41 2024 by modify_doxy.py rev. 669887