Add volatile key identifiers
Volatile key identifiers are introduced in
PSA Crypto API v1.0.0. They are returned by the APIs
when importing or generating or deriving a volatile key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 36dcd3f..c813ca3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1851,6 +1851,7 @@
psa_se_drv_table_entry_t **p_drv )
{
psa_status_t status;
+ psa_key_id_t volatile_key_id;
psa_key_slot_t *slot;
(void) method;
@@ -1860,7 +1861,7 @@
if( status != PSA_SUCCESS )
return( status );
- status = psa_get_empty_key_slot( handle, p_slot );
+ status = psa_get_empty_key_slot( handle, &volatile_key_id, p_slot );
if( status != PSA_SUCCESS )
return( status );
slot = *p_slot;
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 4f651d9..43282b4 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -114,7 +114,8 @@
}
psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
- psa_key_slot_t **p_slot )
+ psa_key_id_t *volatile_key_id,
+ psa_key_slot_t **p_slot )
{
if( ! global_data.key_slots_initialized )
return( PSA_ERROR_BAD_STATE );
@@ -123,7 +124,11 @@
{
*p_slot = &global_data.key_slots[*handle - 1];
if( ! psa_is_key_slot_occupied( *p_slot ) )
+ {
+ *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( *handle ) - 1;
+
return( PSA_SUCCESS );
+ }
}
*p_slot = NULL;
return( PSA_ERROR_INSUFFICIENT_MEMORY );
@@ -215,6 +220,7 @@
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
+ psa_key_id_t volatile_key_id;
psa_key_slot_t *slot;
*handle = 0;
@@ -223,7 +229,7 @@
if( status != PSA_SUCCESS )
return( status );
- status = psa_get_empty_key_slot( handle, &slot );
+ status = psa_get_empty_key_slot( handle, &volatile_key_id, &slot );
if( status != PSA_SUCCESS )
return( status );
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 6c2e549..d649f53 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -28,6 +28,23 @@
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
+/** Range of volatile key identifiers.
+ *
+ * The last PSA_KEY_SLOT_COUNT identifiers of the implementation range
+ * of key identifiers are reserved for volatile key identifiers.
+ * A volatile key identifier is equal to PSA_KEY_ID_VOLATILE_MIN plus the
+ * index of the key slot containing the volatile key definition.
+ */
+
+/** The minimum value for a volatile key identifier.
+ */
+#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \
+ PSA_KEY_SLOT_COUNT + 1 )
+
+/** The maximum value for a volatile key identifier.
+ */
+#define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX
+
/** Access a key slot at the given handle.
*
* \param handle Key handle to query.
@@ -62,15 +79,18 @@
* This function returns a key slot that is available for use and is in its
* ground state (all-bits-zero).
*
- * \param[out] handle On success, a slot number that can be used as a
- * handle to the slot.
- * \param[out] p_slot On success, a pointer to the slot.
+ * \param[out] handle On success, a slot number that can be used
+ * as a handle to the slot.
+ * \param[out] volatile_key_id On success, volatile key identifier
+ * associated to the returned slot.
+ * \param[out] p_slot On success, a pointer to the slot.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
*/
psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
+ psa_key_id_t *volatile_key_id,
psa_key_slot_t **p_slot );
/** Test whether a lifetime designates a key in an external cryptoprocessor.