Group psa_builtin_keys

group psa_builtin_keys

Defines

MBEDTLS_PSA_KEY_ID_BUILTIN_MIN

The minimum value for a key identifier that is built into the implementation.

The range of key identifiers from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from PSA_KEY_ID_VENDOR_MIN and PSA_KEY_ID_VENDOR_MAX and must not intersect with any other set of implementation-chosen key identifiers.

This value is part of the library’s ABI since changing it would invalidate the values of built-in key identifiers in applications.

MBEDTLS_PSA_KEY_ID_BUILTIN_MAX

The maximum value for a key identifier that is built into the implementation.

See MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.

Typedefs

typedef uint64_t psa_drv_slot_number_t

A slot number identifying a key in a driver.

Values of this type are used to identify built-in keys.

Functions

static inline int psa_key_id_is_builtin(psa_key_id_t key_id)

Test whether a key identifier belongs to the builtin key range.

Parameters

key_id – Key identifier to test.

Return values

  • 1 – The key identifier is a builtin key identifier.

  • 0 – The key identifier is not a builtin key identifier.

psa_status_t mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id, psa_key_lifetime_t *lifetime, psa_drv_slot_number_t *slot_number)

Platform function to obtain the location and slot number of a built-in key.

An application-specific implementation of this function must be provided if MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided as part of a platform’s system image.

MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) needs to be in the range from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.

In a multi-application configuration (MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined), this function should check that MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key_id) is allowed to use the given key.

Parameters

  • key_id – The key ID for which to retrieve the location and slot attributes.

  • lifetime[out] On success, the lifetime associated with the key corresponding to key_id. Lifetime is a combination of which driver contains the key, and with what persistence level the key is intended to be used. If the platform implementation does not contain specific information about the intended key persistence level, the persistence level may be reported as PSA_KEY_PERSISTENCE_DEFAULT.

  • slot_number[out] On success, the slot number known to the driver registered at the lifetime location reported through lifetime which corresponds to the requested built-in key.

Return values

  • PSA_SUCCESS – The requested key identifier designates a built-in key. In a multi-application configuration, the requested owner is allowed to access it.

  • PSA_ERROR_DOES_NOT_EXIST – The requested key identifier is not a built-in key which is known to this function. If a key exists in the key storage with this identifier, the data from the storage will be used.

Returns

(any other error) Any other error is propagated to the function that requested the key. Common errors include: