Psa/tfm pkcs11 #3
Conversation
Signed-off-by: Charley Chu <haoc@cypress.com>
A typical sequence to query a key’s attributes is as follows: 1. Call psa_get_key_attributes(). 2. Call psa_get_key_xxx functions to retrieve the attribute(s) that you are interested in. 3. Call psa_reset_key_attributes() to free any resources that may be used by the attribute structure. Signed-off-by: Charley Chu <haoc@cypress.com>
Signed-off-by: Charley Chu <haoc@cypress.com>
Signed-off-by: Charley Chu <haoc@cypress.com>
TF-Mv1.0 doesn't support persistent key Signed-off-by: Charley Chu <haoc@cypress.com>
| /* Close device private key which is a persistent key. Note that here we only close it other than | ||
| * destroying it so that the key can be activated by calling psa_open_key then next time it is used. | ||
| */ | ||
| xResult = PKCS11PSARemoveObject( (uint8_t *)pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS, |
There was a problem hiding this comment.
A persistent key is stored in non-volatile memory. When it is opened, the PSA crypto service read the data from the non-volatile memory and load it into volatile memory. Each time a persistent key is opened, a new volatile memory is taken. So the persistent key should be closed to free the volatile memory at the end of the shim layer. Otherwise, there will be multiple volatile memory occupied by the key.
There was a problem hiding this comment.
the decision can be made by the upper layer. If the object no longer needed, it should call C_DestroyObject() before close the session.
In AFR IDT testing, it has such scenario
- Create key/certificate objects
- run test_case_1
- run test_case_2
- Destroy the objects.
if the object is removed while close the session 1, the test_case_2 will fail as objects can't be found.
There was a problem hiding this comment.
If the object is removed and closed in C_Finalize, then in the c_findobjects, it will open the key and import it into the P11KeyConfig. So in test_case_2, it will find the object by psa_open_key. This is my implementation.
If does not remove the objects here, and does not call PKCS11PSAGetKeyHandle in c_findobjects, the key will be opened multi-times during the tests while it is already opened. This may cause open key failure as there are only 16 key entries in TF-M. This will cause the test_case_2 fail.
In your code, PKCS11PSAGetKeyHandle is called in c_findobjects and the key is not removed here, so the key is only opened one time. This should also work.
There was a problem hiding this comment.
In your implementation, the key is not closed in the PKCS#11 and uses the same key_handle that is returned by psa_open_key. But the key may be closed by other APPs, if so, the original key handle is not valid anymore or it has been allocated to another key. So I prefer to closing the key after using it.
There was a problem hiding this comment.
I see. the key is closed, not destroyed. However, we have TF-Mv1.0, which doesn't support persistent key. So, close means destroy.
I will upload a change to make this conditional - only skip those two calls for TF-Mv1.0.
Thanks,
Charley
| pkcs11configLABEL_CODE_VERIFICATION_KEY ) == 0 ) | ||
| { | ||
| xResult = FindKeyObjects( pxSession, | ||
| PSA_CODE_VERIFICATION_KEY_ID, |
There was a problem hiding this comment.
Just confirming, in c_createobjects, the code verification key is not set as a persistent key. Here still try to open the key. Is it because the key may be provisioned by others with persistent key type?
There was a problem hiding this comment.
On our board, it is capable to provision keys/certificates during manufacture.
There was a problem hiding this comment.
If so, it is reasonable to treat the code verification key as a persistent key here.
- Let upper layer to handle object removing. Signed-off-by: Charley Chu <haoc@cypress.com>
- Too many warning messages Signed-off-by: Charley Chu <haoc@cypress.com>
CharleyChu
force-pushed
the
psa/tfm-pkcs11
branch
from
32e4c66 to
30a6360
Compare
Sherryzhang2
left a comment
Sherryzhang2
left a comment
There was a problem hiding this comment.
From my understanding, the main changes in the PR are: 1. wrapped some similar code into functions. 2. add the TF-Mv1.0 macro which controls whether persistent keys are supported.
The PR looks good to me.
Thanks,
Sherry
|
Hi @CharleyChu , |
|
No problem. Thanks! |
|
Hi @CharleyChu , |
|
Will do. Thanks! |
3 participants
Description
Updates to work with TF-Mv1.0 release and vendor key support
AFR IDT test result on Cypress PSoC64 board
========== Test Summary ==========
Execution Time: 57m24s
Tests Completed: 172
Tests Passed: 171
Tests Failed: 1
Tests Skipped: 0
Test Groups:
FullTLS: PASSED
FullPKCS11_ECC: PASSED
FullPKCS11_RSA: PASSED
FullPKCS11_Core: PASSED
FullMQTT: PASSED
FreeRTOSVersion: PASSED
FreeRTOSIntegrity: FAILED
FullSecureSockets: PASSED
Optional Test Groups:
CmakeBuildSystem: PASSED
FullWiFi: PASSED
aws_demos: mqtt, greengrass
Checklist:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.