Built-in keys#
Built-in key mechanism provides access to the keys stored in hardware.
It can be accessed using key ID that is in the range [MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, MBEDLTS_PSA_KEY_ID_BUILTIN_MAX].
Note
Available builtin key IDs vary for different family of devices. For devices vith VSE see Builtin keys on devices with a VSE , and for devices with Secure Engine see Builtin keys on devices with Secure Engine .
Typedefs#
A slot number identifying a key in a driver.
Functions#
Test whether a key identifier belongs to the builtin key range.
Platform function to obtain the location and slot number of a built-in key.
Macros#
The minimum value for a key identifier that is built into the implementation.
The maximum value for a key identifier that is built into the implementation.
The minimum value for a key identifier that is built into the implementation.
The maximum value for a key identifier that is built into the implementation.
Typedef Documentation#
psa_drv_slot_number_t#
typedef uint64_t psa_drv_slot_number_t
A slot number identifying a key in a driver.
Values of this type are used to identify built-in keys.
Function Documentation#
psa_key_id_is_builtin#
static int psa_key_id_is_builtin (psa_key_id_t key_id)
Test whether a key identifier belongs to the builtin key range.
Type | Direction | Argument Name | Description |
---|---|---|---|
psa_key_id_t | N/A | key_id | Key identifier to test. |
mbedtls_psa_platform_get_builtin_key#
psa_status_t mbedtls_psa_platform_get_builtin_key (mbedtls_svc_key_id_t key_id, psa_key_lifetime_t * lifetime, psa_drv_slot_number_t * slot_number)
Platform function to obtain the location and slot number of a built-in key.
Type | Direction | Argument Name | Description |
---|---|---|---|
mbedtls_svc_key_id_t | N/A | key_id | The key ID for which to retrieve the location and slot attributes. |
psa_key_lifetime_t * | [out] | lifetime | On success, the lifetime associated with the key corresponding to |
psa_drv_slot_number_t * | [out] | slot_number | On success, the slot number known to the driver registered at the lifetime location reported through |
An application-specific implementation of this function must be provided if #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided as part of a platform's system image.
#MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id
) needs to be in the range from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.
In a multi-application configuration (MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
is defined), this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key_id
) is allowed to use the given key.
Returns
(any other error) Any other error is propagated to the function that requested the key. Common errors include:
PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner is not allowed to access it.
Return values
PSA_SUCCESS: The requested key identifier designates a built-in key. In a multi-application configuration, the requested owner is allowed to access it.
PSA_ERROR_DOES_NOT_EXIST: The requested key identifier is not a built-in key which is known to this function. If a key exists in the key storage with this identifier, the data from the storage will be used.