Key lifetimes#

Typedefs#

typedef uint32_t

Encoding of key lifetimes.

typedef uint8_t

Encoding of key persistence levels.

typedef uint32_t

Encoding of key location indicators.

typedef uint32_t

Encoding of identifiers of persistent keys.

typedef psa_key_id_t

Encoding of key identifiers as seen inside the PSA Crypto implementation.

typedef uint32_t

Encoding of key lifetimes.

typedef uint8_t

Encoding of key persistence levels.

typedef uint32_t

Encoding of key location indicators.

typedef uint32_t

Encoding of identifiers of persistent keys.

typedef psa_key_id_t

Encoding of key identifiers as seen inside the PSA Crypto implementation.

Functions#

mbedtls_svc_key_id_make(unsigned int unused, psa_key_id_t key_id)

Utility to initialize a key identifier at runtime.

int
mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)

Compare two key identifiers.

int
mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)

Check whether a key identifier is null.

Macros#

#define
PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)

The default lifetime for volatile keys.

#define
PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)

The default lifetime for persistent keys.

#define
PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)

The persistence level of volatile keys.

#define
PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)

The default persistence level for persistent keys.

#define
PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)

A persistence level indicating that a key is never destroyed.

#define

Whether a key lifetime indicates that the key is volatile.

#define

Whether a key lifetime indicates that the key is read-only.

#define

Construct a lifetime from a persistence level and a location.

#define
PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)

The local storage area for persistent keys.

#define
PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
#define
PSA_KEY_ID_NULL ((psa_key_id_t)0)

The null key identifier.

#define
PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)

The minimum value for a key identifier chosen by the application.

#define
PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)

The maximum value for a key identifier chosen by the application.

#define
PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)

The minimum value for a key identifier chosen by the implementation.

#define
PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)

The maximum value for a key identifier chosen by the implementation.

#define
MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)
#define
PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)

The default lifetime for volatile keys.

#define
PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)

The default lifetime for persistent keys.

#define
PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)

The persistence level of volatile keys.

#define
PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)

The default persistence level for persistent keys.

#define
PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)

A persistence level indicating that a key is never destroyed.

#define

Whether a key lifetime indicates that the key is volatile.

#define

Whether a key lifetime indicates that the key is read-only.

#define

Construct a lifetime from a persistence level and a location.

#define
PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)

The local storage area for persistent keys.

#define
PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
#define
PSA_KEY_ID_NULL ((psa_key_id_t)0)

The null key identifier.

#define
PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)

The minimum value for a key identifier chosen by the application.

#define
PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)

The maximum value for a key identifier chosen by the application.

#define
PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)

The minimum value for a key identifier chosen by the implementation.

#define
PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)

The maximum value for a key identifier chosen by the implementation.

#define
MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)

Typedef Documentation#

psa_key_lifetime_t#

typedef uint32_t psa_key_lifetime_t

Encoding of key lifetimes.

The lifetime of a key indicates where it is stored and what system actions may create and destroy it.

Lifetime values have the following structure:

  • Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime)): persistence level. This value indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is volatile or persistent. See psa_key_persistence_t for more information.

  • Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(lifetime)): location indicator. This value indicates which part of the system has access to the key material and can perform operations using the key. See psa_key_location_t for more information.

Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Persistent keys are preserved until the application explicitly destroys them or until an integration-specific device management event occurs (for example, a factory reset).

Persistent keys have a key identifier of type mbedtls_svc_key_id_t. This identifier remains valid throughout the lifetime of the key, even if the application instance that created the key terminates. The application can call psa_open_key() to open a persistent key that it created previously.

The default lifetime of a key is PSA_KEY_LIFETIME_VOLATILE. The lifetime PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is available. Other lifetime values may be supported depending on the library configuration.

Values of this type are generally constructed by macros called PSA_KEY_LIFETIME_xxx.

Note

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.


Definition at line 195 of file util/third_party/mbedtls/include/psa/crypto_types.h

psa_key_persistence_t#

typedef uint8_t psa_key_persistence_t

Encoding of key persistence levels.

What distinguishes different persistence levels is what device management events may cause keys to be destroyed. Volatile keys are destroyed by a power reset. Persistent keys may be destroyed by events such as a transfer of ownership or a factory reset. What management events actually affect persistent keys at different levels is outside the scope of the PSA Cryptography specification.

