Detailed Description

Files
file	psa_crypto_slot_management.h
	PSA key slot management function declarations.

Data Structures
struct	psa_key_slot_t
	Structure of a virtual key slot in local memory. More...

Macros
#define	PSA_PROTECTED_KEY_COUNT (CONFIG_PSA_PROTECTED_KEY_COUNT)
	Number of allocated slots for keys in protected memory or secure elements.

#define	PSA_ASYMMETRIC_KEYPAIR_COUNT (CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT)
	Number of allocated slots for asymmetric key pairs.

#define	PSA_SINGLE_KEY_COUNT (CONFIG_PSA_SINGLE_KEY_COUNT)
	Number of allocated slots for single keys in local memory.

#define	PSA_KEY_SLOT_COUNT
	Complete number of available key slots.

#define	PSA_KEY_ID_VOLATILE_MIN (PSA_KEY_ID_VENDOR_MIN)
	Minimum key id for volatile keys.

#define	PSA_KEY_ID_VOLATILE_MAX (PSA_KEY_ID_VENDOR_MAX)
	Maximum key id for volatile keys.

Functions
void	psa_init_key_slots (void)
	Initializes the allocated key slots and prepares the internal key slot lists.

static int	psa_key_id_is_volatile (psa_key_id_t key_id)
	Check whether a key identifier is a volatile key identifier.

static int	psa_is_key_slot_locked (psa_key_slot_t *slot)
	Check whether a key slot is locked.

psa_key_slot_number_t *	psa_key_slot_get_slot_number (const psa_key_slot_t *slot)
	Get slot number in protected memory.

static int	psa_key_lifetime_is_external (psa_key_lifetime_t lifetime)
	Check whether a key is stored on an external device.

psa_status_t	psa_wipe_key_slot (psa_key_slot_t *slot)
	Wipe volatile key slot and its contents.

void	psa_wipe_all_key_slots (void)
	Wipe all existing volatile key slots.

psa_status_t	psa_get_and_lock_key_slot (psa_key_id_t id, psa_key_slot_t **slot)
	Find a key slot in local memory and lock it.

psa_status_t	psa_persist_key_slot_in_storage (psa_key_slot_t *slot)
	Store a key slot in persistent storage.

psa_status_t	psa_allocate_empty_key_slot (psa_key_id_t id, const psa_key_attributes_t attr, psa_key_slot_t **p_slot)
	Find a currently empty key slot that is appropriate for the key.

psa_status_t	psa_lock_key_slot (psa_key_slot_t *slot)
	Increase lock count.

psa_status_t	psa_unlock_key_slot (psa_key_slot_t *slot)
	Decrease lock count.

psa_status_t	psa_validate_key_location (psa_key_lifetime_t lifetime, psa_se_drv_data_t **driver)
	Check if key location exists.

psa_status_t	psa_validate_key_persistence (psa_key_lifetime_t lifetime)
	Validate key persistence.

int	psa_is_valid_key_id (psa_key_id_t id, int vendor)
	Check if provided key ID is either a valid user ID or vendor ID.

size_t	psa_get_key_data_from_key_slot (const psa_key_slot_t slot, uint8_t key_data, size_t *key_bytes)
	Get key data and key size from key slot.

void	psa_get_public_key_data_from_key_slot (const psa_key_slot_t slot, uint8_t pubkey_data, size_t *pubkey_data_len)
	Get public key data and size from key slot.

Macro Definition Documentation

◆ PSA_ASYMMETRIC_KEYPAIR_COUNT

#define PSA_ASYMMETRIC_KEYPAIR_COUNT (CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT)

Number of allocated slots for asymmetric key pairs.

Definition at line 40 of file psa_crypto_slot_management.h.

◆ PSA_KEY_ID_VOLATILE_MAX

#define PSA_KEY_ID_VOLATILE_MAX (PSA_KEY_ID_VENDOR_MAX)

Maximum key id for volatile keys.

This is the maximum volatile identifiers that can be assigned to created keys.

Definition at line 66 of file psa_crypto_slot_management.h.

◆ PSA_KEY_ID_VOLATILE_MIN

#define PSA_KEY_ID_VOLATILE_MIN (PSA_KEY_ID_VENDOR_MIN)

Minimum key id for volatile keys.

This is used to assign volatile identifiers to created keys.

Definition at line 59 of file psa_crypto_slot_management.h.

◆ PSA_KEY_SLOT_COUNT

#define PSA_KEY_SLOT_COUNT

Value:

                                         (PSA_PROTECTED_KEY_COUNT + \
                                         PSA_ASYMMETRIC_KEYPAIR_COUNT + \
                                         PSA_SINGLE_KEY_COUNT)

Complete number of available key slots.

Definition at line 50 of file psa_crypto_slot_management.h.

◆ PSA_PROTECTED_KEY_COUNT

#define PSA_PROTECTED_KEY_COUNT (CONFIG_PSA_PROTECTED_KEY_COUNT)

Number of allocated slots for keys in protected memory or secure elements.

Definition at line 35 of file psa_crypto_slot_management.h.

◆ PSA_SINGLE_KEY_COUNT

#define PSA_SINGLE_KEY_COUNT (CONFIG_PSA_SINGLE_KEY_COUNT)

Number of allocated slots for single keys in local memory.

Definition at line 45 of file psa_crypto_slot_management.h.

Function Documentation

◆ psa_allocate_empty_key_slot()

psa_status_t psa_allocate_empty_key_slot	(	psa_key_id_t *	id,
		const psa_key_attributes_t *	attr,
		psa_key_slot_t **	p_slot
	)

Find a currently empty key slot that is appropriate for the key.

Parameters

id	Key ID of the newly generated or imported key
attr	Attributes of the key that is supposed to be stored in the slot
p_slot	Pointer to the empty slot in memory

Returns: PSA_SUCCESS; PSA_ERROR_INSUFFICIENT_STORAGE

◆ psa_get_and_lock_key_slot()

psa_status_t psa_get_and_lock_key_slot	(	psa_key_id_t	id,
		psa_key_slot_t **	slot
	)

Find a key slot in local memory and lock it.

Parameters

id	ID of the key to be used
slot	Pointer to the slot the key is stored in

Returns: PSA_SUCCESS; PSA_ERROR_DOES_NOT_EXIST; PSA_ERROR_NOT_SUPPORTED

◆ psa_get_key_data_from_key_slot()

size_t psa_get_key_data_from_key_slot	(	const psa_key_slot_t *	slot,
		uint8_t **	key_data,
		size_t **	key_bytes
	)

Get key data and key size from key slot.

Parameters

slot	Slot the desired key is stored in
key_data	Pointer to key data
key_bytes	Pointer to key data size in bytes

Returns: Size of key_data in bytes.

◆ psa_get_public_key_data_from_key_slot()

void psa_get_public_key_data_from_key_slot	(	const psa_key_slot_t *	slot,
		uint8_t **	pubkey_data,
		size_t **	pubkey_data_len
	)

Get public key data and size from key slot.

Parameters

slot	Slot the desired key is stored in
pubkey_data	Pointer to key data
pubkey_data_len	Pointer to key data size in bytes

◆ psa_is_key_slot_locked()

static int psa_is_key_slot_locked ( psa_key_slot_t * slot )

inlinestatic

Check whether a key slot is locked.

Parameters

slot	Pointer to the slot to be checked

Returns: 1 if slot is locked, otherwise 0

Definition at line 160 of file psa_crypto_slot_management.h.

◆ psa_is_valid_key_id()

int psa_is_valid_key_id	(	psa_key_id_t	id,
		int	vendor
	)

Check if provided key ID is either a valid user ID or vendor ID.

Parameters

id	ID of key to be validated
vendor	If ID is supposed to be user or vendor ID

Returns: 1 if valid; 0 if invalid

◆ psa_key_id_is_volatile()

static int psa_key_id_is_volatile ( psa_key_id_t key_id )

inlinestatic

Check whether a key identifier is a volatile key identifier.

