Built-in keys#

Built-in key mechanism provides access to the keys stored in hardware.

It can be accessed using key ID that is in the range [MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, MBEDLTS_PSA_KEY_ID_BUILTIN_MAX].

Note

Typedefs#

typedef uint64_t

A slot number identifying a key in a driver.

Functions#

int
psa_key_id_is_builtin(psa_key_id_t key_id)

Test whether a key identifier belongs to the builtin key range.

mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id, psa_key_lifetime_t *lifetime, psa_drv_slot_number_t *slot_number)

Platform function to obtain the location and slot number of a built-in key.

Macros#

#define
MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)

The minimum value for a key identifier that is built into the implementation.

#define
MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)

The maximum value for a key identifier that is built into the implementation.

#define
MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)

The minimum value for a key identifier that is built into the implementation.

#define
MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t) 0x7fffefff)

The maximum value for a key identifier that is built into the implementation.

Typedef Documentation#

psa_drv_slot_number_t#

typedef uint64_t psa_drv_slot_number_t

A slot number identifying a key in a driver.

Values of this type are used to identify built-in keys.


Definition at line 706 of file util/third_party/mbedtls/include/psa/crypto_extra.h

Function Documentation#

psa_key_id_is_builtin#

static int psa_key_id_is_builtin (psa_key_id_t key_id)

Test whether a key identifier belongs to the builtin key range.

Parameters
N/Akey_id

Key identifier to test.


Definition at line 718 of file util/third_party/mbedtls/include/psa/crypto_extra.h

mbedtls_psa_platform_get_builtin_key#

psa_status_t mbedtls_psa_platform_get_builtin_key (mbedtls_svc_key_id_t key_id, psa_key_lifetime_t * lifetime, psa_drv_slot_number_t * slot_number)

Platform function to obtain the location and slot number of a built-in key.

Parameters
N/Akey_id

The key ID for which to retrieve the location and slot attributes.

[out]lifetime

On success, the lifetime associated with the key corresponding to key_id. Lifetime is a combination of which driver contains the key, and with what persistence level the key is intended to be used. If the platform implementation does not contain specific information about the intended key persistence level, the persistence level may be reported as PSA_KEY_PERSISTENCE_DEFAULT.

[out]slot_number

On success, the slot number known to the driver registered at the lifetime location reported through lifetime which corresponds to the requested built-in key.

An application-specific implementation of this function must be provided if #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided as part of a platform's system image.

#MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) needs to be in the range from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.

In a multi-application configuration (MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined), this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key_id) is allowed to use the given key.

Returns

  • (any other error) Any other error is propagated to the function that requested the key. Common errors include:

Return values

  • PSA_SUCCESS: The requested key identifier designates a built-in key. In a multi-application configuration, the requested owner is allowed to access it.

  • PSA_ERROR_DOES_NOT_EXIST: The requested key identifier is not a built-in key which is known to this function. If a key exists in the key storage with this identifier, the data from the storage will be used.


Definition at line 768 of file util/third_party/mbedtls/include/psa/crypto_extra.h

Macro Definition Documentation#

MBEDTLS_PSA_KEY_ID_BUILTIN_MIN#

#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Value:
((psa_key_id_t)0x7fff0000)

The minimum value for a key identifier that is built into the implementation.

The range of key identifiers from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from PSA_KEY_ID_VENDOR_MIN and PSA_KEY_ID_VENDOR_MAX and must not intersect with any other set of implementation-chosen key identifiers.

This value is part of the library's ABI since changing it would invalidate the values of built-in key identifiers in applications.


Definition at line 438 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_extra.h

MBEDTLS_PSA_KEY_ID_BUILTIN_MAX#

#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Value:
((psa_key_id_t)0x7fffefff)

The maximum value for a key identifier that is built into the implementation.

See MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.


Definition at line 445 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_extra.h

MBEDTLS_PSA_KEY_ID_BUILTIN_MIN#

#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Value:
((psa_key_id_t) 0x7fff0000)

The minimum value for a key identifier that is built into the implementation.

The range of key identifiers from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from PSA_KEY_ID_VENDOR_MIN and PSA_KEY_ID_VENDOR_MAX and must not intersect with any other set of implementation-chosen key identifiers.

This value is part of the library's ABI since changing it would invalidate the values of built-in key identifiers in applications.


Definition at line 693 of file util/third_party/mbedtls/include/psa/crypto_extra.h

MBEDTLS_PSA_KEY_ID_BUILTIN_MAX#

#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Value:
((psa_key_id_t) 0x7fffefff)

The maximum value for a key identifier that is built into the implementation.

See MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.


Definition at line 700 of file util/third_party/mbedtls/include/psa/crypto_extra.h