Make mbedtls_psa_register_se_key usable with opaque drivers #9255

gilles-peskine-arm · 2024-06-13T13:59:23Z

The function mbedtls_psa_register_se_key creates a PSA key object that is backed by a secure element. It is currently only implemented only for dynamic secure element drivers (the feature enabled by MBEDTLS_PSA_CRYPTO_SE_C), which are going away in TF-PSA-Crypto 1.0 (i.e. Mbed TLS 4.0). But it would be useful for the new kind of opaque drivers too. It needs a new interface for that, to specify the key material (with dynamic secure elements, that comes from the slot_number parameter in the attributes).

We'll want to fix #9254 while we're at it. Thus the new prototype should probably be:

int mbedtls_psa_register_se_key(
    const psa_key_attributes_t *attributes,
    const uint8_t *data, size_t data_length,
    mbedtls_svc_key_id_t *key_id);

The text was updated successfully, but these errors were encountered:

gilles-peskine-arm added enhancement component-psa PSA keystore/dispatch layer (storage, drivers, …) api-break This issue/PR breaks the API and must wait for a new major version size-s Estimated task size: small (~2d) labels Jun 13, 2024

gilles-peskine-arm mentioned this issue Jun 13, 2024

Remove the dynamic SE interface in 4.0 #8151

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make mbedtls_psa_register_se_key usable with opaque drivers #9255

Make mbedtls_psa_register_se_key usable with opaque drivers #9255

gilles-peskine-arm commented Jun 13, 2024

Make mbedtls_psa_register_se_key usable with opaque drivers #9255

Make mbedtls_psa_register_se_key usable with opaque drivers #9255

Comments

gilles-peskine-arm commented Jun 13, 2024