Lines Matching defs:slot
705 psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
708 if (slot->key.data != NULL) {
712 slot->key.data = mbedtls_calloc(1, buffer_length);
713 if (slot->key.data == NULL) {
717 slot->key.bytes = buffer_length;
721 psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
725 psa_status_t status = psa_allocate_buffer_to_slot(slot,
731 memcpy(slot->key.data, data, data_length);
1080 * into a key slot if not already done.
1082 * On success, the returned key slot has been registered for reading.
1084 * once they have finished reading the contents of the slot.
1087 * if and only if the caller already holds the global key slot mutex
1098 psa_key_slot_t *slot = NULL;
1104 slot = *p_slot;
1106 /* Enforce that usage policy for the key slot contains all the flags
1110 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
1114 if ((slot->attr.policy.usage & usage) != usage) {
1121 status = psa_key_policy_permits(&slot->attr.policy,
1122 slot->attr.type,
1133 psa_unregister_read_under_mutex(slot);
1138 /** Get a key slot containing a transparent key and lock it.
1148 * On success, the returned key slot has been registered for reading.
1150 * once they have finished reading the contents of the slot.
1153 * if and only if the caller already holds the global key slot mutex
1178 psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
1180 if (slot->key.data != NULL) {
1181 mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
1184 slot->key.data = NULL;
1185 slot->key.bytes = 0;
1190 /** Completely wipe a slot in memory, including its policy.
1192 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
1194 psa_status_t status = psa_remove_key_data_from_memory(slot);
1200 * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that the slot is valid for
1206 switch (slot->state) {
1213 if (slot->registered_readers != 1) {
1214 MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1);
1220 if (slot->registered_readers != 0) {
1221 MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 0);
1226 /* The slot is already empty, it cannot be wiped. */
1227 MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->state != PSA_SLOT_EMPTY);
1231 /* The slot's state is invalid. */
1237 * the key slot: if they need to access the key after the setup
1243 * This memset also sets the slot's state to PSA_SLOT_EMPTY. */
1244 memset(slot, 0, sizeof(*slot));
1250 psa_key_slot_t *slot;
1262 * Get the description of the key in a key slot, and register to read it.
1268 status = psa_get_and_lock_key_slot(key, &slot);
1276 * could load the key into a new slot and the key will not be
1281 if (slot->state == PSA_SLOT_PENDING_DELETION) {
1282 /* Another thread has destroyed the key between us locking the slot
1283 * and us gaining the mutex. Unregister from the slot,
1285 status = psa_unregister_read(slot);
1292 /* Set the key slot containing the key description's state to
1294 * to read the slot. Current readers can safely continue to access
1295 * the key within the slot; the last registered reader will
1296 * automatically wipe the slot when they call psa_unregister_read().
1300 overall_status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
1307 if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
1318 driver = psa_get_se_driver_entry(slot->attr.lifetime);
1326 psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
1327 psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number(slot);
1328 psa_crypto_transaction.key.id = slot->attr.id;
1344 psa_key_slot_get_slot_number(slot));
1352 if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
1354 * The slot will still hold a copy of the key until the last reader
1356 status = psa_destroy_persistent_key(slot->attr.id);
1377 /* Unregister from reading the slot. If we are the last active reader
1378 * then this will wipe the slot. */
1379 status = psa_unregister_read(slot);
1402 psa_key_slot_t *slot;
1406 status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
1411 *attributes = slot->attr;
1414 if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) {
1416 psa_key_slot_get_slot_number(slot));
1420 return psa_unregister_read_under_mutex(slot);
1482 psa_key_slot_t *slot;
1502 status = psa_get_and_lock_key_slot_with_policy(key, &slot,
1510 status = psa_driver_wrapper_export_key(&slot->attr,
1511 slot->key.data, slot->key.bytes,
1517 unlock_status = psa_unregister_read_under_mutex(slot);
1597 psa_key_slot_t *slot;
1615 status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
1622 if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
1628 &slot->attr, slot->key.data, slot->key.bytes,
1632 unlock_status = psa_unregister_read_under_mutex(slot);
1719 /** Prepare a key slot to receive key material.
1721 * This function allocates a key slot and sets its metadata.
1726 * -# Call psa_start_key_creation() to allocate a key slot, prepare
1729 * -# Populate the slot with the key material.
1730 * -# Call psa_finish_key_creation() to finalize the creation of the slot.
1734 * On success, the key slot's state is PSA_SLOT_FILLING.
1735 * It is the responsibility of the caller to change the slot's state to
1740 * \param[out] p_slot On success, a pointer to the prepared slot.
1745 * The key slot is ready to receive key material.
1746 * \return If this function fails, the key slot is an invalid state.
1747 * You must call psa_fail_key_creation() to wipe and free the slot.
1757 psa_key_slot_t *slot;
1779 slot = *p_slot;
1786 * volatile key identifier associated to the slot returned to contain its
1789 slot->attr = *attributes;
1790 if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
1792 slot->attr.id = volatile_key_id;
1794 slot->attr.id.key_id = volatile_key_id;
1806 * slot number inside the SE. Since the key is designated volatile, creating
1808 /* The first thing to do is to find a slot number for the new key.
1809 * We save the slot number in persistent storage as part of the
1812 * element side after restarting. Obtaining a slot number from the
1826 psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
1827 psa_crypto_transaction.key.slot = slot_number;
1828 psa_crypto_transaction.key.id = slot->attr.id;
1837 slot, (uint8_t *) (&slot_number), sizeof(slot_number));
1857 * If the finalization succeeds, the function sets the key slot's state to
1858 * PSA_SLOT_FULL, and the key slot can no longer be accessed as part of the
1861 * \param[in,out] slot Pointer to the slot with key material.
1865 * key identifier is also stored in the key slot.
1876 * \return If this function fails, the key slot is an invalid state.
1877 * You must call psa_fail_key_creation() to wipe and free the slot.
1880 psa_key_slot_t *slot,
1885 (void) slot;
1894 if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
1899 psa_key_slot_get_slot_number(slot);
1906 status = psa_save_persistent_key(&slot->attr,
1912 /* Key material is saved in export representation in the slot, so
1913 * just pass the slot buffer for storage. */
1914 status = psa_save_persistent_key(&slot->attr,
1915 slot->key.data,
1916 slot->key.bytes);
1931 psa_destroy_persistent_key(slot->attr.id);
1944 *key = slot->attr.id;
1945 status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING,
1965 * of this function. Sets the slot's state to PSA_SLOT_EMPTY.
1967 * \param[in,out] slot Pointer to the slot with key material.
1971 static void psa_fail_key_creation(psa_key_slot_t *slot,
1976 if (slot == NULL) {
1981 /* If the lock operation fails we still wipe the slot.
1983 * but we still need to wipe the slot of confidential data. */
2004 psa_wipe_key_slot(slot);
2015 * with the data in the slot.
2018 * the slot in memory is fully populated but before saving persistent data.
2021 const psa_key_slot_t *slot,
2025 if (attributes->type != slot->attr.type) {
2031 if (attributes->bits != slot->attr.bits) {
2046 psa_key_slot_t *slot = NULL;
2068 &slot, &driver);
2077 if (slot->key.data == NULL) {
2085 status = psa_allocate_buffer_to_slot(slot, storage_size);
2091 bits = slot->attr.bits;
2094 slot->key.data,
2095 slot->key.bytes,
2096 &slot->key.bytes, &bits);
2101 if (slot->attr.bits == 0) {
2102 slot->attr.bits = (psa_key_bits_t) bits;
2103 } else if (bits != slot->attr.bits) {
2114 status = psa_validate_optional_attributes(slot, attributes);
2119 status = psa_finish_key_creation(slot, driver, key);
2123 psa_fail_key_creation(slot, driver);
2134 psa_key_slot_t *slot = NULL;
2150 &slot, &driver);
2155 status = psa_finish_key_creation(slot, driver, &key);
2159 psa_fail_key_creation(slot, driver);
2593 psa_key_slot_t *slot = NULL;
2603 &slot,
2610 status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
2620 &slot->attr,
2621 slot->key.data,
2622 slot->key.bytes,
2626 &slot->attr,
2627 slot->key.data,
2628 slot->key.bytes,
2637 unlock_status = psa_unregister_read_under_mutex(slot);
2794 psa_key_slot_t *slot;
2799 &slot,
2806 status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
2818 &slot->attr,
2819 slot->key.data, slot->key.bytes,
2838 unlock_status = psa_unregister_read_under_mutex(slot);
2948 psa_key_slot_t *slot;
2966 key, &slot,
2975 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
2982 &slot->attr, slot->key.data, slot->key.bytes,
2988 &slot->attr, slot->key.data, slot->key.bytes,
2998 unlock_status = psa_unregister_read_under_mutex(slot);
3013 psa_key_slot_t *slot;
3021 key, &slot,
3032 &slot->attr, slot->key.data, slot->key.bytes,
3037 &slot->attr, slot->key.data, slot->key.bytes,
3042 unlock_status = psa_unregister_read_under_mutex(slot);
3325 psa_key_slot_t *slot;
3343 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
3347 if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) ||
3348 PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type))) {
3357 &slot->attr, slot->key.data, slot->key.bytes,
3361 unlock_status = psa_unregister_read_under_mutex(slot);
3382 psa_key_slot_t *slot;
3400 key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
3404 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
3413 &slot->attr, slot->key.data, slot->key.bytes,
3418 unlock_status = psa_unregister_read_under_mutex(slot);
3485 psa_key_slot_t *slot;
3501 status = psa_get_and_lock_key_slot_with_policy(key, &slot,
