Hello,

The function in your driver that implements a function that operates on a key, e.g. the "asymmetric_encrypt", has the following prototype:
psa_status_t my_driver_asymmetric_encrypt(const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, ...);
(See https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.5.0/docs/proposed/psa-driver-interface.md#overview-of-driver-entry-points)

Your driver can identify the key using the content of key_buffer. For an opaque driver, this can be either the key material in wrapped form (if your secure element doesn't have persistent storage) or an identifier chosen when the key is created (if your secure element keeps the key in its own storage, and you access the key externally through some name or identifier).

If I understand correctly, your secure element (the RSS) happens to implement the PSA API, so you access the key via a persistent key identifier. Then you should use this key identifier as the content of key_buffer.

Please note that in Mbed TLS, managing keys that are stored in a secure element is not ready for production, because it can lead to corruption if there is a power failure (https://github.com/Mbed-TLS/mbedtls/issues/8431). It's ok if you only access existing keys through the PSA API, and use proprietary means to create/destroy the keys.

(Note that this is about keys that are stored in the secure element. There is no problem for keys that can only be used by the secure element, but are stored in a wrapped form outside the secure element.)

Best regards,

--
Gilles Peskine
Mbed TLS developer and PSA Crypto architect

On 25/10/2023 08:47, Jiamei Xie via mbed-tls wrote:

Hi experts,

 

I wanted to forward some crypto operations to an external driver that provides psa_call APIs. The mbedtls version I am using 3.4.0.

 Take  psa_asymmetric_encrypt as an example, The mbedtls api is

 

psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,

                                    psa_algorithm_t alg,

                                    const uint8_t *input,

                                    size_t input_length,

                                    const uint8_t *salt,

                                    size_t salt_length,

                                    uint8_t *output,

                                    size_t output_size,

                                    size_t *output_length)

It gets attribute, key.data and key.byte from key_id. Then call function psa_driver_wrapper_asymmetric_encrypt without key_id as its argument:


    status = psa_driver_wrapper_asymmetric_encrypt(

        &attributes, slot->key.data, slot->key.bytes,

        alg, input, input_length, salt, salt_length,

        output, output_size, output_length);

 

In psa_driver_wrapper_asymmetric_encrypt, it will use different implementations according to the location value in https://github.com/Mbed-TLS/mbedtls/blob/d69d3cda34c400a55220352518e37d3d2ccea5d2/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja#L2503C13-L2503C21.

 

I define a new location definition(RSS_PSA_LOCATION. When the location is RSS_PSA_LOCATION,  making it call

psa_status_t crypto_psa_asymmetric_encrypt(psa_key_id_t key,

                                                     psa_algorithm_t alg,

                                                     const uint8_t *input,

                                                     size_t input_length,

                                                     const uint8_t *salt,

                                                     size_t salt_length,

                                                     uint8_t *output,

                                                     size_t output_size,

                                                     size_t *output_length)

 

This API require key_id. Is it possible to get key_id from attribute and key_slot?

 

Regards,

 

Jiamei Xie