The PSA Cryptography specification defines the following values of persistence levels:

  • 0 = PSA_KEY_PERSISTENCE_VOLATILE: volatile key. A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.

  • 1 = PSA_KEY_PERSISTENCE_DEFAULT: persistent key with a default lifetime.

  • 2-254: currently not supported by Mbed TLS.

  • 255 = PSA_KEY_PERSISTENCE_READ_ONLY: read-only or write-once key. A key with this persistence level cannot be destroyed. Mbed TLS does not currently offer a way to create such keys, but integrations of Mbed TLS can use it for built-in keys that the application cannot modify (for example, a hardware unique key (HUK)).

Note

  • Key persistence levels are 8-bit values. Key management interfaces operate on lifetimes (type psa_key_lifetime_t) which encode the persistence as the lower 8 bits of a 32-bit value.

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.


Definition at line 231 of file util/third_party/mbedtls/include/psa/crypto_types.h

psa_key_location_t#

typedef uint32_t psa_key_location_t

Encoding of key location indicators.

If an integration of Mbed TLS can make calls to external cryptoprocessors such as secure elements, the location of a key indicates which secure element performs the operations on the key. Depending on the design of the secure element, the key material may be stored either in the secure element, or in wrapped (encrypted) form alongside the key metadata in the primary local storage.

The PSA Cryptography API specification defines the following values of location indicators:

  • 0: primary local storage. This location is always available. The primary local storage is typically the same storage area that contains the key metadata.

  • 1: primary secure element. Integrations of Mbed TLS should support this value if there is a secure element attached to the operating environment. As a guideline, secure elements may provide higher resistance against side channel and physical attacks than the primary local storage, but may have restrictions on supported key types, sizes, policies and operations and may have different performance characteristics.

  • 2-0x7fffff: other locations defined by a PSA specification. The PSA Cryptography API does not currently assign any meaning to these locations, but future versions of that specification or other PSA specifications may do so.

  • 0x800000-0xffffff: vendor-defined locations. No PSA specification will assign a meaning to locations in this range.

Note

  • Key location indicators are 24-bit values. Key management interfaces operate on lifetimes (type psa_key_lifetime_t) which encode the location as the upper 24 bits of a 32-bit value.

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.


Definition at line 272 of file util/third_party/mbedtls/include/psa/crypto_types.h

psa_key_id_t#

typedef uint32_t psa_key_id_t

Encoding of identifiers of persistent keys.

  • Applications may freely choose key identifiers in the range PSA_KEY_ID_USER_MIN to PSA_KEY_ID_USER_MAX. Note

    • This file was shipped as part of the Silicon Labs SDK. Users of the Silicon Labs SDK need to be aware that the entire SDK is considered the 'application' from the mbed TLS / PSA documentation perspective. Please refer to PSA Crypto key ID namespacing in the Silicon Labs SDK to see which key identifiers are available to Silicon Labs SDK users.

  • The implementation may define additional key identifiers in the range PSA_KEY_ID_VENDOR_MIN to PSA_KEY_ID_VENDOR_MAX.

  • 0 is reserved as an invalid key identifier.

  • Key identifiers outside these ranges are reserved for future use.

Note

  • Values of this type are encoded in the persistent key store. Any changes to how values are allocated must require careful consideration to allow backward compatibility.


Definition at line 292 of file util/third_party/mbedtls/include/psa/crypto_types.h

mbedtls_svc_key_id_t#

typedef psa_key_id_t mbedtls_svc_key_id_t

Encoding of key identifiers as seen inside the PSA Crypto implementation.

Some user code (e.g.

When PSA Crypto is built as a library inside an application, this type is identical to psa_key_id_t. When PSA Crypto is built as a service that can store keys on behalf of multiple clients, this type encodes the psa_key_id_t value seen by each client application as well as extra information that identifies the client that owns the key.

Note

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.

PSA Crypto test suites) use the mbedtls_svc_key_id_t instead of psa_key_id_t to allow a multi-client service that exposes the PSA Cryptograpy API in each client and encodes the client identity in the key identifier (ref, MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER). The SiliconLabs TZ SKL does not support MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER but still some user code applies the mbedtls_svc_key_id_t without really using the client part (encoding of owner/client id). Therefore we need to defined mbedtls_svc_key_id_t equal to psa_key_id_t.


