TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c4d1b514ab814726fd168ad388531d653192801e / . / library / psa_crypto_slot_management.c
blob: 8ef851bddf4fccf2c588c6473f8f6f0af9931e27 [file] [log] [blame]
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]1/*
2 * PSA crypto layer on top of Mbed TLS crypto
3 */
Bence Szépkúti86974652020-06-15 11:59:37 +0200[diff] [blame]4/*
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]5 * Copyright The Mbed TLS Contributors
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]19 */
20
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]21#include "common.h"
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
itayzafrir7723ab12019-02-14 10:28:02 +0200[diff] [blame]25#include "psa_crypto_service_integration.h"
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]26#include "psa/crypto.h"
27
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]28#include "psa_crypto_core.h"
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]29#include "psa_crypto_slot_management.h"
30#include "psa_crypto_storage.h"
Gilles Peskineb46bef22019-07-30 21:32:04 +0200[diff] [blame]31#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
32#include "psa_crypto_se.h"
33#endif
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]34
35#include <stdlib.h>
36#include <string.h>
37#if defined(MBEDTLS_PLATFORM_C)
38#include "mbedtls/platform.h"
39#else
40#define mbedtls_calloc calloc
41#define mbedtls_free free
42#endif
43
44#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
45
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]46typedef struct
47{
48 psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
49 unsigned key_slots_initialized : 1;
50} psa_global_data_t;
51
Gilles Peskine2e14bd32018-12-12 14:05:08 +0100[diff] [blame]52static psa_global_data_t global_data;
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]53
Ronald Crond2ed4812020-07-17 16:11:30 +0200[diff] [blame]54psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
55{
56 psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
57
58 if( ( PSA_KEY_ID_USER_MIN <= key_id ) &&
59 ( key_id <= PSA_KEY_ID_USER_MAX ) )
60 return( PSA_SUCCESS );
61
62 if( vendor_ok &&
63 ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
64 ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
65 return( PSA_SUCCESS );
66
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]67 return( PSA_ERROR_INVALID_HANDLE );
Ronald Crond2ed4812020-07-17 16:11:30 +0200[diff] [blame]68}
69
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]70static psa_key_slot_t* psa_get_slot_from_volatile_key_id(
71 mbedtls_svc_key_id_t key )
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]72{
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]73 psa_key_slot_t *slot;
74 psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]75
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]76 if( ( key_id < PSA_KEY_ID_VOLATILE_MIN ) ||
77 ( key_id > PSA_KEY_ID_VOLATILE_MAX ) )
78 return( NULL );
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]79
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]80 slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ];
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]81
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]82 return( mbedtls_svc_key_id_equal( key, slot->attr.id ) ? slot : NULL );
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]83}
84
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]85#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
86static psa_key_slot_t* psa_get_slot_from_key_id(
87 mbedtls_svc_key_id_t key )
88{
89 psa_key_slot_t *slot = &global_data.key_slots[ PSA_KEY_SLOT_COUNT ];
90
91 while( slot > &global_data.key_slots[ 0 ] )
92 {
93 slot--;
94 if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
95 return( slot );
96 }
97
98 return( NULL );
99}
100#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
101
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]102psa_status_t psa_initialize_key_slots( void )
103{
104 /* Nothing to do: program startup and psa_wipe_all_key_slots() both
105 * guarantee that the key slots are initialized to all-zero, which
106 * means that all the key slots are in a valid, empty state. */
107 global_data.key_slots_initialized = 1;
108 return( PSA_SUCCESS );
109}
110
111void psa_wipe_all_key_slots( void )
112{
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]113 size_t slot_idx;
114
115 for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ )
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]116 {
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]117 psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]118 (void) psa_wipe_key_slot( slot );
119 }
120 global_data.key_slots_initialized = 0;
121}
122
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]123psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
Ronald Cron2a993152020-07-17 14:13:26 +0200[diff] [blame]124 psa_key_slot_t **p_slot )
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]125{
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]126 size_t slot_idx;
127
Gilles Peskine267c6562019-05-27 19:01:54 +0200[diff] [blame]128 if( ! global_data.key_slots_initialized )
129 return( PSA_ERROR_BAD_STATE );
130
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]131 for( slot_idx = PSA_KEY_SLOT_COUNT; slot_idx > 0; slot_idx-- )
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]132 {
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]133 *p_slot = &global_data.key_slots[ slot_idx - 1 ];
Gilles Peskine41e50d22019-07-31 15:01:55 +0200[diff] [blame]134 if( ! psa_is_key_slot_occupied( *p_slot ) )
Ronald Cron2a993152020-07-17 14:13:26 +0200[diff] [blame]135 {
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]136 *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
137 ( (psa_key_id_t)slot_idx ) - 1;
Ronald Cron2a993152020-07-17 14:13:26 +0200[diff] [blame]138
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]139 return( PSA_SUCCESS );
Ronald Cron2a993152020-07-17 14:13:26 +0200[diff] [blame]140 }
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]141 }
Gilles Peskine267c6562019-05-27 19:01:54 +0200[diff] [blame]142 *p_slot = NULL;
Gilles Peskine66fb1262018-12-10 16:29:04 +0100[diff] [blame]143 return( PSA_ERROR_INSUFFICIENT_MEMORY );
144}
145
Gilles Peskinefa4135b2018-12-10 16:48:53 +0100[diff] [blame]146#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
Gilles Peskine24318592019-07-30 20:30:51 +0200[diff] [blame]147static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
Gilles Peskinefa4135b2018-12-10 16:48:53 +0100[diff] [blame]148{
149 psa_status_t status = PSA_SUCCESS;
150 uint8_t *key_data = NULL;
151 size_t key_data_length = 0;
152
Gilles Peskine24318592019-07-30 20:30:51 +0200[diff] [blame]153 status = psa_load_persistent_key( &slot->attr,
Gilles Peskinebfd322f2019-07-23 11:58:03 +0200[diff] [blame]154 &key_data, &key_data_length );
Gilles Peskinefa4135b2018-12-10 16:48:53 +0100[diff] [blame]155 if( status != PSA_SUCCESS )
156 goto exit;
Gilles Peskine1df83d42019-07-23 16:13:14 +0200[diff] [blame]157
158#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
Gilles Peskine24318592019-07-30 20:30:51 +0200[diff] [blame]159 if( psa_key_lifetime_is_external( slot->attr.lifetime ) )
Gilles Peskine1df83d42019-07-23 16:13:14 +0200[diff] [blame]160 {
Gilles Peskineb46bef22019-07-30 21:32:04 +0200[diff] [blame]161 psa_se_key_data_storage_t *data;
162 if( key_data_length != sizeof( *data ) )
Gilles Peskine1df83d42019-07-23 16:13:14 +0200[diff] [blame]163 {
164 status = PSA_ERROR_STORAGE_FAILURE;
165 goto exit;
166 }
Gilles Peskineb46bef22019-07-30 21:32:04 +0200[diff] [blame]167 data = (psa_se_key_data_storage_t *) key_data;
168 memcpy( &slot->data.se.slot_number, &data->slot_number,
169 sizeof( slot->data.se.slot_number ) );
Gilles Peskine1df83d42019-07-23 16:13:14 +0200[diff] [blame]170 }
171 else
172#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
173 {
Steven Cooreman3ea0ce42020-10-23 11:37:05 +0200[diff] [blame]174 status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
175 if( status != PSA_SUCCESS )
176 goto exit;
Gilles Peskine1df83d42019-07-23 16:13:14 +0200[diff] [blame]177 }
178
Gilles Peskinefa4135b2018-12-10 16:48:53 +0100[diff] [blame]179exit:
180 psa_free_persistent_key_data( key_data, key_data_length );
181 return( status );
182}
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]183#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
184
185psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key,
186 psa_key_slot_t **p_slot )
187{
188 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
189
190 *p_slot = NULL;
191 if( ! global_data.key_slots_initialized )
192 return( PSA_ERROR_BAD_STATE );
193
194 status = psa_validate_key_id( key, 1 );
195 if( status != PSA_SUCCESS )
196 return( status );
197
198 *p_slot = psa_get_slot_from_volatile_key_id( key );
199 if( *p_slot != NULL )
200 return( PSA_SUCCESS );
201
202#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
203 psa_key_id_t volatile_key_id;
204
205 *p_slot = psa_get_slot_from_key_id( key );
206 if( *p_slot != NULL )
207 return( PSA_SUCCESS );
208
209 status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
210 if( status != PSA_SUCCESS )
211 return( status );
212
213 (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
214 (*p_slot)->attr.id = key;
215
216 status = psa_load_persistent_key_into_slot( *p_slot );
217 if( status != PSA_SUCCESS )
218 psa_wipe_key_slot( *p_slot );
219
220 return( status );
221#else
222 return( PSA_ERROR_DOES_NOT_EXIST );
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]223#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
Gilles Peskinefa4135b2018-12-10 16:48:53 +0100[diff] [blame]224
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]225}
226
Steven Cooreman8c1e7592020-06-17 14:52:05 +0200[diff] [blame]227psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]228 psa_se_drv_table_entry_t **p_drv )
Gilles Peskined167b942019-04-19 18:19:40 +0200[diff] [blame]229{
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]230 if ( psa_key_lifetime_is_external( lifetime ) )
Gilles Peskine011e4282019-06-26 18:34:38 +0200[diff] [blame]231 {
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]232#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
Steven Cooreman00106a12020-06-08 18:54:23 +0200[diff] [blame]233 psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
234 if( driver == NULL )
Gilles Peskine011e4282019-06-26 18:34:38 +0200[diff] [blame]235 return( PSA_ERROR_INVALID_ARGUMENT );
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]236 else
237 {
238 if (p_drv != NULL)
Steven Cooreman00106a12020-06-08 18:54:23 +0200[diff] [blame]239 *p_drv = driver;
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]240 return( PSA_SUCCESS );
241 }
242#else
243 (void) p_drv;
244 return( PSA_ERROR_INVALID_ARGUMENT );
245#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
Gilles Peskine011e4282019-06-26 18:34:38 +0200[diff] [blame]246 }
247 else
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]248 /* Local/internal keys are always valid */
249 return( PSA_SUCCESS );
250}
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]251
Ronald Crond2ed4812020-07-17 16:11:30 +0200[diff] [blame]252psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]253{
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]254 if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
255 {
256 /* Volatile keys are always supported */
257 return( PSA_SUCCESS );
258 }
259 else
260 {
261 /* Persistent keys require storage support */
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]262#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
Ronald Crond2ed4812020-07-17 16:11:30 +0200[diff] [blame]263 return( PSA_SUCCESS );
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]264#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]265 return( PSA_ERROR_NOT_SUPPORTED );
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]266#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
Steven Cooreman81fe7c32020-06-08 18:37:19 +0200[diff] [blame]267 }
Gilles Peskined167b942019-04-19 18:19:40 +0200[diff] [blame]268}
269
Ronald Cron71016a92020-08-28 19:01:50 +0200[diff] [blame]270psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]271{
Gilles Peskine70e085a2019-05-27 19:04:07 +0200[diff] [blame]272#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]273 psa_status_t status;
Gilles Peskine267c6562019-05-27 19:01:54 +0200[diff] [blame]274 psa_key_slot_t *slot;
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]275
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]276 status = psa_get_key_slot( key, &slot );
Gilles Peskine70e085a2019-05-27 19:04:07 +0200[diff] [blame]277 if( status != PSA_SUCCESS )
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]278 {
Ronald Cron91e95152020-07-30 17:48:03 +0200[diff] [blame]279 *handle = PSA_KEY_HANDLE_INIT;
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]280 return( status );
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]281 }
Ronald Cronc4d1b512020-07-31 11:26:37 +0200[diff] [blame^]282
283 *handle = key;
284
285 return( PSA_SUCCESS );
Gilles Peskine70e085a2019-05-27 19:04:07 +0200[diff] [blame]286
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]287#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
Ronald Cron27238fc2020-07-23 12:30:41 +0200[diff] [blame]288 (void) key;
Ronald Cron91e95152020-07-30 17:48:03 +0200[diff] [blame]289 *handle = PSA_KEY_HANDLE_INIT;
Gilles Peskine30afafd2019-04-25 13:47:40 +0200[diff] [blame]290 return( PSA_ERROR_NOT_SUPPORTED );
291#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]292}
293
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]294psa_status_t psa_close_key( psa_key_handle_t handle )
295{
Gilles Peskine267c6562019-05-27 19:01:54 +0200[diff] [blame]296 psa_status_t status;
297 psa_key_slot_t *slot;
298
Ronald Cronc26f8d42020-09-01 10:51:51 +0200[diff] [blame]299 if( psa_key_handle_is_null( handle ) )
Gilles Peskine1841cf42019-10-08 15:48:25 +0200[diff] [blame]300 return( PSA_SUCCESS );
301
Gilles Peskine267c6562019-05-27 19:01:54 +0200[diff] [blame]302 status = psa_get_key_slot( handle, &slot );
303 if( status != PSA_SUCCESS )
304 return( status );
305
306 return( psa_wipe_key_slot( slot ) );
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]307}
308
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]309void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
310{
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]311 size_t slot_idx;
312
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]313 memset( stats, 0, sizeof( *stats ) );
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]314
315 for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ )
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]316 {
Ronald Cron98a54dd2020-07-24 16:33:11 +0200[diff] [blame]317 const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
Gilles Peskine41e50d22019-07-31 15:01:55 +0200[diff] [blame]318 if( ! psa_is_key_slot_occupied( slot ) )
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]319 {
Gilles Peskine41e50d22019-07-31 15:01:55 +0200[diff] [blame]320 ++stats->empty_slots;
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]321 continue;
322 }
Gilles Peskine8e338702019-07-30 20:06:31 +0200[diff] [blame]323 if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]324 ++stats->volatile_slots;
Gilles Peskine8e338702019-07-30 20:06:31 +0200[diff] [blame]325 else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]326 {
Ronald Cron71016a92020-08-28 19:01:50 +0200[diff] [blame]327 psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]328 ++stats->persistent_slots;
Jaeden Amero6fa62a52019-08-20 17:43:48 +0100[diff] [blame]329 if( id > stats->max_open_internal_key_id )
330 stats->max_open_internal_key_id = id;
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]331 }
332 else
333 {
Ronald Cron71016a92020-08-28 19:01:50 +0200[diff] [blame]334 psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]335 ++stats->external_slots;
Jaeden Amero6fa62a52019-08-20 17:43:48 +0100[diff] [blame]336 if( id > stats->max_open_external_key_id )
337 stats->max_open_external_key_id = id;
Gilles Peskine4bac9a42019-05-23 20:32:30 +0200[diff] [blame]338 }
339 }
340}
341
Gilles Peskine961849f2018-11-30 18:54:54 +0100[diff] [blame]342#endif /* MBEDTLS_PSA_CRYPTO_C */