• Home
  • Raw
  • Download

Lines Matching full:secure

34 …)` for a key destruction). This also holds for an opaque key stored in a secure element that does …
38 * [Key management for stateful secure element keys](#designing-key-management-for-secure-element-ke…
44 ## Designing key management for secure element keys
46secure element key” to mean a key stored in a stateful secure element, i.e. a secure element that …
48 ### Assumptions on stateful secure elements
50 **Assumption: driver calls for key management in stateful secure elements are atomic and committing…
52 (For stateless secure elements, this assumption is vacuously true.)
56 For a secure element key, key management requires a commitment on both sites. For example, consider…
58 1. The core sends a request to the secure element to create a key.
59 2. The secure element modifies its key store to create the key.
60 3. The secure element reports to the core that the key has been created.
63secure element. From an application's perspective, the core may either report that the key exists …
69 ### Overview of two-phase commit with stateful secure elements
71secure element, a successful creation process goes as follows (see [“Key management in a secure el…
74 …r _A_ used by the application interface. This step must not modify the state of the secure element.
77secure element. When this happens, it concludes the voting phase of the two-phase commit: effectiv…
83 …o find out whether the secure element completed step 5 or not, and reconcile the state of the stor…
90 3. The secure element destroys the key.
96 …o find out whether the secure element completed step 3 or not, and reconcile the state of the stor…
107 … configurations where storage writes are slow and communication with the secure element is fast, f…
119 …th a stateful secure element because the state of the internal storage needs to change both before…
121 If there is a power failure around the time of changing the state of the secure element, there must…
127 The strategies discussed in the [overview above](#overview-of-two-phase-commit-with-stateful-secure
129 …ent involves writing an intermediate state for `id` before modifying the secure element state and …
137 …ted part) or abort it (which may require a rewind in the secure element). It may call the secure e…
139 * Key creation, key not present in the secure element:
142 * Key creation, key present in the secure element:
144 …* Aborting means destroying the key in the secure element and removing any local storage used for …
145 * Key destruction, key not present in the secure element:
147 …* Aborting would mean re-creating the key in the secure element, which is impossible in general si…
148 * Key destruction, key present in the secure element:
149 …emoving any remaining local storage used for that key and destroying the key in the secure element.
150 …* Aborting means keeping the key. This requires no action on the secure element, and is only pract…
156secure element](#exploring-the-follow-the-secure-element-strategy). This requires the secure eleme…
157 …it all key destructions. This does not require querying the state of the secure element. This does…
158secure element for key creation, but always go ahead with key destruction. This requires the secur…
159 * Always abort key creation, but follow the state of the secure element for key destruction. I can'…
161 …get_key_attributes"` entry point is potentially problematic because some secure elements don't hav…
163 #### Exploring the follow-the-secure-element strategy
177 * If the key exists in the secure element, just remove it from the transaction list.
178 * If the key does not exist in the secure element, first remove the key file if it is present, then…
189 * If the key exists in the secure element, call the driver's `"destroy_key"` entry point, then remo…
190 * If the key does not exist in the secure element, remove the key file if it is still present, then…
196 …do not need to store the key's metadata until it has been created in the secure element. Therefore…
204 For key destruction, we can remove the key file before contacting the secure element. Therefore the…
219 …r: if we ensure that the key file always exists if the key exists in the secure element, then the …
221 For key creation, we need to store the key's metadata before creating in the secure element. Theref…
229 For key destruction, we need to contact the secure element before removing the key file. Therefore …
246secure elements: we aren't just replacing “create the key material” by “tell the secure element to…
248 #### Assisting secure element drivers with recovery
250 The actions of the secure element driver may themselves be non-atomic. So the driver must be given …
252 …ction was in progress and the core cannot be sure about the state of the secure element. Merely ca…
258 … functions”](#overview-of-api-functions), this concerns key management in stateful secure elements.
264 …odification of persistent state, either in storage or in the (simulated) secure element, try both …
268secure elements”](#overview-of-two-phase-commit-with-stateful-secure-elements), under the simplify…
271 * Start transaction, secure element operation, restart, recovery.
272 * Start transaction, secure element operation, commit transaction.
280 * Start transaction, secure element operation, restart, ...
281 * Start transaction, secure element operation, commit transaction.
289 … must maintain a certain invariant on the state of the world (internal storage and secure element).
301 …st, but there may be more than one transaction list, for example one per secure element. If so, ea…
303secure element must be consistent with references to keys in that secure element contained in key …
305secure element. If the transaction list does not contain the driver key identifier, and the key fi…
307 …iers, and one where it also contains the secure element's key identifier (as well as the location …
313 * If the file `id` does not exist, then no resources corresponding to that key are in a secure elem…
314 …le `id` exists and references a key in a stateful secure element, then the key is present in the s…
316 …transaction list and the file `id` exists, the key may or may not be present in the secure element.
318secure-elements): key creation must create `id` before calling the secure element's key creation e…
324 …* It is correct to destroy the key in the secure element (treating a `DOES_NOT_EXIST` error as a s…
325 …* It is correct to check whether the key exists in the secure element, and if it does, keep it and…
331 … the file `id` does not exist, then no resources corresponding to that key are in a secure element.
332 …ot in the transaction list and the file `id` exists, then the key is present in the secure element.
334 … the state of `id` in the internal storage nor the state of the key in the secure element is known.
338 * If the file `id` does not exist, then destroy the key in the secure element (treating a `DOES_NOT…
340 …* It is correct to destroy the key in the secure element (treating a `DOES_NOT_EXIST` error as a s…
341 …* It is correct to check whether the key exists in the secure element, and if it does, keep it and…
348 * Whether the key is in the secure element.
362 2. Call the secure element's key creation or destruction entry point.
369 … key file in internal storage in the internal storage before calling the secure element's key crea…
370 * During key destruction, call the secure element's key destruction entry point before removing the…
372 This choice of algorithm does not require the secure element driver to have a `"get_key_attributes"…
378 * If the file `id` does not exist, then no resources corresponding to that key are in a secure elem…
379 …le `id` exists and references a key in a stateful secure element, then the key is present in the s…
380 …nsaction list and a key exists by that identifier, the key's location is a stateful secure element.
384 To [assist secure element drivers with recovery](#assisting-secure-element-drivers-with-recovery), …
387 * If the file `id` exists, call the secure element's key destruction entry point (treating a `DOES_…
389 ## Specification of key management in stateful secure elements
391secure elements as discussed in [“Designing key management for secure element keys”](#designing-ke…
415 …rom what happens when creating a transparent key or a key in a stateless secure element: in those …
416 4. Call the secure element's key creation entry point.
421 * If the secure element's key creation entry point has been called and succeeded, call the secure e…
431 …he key's location in order to determine whether the key is in a stateful secure element, and if so…
434 2. Call the secure element's `"destroy_key"` entry point.
446 2. Call the secure element's `"destroy_key"` entry point.
463 …en to differ from the first two bytes of a [dynamic secure element transaction file](#dynamic-secu…
480 #### Dynamic secure element transaction file
482 …n file” (`PSA_CRYPTO_ITS_TRANSACTION_UID` = 0xffffff54), used by dynamic secure elements (feature …
484 For the new kind of secure element driver, we pick a different file name to avoid any mixup.
486 ## Testing key management in secure elements
494 When a stateful secure element driver is present in the build, we use this hook to verify that the …
502 * When invoked from a test secure element: on the specified key.
510 When no secure element driver is present in the build, the presence of a transaction list file duri…
514 …t secure element driver is present in the build, we run test cases on a representative selection o…
519 * Call the secure element test driver to create keys without going throught the PSA API.
522 4. Clean up the storage and the secure element test driver's state.
526 For a given key located in a secure element, the following combination of states are possible:
529 * Key in secure element: present, absent.