Snap for 11356374 from 7b106654a8e5cbeec55d1e10cc0bbad6774b98b5 to sdk-release
Change-Id: I7a6794eb771a2cb0caf26f20a7820d3258841b61
diff --git a/core/src/ta.rs b/core/src/ta.rs
index a3f8534..8297983 100644
--- a/core/src/ta.rs
+++ b/core/src/ta.rs
@@ -52,8 +52,8 @@
/// Current Secretkeeper version.
const CURRENT_VERSION: u64 = 1;
-/// Maximum number of live session keys.
-const MAX_SESSIONS: usize = 32;
+/// Default maximum number of live session keys.
+const MAX_SESSIONS_DEFAULT: usize = 8;
/// Macro to build an [`ApiError`] instance.
/// E.g. use: `aidl_err!(InternalError, "some {} format", arg)`.
@@ -87,6 +87,9 @@
/// Current sessions.
session_artifacts: VecDeque<SessionArtifacts>,
+ /// Maximum number of current sessions.
+ max_sessions: usize,
+
/// Storage of secrets (& sealing policy)
store: PolicyGatedStorage,
}
@@ -98,6 +101,16 @@
storage_impl: Box<dyn KeyValueStore>,
identity_curve: iana::EllipticCurve,
) -> Result<Self, SkInternalError> {
+ Self::new_with_session_limit(ag_impls, storage_impl, identity_curve, MAX_SESSIONS_DEFAULT)
+ }
+
+ /// Create a TA instance using the provided trait implementations.
+ pub fn new_with_session_limit(
+ ag_impls: &mut CryptoTraitImpl,
+ storage_impl: Box<dyn KeyValueStore>,
+ identity_curve: iana::EllipticCurve,
+ max_sessions: usize,
+ ) -> Result<Self, SkInternalError> {
// Create a per-boot-key for AuthGraph to use.
let aes_gcm = ag_impls.aes_gcm.box_clone();
let rng = ag_impls.rng.box_clone();
@@ -128,6 +141,7 @@
per_boot_key,
identity_sign_key,
identity,
+ max_sessions,
session_artifacts: VecDeque::new(),
store,
})
@@ -389,7 +403,7 @@
shared_keys: &[Vec<u8>; 2],
_sha256: &dyn Sha256,
) -> Result<(), Error> {
- if self.session_artifacts.len() >= MAX_SESSIONS {
+ if self.session_artifacts.len() >= self.max_sessions {
warn!("Dropping oldest session key");
self.session_artifacts.pop_front();
}
