Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 6caa62a..6675ba4 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -89,10 +89,6 @@
PSA_ERROR_INVALID_SIGNATURE,
/** The decrypted padding is incorrect. */
PSA_ERROR_INVALID_PADDING,
- /** The key lifetime value is incorrect. */
- PSA_ERROR_INVALID_LIFETIME,
- /** The key lifetime can not be changed. */
- PSA_ERROR_KEY_LIFETIME_CHANGE,
/** An error occurred that does not correspond to any defined
failure cause. */
PSA_ERROR_UNKNOWN_ERROR,
@@ -582,15 +578,19 @@
*/
typedef uint32_t psa_key_lifetime_t;
+/** An invalid key lifetime value.
+ */
+#define PSA_KEY_LIFETIME_NONE ((psa_key_lifetime_t)0x00000000)
+
/** A volatile key slot retains its content as long as the application is
* running. It is guaranteed to be erased on a power reset.
*/
-#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
+#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000001)
/** A persistent key slot retains its content as long as it is not explicitly
* destroyed.
*/
-#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000002)
/** A write-once key slot may not be modified once a key has been set.
* It will retain its content as long as the device remains operational.
@@ -617,11 +617,10 @@
psa_key_lifetime_t *lifetime);
/** \brief Change the lifetime of a key slot.
+ * Whether the lifetime of a key slot can be changed at all, and if so
+ * whether the lifetime of an occupied key slot can be changed, is
+ * implementation-dependent.
*
- * \note In case a key slot has PSA_KEY_LIFETIME_WRITE_ONCE lifetime,
- * it can not be changed and trying to set new value will return
- * an error
- *
* \param key Slot whose content is to be exported. This must
* be an occupied key slot.
* \param lifetime The lifetime value to be set for the given key.
@@ -633,11 +632,6 @@
* or the key data is not correctly formatted.
* \retval PSA_ERROR_EMPTY_SLOT
* The key slot is not occupied.
- * \retval PSA_ERROR_INVALID_LIFETIME
- * The lifetime value is not valid.
- * \retval PSA_ERROR_KEY_LIFETIME_CHANGE
- * The key slot already has PSA_KEY_LIFETIME_WRITE_ONCE value,
- * and can not be changed.
*/
psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
const psa_key_lifetime_t lifetime);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 329ee3d..bdb47d2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -363,7 +363,6 @@
}
slot->type = type;
- slot->lifetime = 0;
return( PSA_SUCCESS );
}
@@ -1292,17 +1291,17 @@
if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
return( PSA_ERROR_INVALID_ARGUMENT );
+ if( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
+ lifetime != PSA_KEY_LIFETIME_PERSISTENT &&
+ lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
slot = &global_data.key_slots[key];
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
- if( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
- lifetime != PSA_KEY_LIFETIME_PERSISTENT &&
- lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
- return( PSA_ERROR_INVALID_LIFETIME );
-
- if ( slot->lifetime == PSA_KEY_LIFETIME_WRITE_ONCE )
- return( PSA_ERROR_KEY_LIFETIME_CHANGE );
+ if ( lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ return( PSA_ERROR_NOT_SUPPORTED );
slot->lifetime = lifetime;
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 9611c32..be31c39 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -87,12 +87,6 @@
PSA Key Lifetime set and get volatile
key_lifetime:PSA_KEY_LIFETIME_VOLATILE
-PSA Key Lifetime set and get persistent
-key_lifetime:PSA_KEY_LIFETIME_PERSISTENT
-
-PSA Key Lifetime set and get write_once
-key_lifetime:PSA_KEY_LIFETIME_WRITE_ONCE
-
PSA Key Lifetime set fail, invalid key slot
key_lifetime_set_fail:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
@@ -100,7 +94,7 @@
key_lifetime_set_fail:2:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_EMPTY_SLOT
PSA Key Lifetime set fail, can not change write_once lifetime
-key_lifetime_set_fail:1:PSA_KEY_LIFETIME_WRITE_ONCE:PSA_ERROR_KEY_LIFETIME_CHANGE
+key_lifetime_set_fail:1:PSA_KEY_LIFETIME_WRITE_ONCE:PSA_ERROR_NOT_SUPPORTED
PSA Key Lifetime set fail, invalid key lifetime value
-key_lifetime_set_fail:1:PSA_KEY_LIFETIME_PERSISTENT+1:PSA_ERROR_INVALID_LIFETIME
+key_lifetime_set_fail:1:PSA_KEY_LIFETIME_PERSISTENT+1:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b4bf660..7cb38d9 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -378,10 +378,10 @@
key, sizeof( key ) ) == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime( key_slot,
- lifetime_set ) == PSA_SUCCESS );
+ lifetime_set ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_lifetime( key_slot,
- &lifetime_get ) == PSA_SUCCESS );
+ &lifetime_get ) == PSA_SUCCESS );
TEST_ASSERT( lifetime_get == lifetime_set );