Hi Andrew,
“built-in keys with a pre-defined key_id” ,I take this to mean that HUK
is a built-in key with the pre-defined key_id TFM_CRYPTO_KEY_ID_HUK,which
can be stored in OTP,EEPROM or embedded Flash of MCU.
There is no ownership of these built-in keys,however,application persisten
keys are created by an application,so application persisten keys are owned
by relevant applications.
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
http://www.mxic.com.cn
Andrew Thoelke via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent by: "TF-M" <tf-m-bounces(a)lists.trustedfirmware.org>
2021/06/02 17:33
Please respond to
Andrew Thoelke <Andrew.Thoelke(a)arm.com>
To
"tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org>, nd
<nd(a)arm.com>
cc
Subject
Re: [TF-M] Questions about psa crypto persistent key
Hi Poppy Wu,
In the v1.0.0 PSA Crypto spec, key handles were removed, and keys are now
always referred to by a key identifier.
After creating a persistent key with a key_id specified by the application
(by import, generation or derivation), the key can be used in a
cryptographic operation by passing the key_id to the operation function.
No key handles are needed anymore. See
https://armmbed.github.io/mbed-crypto/html/api/keys/lifetimes.html#persiste…
.
An implementation can provide some built-in keys with a pre-defined
key_id. Depending on the key attributes and policy, these can be used by
an application in appropriate cryptographic operations. Built-in keys can
behave differently to application persistent keys:
They cannot be destroyed by an application
They might be accessible to multiple applications
They might have different values in different applications
The implementation should provide documentation on the expected use of any
built-in keys.
We’ll need one of the TF-M team to comment on the expected use for
TFM_CRYPTO_KEY_ID_HUK.
Regards,
Andrew Thoelke
Andrew Thoelke
Software Systems Architect | Arm
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Arm.com
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Edward
Yang via TF-M
Sent: 02 June 2021 06:30
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] Questions about psa crypto persistent key
Hi Experts,
I have some questions about crypto persisten keys.
1. psa_open_key() is removed in psa crypto spec,so it is impossible to
import a persistent key into key slot with key_id,which means
encrypt/decrypt data directly with a persistent key is not allowed,these
persistent keys can only be
used to derive volatile keys which will be used for encryption/decryption,
I am not sure if I understand correctly.
2. Besides,HUK can be used to derive the other crypto keys,such as ps
crypto key.HUK may be stored in OTP area of MCU(without crypto element
such as cc312),then what's intended flow to derive crypto keys from HUK
via calling PSA crypto service?There is no reference implementation in
tf-m code.
tfm_plat_get_huk_derived_key(){
get HUK from OTP
||
||
\/
how to derive crypto key from HUK with calling crypto service?
}
3. BTW,HUK has a persistent key id TFM_CRYPTO_KEY_ID_HUK defined in
tfm_crypto_defs.h,but I haven't seen any reference to this macro. What's
the intended use of this key id?And what's the key owner of HUK?
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
http://www.mxic.com.cn
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information
and/or personal data, which is protected by applicable laws. Please be
reminded that duplication, disclosure, distribution, or use of this e-mail
(and/or its attachments) or any part thereof is prohibited. If you receive
this e-mail in error, please notify us immediately and delete this mail as
well as it attachments from your system. In addition, please be informed
that collection, processing, and/or use of personal data is prohibited
unless expressly permitted by personal data protection laws. Thank you for
your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
============================================================================
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as its attachment(s) from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
Hi,
The next Technical Forum is planned on Thursday, June 10, 15:00-16:00 UTC (US time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi Poppy,
Some feedback from my understanding on the first question.
1. Import persistent key with a key_id is still supported in the updated PSA crypto spec.
In the version of PSA crypto spec in which psa_open_key is supported, the persistent key can be opened after the reset with the key_id which is specified in the key attributes in key creation. This is not very friendly. The reason is that each time the user calls the psa_open_key, the crypto service loads the key material from slot to running area(ram or flash) thus a new associated resources is allocated. The application must eventually call psa_close_key to release the allocated associated resources. It can happen that multiple applications call psa_open_key multile times as they may do not know whether the key is opened by other applications. So it can happen that multiple copies of associated resources are allocated for the same key. This is not user friendly.
In the updated PSA crypto spec, the key material management strategy is changed. The user does not need to call the psa_open_key to load the key from slot to ram/flash. See the section of "9.4 Key identifies" of the spec:
```
Key identifiers are output from a successful call to one of the key creation functions. For persistent keys,
this is the same identifier as the one specified in the key attributes used to create the key. The key
indenter remains valid until it is invalidated by passing it to psa_destroy_key(). A volatile key identifier
must not be used after it has been invalidated.
```
So I think the user can use the key_id directly to call crypto operations, such as means encrypt, decrypt.
Regards,
Sherry Zhang
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Edward Yang via TF-M
Sent: Wednesday, June 2, 2021 1:30 PM
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] Questions about psa crypto persistent key
Hi Experts,
I have some questions about crypto persisten keys.
1. psa_open_key() is removed in psa crypto spec,so it is impossible to import a persistent key into key slot with key_id,which means encrypt/decrypt data directly with a persistent key is not allowed,these persistent keys can only be
used to derive volatile keys which will be used for encryption/decryption, I am not sure if I understand correctly.
2. Besides,HUK can be used to derive the other crypto keys,such as ps crypto key.HUK may be stored in OTP area of MCU(without crypto element such as cc312),then what's intended flow to derive crypto keys from HUK via calling PSA crypto service?There is no reference implementation in tf-m code.
tfm_plat_get_huk_derived_key(){
get HUK from OTP
||
||
\/
how to derive crypto key from HUK with calling crypto service?
}
3. BTW,HUK has a persistent key id TFM_CRYPTO_KEY_ID_HUK defined in tfm_crypto_defs.h,but I haven't seen any reference to this macro. What's the intended use of this key id?And what's the key owner of HUK?
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
http://www.mxic.com.cn<http://www.mxic.com.cn/>
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
Hi Poppy Wu,
In the v1.0.0 PSA Crypto spec, key handles were removed, and keys are now always referred to by a key identifier.
After creating a persistent key with a key_id specified by the application (by import, generation or derivation), the key can be used in a cryptographic operation by passing the key_id to the operation function. No key handles are needed anymore. See https://armmbed.github.io/mbed-crypto/html/api/keys/lifetimes.html#persiste….
An implementation can provide some built-in keys with a pre-defined key_id. Depending on the key attributes and policy, these can be used by an application in appropriate cryptographic operations. Built-in keys can behave differently to application persistent keys:
* They cannot be destroyed by an application
* They might be accessible to multiple applications
* They might have different values in different applications
The implementation should provide documentation on the expected use of any built-in keys.
We'll need one of the TF-M team to comment on the expected use for TFM_CRYPTO_KEY_ID_HUK.
Regards,
Andrew Thoelke
Andrew Thoelke
Software Systems Architect | Arm
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Arm.com
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Edward Yang via TF-M
Sent: 02 June 2021 06:30
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] Questions about psa crypto persistent key
Hi Experts,
I have some questions about crypto persisten keys.
1. psa_open_key() is removed in psa crypto spec,so it is impossible to import a persistent key into key slot with key_id,which means encrypt/decrypt data directly with a persistent key is not allowed,these persistent keys can only be
used to derive volatile keys which will be used for encryption/decryption, I am not sure if I understand correctly.
2. Besides,HUK can be used to derive the other crypto keys,such as ps crypto key.HUK may be stored in OTP area of MCU(without crypto element such as cc312),then what's intended flow to derive crypto keys from HUK via calling PSA crypto service?There is no reference implementation in tf-m code.
tfm_plat_get_huk_derived_key(){
get HUK from OTP
||
||
\/
how to derive crypto key from HUK with calling crypto service?
}
3. BTW,HUK has a persistent key id TFM_CRYPTO_KEY_ID_HUK defined in tfm_crypto_defs.h,but I haven't seen any reference to this macro. What's the intended use of this key id?And what's the key owner of HUK?
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
http://www.mxic.com.cn<http://www.mxic.com.cn/>
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
Hi,
I want to talk about whether TFM should support the PEM key format in crypto operation. In the PSA crypto spec, it describes:
```
This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported.
```
The PEM format is not the standard format described in the spec. However, in the tfm_mbedcrypto_config_default.h, the MBEDTLS_PEM_PARSE_C and the MBEDTLS_PEM_WRITE_C is defined which leads to that PEM key format operation is enabled in TFM crypto service.
In isolation level1, about more than 2000 bytes code is introduced by this feature:
.ER_TFM_CODE 0x2a01c // MBEDTLS_PEM_PARSE_C and the MBEDTLS_PEM_WRITE_C enabled
.ER_TFM_CODE 0x29848 // MBEDTLS_PEM_PARSE_C and the MBEDTLS_PEM_WRITE_C disabled
Is it necessary to support the PEM format in the key operation in crypto service at the cost of more than 2000 bytes?
Any comments on that?
Regards,
Sherry Zhang
Hi Experts,
I have some questions about crypto persisten keys.
1. psa_open_key() is removed in psa crypto spec,so it is impossible to
import a persistent key into key slot with key_id,which means
encrypt/decrypt data directly with a persistent key is not allowed,these
persistent keys can only be
used to derive volatile keys which will be used for encryption/decryption,
I am not sure if I understand correctly.
2. Besides,HUK can be used to derive the other crypto keys,such as ps
crypto key.HUK may be stored in OTP area of MCU(without crypto element
such as cc312),then what's intended flow to derive crypto keys from HUK
via calling PSA crypto service?There is no reference implementation in
tf-m code.
tfm_plat_get_huk_derived_key(){
get HUK from OTP
||
||
\/
how to derive crypto key from HUK with calling crypto service?
}
3. BTW,HUK has a persistent key id TFM_CRYPTO_KEY_ID_HUK defined in
tfm_crypto_defs.h,but I haven't seen any reference to this macro. What's
the intended use of this key id?And what's the key owner of HUK?
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
http://www.mxic.com.cn
============================================================================
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
