mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 14:35:37 +01:00
Update some documentation related to key slots
Some of the documentation is obsolete in its reference to key slots when it should discuss key handles. This may require a further pass, possibly with some reorganization of error codes. Update the documentation of functions that modify key slots (key material creation and psa_set_key_policy()) to discuss how they affect storage.
This commit is contained in:
parent
79a11d6c42
commit
23fd2bdb94
@ -41,8 +41,8 @@
|
|||||||
* This type represents open handles to keys. It must be an unsigned integral
|
* This type represents open handles to keys. It must be an unsigned integral
|
||||||
* type. The choice of type is implementation-dependent.
|
* type. The choice of type is implementation-dependent.
|
||||||
*
|
*
|
||||||
* 0 is not a valid key slot number. The meaning of other values is
|
* 0 is not a valid key handle. How other handle values are assigned is
|
||||||
* implementation dependent.
|
* implementation-dependent.
|
||||||
*/
|
*/
|
||||||
typedef _unsigned_integral_type_ psa_key_handle_t;
|
typedef _unsigned_integral_type_ psa_key_handle_t;
|
||||||
|
|
||||||
@ -129,17 +129,17 @@ typedef int32_t psa_status_t;
|
|||||||
/** A slot is occupied, but must be empty to carry out the
|
/** A slot is occupied, but must be empty to carry out the
|
||||||
* requested action.
|
* requested action.
|
||||||
*
|
*
|
||||||
* If the slot number is invalid (i.e. the requested action could
|
* If a handle is invalid, it does not designate an occupied slot.
|
||||||
* not be performed even after erasing the slot's content),
|
* The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
|
||||||
* implementations shall return #PSA_ERROR_INVALID_ARGUMENT instead. */
|
*/
|
||||||
#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5)
|
#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5)
|
||||||
|
|
||||||
/** A slot is empty, but must be occupied to carry out the
|
/** A slot is empty, but must be occupied to carry out the
|
||||||
* requested action.
|
* requested action.
|
||||||
*
|
*
|
||||||
* If the slot number is invalid (i.e. the requested action could
|
* If a handle is invalid, it does not designate an empty slot.
|
||||||
* not be performed even after creating appropriate content in the slot),
|
* The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
|
||||||
* implementations shall return #PSA_ERROR_INVALID_ARGUMENT instead. */
|
*/
|
||||||
#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6)
|
#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6)
|
||||||
|
|
||||||
/** The requested action cannot be performed in the current state.
|
/** The requested action cannot be performed in the current state.
|
||||||
@ -162,7 +162,12 @@ typedef int32_t psa_status_t;
|
|||||||
* Implementations shall not return this error code to indicate
|
* Implementations shall not return this error code to indicate
|
||||||
* that a key slot is occupied when it needs to be free or vice versa,
|
* that a key slot is occupied when it needs to be free or vice versa,
|
||||||
* but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
|
* but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
|
||||||
* as applicable. */
|
* as applicable.
|
||||||
|
*
|
||||||
|
* Implementation shall not return this error code to indicate that a
|
||||||
|
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
|
||||||
|
* instead.
|
||||||
|
*/
|
||||||
#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8)
|
#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8)
|
||||||
|
|
||||||
/** There is not enough runtime memory.
|
/** There is not enough runtime memory.
|
||||||
@ -1409,13 +1414,22 @@ typedef uint32_t psa_key_lifetime_t;
|
|||||||
*/
|
*/
|
||||||
typedef uint32_t psa_key_id_t;
|
typedef uint32_t psa_key_id_t;
|
||||||
|
|
||||||
/** A volatile key slot retains its content as long as the application is
|
/** A volatile key only exists as long as the handle to it is not closed.
|
||||||
* running. It is guaranteed to be erased on a power reset.
|
* The key material is guaranteed to be erased on a power reset.
|
||||||
*/
|
*/
|
||||||
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
|
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
|
||||||
|
|
||||||
/** A persistent key slot retains its content as long as it is not explicitly
|
/** The default storage area for persistent keys.
|
||||||
* destroyed.
|
*
|
||||||
|
* A persistent key remains in storage until it is explicitly destroyed or
|
||||||
|
* until the corresponding storage area is wiped. This specification does
|
||||||
|
* not define any mechanism to wipe a storage area, but implementations may
|
||||||
|
* provide their own mechanism (for example to perform a factory reset,
|
||||||
|
* to prepare for device refurbishment, or to uninstall an application).
|
||||||
|
*
|
||||||
|
* This lifetime value is the default storage area for the calling
|
||||||
|
* application. Implementations may offer other storage areas designated
|
||||||
|
* by other lifetime values as implementation-specific extensions.
|
||||||
*/
|
*/
|
||||||
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
|
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
|
||||||
|
|
||||||
@ -1599,6 +1613,8 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
|
|||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
|
* If the key is persistent, the key material and the key's metadata
|
||||||
|
* have been saved to persistent storage.
|
||||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
* The key type or key size is not supported, either by the
|
* The key type or key size is not supported, either by the
|
||||||
@ -2009,6 +2025,10 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
|
|||||||
* \param[in] policy The policy object to query.
|
* \param[in] policy The policy object to query.
|
||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
|
* Success.
|
||||||
|
* If the key is persistent, it is implementation-defined whether
|
||||||
|
* the policy has been saved to persistent storage. Implementations
|
||||||
|
* may defer saving the policy until the key material is created.
|
||||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||||
* \retval #PSA_ERROR_OCCUPIED_SLOT
|
* \retval #PSA_ERROR_OCCUPIED_SLOT
|
||||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
@ -3292,6 +3312,8 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
|
|||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
|
* If the key is persistent, the key material and the key's metadata
|
||||||
|
* have been saved to persistent storage.
|
||||||
* \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
|
* \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
|
||||||
* There were fewer than \p output_length bytes
|
* There were fewer than \p output_length bytes
|
||||||
* in the generator. Note that in this case, no
|
* in the generator. Note that in this case, no
|
||||||
@ -3542,6 +3564,9 @@ typedef struct {
|
|||||||
* \c NULL then \p extra_size must be zero.
|
* \c NULL then \p extra_size must be zero.
|
||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
|
* Success.
|
||||||
|
* If the key is persistent, the key material and the key's metadata
|
||||||
|
* have been saved to persistent storage.
|
||||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||||
* \retval #PSA_ERROR_OCCUPIED_SLOT
|
* \retval #PSA_ERROR_OCCUPIED_SLOT
|
||||||
* There is already a key in the specified slot.
|
* There is already a key in the specified slot.
|
||||||
|
@ -100,7 +100,8 @@ void psa_wipe_all_key_slots( void )
|
|||||||
|
|
||||||
/** Find a free key slot and mark it as in use.
|
/** Find a free key slot and mark it as in use.
|
||||||
*
|
*
|
||||||
* \param[out] handle On success, a slot number that is not in use.
|
* \param[out] handle On success, a slot number that is not in use. This
|
||||||
|
* value can be used as a handle to the slot.
|
||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
@ -123,7 +124,7 @@ static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
|
|||||||
*
|
*
|
||||||
* This does not affect persistent storage.
|
* This does not affect persistent storage.
|
||||||
*
|
*
|
||||||
* \param handle The key slot number to release.
|
* \param handle The handle to the key slot to release.
|
||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
Loading…
Reference in New Issue
Block a user