From 4bac9a4c4b059e887de297de8b3ec7713eaf7420 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 May 2019 20:32:30 +0200 Subject: [PATCH] New function to get key slot statistics New function mbedtls_psa_get_stats to obtain some data about how many key slots are in use. This is intended for debugging and testing purposes. --- include/psa/crypto_extra.h | 37 ++++++++++++++++++++++++++++ library/psa_crypto_slot_management.c | 32 ++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 56e053604..b08f46d09 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -116,6 +116,43 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm( */ void mbedtls_psa_crypto_free( void ); +/** \brief Statistics about + * resource consumption related to the PSA keystore. + * + * \note The content of this structure is not part of the stable API and ABI + * of Mbed Crypto and may change arbitrarily from version to version. + */ +typedef struct mbedtls_psa_stats_s +{ + /** Number of slots containing key material for a volatile key. */ + size_t volatile_slots; + /** Number of slots containing key material for a key which is in + * internal persistent storage. */ + size_t persistent_slots; + /** Number of slots containing a reference to a key in a + * secure element. */ + size_t external_slots; + /** Number of slots which are occupied, but do not contain + * key material yet. */ + size_t half_filled_slots; + /** Number of slots that contain cache data. */ + size_t cache_slots; + /** Number of slots that are not used for anything. */ + size_t empty_slots; + /** Largest key id value among open keys in internal persistent storage. */ + psa_key_id_t max_open_internal_key_id; + /** Largest key id value among open keys in secure elements. */ + psa_key_id_t max_open_external_key_id; +} mbedtls_psa_stats_t; + +/** \brief Get statistics about + * resource consumption related to the PSA keystore. + * + * \note When Mbed Crypto is built as part of a service, with isolation + * between the application and the keystore, the service may or + * may not expose this function. + */ +void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ); /** * \brief Inject an initial entropy seed for the random generator into diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 0ffc2aae7..900aa41a5 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -232,4 +232,36 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) return( psa_wipe_key_slot( slot ) ); } +void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) +{ + psa_key_handle_t key; + memset( stats, 0, sizeof( *stats ) ); + for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ ) + { + psa_key_slot_t *slot = &global_data.key_slots[key - 1]; + if( slot->type == PSA_KEY_TYPE_NONE ) + { + if( slot->allocated ) + ++stats->half_filled_slots; + else + ++stats->empty_slots; + continue; + } + if( slot->lifetime == PSA_KEY_LIFETIME_VOLATILE ) + ++stats->volatile_slots; + else if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT ) + { + ++stats->persistent_slots; + if( slot->persistent_storage_id > stats->max_open_internal_key_id ) + stats->max_open_internal_key_id = slot->persistent_storage_id; + } + else + { + ++stats->external_slots; + if( slot->persistent_storage_id > stats->max_open_external_key_id ) + stats->max_open_external_key_id = slot->persistent_storage_id; + } + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */