xref: /third_party/mbedtls/library/psa_crypto_slot_management.c

54 int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok)
56     psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
72 /** Get the description in memory of a key given its identifier and lock it.
75  * stored in key slots. This function returns a pointer to the key slot
76  * containing the description of a key given its identifier.
78  * The function searches the key slots containing the description of the key
79  * with \p key identifier. The function does only read accesses to the key
80  * slots. The function does not load any persistent key thus does not access
83  * For volatile key identifiers, only one key slot is queried as a volatile
84  * key with identifier key_id can only be stored in slot of index
87  * On success, the function locks the key slot. It is the responsibility of
88  * the caller to unlock the key slot when it does not access it anymore.
91  * global key slot mutex.
93  * \param key           Key identifier to query.
95  *                      key slot containing the description of the key
96  *                      identified by \p key.
99  *         The pointer to the key slot containing the description of the key
100  *         identified by \p key was returned.
102  *         \p key is not a valid key identifier.
104  *         There is no key with key identifier \p key in the key slots.
107     mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot)
110     psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
117         /* Check if both the PSA key identifier key_id and the owner
118          * identifier of key match those of the key slot. */
120             (mbedtls_svc_key_id_equal(key, slot->attr.id))) {
126         if (!psa_is_valid_key_id(key, 1)) {
134                 (mbedtls_svc_key_id_equal(key, slot->attr.id))) {
155      * guarantee that the key slots are initialized to all-zero, which
156      * means that all the key slots are in a valid, empty state. The global
206      * If there is no unused key slot and there is at least one unlocked key
207      * slot containing the description of a persistent key, recycle the first
208      * such key slot we encountered. If we later need to operate on the
209      * persistent key we are evicting now, we will reload its description from
303     /* Check the platform function to see whether this key actually exists */
310     /* Set required key attributes to ensure get_builtin_key can retrieve the
315     /* Get the full key attributes from the driver in order to be able to
328     /* If the key should exist according to the platform, then ask the driver
336     /* Allocate a buffer of the required size and load the builtin key directly
345         slot->key.data, slot->key.bytes, &key_buffer_length);
350     /* Copy actual key length and core attributes into the slot on success */
351     slot->key.bytes = key_buffer_length;
361 psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
375     /* If the key is persistent and not loaded, we cannot unlock the mutex
376      * between checking if the key is loaded and setting the slot as FULL,
377      * as otherwise another thread may load and then destroy the key
384      * thus no need to unlock the key slot here.
386     status = psa_get_and_lock_key_slot_in_memory(key, p_slot);
409     (*p_slot)->attr.id = key;
546 psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle)
553     status = psa_get_and_lock_key_slot(key, &slot);
563     *handle = key;
568     (void) key;
615 psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
627     status = psa_get_and_lock_key_slot_in_memory(key, &slot);

Indexes created Thu Nov 07 10:32:03 CST 2024