Parameters

key_id Key identifier to test.

Returns: 1 The key identifier is a volatile key identifier.; 0 The key identifier is not a volatile key identifier.

Definition at line 147 of file psa_crypto_slot_management.h.

◆ psa_key_lifetime_is_external()

static int psa_key_lifetime_is_external ( psa_key_lifetime_t lifetime )

inlinestatic

Check whether a key is stored on an external device.

Parameters

lifetime Lifetime value of the key that's supposed to be checked

Returns: int; 1 if key is stored on external device, otherwise 0

Definition at line 181 of file psa_crypto_slot_management.h.

◆ psa_key_slot_get_slot_number()

psa_key_slot_number_t * psa_key_slot_get_slot_number ( const psa_key_slot_t * slot )

Get slot number in protected memory.

Parameters

slot	Pointer to the slot containing the protected slot number

Returns: psa_key_slot_number_t Key slot number stored in the input slot

◆ psa_lock_key_slot()

psa_status_t psa_lock_key_slot ( psa_key_slot_t * slot )

Increase lock count.

Parameters

slot	Slot to be locked

Returns: PSA_SUCCESS; PSA_ERROR_CORRUPTION_DETECTED

◆ psa_persist_key_slot_in_storage()

psa_status_t psa_persist_key_slot_in_storage ( psa_key_slot_t * slot )

Store a key slot in persistent storage.

Parameters

slot	Pointer to slot to store in persistent storage

Returns: psa_status_t

◆ psa_unlock_key_slot()

psa_status_t psa_unlock_key_slot ( psa_key_slot_t * slot )

Decrease lock count.

Parameters

slot	Slot to be unlocked

Returns: PSA_SUCCESS; PSA_ERROR_CORRUPTION_DETECTED

◆ psa_validate_key_location()

psa_status_t psa_validate_key_location	(	psa_key_lifetime_t	lifetime,
		psa_se_drv_data_t **	driver
	)

Check if key location exists.

Parameters

lifetime	Lifetime value of the key to be validated
driver	Pointer to driver assigned to the existing key location, if it exists

Returns: PSA_SUCCESS; PSA_ERROR_INVALID_ARGUMENT

◆ psa_validate_key_persistence()

psa_status_t psa_validate_key_persistence ( psa_key_lifetime_t lifetime )

Validate key persistence.

Currently only volatile keys are supported.

Parameters

lifetime Lifetime of key to be validated

Returns: PSA_SUCCESS; PSA_ERROR_NOT_SUPPORTED

◆ psa_wipe_key_slot()

psa_status_t psa_wipe_key_slot ( psa_key_slot_t * slot )

Wipe volatile key slot and its contents.

Wiped key slots can be reused.

Parameters

slot	Pointer to the key slot to be wiped

Returns: PSA_SUCCESS; PSA_ERROR_DOES_NOT_EXIST

Detailed Description

Files

Data Structures

Macros

Functions

Macro Definition Documentation

◆ PSA_ASYMMETRIC_KEYPAIR_COUNT

◆ PSA_KEY_ID_VOLATILE_MAX

◆ PSA_KEY_ID_VOLATILE_MIN

◆ PSA_KEY_SLOT_COUNT

◆ PSA_PROTECTED_KEY_COUNT

◆ PSA_SINGLE_KEY_COUNT

Function Documentation

◆ psa_allocate_empty_key_slot()

◆ psa_get_and_lock_key_slot()

◆ psa_get_key_data_from_key_slot()

◆ psa_get_public_key_data_from_key_slot()

◆ psa_is_key_slot_locked()

◆ psa_is_valid_key_id()

◆ psa_key_id_is_volatile()

◆ psa_key_lifetime_is_external()

◆ psa_key_slot_get_slot_number()

◆ psa_lock_key_slot()

◆ psa_persist_key_slot_in_storage()

◆ psa_unlock_key_slot()

◆ psa_validate_key_location()

◆ psa_validate_key_persistence()

◆ psa_wipe_key_slot()