Definition at line 309 of file util/third_party/mbedtls/include/psa/crypto_types.h

psa_key_lifetime_t#

typedef uint32_t psa_key_lifetime_t

Encoding of key lifetimes.

The lifetime of a key indicates where it is stored and what system actions may create and destroy it.

Lifetime values have the following structure:

  • Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime)): persistence level. This value indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is volatile or persistent. See psa_key_persistence_t for more information.

  • Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(lifetime)): location indicator. This value indicates which part of the system has access to the key material and can perform operations using the key. See psa_key_location_t for more information.

Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Persistent keys are preserved until the application explicitly destroys them or until an integration-specific device management event occurs (for example, a factory reset).

Persistent keys have a key identifier of type mbedtls_svc_key_id_t. This identifier remains valid throughout the lifetime of the key, even if the application instance that created the key terminates. The application can call psa_open_key() to open a persistent key that it created previously.

The default lifetime of a key is PSA_KEY_LIFETIME_VOLATILE. The lifetime PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is available. Other lifetime values may be supported depending on the library configuration.

Values of this type are generally constructed by macros called PSA_KEY_LIFETIME_xxx.

Note

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.


Definition at line 180 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_types.h

psa_key_persistence_t#

typedef uint8_t psa_key_persistence_t

Encoding of key persistence levels.

What distinguishes different persistence levels is what device management events may cause keys to be destroyed. Volatile keys are destroyed by a power reset. Persistent keys may be destroyed by events such as a transfer of ownership or a factory reset. What management events actually affect persistent keys at different levels is outside the scope of the PSA Cryptography specification.

The PSA Cryptography specification defines the following values of persistence levels:

  • 0 = PSA_KEY_PERSISTENCE_VOLATILE: volatile key. A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.

  • 1 = PSA_KEY_PERSISTENCE_DEFAULT: persistent key with a default lifetime.

  • 2-254: currently not supported by Mbed TLS.

  • 255 = PSA_KEY_PERSISTENCE_READ_ONLY: read-only or write-once key. A key with this persistence level cannot be destroyed. Mbed TLS does not currently offer a way to create such keys, but integrations of Mbed TLS can use it for built-in keys that the application cannot modify (for example, a hardware unique key (HUK)).

Note

  • Key persistence levels are 8-bit values. Key management interfaces operate on lifetimes (type psa_key_lifetime_t) which encode the persistence as the lower 8 bits of a 32-bit value.

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.


Definition at line 216 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_types.h

psa_key_location_t#

typedef uint32_t psa_key_location_t

Encoding of key location indicators.

If an integration of Mbed TLS can make calls to external cryptoprocessors such as secure elements, the location of a key indicates which secure element performs the operations on the key. Depending on the design of the secure element, the key material may be stored either in the secure element, or in wrapped (encrypted) form alongside the key metadata in the primary local storage.

The PSA Cryptography API specification defines the following values of location indicators:

  • 0: primary local storage. This location is always available. The primary local storage is typically the same storage area that contains the key metadata.

  • 1: primary secure element. Integrations of Mbed TLS should support this value if there is a secure element attached to the operating environment. As a guideline, secure elements may provide higher resistance against side channel and physical attacks than the primary local storage, but may have restrictions on supported key types, sizes, policies and operations and may have different performance characteristics.

  • 2-0x7fffff: other locations defined by a PSA specification. The PSA Cryptography API does not currently assign any meaning to these locations, but future versions of that specification or other PSA specifications may do so.

  • 0x800000-0xffffff: vendor-defined locations. No PSA specification will assign a meaning to locations in this range.

Note

  • Key location indicators are 24-bit values. Key management interfaces operate on lifetimes (type psa_key_lifetime_t) which encode the location as the upper 24 bits of a 32-bit value.

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.


Definition at line 257 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_types.h

psa_key_id_t#

typedef uint32_t psa_key_id_t

Encoding of identifiers of persistent keys.

Note

  • Values of this type are encoded in the persistent key store. Any changes to how values are allocated must require careful consideration to allow backward compatibility.


Definition at line 272 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_types.h

mbedtls_svc_key_id_t#

typedef psa_key_id_t mbedtls_svc_key_id_t

Encoding of key identifiers as seen inside the PSA Crypto implementation.

Some user code (e.g.