3509 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
3519 status = psa_driver_wrapper_sign_hash_start(operation, &slot->attr,
3520 slot->key.data,
3521 slot->key.bytes, alg,
3530 unlock_status = psa_unregister_read_under_mutex(slot);
3644 psa_key_slot_t *slot;
3661 status = psa_get_and_lock_key_slot_with_policy(key, &slot,
3676 status = psa_driver_wrapper_verify_hash_start(operation, &slot->attr,
3677 slot->key.data,
3678 slot->key.bytes,
3690 unlock_status = psa_unregister_read_under_mutex(slot);
4253 psa_key_slot_t *slot = NULL;
4269 status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg);
4284 operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
4289 &slot->attr,
4290 slot->key.data,
4291 slot->key.bytes,
4295 &slot->attr,
4296 slot->key.data,
4297 slot->key.bytes,
4306 unlock_status = psa_unregister_read_under_mutex(slot);
4533 psa_key_slot_t *slot = NULL;
4545 status = psa_get_and_lock_key_slot_with_policy(key, &slot,
4552 default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
4574 &slot->attr, slot->key.data, slot->key.bytes,
4580 unlock_status = psa_unregister_read_under_mutex(slot);
4610 psa_key_slot_t *slot = NULL;
4620 status = psa_get_and_lock_key_slot_with_policy(key, &slot,
4628 input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
4631 } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
4640 &slot->attr, slot->key.data, slot->key.bytes,
4645 unlock_status = psa_unregister_read_under_mutex(slot);
4737 psa_key_slot_t *slot;
4752 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
4768 &slot->attr, slot->key.data, slot->key.bytes,
4785 psa_unregister_read_under_mutex(slot);
4803 psa_key_slot_t *slot;
4818 key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
4835 &slot->attr, slot->key.data, slot->key.bytes,
4852 psa_unregister_read_under_mutex(slot);
4904 psa_key_slot_t *slot = NULL;
4929 status = psa_get_and_lock_key_slot_with_policy(key, &slot, key_usage,
4941 &slot->attr,
4942 slot->key.data,
4943 slot->key.bytes,
4947 &slot->attr,
4948 slot->key.data,
4949 slot->key.bytes,
4956 operation->key_type = psa_get_key_type(&slot->attr);
4959 unlock_status = psa_unregister_read_under_mutex(slot);
6142 psa_key_slot_t *slot,
6160 slot->attr.type);
6301 psa_key_slot_t *slot, size_t bits,
6304 (void) slot;
6323 psa_key_slot_t *slot,
6332 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
6338 if (PSA_KEY_TYPE_IS_ECC(slot->attr.type)) {
6339 psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type);
6342 status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data);
6356 if (key_type_is_raw_bytes(slot->attr.type)) {
6370 if (slot->attr.type == PSA_KEY_TYPE_DES) {
6378 slot->attr.bits = (psa_key_bits_t) bits;
6380 if (psa_key_lifetime_is_external(slot->attr.lifetime)) {
6381 status = psa_driver_wrapper_get_key_buffer_size(&slot->attr,
6387 status = psa_allocate_buffer_to_slot(slot, storage_size);
6392 status = psa_driver_wrapper_import_key(&slot->attr,
6394 slot->key.data,
6395 slot->key.bytes,
6396 &slot->key.bytes, &bits);
6397 if (bits != slot->attr.bits) {
6430 psa_key_slot_t *slot = NULL;
6454 &slot, &driver);
6462 status = psa_generate_derived_key_internal(slot,
6467 status = psa_finish_key_creation(slot, driver, key);
6470 psa_fail_key_creation(slot, driver);
7422 psa_key_slot_t *slot;
7425 key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
7439 step, slot->attr.type,
7440 slot->key.data,
7441 slot->key.bytes);
7443 unlock_status = psa_unregister_read_under_mutex(slot);
7573 psa_key_slot_t *slot;
7580 private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
7587 slot,
7603 unlock_status = psa_unregister_read_under_mutex(slot);
7619 psa_key_slot_t *slot = NULL;
7630 private_key, &slot, PSA_KEY_USAGE_DERIVE, alg);
7644 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
7651 status = psa_key_agreement_raw_internal(alg, slot,
7676 unlock_status = psa_unregister_read_under_mutex(slot);
7921 psa_key_slot_t *slot = NULL;
7950 &slot, &driver);
7959 if (slot->key.data == NULL) {
7979 status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
7987 slot->key.data, slot->key.bytes,
7988 &slot->key.bytes);
7990 psa_remove_key_data_from_memory(slot);
7995 status = psa_finish_key_creation(slot, driver, key);
7998 psa_fail_key_creation(slot, driver);
8446 psa_key_slot_t *slot = NULL;
8454 status = psa_get_and_lock_key_slot_with_policy(password, &slot,
8461 type = psa_get_key_type(&slot->attr);
8469 operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes);
8475 memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes);
8476 operation->data.inputs.password_len = slot->key.bytes;
8477 operation->data.inputs.attributes = slot->attr;
8483 unlock_status = psa_unregister_read_under_mutex(slot);