diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6807c73f3..4aea9905d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1419,11 +1419,6 @@ typedef uint32_t psa_key_id_t; */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) -/** A write-once key slot may not be modified once a key has been set. - * It will retain its content as long as the device remains operational. - */ -#define PSA_KEY_LIFETIME_WRITE_ONCE ((psa_key_lifetime_t)0x7fffffff) - /** \brief Retrieve the lifetime of an open key. * * \param handle Handle to query. @@ -1443,46 +1438,6 @@ typedef uint32_t psa_key_id_t; psa_status_t psa_get_key_lifetime(psa_key_handle_t handle, psa_key_lifetime_t *lifetime); -/** \brief Change the lifetime of a key slot. - * - * Whether the lifetime of a key slot can be changed at all, and if so - * whether the lifetime of an occupied key slot can be changed, is - * implementation-dependent. - * - * When creating a persistent key, you must call this function before creating - * the key material with psa_import_key(), psa_generate_key() or - * psa_generator_import_key(). To open an existing persistent key, you must - * call this function with the correct lifetime value before using the slot - * for a cryptographic operation. Once a slot's lifetime has been set, - * the lifetime remains associated with the slot until a subsequent call to - * psa_set_key_lifetime(), until the key is wiped with psa_destroy_key or - * until the application terminates (or disconnects from the cryptography - * service, if the implementation offers such a possibility). - * - * \param key Slot whose lifetime is to be changed. - * \param lifetime The lifetime value to set for the given key slot. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key slot is invalid, - * or the lifetime value is invalid. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The implementation does not support the specified lifetime value, - * at least for the specified key slot. - * \retval #PSA_ERROR_OCCUPIED_SLOT - * The slot contains a key, and the implementation does not support - * changing the lifetime of an occupied slot. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_set_key_lifetime(psa_key_handle_t key, - psa_key_lifetime_t lifetime); /** Allocate a key slot for a transient key, i.e. a key which is only stored * in volatile memory. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bff0ce709..15bab676f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3206,35 +3206,6 @@ psa_status_t psa_get_key_lifetime( psa_key_slot_t key, return( PSA_SUCCESS ); } -psa_status_t psa_set_key_lifetime( psa_key_slot_t key, - psa_key_lifetime_t lifetime ) -{ - key_slot_t *slot; - psa_status_t status; - - if( lifetime != PSA_KEY_LIFETIME_VOLATILE && - lifetime != PSA_KEY_LIFETIME_PERSISTENT && - lifetime != PSA_KEY_LIFETIME_WRITE_ONCE ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = psa_get_empty_key_slot( key, &slot ); - if( status != PSA_SUCCESS ) - return( status ); - - if( lifetime == PSA_KEY_LIFETIME_WRITE_ONCE ) - return( PSA_ERROR_NOT_SUPPORTED ); - -#if !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( lifetime == PSA_KEY_LIFETIME_PERSISTENT ) - return( PSA_ERROR_NOT_SUPPORTED ); -#endif - - slot->lifetime = lifetime; - slot->persistent_storage_id = key; - - return( PSA_SUCCESS ); -} - /****************************************************************/