Hello,
I am referencing the Mbed TLS (v3.5) implementation for key slots & how they interact with the PSA key management APIs. In the PSA documentationhttps://arm-software.github.io/psa-api/crypto/1.1/overview/implementation.html#memory-cleanup, sections 6.3.3 and 6.3.4 describe that persistent keys (that are handled according to the Memory cleanup rule) would have to be loaded from NVM on each use of the key, unless PSA_KEY_USAGE_CACHE is set.
However, I'm not certain I see this followed in the Mbed TLS code. 'psa_export_key()' is the simplest example. This function retrieves and locks the key slot for the requested key ID using 'psa_get_and_lock_key_slot_with_policy()' - this function may retrieve the persistent key material from NVM if necessary (it seems to return sooner if it finds that persistent key in a slot already). The remainder of psa_export_key() copies the key material from the slot directly to the output buffer, but it never removes the key material from the slot.
My understanding was that the key material should be removed from the slot unless PSA_KEY_USAGE_CACHE was set. Can anyone clear this up for me? Does this just mean that the reference implementation does not follow the memory cleanup rule, or is the slot buffer cleared at some later point for the persistent key?
Thank you,
Kevin Zak
Hello,
Mbed TLS has not implemented PSA_KEY_USAGE_CACHE (it's still a backlog issue #4218 https://github.com/Mbed-TLS/mbedtls/issues/4218), and behaves as if that flag was always set.
To save RAM after using persistent keys, you can call psa_purge_keys().
Best regards,
mbed-tls@lists.trustedfirmware.org