When PSA Crypto is built as a library inside an application, this type is identical to psa_key_id_t. When PSA Crypto is built as a service that can store keys on behalf of multiple clients, this type encodes the psa_key_id_t value seen by each client application as well as extra information that identifies the client that owns the key.

Note

  • Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.

PSA Crypto test suites) use the mbedtls_svc_key_id_t instead of psa_key_id_t to allow a multi-client service that exposes the PSA Cryptograpy API in each client and encodes the client identity in the key identifier (ref, MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER). The SiliconLabs TZ SKL does not support MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER but still some user code applies the mbedtls_svc_key_id_t without really using the client part (encoding of owner/client id). Therefore we need to defined mbedtls_svc_key_id_t equal to psa_key_id_t.


Definition at line 289 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_types.h

Function Documentation#

mbedtls_svc_key_id_make#

static mbedtls_svc_key_id_t mbedtls_svc_key_id_make (unsigned int unused, psa_key_id_t key_id)

Utility to initialize a key identifier at runtime.

Parameters
N/Aunused

Unused parameter.

N/Akey_id

Identifier of the key.


Definition at line 2429 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

mbedtls_svc_key_id_equal#

static int mbedtls_svc_key_id_equal (mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)

Compare two key identifiers.

Parameters
N/Aid1

First key identifier.

N/Aid2

Second key identifier.

Returns

  • Non-zero if the two key identifier are equal, zero otherwise.


Definition at line 2444 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

mbedtls_svc_key_id_is_null#

static int mbedtls_svc_key_id_is_null (mbedtls_svc_key_id_t key)

Check whether a key identifier is null.

Parameters
N/Akey

Key identifier.

Returns

  • Non-zero if the key identifier is null, zero otherwise.


Definition at line 2456 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

Macro Definition Documentation#

PSA_KEY_LIFETIME_VOLATILE#

#define PSA_KEY_LIFETIME_VOLATILE
Value:
((psa_key_lifetime_t) 0x00000000)

The default lifetime for volatile keys.

A volatile key only exists as long as the identifier to it is not destroyed. The key material is guaranteed to be erased on a power reset.

A key with this lifetime is typically stored in the RAM area of the PSA Crypto subsystem. However this is an implementation choice. If an implementation stores data about the key in a non-volatile memory, it must release all the resources associated with the key and erase the key material if the calling application terminates.


Definition at line 2290 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_PERSISTENT#

#define PSA_KEY_LIFETIME_PERSISTENT
Value:
((psa_key_lifetime_t) 0x00000001)

The default lifetime for persistent keys.

A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area, but integrations may provide their own mechanism (for example to perform a factory reset, to prepare for device refurbishment, or to uninstall an application).

This lifetime value is the default storage area for the calling application. Integrations of Mbed TLS may support other persistent lifetimes. See psa_key_lifetime_t for more information.


Definition at line 2304 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_PERSISTENCE_VOLATILE#

#define PSA_KEY_PERSISTENCE_VOLATILE
Value:
((psa_key_persistence_t) 0x00)

The persistence level of volatile keys.

See psa_key_persistence_t for more information.


Definition at line 2310 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_PERSISTENCE_DEFAULT#

#define PSA_KEY_PERSISTENCE_DEFAULT
Value:
((psa_key_persistence_t) 0x01)

The default persistence level for persistent keys.

See psa_key_persistence_t for more information.


Definition at line 2316 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_PERSISTENCE_READ_ONLY#

#define PSA_KEY_PERSISTENCE_READ_ONLY
Value:
((psa_key_persistence_t) 0xff)

A persistence level indicating that a key is never destroyed.

See psa_key_persistence_t for more information.


Definition at line 2322 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_GET_PERSISTENCE#

#define PSA_KEY_LIFETIME_GET_PERSISTENCE
Value:
(lifetime)

Definition at line 2324 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_GET_LOCATION#

#define PSA_KEY_LIFETIME_GET_LOCATION
Value:
(lifetime)

Definition at line 2327 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_IS_VOLATILE#

#define PSA_KEY_LIFETIME_IS_VOLATILE
Value:
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_VOLATILE)

Whether a key lifetime indicates that the key is volatile.

A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.

A key that is not volatile is persistent. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs (for example, a factory reset).

Returns

  • 1 if the key is volatile, otherwise 0.


