New function to get key slot statistics

New function mbedtls_psa_get_stats to obtain some data about how many
key slots are in use. This is intended for debugging and testing
purposes.
This commit is contained in:
Gilles Peskine 2019-05-23 20:32:30 +02:00
parent 952f40962a
commit 4bac9a4c4b
2 changed files with 69 additions and 0 deletions

View file

@ -116,6 +116,43 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
*/ */
void mbedtls_psa_crypto_free( void ); void mbedtls_psa_crypto_free( void );
/** \brief Statistics about
* resource consumption related to the PSA keystore.
*
* \note The content of this structure is not part of the stable API and ABI
* of Mbed Crypto and may change arbitrarily from version to version.
*/
typedef struct mbedtls_psa_stats_s
{
/** Number of slots containing key material for a volatile key. */
size_t volatile_slots;
/** Number of slots containing key material for a key which is in
* internal persistent storage. */
size_t persistent_slots;
/** Number of slots containing a reference to a key in a
* secure element. */
size_t external_slots;
/** Number of slots which are occupied, but do not contain
* key material yet. */
size_t half_filled_slots;
/** Number of slots that contain cache data. */
size_t cache_slots;
/** Number of slots that are not used for anything. */
size_t empty_slots;
/** Largest key id value among open keys in internal persistent storage. */
psa_key_id_t max_open_internal_key_id;
/** Largest key id value among open keys in secure elements. */
psa_key_id_t max_open_external_key_id;
} mbedtls_psa_stats_t;
/** \brief Get statistics about
* resource consumption related to the PSA keystore.
*
* \note When Mbed Crypto is built as part of a service, with isolation
* between the application and the keystore, the service may or
* may not expose this function.
*/
void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
/** /**
* \brief Inject an initial entropy seed for the random generator into * \brief Inject an initial entropy seed for the random generator into

View file

@ -232,4 +232,36 @@ psa_status_t psa_close_key( psa_key_handle_t handle )
return( psa_wipe_key_slot( slot ) ); return( psa_wipe_key_slot( slot ) );
} }
void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
{
psa_key_handle_t key;
memset( stats, 0, sizeof( *stats ) );
for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
psa_key_slot_t *slot = &global_data.key_slots[key - 1];
if( slot->type == PSA_KEY_TYPE_NONE )
{
if( slot->allocated )
++stats->half_filled_slots;
else
++stats->empty_slots;
continue;
}
if( slot->lifetime == PSA_KEY_LIFETIME_VOLATILE )
++stats->volatile_slots;
else if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
++stats->persistent_slots;
if( slot->persistent_storage_id > stats->max_open_internal_key_id )
stats->max_open_internal_key_id = slot->persistent_storage_id;
}
else
{
++stats->external_slots;
if( slot->persistent_storage_id > stats->max_open_external_key_id )
stats->max_open_external_key_id = slot->persistent_storage_id;
}
}
}
#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */