Concurrency Constraints

The cryptographic module TA supports a maximum of 100 sessions, which are shared by all CAs. If the number of sessions exceeds the upper limit, an error is reported when calling a cryptographic module API. The following describes API-specific cryptographic module TA session usage.

1. One session is occupied when SDF_OpenDevice is called, and the session is released only when SDF_CloseDevice is called.
2. One session is occupied when SDF_OpenSession, SDF_CloseSession, ECM_OpenSession, or ECM_FactoryReset is called, and the session is released immediately the call ends.
3. SDF_CloseDevice closes the session occupied by SDF_OpenDevice.
4. A TA session in a thread can be reused when other APIs except the above ones are called. Specifically, in a single thread, each API call occupies a TA session, and the session is not released immediately the call ends. If a new API call is made within 1s, the session is reused.

Otherwise, the session is reclaimed, and a new TA session is required for the next API call. In practice, the actual interval may be slightly longer than 1s (1.5s to 2s) due to scheduling or other factors. In multi-process scenarios, wait for 20s to ensure that the TA session is reclaimed.