Hello,
I am referencing the Mbed TLS (v3.5) implementation for key slots & how they interact with the PSA key management APIs. In the
PSA documentation, sections 6.3.3 and 6.3.4 describe that persistent keys (that are handled according to the Memory cleanup rule) would have to be loaded from NVM on each use of the key, unless PSA_KEY_USAGE_CACHE is set.
However, I’m not certain I see this followed in the Mbed TLS code. ‘psa_export_key()’ is the simplest example. This function retrieves and locks the key slot for the requested key ID using ‘psa_get_and_lock_key_slot_with_policy()’ – this
function may retrieve the persistent key material from NVM if necessary (it seems to return sooner if it finds that persistent key in a slot already). The remainder of psa_export_key() copies the key material from the slot directly to the output buffer, but
it never removes the key material from the slot.
My understanding was that the key material should be removed from the slot unless PSA_KEY_USAGE_CACHE was set. Can anyone clear this up for me? Does this just mean that the reference implementation
does not follow the memory cleanup rule, or is the slot buffer cleared at some later point for the persistent key?
Thank you,
Kevin Zak