mbed-crypto-storage-specification.md - OpenGrok cross reference for /external/mbedtls/docs/architecture/mbed-crypto-storage-specification.md

Lines Matching +full:- +full:- +full:file
5 Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via…
14 -----------------
16 Tags: mbedcrypto-0.1.0b, mbedcrypto-0.1.0b2
23 * [PSA ITS](#file-namespace-on-its-for-0.1.0)
24 * [C stdio](#file-namespace-on-stdio-for-0.1.0)
28 * [Persistent transparent keys](#key-file-format-for-0.1.0) designated by a [slot number](#key-name…
29 * [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0) on ITS only.
33 …olatile random seed file produced with Mbed OS 5.11.x and is upgraded to a later version of Mbed O…
35 We do not make any promises regarding key storage, or regarding the nonvolatile random seed file on…
39 …file whose name is constructed from the key identifier. The way in which the file name is construc…
41 … the range is not documented in user-facing documentation: according to the user-facing documentat…
49 ### Key file format for 0.1.0
51 All integers are encoded in little-endian order in 8-bit bytes.
53 The layout of a key file is:
64 ### Nonvolatile random seed file format for 0.1.0
66 The nonvolatile random seed file contains a seed for the random generator. If present, it is rewrit…
68 The file format is just the seed as a byte string with no metadata or encoding of any kind.
70 ### File namespace on ITS for 0.1.0
72 …s a 32-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no…
74 * File 0: unused.
75 …ugh 0xfffeffff: [content](#key-file-format-for-0.1.0) of the [key whose identifier is the file ide…
76 * File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random…
79 ### File namespace on stdio for 0.1.0
83 …-time configuration value `CRYPTO_STORAGE_FILE_LOCATION` allows storing the key files in a directo…
85 * `CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0"`: used as a temporary file. Must be writable. May …
86 …psa_key_slot_%lu", key_id)` [content](#key-file-format-for-0.1.0) of the [key whose identifier](#k…
90 -----------------
92 Tags: mbedcrypto-1.0.0d4, mbedcrypto-1.0.0
99 * [PSA platform](#file-namespace-on-a-psa-platform-for-1.0.0)
100 * [library using PSA ITS](#file-namespace-on-its-as-a-library-for-1.0.0)
101 * [library using C stdio](#file-namespace-on-stdio-for-1.0.0)
105 … [Persistent transparent keys](#key-file-format-for-1.0.0) designated by a [key identifier and own…
106 * [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-1.0.0) on ITS only.
112 Information about each key is stored in a dedicated file designated by the key identifier. In integ…
114 …he file name is constructed from the key identifier depends on the storage backend. The content of…
116 …Library integration: the key file name is just the key identifier as defined in the PSA crypto spe…
117 …file name is `(uint64_t)owner_uid << 32 | key_id` where `key_id` is the key identifier from the ow…
119 ### Key file format for 1.0.0
121 The layout is identical to [0.1.0](#key-file-format-for-0.1.0) so far. However note that the encodi…
123 ### Nonvolatile random seed file format for 1.0.0
125 The nonvolatile random seed file contains a seed for the random generator. If present, it is rewrit…
127 The file format is just the seed as a byte string with no metadata or encoding of any kind.
129 … [the feature was introduced in Mbed Crypto 0.1.0](#nonvolatile-random-seed-file-format-for-0.1.0).
131 ### File namespace on a PSA platform for 1.0.0
133 …s a 64-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no…
138 * File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random…
139 …0xffffffffffff: [content](#key-file-format-for-1.0.0) of the [key whose identifier is the file ide…
141 ### File namespace on ITS as a library for 1.0.0
143 …-bit file identifier namespace. The entity using the crypto library can use arbitrary file identif…
145 This is a library integration, so there is no owner. The key file identifier is identical to the ke…
147 * File 0: unused.
148 …ugh 0xfffeffff: [content](#key-file-format-for-1.0.0) of the [key whose identifier is the file ide…
149 * File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random…
152 ### File namespace on stdio for 1.0.0
154 This is a library integration, so there is no owner. The key file identifier is identical to the ke…
156 [Identical to 0.1.0](#file-namespace-on-stdio-for-0.1.0).
164 …m integration use different sets of file names. This is annoyingly non-uniform. For example, if we…
166 It would simplify things to always have a 32-bit owner, with a nonzero value, and thus reserve the …
169 -----------------
171 Tags: mbedcrypto-1.1.0
176 Changes since [1.0.0](#mbed-crypto-1.0.0):
178 …has been replaced by an implementation of [PSA ITS over stdio](#file-namespace-on-stdio-for-1.1.0).
179 * [Some changes in the key file format](#key-file-format-for-1.1.0).
181 ### File namespace on stdio for 1.1.0
185 …-time configuration value `PSA_ITS_STORAGE_PREFIX` allows storing the key files in a directory oth…
187 * `PSA_ITS_STORAGE_PREFIX "tempfile.psa_its"`: used as a temporary file. Must be writable. May be o…
188 …-key file. The `key_id` in the name is the 64-bit file identifier, which is the [key identifier](#…
190     * File contents.
192 ### Key file format for 1.1.0
194 The key file format is identical to [1.0.0](#key-file-format-for-1.0.0), except for the following c…
199 A self-contained description of the file layout follows.
201 All integers are encoded in little-endian order in 8-bit bytes.
203 The layout of a key file is:
216 ---------------
225 * The layout of a key file now has a lifetime field before the type field.
228 ### File namespace on a PSA platform on TBD
230 …s a 64-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no…
235 …r internal use of the crypto library or crypto service. See [non-key files](#non-key-files-on-tbd).
236 …0xffffffffffff: [content](#key-file-format-for-1.0.0) of the [key whose identifier is the file ide…
238 ### File namespace on ITS as a library on TBD
240 …-bit file identifier namespace. The entity using the crypto library can use arbitrary file identif…
242 This is a library integration, so there is no owner. The key file identifier is identical to the ke…
244 * File 0: unused.
245 …ugh 0xfffeffff: [content](#key-file-format-for-1.0.0) of the [key whose identifier is the file ide…
246 …r internal use of the crypto library or crypto service. See [non-key files](#non-key-files-on-tbd).
249 ### Non-key files on TBD
251 File identifiers in the range 0xffff0000 through 0xffffffff are reserved for internal use in Mbed C…
253 …_UID_BASE + lifetime`): secure element driver storage. The content of the file is the secure eleme…
254 * File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random…
255 * File 0xffffff54 (`PSA_CRYPTO_ITS_TRANSACTION_UID`): [transaction file](#transaction-file-format-f…
258 ### Key file format for TBD
260 All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated.
262 The layout of a key file is:
274     * For an opaque key (unified driver interface): driver-specific opaque key blob.
278 ### Transaction file format for TBD
280 The transaction file contains data about an ongoing action that cannot be completed atomically. It …
286 The layout of a transaction file is:
288 * type (2 bytes): the [transaction type](#transaction-types-on-tbd).
292 …odes the key owner in the same way as [in file identifiers for key files](#file-namespace-on-a-psa…
298     * The file containing the key metadata designated by the key identifier.
302     * The file containing the key metadata designated by the key identifier.
306 ---------------
317 ### Key file format for TBD
319 All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated.
321 The layout of a key file is:
334     * For an opaque key (unified driver interface): driver-specific opaque key blob.
339 ---------------
341 Tags: `mbedtls-2.25.0`, `mbedtls-2.26.0`, `mbedtls-2.27.0`, `mbedtls-2.28.0`, `mbedtls-3.0.0`, `mbe…
351 * [PSA platform](#file-namespace-on-a-psa-platform-on-mbed-tls-2.25.0)
352 * [library using PSA ITS](#file-namespace-on-its-as-a-library-on-mbed-tls-2.25.0)
353 * [library using C stdio](#file-namespace-on-stdio-for-mbed-tls-2.25.0)
357 * [Persistent keys](#key-file-format-for-mbed-tls-2.25.0) designated by a [key identifier and owner…
361 * [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-mbed-tls-2.25.0) on ITS only.
367 ### File namespace on a PSA platform on Mbed TLS 2.25.0
369 …s a 64-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no…
374 …nal use of the crypto library or crypto service. See [non-key files](#non-key-files-on-mbed-tls-2.…
375 …fffff: [content](#key-file-format-for-mbed-tls-2.25.0) of the [key whose identifier is the file id…
377 ### File namespace on ITS as a library on Mbed TLS 2.25.0
379 …-bit file identifier namespace. The entity using the crypto library can use arbitrary file identif…
381 This is a library integration, so there is no owner. The key file identifier is identical to the ke…
383 * File 0: unused.
384 …effff: [content](#key-file-format-for-mbed-tls-2.25.0) of the [key whose identifier is the file id…
385 …nal use of the crypto library or crypto service. See [non-key files](#non-key-files-on-mbed-tls-2.…
388 ### File namespace on stdio for Mbed TLS 2.25.0
392 …-time configuration value `PSA_ITS_STORAGE_PREFIX` allows storing the key files in a directory oth…
394 * `PSA_ITS_STORAGE_PREFIX "tempfile.psa_its"`: used as a temporary file. Must be writable. May be o…
395 …-key file. The `key_id` in the name is the 64-bit file identifier, which is the [key identifier](#…
397     * File contents.
401 Information about each key is stored in a dedicated file designated by the key identifier. In integ…
403 …file name is constructed from the key identifier depends on the storage backend. The content of th…
405 …Library integration: the key file name is just the key identifier as defined in the PSA crypto spe…
406 …file name is `(uint64_t)owner_uid << 32 | key_id` where `key_id` is the key identifier from the ow…
408 ### Key file format for Mbed TLS 2.25.0
410 All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated.
412 The layout of a key file is:
425     * For an opaque key (unified driver interface): driver-specific opaque key blob.
429 ### Non-key files on Mbed TLS 2.25.0
431 File identifiers that are outside the range of persistent key identifiers are reserved for internal…
433 …E + lifetime`): dynamic secure element driver storage. The content of the file is the secure eleme…
434 * File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random…
435 * File 0xffffff54 (`PSA_CRYPTO_ITS_TRANSACTION_UID`): [transaction file](#transaction-file-format-f…
438 ### Nonvolatile random seed file format for Mbed TLS 2.25.0
440 [Identical to Mbed Crypto 0.1.0](#nonvolatile-random-seed-file-format-for-0.1.0).
442 ### Transaction file format for Mbed TLS 2.25.0
444 The transaction file contains data about an ongoing action that cannot be completed atomically. It …
450 The layout of a transaction file is:
452 * type (2 bytes): the [transaction type](#transaction-types-on-mbed-tls-2.25.0).
456 …the key owner in the same way as [in file identifiers for key files](#file-namespace-on-a-psa-plat…
462     * The file containing the key metadata designated by the key identifier.
466     * The file containing the key metadata designated by the key identifier.