Define some structure for lifetime values #3302
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
enhancement
mbed TLS team
needs-review
mpg
previously approved these changes
May 5, 2020
There was a problem hiding this comment.
I have:
- read the result of the internal discussion linked
- verified that the first commit of this PR has the same diff as the final state of Define some structure for lifetime values ARMmbed/mbed-crypto#358
- reviewed each commit here
- checked that every pending comment in the previous incarnation of this PR had been addressed.
Everything looks good to me.
|
I looked at the reported failure in the pr-merge job and it looks like a temporary glitch in the infrastructure - failed to clone the repo - not a problem with this PR. |
yanesca
previously approved these changes
May 5, 2020
gilles-peskine-arm
force-pushed
the
psa-lifetime-persistence-indicator
branch
from
e216018 to
d021b66
Compare
mpg
previously approved these changes
May 6, 2020
mpg
removed
the
needs-review
|
Does this need a ChangeLog entry? I'm not sure. |
|
So far new PSA features haven't been getting a changelog entry, but we've started to write changelog entries for behavior change. In any case, this is documentation only so far, the new feature isn't implemented. The documentation does indicate that certain lifetime values are now considered volatile, but the code doesn't treat them as such. (This is not a behavior change because the volatility of these values was previously unspecified.) So, annoyingly, we shouldn't merge this yet. |
* Lower 8 bits: persistence level
* 0: volatile
* 1: persistent (default)
* 2-127: persistent (reserved for future PSA specifications)
* 128-254: persistent (reserved for vendors)
* 255: read-only
* Upper 24 bits: location indicator
* 0: built-in
* 1: primary secure element
* 2-0x7fffff: reserved for future PSA specifications
* 0x800000-0xffffff: vendor-specific
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Drop lifetime_ or LIFETIME_ to make the names shorter. They're still unambiguous. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Call persistence "default" because that is genuinely the default that applications should use if they don't know better. It's slightly misleading in that the default persistence when you create a key is volatile, not this: "default" is the default persistence for persistent keys, not the default persistence for keys in general. But we haven't found a better name. Introduce the term "primary local storage" to designate the default storage location. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Applications need this to combine implementation-specific values of persistence levels and location indicators. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Co-authored-by: Janos Follath <janos.follath@arm.com> Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that lifetimes have structures and secure element drivers handle all the lifetimes with a certain location, update driver registration to take a location as argument rather than a lifetime. This commit updates the PSA specification draft. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that lifetimes have structures and secure element drivers handle all the lifetimes with a certain location, update driver registration to take a location as argument rather than a lifetime. This commit updates the Mbed TLS implementation. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that lifetimes have structures and secure element drivers handle all the lifetimes with a certain location, update driver registration to take a location as argument rather than a lifetime. This commit updates the tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
psa-lifetime-persistence-indicator
branch
from
7a2e015 to
fb79dfe
Compare
mpg
approved these changes
May 12, 2020
gilles-peskine-arm
added
needs-review
yanesca
approved these changes
May 12, 2020
mpg
added
approved
stevew817
added a commit
to stevew817/mbedtls
that referenced
this pull request
Jun 1, 2020
stevew817
added a commit
to stevew817/mbedtls
that referenced
this pull request
Jun 1, 2020
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here is a description of how to encode lifetime values. We intend to include the types and values defined in this pull request with the same semantics in an upcoming release of the PSA Cryptography API specification.
This proposal is backward-compatible with the current values for volatile keys (0) and persistent keys (1). Platforms with a secure element (i.e. a cryptoprocessor that can process keys which are not accessible to the PSA crypto core) should use the lifetime 0x1ff (whether the key material is stored inside the secure element, or in generic PSA storage in a form wrapped by the secure element).
This pull request defines the lifetime structure, but does not yet implement any new feature. A future pull request will adapt the (currently experimental) secure element support code accordingly.
This stems from an internal discussion (private link). This pull request is a continuation of ARMmbed/mbed-crypto#358. The first commit here is the final state of that mbed-crypto PR (the history there wasn't worth carrying over).
Status: API approved. Now needs to be implemented (treat all volatile values as such, even if they're in a secure element).