![]() |
TF-M Reference Manual
1.2.0
TrustedFirmware-M
|
Macros | |
#define | PSA_KEY_ATTRIBUTES_INIT {0} |
Typedefs | |
typedef struct psa_client_key_attributes_s | psa_key_attributes_t |
Functions | |
psa_status_t | psa_get_key_attributes (psa_key_handle_t handle, psa_key_attributes_t *attributes) |
void | psa_reset_key_attributes (psa_key_attributes_t *attributes) |
#define PSA_KEY_ATTRIBUTES_INIT {0} |
This macro returns a suitable initializer for a key attribute structure of type psa_key_attributes_t.
typedef struct psa_client_key_attributes_s psa_key_attributes_t |
The type of a structure containing key attributes.
This is an opaque structure that can represent the metadata of a key object. Metadata that can be stored in attributes includes:
The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.
An attribute structure can be a simple data structure where each function psa_set_key_xxx
sets a field and the corresponding function psa_get_key_xxx
retrieves the value of the corresponding field. However, implementations may report values that are equivalent to the original one, but have a different encoding. For example, an implementation may use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which may not be the one that was originally stored.
An attribute structure may contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call psa_reset_key_attributes(). As an exception, calling psa_reset_key_attributes() on an attribute structure is optional if the structure has only been modified by the following functions since it was initialized or last reset with psa_reset_key_attributes():
Before calling any function on a key attribute structure, the application must initialize it by any of the following means:
A freshly initialized attribute structure contains the following values:
0
(meaning that the type is unspecified).0
(meaning that the size is unspecified).0
(which allows no usage except exporting a public key).0
(which allows no cryptographic usage, but allows exporting).A typical sequence to create a key is as follows:
A typical sequence to query a key's attributes is as follows:
psa_get_key_xxx
functions to retrieve the attribute(s) that you are interested in.Once a key has been created, it is impossible to change its attributes.
Definition at line 347 of file crypto_types.h.
psa_status_t psa_get_key_attributes | ( | psa_key_handle_t | handle, |
psa_key_attributes_t * | attributes | ||
) |
Retrieve the attributes of a key.
This function first resets the attribute structure as with psa_reset_key_attributes(). It then copies the attributes of the given key into the given attribute structure.
[in] | handle | Handle to the key to query. |
[in,out] | attributes | On success, the attributes of the key. On failure, equivalent to a freshly-initialized structure. |
PSA_SUCCESS | |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
Definition at line 106 of file tfm_crypto_func_api.c.
void psa_reset_key_attributes | ( | psa_key_attributes_t * | attributes | ) |
Reset a key attribute structure to a freshly initialized state.
You must initialize the attribute structure as described in the documentation of the type psa_key_attributes_t before calling this function. Once the structure has been initialized, you may call this function at any time.
This function frees any auxiliary resources that the structure may contain.
[in,out] | attributes | The attribute structure to reset. |
Definition at line 126 of file tfm_crypto_func_api.c.