Platform Security Architecture — cryptography and keystore interface  Working draft
Macros | Typedefs | Functions
Key lifetime

Macros

#define PSA_KEY_LIFETIME_VOLATILE   ((psa_key_lifetime_t)0x00000000)
 
#define PSA_KEY_LIFETIME_PERSISTENT   ((psa_key_lifetime_t)0x00000001)
 
#define PSA_KEY_LIFETIME_WRITE_ONCE   ((psa_key_lifetime_t)0x7fffffff)
 

Typedefs

typedef uint32_t psa_key_lifetime_t
 

Functions

psa_status_t psa_get_key_lifetime (psa_key_slot_t key, psa_key_lifetime_t *lifetime)
 Retrieve the lifetime of a key slot. More...
 
psa_status_t psa_set_key_lifetime (psa_key_slot_t key, psa_key_lifetime_t lifetime)
 Change the lifetime of a key slot. More...
 

Detailed Description

Macro Definition Documentation

◆ PSA_KEY_LIFETIME_PERSISTENT

#define PSA_KEY_LIFETIME_PERSISTENT   ((psa_key_lifetime_t)0x00000001)

A persistent key slot retains its content as long as it is not explicitly destroyed.

◆ PSA_KEY_LIFETIME_VOLATILE

#define PSA_KEY_LIFETIME_VOLATILE   ((psa_key_lifetime_t)0x00000000)

A volatile key slot retains its content as long as the application is running. It is guaranteed to be erased on a power reset.

◆ PSA_KEY_LIFETIME_WRITE_ONCE

#define PSA_KEY_LIFETIME_WRITE_ONCE   ((psa_key_lifetime_t)0x7fffffff)

A write-once key slot may not be modified once a key has been set. It will retain its content as long as the device remains operational.

Typedef Documentation

◆ psa_key_lifetime_t

typedef uint32_t psa_key_lifetime_t

Encoding of key lifetimes.

Function Documentation

◆ psa_get_key_lifetime()

psa_status_t psa_get_key_lifetime ( psa_key_slot_t  key,
psa_key_lifetime_t lifetime 
)

Retrieve the lifetime of a key slot.

The assignment of lifetimes to slots is implementation-dependent.

Parameters
keySlot to query.
[out]lifetimeOn success, the lifetime value.
Return values
PSA_SUCCESSSuccess.
PSA_ERROR_INVALID_ARGUMENTThe key slot is invalid.
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_TAMPERING_DETECTED

◆ psa_set_key_lifetime()

psa_status_t psa_set_key_lifetime ( psa_key_slot_t  key,
psa_key_lifetime_t  lifetime 
)

Change the lifetime of a key slot.

Whether the lifetime of a key slot can be changed at all, and if so whether the lifetime of an occupied key slot can be changed, is implementation-dependent.

Parameters
keySlot whose lifetime is to be changed.
lifetimeThe lifetime value to set for the given key slot.
Return values
PSA_SUCCESSSuccess.
PSA_ERROR_INVALID_ARGUMENTThe key slot is invalid, or the lifetime value is invalid.
PSA_ERROR_NOT_SUPPORTEDThe implementation does not support the specified lifetime value, at least for the specified key slot.
PSA_ERROR_OCCUPIED_SLOTThe slot contains a key, and the implementation does not support changing the lifetime of an occupied slot.
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_TAMPERING_DETECTED