initial key lifetime implementation and tests
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c93da95..5ba60e1 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -96,6 +96,7 @@
typedef struct {
psa_key_type_t type;
+ psa_key_lifetime_t lifetime;
union {
struct raw_data {
uint8_t *data;
@@ -362,6 +363,7 @@
}
slot->type = type;
+ slot->lifetime = 0;
return( PSA_SUCCESS );
}
@@ -1260,6 +1262,53 @@
}
+/****************************************************************/
+/* Key Lifetime */
+/****************************************************************/
+
+psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
+ psa_key_lifetime_t *lifetime)
+{
+ key_slot_t *slot;
+
+ if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ slot = &global_data.key_slots[key];
+
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+
+ *lifetime = slot->lifetime;
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
+ const psa_key_lifetime_t lifetime)
+{
+ key_slot_t *slot;
+
+ if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ slot = &global_data.key_slots[key];
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+
+ if( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
+ lifetime != PSA_KEY_LIFETIME_PERSISTENT &&
+ lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
+ return( PSA_ERROR_INVALID_LIFETIME );
+
+ if ( slot->lifetime == PSA_KEY_LIFETIME_WRITE_ONCE )
+ return( PSA_ERROR_KEY_LIFETIME_CHANGE );
+
+ slot->lifetime = liftime;
+
+ return( PSA_SUCCESS );
+}
+
/****************************************************************/
/* Module setup */