From 2d2bb1dd044fa4269c1958e6ee8f7024bf7b3ab2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2020 19:07:18 +0100 Subject: [PATCH 01/12] Define some structure for lifetime values * Lower 8 bits: persistence level * 0: volatile * 1: persistent (default) * 2-127: persistent (reserved for future PSA specifications) * 128-254: persistent (reserved for vendors) * 255: read-only * Upper 24 bits: location indicator * 0: built-in * 1: primary secure element * 2-0x7fffff: reserved for future PSA specifications * 0x800000-0xffffff: vendor-specific Signed-off-by: Gilles Peskine --- include/psa/crypto_types.h | 109 ++++++++++++++++++++++++++++++++++-- include/psa/crypto_values.h | 44 ++++++++++++++- 2 files changed, 147 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index d96c66e5c..2f0f74699 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -108,18 +108,117 @@ typedef uint32_t psa_algorithm_t; * The lifetime of a key indicates where it is stored and what system actions * may create and destroy it. * - * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically - * destroyed when the application terminates or on a power reset. + * Lifetime values have the following structure: + * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)): + * persistence level. This value indicates what device management + * actions can cause it to be destroyed. In particular, it indicates + * whether the key is _volatile_ or _persistent_. + * See ::psa_key_lifetime_persistence_t for more information. + * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)): + * location indicator. This value indicates where the key is stored + * and where operations on the key are performed. + * See ::psa_key_lifetime_location_t for more information. + * + * Volatile keys are automatically destroyed when the application instance + * terminates or on a power reset of the device. Persistent keys are + * preserved until the application explicitly destroys them or until an + * implementation-specific device management event occurs (for example, + * a factory reset). * - * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said - * to be _persistent_. - * Persistent keys are preserved if the application or the system restarts. * Persistent keys have a key identifier of type #psa_key_id_t. + * This identifier remains valid throughout the lifetime of the key, + * even if the application instance that created the key terminates. * The application can call psa_open_key() to open a persistent key that * it created previously. + * + * This specification defines two basic lifetime values: + * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile. + * All implementations should support this lifetime. + * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent. + * All implementations that have access to persistent storage with + * appropriate security guarantees should support this lifetime. */ typedef uint32_t psa_key_lifetime_t; +/** Encoding of key persistence levels. + * + * What distinguishes different persistence levels is what device management + * events may cause keys to be destroyed. _Volatile_ keys are destroyed + * by a power reset. Persistent keys may be destroyed by events such as + * a transfer of ownership or a factory reset. What management events + * actually affect persistent keys at different levels is outside the + * scope of the PSA Cryptography specification. + * + * This specification defines the following values of persistence levels: + * - \c 0 = #PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE: volatile key. + * A volatile key is automatically destroyed by the implementation when + * the application instance terminates. In particular, a volatile key + * is automatically destroyed on a power reset of the device. + * - \c 1 = #PSA_KEY_LIFETIME_PERSISTENCE_PRIMARY: + * persistent key with a default lifetime. + * Implementations should support this value if they support persistent + * keys at all. + * Applications should use this value if they have no specific needs that + * are only met by implementation-specific features. + * - \c 2-127: persistent key with a PSA-specified lifetime. + * The PSA Cryptography specification does not define the meaning of these + * values, but other PSA specifications may do so. + * - \c 128-254: persistent key with a vendor-specified lifetime. + * No PSA specification will define the meaning of these values, so + * implementations may choose the meaning freely. + * As a guideline, higher persistence levels should cause a key to survive + * more management events than lower levels. + * - \c 255 = #PSA_KEY_LIFETIME_PERSISTENCE_READ_ONLY: + * read-only or write-once key. + * A key with this persistence level cannot be destroyed. + * Implementations that support such keys may either allow their creation + * through the PSA Cryptography API, preferably only to applications with + * the appropriate privilege, or only expose keys created through + * implementation-specific means such as a factory ROM engraving process. + * Note that keys that are read-only due to policy restrictions + * rather than due to physical limitations should not have this + * persistence levels. + * + * \note Key persistence levels are 8-bit values. Key management + * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which + * encode the persistence as the lower 8 bits of a 32-bit value. + */ +typedef uint8_t psa_key_lifetime_persistence_t; + +/** Encoding of key location indicators. + * + * If an implementation of this API can make calls to external + * cryptoprocessors such as secure elements, the location of a key + * indicates which secure element performs the operations on the key. + * If an implementation offers multiple physical locations for persistent + * storage, the location indicator reflects at which physical location + * the key is stored. + * + * This specification defines the following values of location indicators: + * - \c 0: default location. + * All implementations should support this value. + * The default location typically indicates that the key material is + * used and stored within the same security boundary as the key metadata. + * - \c 1: primary secure element. + * Implementations should support this value if there is a secure element + * attached to the operating environment. + * As a guideline, secure elements may provide higher resistance against + * side channel and physical attacks than the default location, but may + * have restrictions on supported key types, sizes, policies and operations + * and may have different performance characteristics. + * - \c 2-0x7fffff: other locations defined by a PSA specification. + * The PSA Cryptography does not currently assign any meaning to these + * locations, but future versions of this specification or other PSA + * specifications may do so. + * - \c 0x800000-0xffffff: vendor-defined locations. + * No PSA specification will assign a meaning to locations in this range. + * + * \note Key location indicators are 24-bit values. Key management + * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which + * encode the location as the upper 24 bits of a 32-bit value. + */ +typedef uint32_t psa_key_lifetime_location_t; + /** Encoding of identifiers of persistent keys. * * - Applications may freely choose key identifiers in the range diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index baaabff1e..14cae3932 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1539,8 +1539,16 @@ * @{ */ -/** A volatile key only exists as long as the handle to it is not closed. +/** The default lifetime for volatile keys. + * + * A volatile key only exists as long as the handle to it is not closed. * The key material is guaranteed to be erased on a power reset. + * + * A key with this lifetime is typically stored in the RAM area of the + * PSA Crypto subsystem. However this is an implementation choice. + * If an implementation stores data about the key in a non-volatile memory, + * it must release all the resources associated with the key and erase the + * key material if the calling application terminates. */ #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000) @@ -1555,9 +1563,43 @@ * This lifetime value is the default storage area for the calling * application. Implementations may offer other storage areas designated * by other lifetime values as implementation-specific extensions. + * See ::psa_key_lifetime_location_t for more information. */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) +#define PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE ((psa_key_lifetime_persistence_t)0x00) +#define PSA_KEY_LIFETIME_PERSISTENCE_PRIMARY ((psa_key_lifetime_persistence_t)0x01) +#define PSA_KEY_LIFETIME_PERSISTENCE_READ_ONLY ((psa_key_lifetime_persistence_t)0xff) + +#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ + ((psa_key_lifetime_persistence_t)((lifetime) & 0x000000ff) + +#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \ + ((psa_key_lifetime_location_t)((lifetime) >> 8) + +/** Whether a key lifetime indicates that the key is volatile. + * + * A volatile key is automatically destroyed by the implementation when + * the application instance terminates. In particular, a volatile key + * is automatically destroyed on a power reset of the device. + * + * A key that is not volatile is persistent. Persistent keys are + * preserved until the application explicitly destroys them or until an + * implementation-specific device management event occurs (for example, + * a factory reset). + * + * \param lifetime The lifetime value to query (value of type + * ::psa_key_lifetime_t). + * + * \return \c 1 if the key is volatile, otherwise \c 0. + */ +#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \ + (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ + PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) + +#define PSA_KEY_LIFETIME_LOCATION_BUILT_IN ((psa_key_lifetime_location_t)0x000000) +#define PSA_KEY_LIFETIME_LOCATION_VENDOR_FLAG ((psa_key_lifetime_location_t)0x800000) + /** The minimum value for a key identifier chosen by the application. */ #define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001) From bbb3c1815ab5c5e1ce9d86d05e08bb3f49e47ab3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 May 2020 18:42:06 +0200 Subject: [PATCH 02/12] Shorten type and value names for lifetime parts Drop lifetime_ or LIFETIME_ to make the names shorter. They're still unambiguous. Signed-off-by: Gilles Peskine --- include/psa/crypto_types.h | 14 +++++++------- include/psa/crypto_values.h | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 2f0f74699..de72b5944 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -113,11 +113,11 @@ typedef uint32_t psa_algorithm_t; * persistence level. This value indicates what device management * actions can cause it to be destroyed. In particular, it indicates * whether the key is _volatile_ or _persistent_. - * See ::psa_key_lifetime_persistence_t for more information. + * See ::psa_key_persistence_t for more information. * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)): * location indicator. This value indicates where the key is stored * and where operations on the key are performed. - * See ::psa_key_lifetime_location_t for more information. + * See ::psa_key_location_t for more information. * * Volatile keys are automatically destroyed when the application instance * terminates or on a power reset of the device. Persistent keys are @@ -150,11 +150,11 @@ typedef uint32_t psa_key_lifetime_t; * scope of the PSA Cryptography specification. * * This specification defines the following values of persistence levels: - * - \c 0 = #PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE: volatile key. + * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key. * A volatile key is automatically destroyed by the implementation when * the application instance terminates. In particular, a volatile key * is automatically destroyed on a power reset of the device. - * - \c 1 = #PSA_KEY_LIFETIME_PERSISTENCE_PRIMARY: + * - \c 1 = #PSA_KEY_PERSISTENCE_PRIMARY: * persistent key with a default lifetime. * Implementations should support this value if they support persistent * keys at all. @@ -168,7 +168,7 @@ typedef uint32_t psa_key_lifetime_t; * implementations may choose the meaning freely. * As a guideline, higher persistence levels should cause a key to survive * more management events than lower levels. - * - \c 255 = #PSA_KEY_LIFETIME_PERSISTENCE_READ_ONLY: + * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY: * read-only or write-once key. * A key with this persistence level cannot be destroyed. * Implementations that support such keys may either allow their creation @@ -183,7 +183,7 @@ typedef uint32_t psa_key_lifetime_t; * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which * encode the persistence as the lower 8 bits of a 32-bit value. */ -typedef uint8_t psa_key_lifetime_persistence_t; +typedef uint8_t psa_key_persistence_t; /** Encoding of key location indicators. * @@ -217,7 +217,7 @@ typedef uint8_t psa_key_lifetime_persistence_t; * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which * encode the location as the upper 24 bits of a 32-bit value. */ -typedef uint32_t psa_key_lifetime_location_t; +typedef uint32_t psa_key_location_t; /** Encoding of identifiers of persistent keys. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 14cae3932..1d2068b38 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1567,15 +1567,15 @@ */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) -#define PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE ((psa_key_lifetime_persistence_t)0x00) -#define PSA_KEY_LIFETIME_PERSISTENCE_PRIMARY ((psa_key_lifetime_persistence_t)0x01) -#define PSA_KEY_LIFETIME_PERSISTENCE_READ_ONLY ((psa_key_lifetime_persistence_t)0xff) +#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) +#define PSA_KEY_PERSISTENCE_PRIMARY ((psa_key_persistence_t)0x01) +#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ - ((psa_key_lifetime_persistence_t)((lifetime) & 0x000000ff) + ((psa_key_persistence_t)((lifetime) & 0x000000ff) #define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \ - ((psa_key_lifetime_location_t)((lifetime) >> 8) + ((psa_key_location_t)((lifetime) >> 8) /** Whether a key lifetime indicates that the key is volatile. * @@ -1597,8 +1597,8 @@ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) -#define PSA_KEY_LIFETIME_LOCATION_BUILT_IN ((psa_key_lifetime_location_t)0x000000) -#define PSA_KEY_LIFETIME_LOCATION_VENDOR_FLAG ((psa_key_lifetime_location_t)0x800000) +#define PSA_KEY_LOCATION_BUILT_IN ((psa_key_location_t)0x000000) +#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) /** The minimum value for a key identifier chosen by the application. */ From 5dcb74f02fd8f2b090abc38df471492200d2dbe4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 May 2020 18:42:44 +0200 Subject: [PATCH 03/12] PSA_KEY_LIFETIME_PERSISTENT is a lifetime, not just a storage area Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 1d2068b38..ded1756e2 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1552,7 +1552,7 @@ */ #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000) -/** The default storage area for persistent keys. +/** The default lifetime for persistent keys. * * A persistent key remains in storage until it is explicitly destroyed or * until the corresponding storage area is wiped. This specification does @@ -1563,7 +1563,7 @@ * This lifetime value is the default storage area for the calling * application. Implementations may offer other storage areas designated * by other lifetime values as implementation-specific extensions. - * See ::psa_key_lifetime_location_t for more information. + * See ::psa_key_lifetime_t for more information. */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) From ee04e6995629c094a666ac34e166440380dbb768 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 May 2020 18:52:21 +0200 Subject: [PATCH 04/12] Rename and clarify the default persistent location and persistence Call persistence "default" because that is genuinely the default that applications should use if they don't know better. It's slightly misleading in that the default persistence when you create a key is volatile, not this: "default" is the default persistence for persistent keys, not the default persistence for keys in general. But we haven't found a better name. Introduce the term "primary local storage" to designate the default storage location. Signed-off-by: Gilles Peskine --- include/psa/crypto_types.h | 10 +++++----- include/psa/crypto_values.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index de72b5944..b45571409 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -154,7 +154,7 @@ typedef uint32_t psa_key_lifetime_t; * A volatile key is automatically destroyed by the implementation when * the application instance terminates. In particular, a volatile key * is automatically destroyed on a power reset of the device. - * - \c 1 = #PSA_KEY_PERSISTENCE_PRIMARY: + * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT: * persistent key with a default lifetime. * Implementations should support this value if they support persistent * keys at all. @@ -195,15 +195,15 @@ typedef uint8_t psa_key_persistence_t; * the key is stored. * * This specification defines the following values of location indicators: - * - \c 0: default location. + * - \c 0: primary local storage. * All implementations should support this value. - * The default location typically indicates that the key material is - * used and stored within the same security boundary as the key metadata. + * The primary local storage is typically the same storage area that + * contains the key metadata. * - \c 1: primary secure element. * Implementations should support this value if there is a secure element * attached to the operating environment. * As a guideline, secure elements may provide higher resistance against - * side channel and physical attacks than the default location, but may + * side channel and physical attacks than the primary local storage, but may * have restrictions on supported key types, sizes, policies and operations * and may have different performance characteristics. * - \c 2-0x7fffff: other locations defined by a PSA specification. diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index ded1756e2..48e085c08 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1568,7 +1568,7 @@ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) #define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) -#define PSA_KEY_PERSISTENCE_PRIMARY ((psa_key_persistence_t)0x01) +#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01) #define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ @@ -1597,7 +1597,7 @@ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) -#define PSA_KEY_LOCATION_BUILT_IN ((psa_key_location_t)0x000000) +#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000) #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) /** The minimum value for a key identifier chosen by the application. From aff1181d671f09315a549f80616b0ae8877f1109 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 May 2020 19:03:10 +0200 Subject: [PATCH 05/12] Document PSA_KEY_PERSISTENCE_xxx and PSA_KEY_LOCATION_xxx Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 48e085c08..ee125ab4c 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1567,8 +1567,22 @@ */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) +/** The persistence level of volatile keys. + * + * See ::psa_key_persistence_t for more information. + */ #define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) + +/** The default persistence level for persistent keys. + * + * See ::psa_key_persistence_t for more information. + */ #define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01) + +/** A persistence level indicating that a key is never destroyed. + * + * See ::psa_key_persistence_t for more information. + */ #define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ @@ -1597,7 +1611,15 @@ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) +/** The local storage area for persistent keys. + * + * This storage area is available on all systems that can store persistent + * keys without delegating the storage to a third-party cryptoprocessor. + * + * See ::psa_key_location_t for more information. + */ #define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000) + #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) /** The minimum value for a key identifier chosen by the application. From c4ee2f3a87b3b101e02032228d674e4f48d9cf16 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 May 2020 19:07:18 +0200 Subject: [PATCH 06/12] Define a macro to construct a lifetime from persistence and location Applications need this to combine implementation-specific values of persistence levels and location indicators. Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index ee125ab4c..ed8471e7b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1611,6 +1611,18 @@ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) +/** Construct a lifetime from a persistence level and a location. + * + * \param persistence The persistence level + * (value of type ::psa_key_persistence_t). + * \param location The location indicator + * (value of type ::psa_key_location_t). + * + * \return The constructed lifetime value. + */ +#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \ + ((location) << 8 | (persistence)) + /** The local storage area for persistent keys. * * This storage area is available on all systems that can store persistent From e3871f8ae8ff565b3286a45373c322a4feae9da4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 May 2020 17:32:15 +0200 Subject: [PATCH 07/12] Missing word Co-authored-by: Janos Follath Signed-off-by: Gilles Peskine --- include/psa/crypto_types.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index b45571409..41f1bea77 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -207,7 +207,7 @@ typedef uint8_t psa_key_persistence_t; * have restrictions on supported key types, sizes, policies and operations * and may have different performance characteristics. * - \c 2-0x7fffff: other locations defined by a PSA specification. - * The PSA Cryptography does not currently assign any meaning to these + * The PSA Cryptography API does not currently assign any meaning to these * locations, but future versions of this specification or other PSA * specifications may do so. * - \c 0x800000-0xffffff: vendor-defined locations. From 4cfa443d2a2ae2ec184b5d44d40bb361f038d0da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 May 2020 13:44:32 +0200 Subject: [PATCH 08/12] Fix macros Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index ed8471e7b..18b2d5ad1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1586,10 +1586,10 @@ #define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ - ((psa_key_persistence_t)((lifetime) & 0x000000ff) + ((psa_key_persistence_t)((lifetime) & 0x000000ff)) #define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \ - ((psa_key_location_t)((lifetime) >> 8) + ((psa_key_location_t)((lifetime) >> 8)) /** Whether a key lifetime indicates that the key is volatile. * From 52ac958d6bc45b3adab41d72c810d6b1d1fe849d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 00:39:18 +0200 Subject: [PATCH 09/12] Update the SE interface to pass a location when registering a driver Now that lifetimes have structures and secure element drivers handle all the lifetimes with a certain location, update driver registration to take a location as argument rather than a lifetime. This commit updates the PSA specification draft. Signed-off-by: Gilles Peskine --- include/psa/crypto_se_driver.h | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 7ac1ed1c4..869fa3f27 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -119,8 +119,10 @@ typedef struct { * \param[in,out] drv_context The driver context structure. * \param[in,out] persistent_data A pointer to the persistent data * that allows writing. - * \param lifetime The lifetime value for which this driver - * is registered. + * \param location The location value for which this driver + * is registered. The driver will be invoked + * for all keys whose lifetime is in this + * location. * * \retval #PSA_SUCCESS * The driver is operational. @@ -132,7 +134,7 @@ typedef struct { */ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, void *persistent_data, - psa_key_lifetime_t lifetime); + psa_key_location_t location); #if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Mbed Crypto with secure element support enabled defines this type in @@ -1341,17 +1343,19 @@ typedef struct { * after psa_crypto_init(). * * \note Implementations store metadata about keys including the lifetime - * value. Therefore, from one instantiation of the PSA Cryptography + * value, which contains the driver's location indicator. Therefore, + * from one instantiation of the PSA Cryptography * library to the next one, if there is a key in storage with a certain * lifetime value, you must always register the same driver (or an * updated version that communicates with the same secure element) - * with the same lifetime value. + * with the same location value. * - * \param lifetime The lifetime value through which this driver will + * \param location The location value through which this driver will * be exposed to applications. - * The values #PSA_KEY_LIFETIME_VOLATILE and - * #PSA_KEY_LIFETIME_PERSISTENT are reserved and - * may not be used for drivers. Implementations + * This driver will be used for all keys such that + * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`. + * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved + * and may not be used for drivers. Implementations * may reserve other values. * \param[in] methods The method table of the driver. This structure must * remain valid for as long as the cryptography From 2b04f4683b6727293b042d112ef7125f573accfe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 00:44:04 +0200 Subject: [PATCH 10/12] Update SE support to pass a location when registering a driver Now that lifetimes have structures and secure element drivers handle all the lifetimes with a certain location, update driver registration to take a location as argument rather than a lifetime. This commit updates the Mbed TLS implementation. Signed-off-by: Gilles Peskine --- library/psa_crypto_se.c | 58 ++++++++++++++++++++--------------------- library/psa_crypto_se.h | 23 ++++++++-------- 2 files changed, 40 insertions(+), 41 deletions(-) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index b9f186a96..087c768f4 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -66,7 +66,7 @@ typedef struct struct psa_se_drv_table_entry_s { - psa_key_lifetime_t lifetime; + psa_key_location_t location; const psa_drv_se_t *methods; union { @@ -81,15 +81,16 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry( psa_key_lifetime_t lifetime ) { size_t i; - /* In the driver table, lifetime=0 means an entry that isn't used. - * No driver has a lifetime of 0 because it's a reserved value - * (which designates volatile keys). Make sure we never return - * a driver entry for lifetime 0. */ - if( lifetime == 0 ) + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); + /* In the driver table, location=0 means an entry that isn't used. + * No driver has a location of 0 because it's a reserved value + * (which designates transparent keys). Make sure we never return + * a driver entry for location 0. */ + if( location == 0 ) return( NULL ); for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].lifetime == lifetime ) + if( driver_table[i].location == location ) return( &driver_table[i] ); } return( NULL ); @@ -129,7 +130,7 @@ static psa_status_t psa_get_se_driver_its_file_uid( const psa_se_drv_table_entry_t *driver, psa_storage_uid_t *uid ) { - if( driver->lifetime > PSA_MAX_SE_LIFETIME ) + if( driver->location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); #if SIZE_MAX > UINT32_MAX @@ -139,7 +140,7 @@ static psa_status_t psa_get_se_driver_its_file_uid( #endif /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ - *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime; + *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location; return( PSA_SUCCESS ); } @@ -186,12 +187,12 @@ psa_status_t psa_save_se_persistent_data( 0 ) ); } -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ) +psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ) { psa_storage_uid_t uid; - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); - uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime; + uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location; return( psa_its_remove( uid ) ); } @@ -202,9 +203,11 @@ psa_status_t psa_find_se_slot_for_key( psa_key_slot_number_t *slot_number ) { psa_status_t status; + psa_key_location_t key_location = + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); - /* If the lifetime is wrong, it's a bug in the library. */ - if( driver->lifetime != psa_get_key_lifetime( attributes ) ) + /* If the location is wrong, it's a bug in the library. */ + if( driver->location != key_location ) return( PSA_ERROR_CORRUPTION_DETECTED ); /* If the driver doesn't support key creation in any way, give up now. */ @@ -278,7 +281,7 @@ psa_status_t psa_init_all_se_drivers( void ) for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { psa_se_drv_table_entry_t *driver = &driver_table[i]; - if( driver->lifetime == 0 ) + if( driver->location == 0 ) continue; /* skipping unused entry */ const psa_drv_se_t *methods = psa_get_se_driver_methods( driver ); if( methods->p_init != NULL ) @@ -286,7 +289,7 @@ psa_status_t psa_init_all_se_drivers( void ) psa_status_t status = methods->p_init( &driver->u.context, driver->u.internal.persistent_data, - driver->lifetime ); + driver->location ); if( status != PSA_SUCCESS ) return( status ); status = psa_save_se_persistent_data( driver ); @@ -304,7 +307,7 @@ psa_status_t psa_init_all_se_drivers( void ) /****************************************************************/ psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, + psa_key_location_t location, const psa_drv_se_t *methods) { size_t i; @@ -313,33 +316,30 @@ psa_status_t psa_register_se_driver( if( methods->hal_version != PSA_DRV_SE_HAL_VERSION ) return( PSA_ERROR_NOT_SUPPORTED ); /* Driver table entries are 0-initialized. 0 is not a valid driver - * lifetime because it means a volatile key. */ + * location because it means a transparent key. */ #if defined(static_assert) - static_assert( PSA_KEY_LIFETIME_VOLATILE == 0, - "Secure element support requires 0 to mean a volatile key" ); + static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0, + "Secure element support requires 0 to mean a local key" ); #endif - if( lifetime == PSA_KEY_LIFETIME_VOLATILE || - lifetime == PSA_KEY_LIFETIME_PERSISTENT ) - { + if( location == PSA_KEY_LOCATION_LOCAL_STORAGE ) return( PSA_ERROR_INVALID_ARGUMENT ); - } - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].lifetime == 0 ) + if( driver_table[i].location == 0 ) break; - /* Check that lifetime isn't already in use up to the first free + /* Check that location isn't already in use up to the first free * entry. Since entries are created in order and never deleted, * there can't be a used entry after the first free entry. */ - if( driver_table[i].lifetime == lifetime ) + if( driver_table[i].location == location ) return( PSA_ERROR_ALREADY_EXISTS ); } if( i == PSA_MAX_SE_DRIVERS ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - driver_table[i].lifetime = lifetime; + driver_table[i].location = location; driver_table[i].methods = methods; driver_table[i].u.internal.persistent_data_size = methods->persistent_data_size; diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 86bf7a7b1..c1450656c 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -31,31 +31,30 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" -/** The maximum lifetime value that this implementation supports +/** The maximum location value that this implementation supports * for a secure element. * * This is not a characteristic that each PSA implementation has, but a * limitation of the current implementation due to the constraints imposed * by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. * - * The minimum lifetime value for a secure element is 2, like on any - * PSA implementation (0=volatile and 1=internal-storage are taken). + * The minimum location value for a secure element is 1, like on any + * PSA implementation (0 means a transparent key). */ -#define PSA_MAX_SE_LIFETIME 255 +#define PSA_MAX_SE_LOCATION 255 /** The base of the range of ITS file identifiers for secure element * driver persistent data. * * We use a slice of the implemenation reserved range 0xffff0000..0xffffffff, * specifically the range 0xfffffe00..0xfffffeff. The length of this range - * drives the value of #PSA_MAX_SE_LIFETIME. - * The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since - * they correspond to #PSA_KEY_LIFETIME_VOLATILE and - * #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver. + * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is + * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE + * which doesn't have a driver. */ #define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 ) -/** The maximum number of registered secure element driver lifetimes. */ +/** The maximum number of registered secure element driver locations. */ #define PSA_MAX_SE_DRIVERS 4 /** Unregister all secure element drivers. @@ -173,10 +172,10 @@ psa_status_t psa_save_se_persistent_data( * * This is currently only used for testing. * - * \param[in] lifetime The driver lifetime whose persistent data should - * be erased. + * \param[in] location The location identifier for the driver whose + * persistent data is to be erased. */ -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ); +psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ); /** The storage representation of a key whose data is in a secure element. From 344e15b0107a4354f23ead88ecc1069106e60df0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 00:44:30 +0200 Subject: [PATCH 11/12] Update SE support to pass a location when registering a driver Now that lifetimes have structures and secure element drivers handle all the lifetimes with a certain location, update driver registration to take a location as argument rather than a lifetime. This commit updates the tests. Signed-off-by: Gilles Peskine --- include/psa/crypto_se_driver.h | 2 +- .../test_suite_psa_crypto_se_driver_hal.data | 17 +-- ...st_suite_psa_crypto_se_driver_hal.function | 123 ++++++++++-------- ..._suite_psa_crypto_se_driver_hal_mocks.data | 11 +- ...te_psa_crypto_se_driver_hal_mocks.function | 56 ++++---- 5 files changed, 117 insertions(+), 92 deletions(-) diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 869fa3f27..0c28579db 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -1380,7 +1380,7 @@ typedef struct { * \return PSA_ERROR_NOT_PERMITTED */ psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, + psa_key_location_t location, const psa_drv_se_t *methods); /**@}*/ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 0c2411b34..55c34266b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -6,14 +6,11 @@ register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS Register SE driver: good, again register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS -Register SE driver: invalid lifetime (0) +Register SE driver: invalid location (0) register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT -Register SE driver: invalid lifetime (VOLATILE) -register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT - -Register SE driver: invalid lifetime (PERSISTENT) -register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT +Register SE driver: invalid location (local) +register_one:PSA_KEY_LOCATION_LOCAL_STORAGE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT Register SE driver: invalid version (ancient) register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED @@ -121,7 +118,7 @@ Key generation smoke test: HMAC-SHA-256 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test -register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS Key registration: invalid lifetime (volatile) register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT @@ -130,13 +127,13 @@ Key registration: invalid lifetime (internal storage) register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (no registered driver) -register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT Key registration: rejected -register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED Key registration: not supported -register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index b468d5e5c..f95f7e526 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -18,8 +18,14 @@ /* Test driver helpers */ /****************************************************************/ -/** The minimum valid lifetime value for a secure element driver. */ -#define MIN_DRIVER_LIFETIME 2 +/** The minimum valid location value for a secure element driver. */ +#define MIN_DRIVER_LOCATION 1 + +/** The location and lifetime used for tests that use a single driver. */ +#define TEST_DRIVER_LOCATION 1 +#define TEST_SE_PERSISTENT_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) /** The driver detected a condition that shouldn't happen. * This is probably a bug in the library. */ @@ -547,7 +553,7 @@ static int check_key_attributes( psa_get_key_lifetime( &actual_attributes ); psa_status_t status = psa_get_key_slot_number( &actual_attributes, &actual_slot_number ); - if( lifetime < MIN_DRIVER_LIFETIME ) + if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION ) { /* The key is not in a secure element. */ TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); @@ -571,23 +577,23 @@ exit: return( ok ); } -/* Get the file UID corresponding to the specified lifetime. +/* Get the file UID corresponding to the specified location. * If this changes, the storage format version must change. * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. */ -psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime ) +psa_storage_uid_t file_uid_for_location( psa_key_location_t location ) { - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( 0 ); - return( 0xfffffe00 + lifetime ); + return( 0xfffffe00 + location ); } /* Check that the persistent data of a driver has its expected content. */ -static int check_persistent_data( psa_key_lifetime_t lifetime, +static int check_persistent_data( psa_key_location_t location, const void *expected_data, size_t size ) { - psa_storage_uid_t uid = file_uid_for_lifetime( lifetime ); + psa_storage_uid_t uid = file_uid_for_location( location ); struct psa_storage_info_t info; uint8_t *loaded = NULL; int ok = 0; @@ -737,7 +743,7 @@ exit: static void psa_purge_storage( void ) { psa_key_id_t id; - psa_key_lifetime_t lifetime; + psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ @@ -746,8 +752,8 @@ static void psa_purge_storage( void ) /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ - for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ ) - psa_destroy_se_persistent_data( lifetime ); + for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) + psa_destroy_se_persistent_data( location ); } /* END_HEADER */ @@ -758,7 +764,7 @@ static void psa_purge_storage( void ) */ /* BEGIN_CASE */ -void register_one( int lifetime, int version, int expected_status_arg ) +void register_one( int location, int version, int expected_status_arg ) { psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; @@ -766,7 +772,7 @@ void register_one( int lifetime, int version, int expected_status_arg ) memset( &driver, 0, sizeof( driver ) ); driver.hal_version = version; - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), expected_status ); PSA_ASSERT( psa_crypto_init( ) ); @@ -780,16 +786,16 @@ exit: void register_twice( int count ) { psa_drv_se_t driver; - psa_key_lifetime_t lifetime; - psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count; + psa_key_location_t location; + psa_key_location_t max = MIN_DRIVER_LOCATION + count; memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + TEST_EQUAL( psa_register_se_driver( location, &driver ), PSA_ERROR_ALREADY_EXISTS ); PSA_ASSERT( psa_crypto_init( ) ); @@ -803,16 +809,16 @@ exit: void register_max( ) { psa_drv_se_t driver; - psa_key_lifetime_t lifetime; - psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS; + psa_key_location_t location; + psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS; memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), PSA_ERROR_INSUFFICIENT_MEMORY ); PSA_ASSERT( psa_crypto_init( ) ); @@ -827,7 +833,8 @@ void key_creation_import_export( int min_slot, int restart ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -846,7 +853,7 @@ void key_creation_import_export( int min_slot, int restart ) key_management.p_export = ram_export; ram_min_slot = min_slot; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -857,7 +864,7 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -866,9 +873,9 @@ void key_creation_import_export( int min_slot, int restart ) if( restart ) { mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -894,7 +901,7 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -921,7 +928,8 @@ void key_creation_in_chosen_slot( int slot_arg, psa_status_t status; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -937,7 +945,7 @@ void key_creation_in_chosen_slot( int slot_arg, key_management.p_destroy = ram_destroy; key_management.p_export = ram_export; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -953,7 +961,7 @@ void key_creation_in_chosen_slot( int slot_arg, if( status != PSA_SUCCESS ) goto exit; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -962,9 +970,9 @@ void key_creation_in_chosen_slot( int slot_arg, if( restart ) { mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -980,7 +988,7 @@ void key_creation_in_chosen_slot( int slot_arg, PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -1002,7 +1010,8 @@ void import_key_smoke( int type_arg, int alg_arg, psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1016,7 +1025,7 @@ void import_key_smoke( int type_arg, int alg_arg, key_management.p_import = null_import; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -1031,7 +1040,7 @@ void import_key_smoke( int type_arg, int alg_arg, PSA_ASSERT( psa_import_key( &attributes, key_material->x, key_material->len, &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1041,9 +1050,9 @@ void import_key_smoke( int type_arg, int alg_arg, /* Restart and try again. */ mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; PSA_ASSERT( psa_open_key( id, &handle ) ); @@ -1053,7 +1062,7 @@ void import_key_smoke( int type_arg, int alg_arg, /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; TEST_EQUAL( psa_open_key( id, &handle ), @@ -1073,7 +1082,8 @@ void generate_key_not_supported( int type_arg, int bits_arg ) size_t bits = bits_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1086,7 +1096,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) key_management.p_allocate = counter_allocate; /* No p_generate method */ - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -1111,7 +1121,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1125,7 +1136,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) key_management.p_generate = null_generate; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -1139,7 +1150,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1149,9 +1160,9 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* Restart and try again. */ mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; PSA_ASSERT( psa_open_key( id, &handle ) ); @@ -1161,7 +1172,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; TEST_EQUAL( psa_open_key( id, &handle ), @@ -1190,7 +1201,8 @@ void sign_verify( int flow, psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t drv_handle = 0; /* key managed by the driver */ psa_key_handle_t sw_handle = 0; /* transparent key */ @@ -1229,7 +1241,7 @@ void sign_verify( int flow, } asymmetric.p_verify = ram_verify; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Prepare to create two keys with the same key material: a transparent @@ -1347,6 +1359,7 @@ void register_key_smoke_test( int lifetime_arg, int expected_status_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; @@ -1371,7 +1384,7 @@ void register_key_smoke_test( int lifetime_arg, ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED ); } - PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) ); + PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -1395,7 +1408,7 @@ void register_key_smoke_test( int lifetime_arg, /* Restart and try again. */ PSA_DONE( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_open_key( id, &handle ) ); if( ! check_key_attributes( handle, &attributes ) ) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data index f60bd7602..23e035a41 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data @@ -1,11 +1,14 @@ SE init mock test: success -mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 +mock_init:1:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 SE init mock test: failure -mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1 +mock_init:1:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1 -SE init mock test: invalid lifetime -mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 +SE init mock test: invalid location (0) +mock_init:0:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 + +SE init mock test: location not supported (INT_MAX) +mock_init:INT_MAX:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 SE key importing mock test mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 9f17b84f1..f6acb0727 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -5,10 +5,16 @@ #include "psa_crypto_se.h" #include "psa_crypto_storage.h" +/** The location and lifetime used for tests that use a single driver. */ +#define TEST_DRIVER_LOCATION 1 +#define TEST_SE_PERSISTENT_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) + static struct { uint16_t called; - psa_key_lifetime_t lifetime; + psa_key_location_t location; psa_status_t return_value; } mock_init_data; @@ -84,7 +90,7 @@ static struct static void psa_purge_storage( void ) { psa_key_id_t id; - psa_key_lifetime_t lifetime; + psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ @@ -93,8 +99,8 @@ static void psa_purge_storage( void ) /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ - for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ ) - psa_destroy_se_persistent_data( lifetime ); + for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) + psa_destroy_se_persistent_data( location ); } static void mock_teardown( void ) @@ -113,13 +119,13 @@ static void mock_teardown( void ) static psa_status_t mock_init( psa_drv_se_context_t *drv_context, void *persistent_data, - psa_key_lifetime_t lifetime ) + psa_key_location_t location ) { (void) drv_context; (void) persistent_data; mock_init_data.called++; - mock_init_data.lifetime = lifetime; + mock_init_data.location = location; return( mock_init_data.return_value ); } @@ -279,13 +285,13 @@ psa_status_t mock_destroy( psa_drv_se_context_t *context, */ /* BEGIN_CASE */ -void mock_init( int lifetime_arg, +void mock_init( int location_arg, int expected_register_status_arg, int driver_status_arg, int expected_psa_status_arg, int expected_called ) { - psa_key_lifetime_t lifetime = lifetime_arg; + psa_key_location_t location = location_arg; psa_status_t expected_register_status = expected_register_status_arg; psa_status_t driver_status = driver_status_arg; psa_status_t expected_psa_status = expected_psa_status_arg; @@ -297,7 +303,7 @@ void mock_init( int lifetime_arg, mock_init_data.return_value = driver_status; - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), expected_register_status ); psa_crypto_init_called = 1; @@ -305,7 +311,7 @@ void mock_init( int lifetime_arg, TEST_EQUAL( mock_init_data.called, expected_called ); if( expected_called ) - TEST_EQUAL( mock_init_data.lifetime, lifetime ); + TEST_EQUAL( mock_init_data.location, location ); exit: if( psa_crypto_init_called ) @@ -322,7 +328,8 @@ void mock_import( int mock_alloc_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -339,7 +346,7 @@ void mock_import( int mock_alloc_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -378,7 +385,8 @@ void mock_export( int mock_export_return_value, int expected_result ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -397,7 +405,7 @@ void mock_export( int mock_export_return_value, int expected_result ) key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -431,7 +439,8 @@ void mock_generate( int mock_alloc_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -446,7 +455,7 @@ void mock_generate( int mock_alloc_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -485,7 +494,8 @@ void mock_export_public( int mock_export_public_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -503,7 +513,7 @@ void mock_export_public( int mock_export_public_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -534,7 +544,8 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -559,7 +570,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) driver.asymmetric = &asymmetric; asymmetric.p_sign = mock_sign; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -594,7 +605,8 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -618,7 +630,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) driver.asymmetric = &asymmetric; asymmetric.p_verify = mock_verify; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); From fb79dfef479be0c41ffb934af68bb6ccb28e5f7d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 00:51:22 +0200 Subject: [PATCH 12/12] Changelog entry noting the behavior change and storage format change Signed-off-by: Gilles Peskine --- ChangeLog.d/psa-lifetime-locations.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/psa-lifetime-locations.txt diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt new file mode 100644 index 000000000..6ac02bc61 --- /dev/null +++ b/ChangeLog.d/psa-lifetime-locations.txt @@ -0,0 +1,8 @@ +Default behavior changes + * In the experimental PSA secure element interface, change the encoding of + key lifetimes to encode a persistence level and the location. Although C + prototypes do not effectively change, code calling + psa_register_se_driver() must be modified to pass the driver's location + instead of the keys' lifetime. If the library is upgraded on an existing + device, keys created with the old lifetime value will not be readable or + removable through Mbed TLS after the upgrade.