[mbed-tls] Re: Memory Cleanup of Persistent Key Slots

-- Gilles Peskine Mbed TLS developer On 01/05/2024 18:05, Zak, Kevin via mbed-tls wrote: > > Hello, > > I am referencing the Mbed TLS (v3.5)  implementation for key slots & > how they interact with the PSA key management APIs. In the PSA > documentation > https://arm-software.github.io/psa-api/crypto/1.1/overview/implementation.html#memory-cleanup, > sections 6.3.3 and 6.3.4 describe that persistent keys (that are > handled according to the Memory cleanup rule) would have to be loaded >  from NVM on each use of the key, unless PSA_KEY_USAGE_CACHE is set. > > However, I’m not certain I see this followed in the Mbed TLS code. > ‘psa_export_key()’ is the simplest example. This function retrieves > and locks the key slot for the requested key ID using > ‘psa_get_and_lock_key_slot_with_policy()’ – this function may retrieve > the persistent key material from NVM if necessary (it seems to return > sooner if it finds that persistent key in a slot already). The > remainder of psa_export_key() copies the key material from the slot > directly to the output buffer, but it never removes the key material > from the slot. > > My understanding was that the key material should be removed from the > slot unless PSA_KEY_USAGE_CACHE was set. Can anyone clear this up for > me? Does this just mean that the reference implementation *does not* > follow the memory cleanup rule, or is the slot buffer cleared at some > later point for the persistent key? > > Thank you, > > Kevin Zak > >