Definition at line 2346 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_IS_READ_ONLY#

#define PSA_KEY_LIFETIME_IS_READ_ONLY
Value:
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_READ_ONLY)

Whether a key lifetime indicates that the key is read-only.

Read-only keys cannot be created or destroyed through the PSA Crypto API. They must be created through platform-specific means that bypass the API.

Some platforms may offer ways to destroy read-only keys. For example, consider a platform with multiple levels of privilege, where a low-privilege application can use a key but is not allowed to destroy it, and the platform exposes the key to the application with a read-only lifetime. High-privilege code can destroy the key even though the application sees the key as read-only.

Returns

  • 1 if the key is read-only, otherwise 0.


Definition at line 2367 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION#

#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION
Value:
(persistence, location)

Construct a lifetime from a persistence level and a location.

Returns

  • The constructed lifetime value.


Definition at line 2380 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LOCATION_LOCAL_STORAGE#

#define PSA_KEY_LOCATION_LOCAL_STORAGE
Value:
((psa_key_location_t) 0x000000)

The local storage area for persistent keys.

This storage area is available on all systems that can store persistent keys without delegating the storage to a third-party cryptoprocessor.

See psa_key_location_t for more information.


Definition at line 2390 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LOCATION_VENDOR_FLAG#

#define PSA_KEY_LOCATION_VENDOR_FLAG
Value:
((psa_key_location_t) 0x800000)

Definition at line 2392 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_ID_NULL#

#define PSA_KEY_ID_NULL
Value:
((psa_key_id_t)0)

The null key identifier.


Definition at line 2402 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_ID_USER_MIN#

#define PSA_KEY_ID_USER_MIN
Value:
((psa_key_id_t) 0x00000001)

The minimum value for a key identifier chosen by the application.


Definition at line 2406 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_ID_USER_MAX#

#define PSA_KEY_ID_USER_MAX
Value:
((psa_key_id_t) 0x3fffffff)

The maximum value for a key identifier chosen by the application.


Definition at line 2409 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_ID_VENDOR_MIN#

#define PSA_KEY_ID_VENDOR_MIN
Value:
((psa_key_id_t) 0x40000000)

The minimum value for a key identifier chosen by the implementation.


Definition at line 2412 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_ID_VENDOR_MAX#

#define PSA_KEY_ID_VENDOR_MAX
Value:
((psa_key_id_t) 0x7fffffff)

The maximum value for a key identifier chosen by the implementation.


Definition at line 2415 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

MBEDTLS_SVC_KEY_ID_INIT#

#define MBEDTLS_SVC_KEY_ID_INIT
Value:
((psa_key_id_t) 0)

Definition at line 2420 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

MBEDTLS_SVC_KEY_ID_GET_KEY_ID#

#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID
Value:
(id)

Definition at line 2421 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

MBEDTLS_SVC_KEY_ID_GET_OWNER_ID#

#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID
Value:
(id)

Definition at line 2422 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_KEY_LIFETIME_VOLATILE#

#define PSA_KEY_LIFETIME_VOLATILE
Value:
((psa_key_lifetime_t) 0x00000000)

The default lifetime for volatile keys.

A volatile key only exists as long as the identifier to it is not destroyed. The key material is guaranteed to be erased on a power reset.

A key with this lifetime is typically stored in the RAM area of the PSA Crypto subsystem. However this is an implementation choice. If an implementation stores data about the key in a non-volatile memory, it must release all the resources associated with the key and erase the key material if the calling application terminates.


Definition at line 2308 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LIFETIME_PERSISTENT#

#define PSA_KEY_LIFETIME_PERSISTENT
Value:
((psa_key_lifetime_t) 0x00000001)

The default lifetime for persistent keys.

A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area, but integrations may provide their own mechanism (for example to perform a factory reset, to prepare for device refurbishment, or to uninstall an application).

This lifetime value is the default storage area for the calling application. Integrations of Mbed TLS may support other persistent lifetimes. See psa_key_lifetime_t for more information.


Definition at line 2322 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_PERSISTENCE_VOLATILE#

#define PSA_KEY_PERSISTENCE_VOLATILE
Value:
((psa_key_persistence_t) 0x00)

The persistence level of volatile keys.

See psa_key_persistence_t for more information.


Definition at line 2328 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_PERSISTENCE_DEFAULT#

#define PSA_KEY_PERSISTENCE_DEFAULT
Value:
((psa_key_persistence_t) 0x01)

The default persistence level for persistent keys.

See psa_key_persistence_t for more information.


Definition at line 2334 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_PERSISTENCE_READ_ONLY#

#define PSA_KEY_PERSISTENCE_READ_ONLY
Value:
((psa_key_persistence_t) 0xff)

A persistence level indicating that a key is never destroyed.

See psa_key_persistence_t for more information.


Definition at line 2340 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LIFETIME_GET_PERSISTENCE#

#define PSA_KEY_LIFETIME_GET_PERSISTENCE
Value:
(lifetime)

Definition at line 2342 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LIFETIME_GET_LOCATION#

#define PSA_KEY_LIFETIME_GET_LOCATION
Value:
(lifetime)

Definition at line 2345 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LIFETIME_IS_VOLATILE#

#define PSA_KEY_LIFETIME_IS_VOLATILE
Value:
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_VOLATILE)

Whether a key lifetime indicates that the key is volatile.

A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.

A key that is not volatile is persistent. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs (for example, a factory reset).

Returns

  • 1 if the key is volatile, otherwise 0.


Definition at line 2364 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LIFETIME_IS_READ_ONLY#

#define PSA_KEY_LIFETIME_IS_READ_ONLY
Value:
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_READ_ONLY)

Whether a key lifetime indicates that the key is read-only.

Read-only keys cannot be created or destroyed through the PSA Crypto API. They must be created through platform-specific means that bypass the API.

Some platforms may offer ways to destroy read-only keys. For example, consider a platform with multiple levels of privilege, where a low-privilege application can use a key but is not allowed to destroy it, and the platform exposes the key to the application with a read-only lifetime. High-privilege code can destroy the key even though the application sees the key as read-only.

Returns

  • 1 if the key is read-only, otherwise 0.


Definition at line 2385 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION#

#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION
Value:
(persistence, location)

Construct a lifetime from a persistence level and a location.

Returns

  • The constructed lifetime value.


Definition at line 2398 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LOCATION_LOCAL_STORAGE#

#define PSA_KEY_LOCATION_LOCAL_STORAGE
Value:
((psa_key_location_t) 0x000000)

The local storage area for persistent keys.

This storage area is available on all systems that can store persistent keys without delegating the storage to a third-party cryptoprocessor.

See psa_key_location_t for more information.


Definition at line 2408 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_LOCATION_VENDOR_FLAG#

#define PSA_KEY_LOCATION_VENDOR_FLAG
Value:
((psa_key_location_t) 0x800000)

Definition at line 2410 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_ID_NULL#

#define PSA_KEY_ID_NULL
Value:
((psa_key_id_t)0)

The null key identifier.


Definition at line 2420 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_ID_USER_MIN#

#define PSA_KEY_ID_USER_MIN
Value:
((psa_key_id_t) 0x00000001)

The minimum value for a key identifier chosen by the application.


Definition at line 2424 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_ID_USER_MAX#

#define PSA_KEY_ID_USER_MAX
Value:
((psa_key_id_t) 0x3fffffff)

The maximum value for a key identifier chosen by the application.


Definition at line 2427 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_ID_VENDOR_MIN#

#define PSA_KEY_ID_VENDOR_MIN
Value:
((psa_key_id_t) 0x40000000)

The minimum value for a key identifier chosen by the implementation.


Definition at line 2430 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_KEY_ID_VENDOR_MAX#

#define PSA_KEY_ID_VENDOR_MAX
Value:
((psa_key_id_t) 0x7fffffff)

The maximum value for a key identifier chosen by the implementation.


Definition at line 2433 of file util/third_party/mbedtls/include/psa/crypto_values.h

MBEDTLS_SVC_KEY_ID_INIT#

#define MBEDTLS_SVC_KEY_ID_INIT
Value:
((psa_key_id_t) 0)

Definition at line 2438 of file util/third_party/mbedtls/include/psa/crypto_values.h

MBEDTLS_SVC_KEY_ID_GET_KEY_ID#

#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID
Value:
(id)

Definition at line 2439 of file util/third_party/mbedtls/include/psa/crypto_values.h

MBEDTLS_SVC_KEY_ID_GET_OWNER_ID#

#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID
Value:
(id)

Definition at line 2440 of file util/third_party/mbedtls/include/psa/crypto_values.h