initial key lifetime implementation and tests
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c93da95..5ba60e1 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -96,6 +96,7 @@
 
 typedef struct {
     psa_key_type_t type;
+    psa_key_lifetime_t lifetime;
     union {
         struct raw_data {
             uint8_t *data;
@@ -362,6 +363,7 @@
     }
 
     slot->type = type;
+    slot->lifetime = 0;
     return( PSA_SUCCESS );
 }
 
@@ -1260,6 +1262,53 @@
 }
 
 
+/****************************************************************/
+/* Key Lifetime */
+/****************************************************************/
+
+psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
+                                  psa_key_lifetime_t *lifetime)
+{
+    key_slot_t *slot;
+
+    if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    slot = &global_data.key_slots[key];
+
+    if( slot->type == PSA_KEY_TYPE_NONE )
+        return( PSA_ERROR_EMPTY_SLOT );
+    
+    *lifetime = slot->lifetime;
+
+    return( PSA_SUCCESS );
+}
+
+psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
+                                  const psa_key_lifetime_t lifetime)
+{
+    key_slot_t *slot;
+
+    if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    slot = &global_data.key_slots[key];
+    if( slot->type == PSA_KEY_TYPE_NONE )
+        return( PSA_ERROR_EMPTY_SLOT );
+
+    if( lifetime != PSA_KEY_LIFETIME_VOLATILE && 
+        lifetime != PSA_KEY_LIFETIME_PERSISTENT && 
+        lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
+        return( PSA_ERROR_INVALID_LIFETIME );
+
+    if ( slot->lifetime == PSA_KEY_LIFETIME_WRITE_ONCE )
+        return( PSA_ERROR_KEY_LIFETIME_CHANGE );
+        
+    slot->lifetime = liftime;
+
+    return( PSA_SUCCESS );
+}
+
 
 /****************************************************************/
 /* Module setup */