From 9b3e5a7b3ecf12c0a04b871290ae16b2a170d38a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Dec 2020 18:46:01 +0100 Subject: [PATCH] Clarify the explanation of locations It's about who has access to the key material in plaintext, not directly where the operation is performed. Signed-off-by: Gilles Peskine --- include/psa/crypto_types.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 17641df77..f7f8a8474 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -115,9 +115,8 @@ typedef uint32_t psa_algorithm_t; * whether the key is _volatile_ or _persistent_. * See ::psa_key_persistence_t for more information. * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)): - * location indicator. This value indicates where the key material is stored - * (or at least where it is accessible in cleartext) and where operations - * on the key are performed. + * location indicator. This value indicates which part of the system + * has access to the key material and can perform operations using the key. * See ::psa_key_location_t for more information. * * Volatile keys are automatically destroyed when the application instance @@ -176,9 +175,10 @@ typedef uint8_t psa_key_persistence_t; * If an integration of Mbed TLS can make calls to external * cryptoprocessors such as secure elements, the location of a key * indicates which secure element performs the operations on the key. - * Depending on the design of the driver for the secure element, the key + * Depending on the design of the secure element, the key * material may either be stored either in the secure element, or - * in wrapped form alongside the key metadata in the primary local storage. + * in wrapped (encrypted) form alongside the key metadata in the + * primary local storage. * * This specification defines the following values of location indicators: * - \c 0: primary local storage.