Skip to content

Commit 965ac0a

Browse files
frkvbjarki-andreasen
frkv
authored and
bjarki-andreasen
committed
crypto: PSA core lite addition: Old strategy for PSA attributes
-Providing an implementation for psa_get_key_attributes (used internally for key management operations). When this API is called there are direct calls to the following functions to populate psa_key_attributes_t: -cracen_kmu_get_key_slot -cracen_kmu_get_builtin_key -Providing an implementation for get_key_buffer to get the keys in RAM for usage (if RAM is used). The statement "old strategy" means that the convention of getting information about keys available "in hardware" by doing the following -Calling cracen_kmu_get_key_slot to get slot_number and lifetime -Calling cracen_kmu_get_builtin_key using slot_number and lifetime to retrieve attributes and optionally key_buffer. NOTE: This implementation uses direct calls to KMU APIs instead of calling the Mbed TLS API mbedtls_psa_platform_get_builtin_key to get slot_number and lifetime and using this in a call to psa_driver_wrapper_get_builtin_key to retrieve attributes and optionally the key buffer. This provides size optimization but prevent usage of IKG keys (identity key, MKEK and MEXT) ref: NCSDK-30323 Signed-off-by: Frank Audun Kvamtrø <[email protected]>
1 parent 53c555d commit 965ac0a

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

subsys/nrf_security/src/core/lite/psa_core_lite.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,25 @@
2020
#error No valid curve for signature validation
2121
#endif
2222

23+
psa_status_t cracen_kmu_get_builtin_key(psa_drv_slot_number_t slot_number,
24+
psa_key_attributes_t *attributes, uint8_t *key_buffer,
25+
size_t key_buffer_size, size_t *key_buffer_length);
26+
27+
static psa_status_t get_key_buffer(
28+
mbedtls_svc_key_id_t key_id, psa_key_attributes_t *attributes,
29+
uint8_t *key, size_t key_size, size_t *key_length)
30+
{
31+
psa_status_t status;
32+
psa_key_lifetime_t lifetime;
33+
psa_drv_slot_number_t slot_number;
34+
35+
status = cracen_kmu_get_key_slot(key_id, &lifetime, &slot_number);
36+
if (status != PSA_SUCCESS) {
37+
return status;
38+
}
39+
40+
return cracen_kmu_get_builtin_key(slot_number, attributes, key, key_size, key_length);
41+
}
2342

2443
#if defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) || \
2544
defined(PSA_WANT_ALG_ED25519PH)

0 commit comments

Comments
 (0)