Lines Matching refs:a
8 …a key identifier (key ID for short). Applications must first create a key object, which allocates …
16 …store** consists of a collection of **key slots**. Each key slot contains the metadata for one key…
18 A key slot has the type `psa_key_slot_t`. The key store is a global object which is private inside …
22 The following operations allocate a key slot by calling `psa_reserve_free_key_slot()`:
24 * **Creating** a key object, through means such as import, random generation, deterministic derivat…
25 * **Loading** a persistent key from storage, or loading a built-in key. This is done through `psa_g…
27 The following operations free a key slot by calling `psa_wipe_key_slot()` and, if applicable, `psa_…
29 * **Destroying** a key.
30 * **Purging** a persistent key from memory, either explicitly at the application's request or to fr…
42 The state of a key slot is indicated by its `state` field of type `psa_key_slot_state_t`, which can…
44 * `PSA_SLOT_EMPTY`: a slot that occupies memory but does not currently contain a key.
45 * `PSA_SLOT_FILLING`: a slot that is being filled to create or load a key.
46 * `PSA_SLOT_FULL`: a slot containing a key.
47 * `PSA_SLOT_PENDING_DELETION`: a slot whose key is being destroy or purged.
53 …a multithreaded environment, since Mbed TLS 3.6.0, each key slot is protected by a reader-writer l…
61 Note that a slot must not be moved in memory while it is being read or written.
69 …a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Key material is alloc…
70 …a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contain…
71 …a size that adjusts to the application's usage. Key material is allocated on the heap. Compared to…
77 …d the variants other than the hybrid key store in a patch release of a long-time support version. …
79 The static key store could become a runtime decision, where only keys larger than some threshold re…
81 …a slot may be accessed by another thread (see [“Concurrency”](#concurrency)). With the concurrency…
85 …ce is an array of key slots. Key slices are identified by an index which is a small non-negative i…
87 * With a [static key store](#static-key-store), there is a single, statically allocated slice, with…
88 * With a [dynamic key store](#dynamic-key-store), there is statically allocated array of pointers t…
92 …a volatile key, the slice containing the slot and index of the slot in its slice determine the key…
96 The static key store is the historical implementation. The key store is a statically allocated arra…
98 …a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTL…
102 For easy lookup, a volatile key whose index is `id` is stored at the index `id - PSA_KEY_ID_VOLATIL…
104 #### Key creation with a static key store
106 …a key, `psa_reserve_free_key_slot()` searches the key slot array until it finds one that is empty.…
108 #### Freeing a key slot with a static key store
110 With a static key store, `psa_wipe_key_slot()` destroys or purges a key by freeing any associated r…
114 The dynamic key store allows a large number of keys, at the expense of more complex memory manageme…
123 * Access to a persistent key (including creation and destruction) takes time that is linear in `MBE…
124 * Allocating a key takes amortized $O(1)$ time. Usually the time is $O(s)$ where $s$ is the number …
125 * Destroying a volatile key takes $O(1)$ time as of Mbed TLS 3.6.1. Later improvements to memory co…
129 … The number of slices is determined at compile time. The key store contains a static array of poin…
141 … slot management code need to determine which key slice contains a key slot when given a pointer t…
143 * for a volatile key identifier, the [slice index is encoded in the key identifier](#volatile-key-i…
144 * for a persistent key identifier or built-in key identifier, [the slot is in the sole cache slice]…
146 Nonetheless, we store the slice index as a field in the slot, for two reasons:
149 …key_slot()`, which needs to determine the slice. Keeping the slice index as a separate field allow…
161 …a **free list**. This is a linked list of all the slots in the slice that are free. The global dat…
163 …a small optimization, a free slot does not actually contain the index of the next slot, but the in…
167 …a volatile key, `psa_reserve_free_key_slot()` searches the free lists of each allocated slice unti…
171 …a slice of size `B * 2^k` if there are already `B * (2^k - 1)` occupied slots. Thus the memory ove…
175 When destroying a volatile key, `psa_wipe_key_slot()` calls `psa_free_key_slot()`. This function ad…
179 …ypto subsystem is deinitialized). Freeing key slices intelligently would be a desirable improvemen…
181 …a key slice as soon as it becomes empty, because that would cause large allocations and deallocati…
183 …es. Mixing allocated and unallocated slices may make some parts of the code a little more complex,…
196 … [static key store](#static-key-store), a non-empty slot can contain either a volatile key or a ca…
198 …a fixed-size array of `MBEDTLS_PSA_KEY_SLOT_COUNT` slots. In the static key store, this array is s…
200 #### Accessing a persistent key
202 …e corresponding range. To that effect, it traverses the key cache to see if a key with the given i…
208 * to create a volatile key (static key store only);
209 * to create a persistent key;
210 * to load a persistent or built-in key.
214 As of Mbed TLS 3.6.1, there is no tracking of a key's usage frequency or age. The slot eviction cod…