[crypto] Introduce PSAKeyAllocator #37332
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review changes with |
|
PR #37332: Size comparison from 3044eeb to 08dc578 Full report (14 builds for cc13x4_26x4, cc32xx, nrfconnect, qpg, stm32, tizen)
|
ArekBalysNordic
force-pushed
the
psa_key_allocator
branch
from
08dc578 to
efcd0cc
Compare
|
PR #37332: Size comparison from 3044eeb to efcd0cc Full report (71 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
ArekBalysNordic
force-pushed
the
psa_key_allocator
branch
from
efcd0cc to
47dcf0c
Compare
|
PR #37332: Size comparison from 11a4c4a to 47dcf0c Full report (72 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
adigie
approved these changes
Feb 7, 2025
andy31415
reviewed
Feb 11, 2025
andy31415
approved these changes
Feb 20, 2025
- Moved the PSA key definitions from CHIPCryptoPALPSA.h file to the newly created PSAKeyAllocator. - The new PSAKeyAllocator class allows for the allocation of keys in secure storage. Users can create their own PSAKeyAllocator implementation and set it to be used by the Matter stack. - If the custom implementation is not provided the default one is used and it works as the legacy solution and the mechanism is about stored keys in the PSA ITS storage. Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
The unit test: - Verifies the defaultKeyAllocator instance, key allocation and if attributes are ont changed. - Creates a new testing key allocator and verifies if it works as expected and differently than the default ones. - Switches back to the defaultKeyAllocator instance and checks if code works properly. Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
ArekBalysNordic
force-pushed
the
psa_key_allocator
branch
from
47dcf0c to
c09d133
Compare
|
PR #37332: Size comparison from 5398152 to c09d133 Full report (73 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
| * Base of the PSA key identifier range used by Matter. | ||
| * | ||
| * Cryptographic keys stored in the PSA Internal Trusted Storage must have | ||
| * a user-assigned identifer from the range PSA_KEY_ID_USER_MIN to |
There was a problem hiding this comment.
identifer -> identifier
popovdg
pushed a commit
to popovdg/connectedhomeip
that referenced
this pull request
Feb 25, 2025
* [crypto] Introduce PSAKeyAllocator - Moved the PSA key definitions from CHIPCryptoPALPSA.h file to the newly created PSAKeyAllocator. - The new PSAKeyAllocator class allows for the allocation of keys in secure storage. Users can create their own PSAKeyAllocator implementation and set it to be used by the Matter stack. - If the custom implementation is not provided the default one is used and it works as the legacy solution and the mechanism is about stored keys in the PSA ITS storage. Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no> * [crypto] Added a unit test for PSAKeyAllocator The unit test: - Verifies the defaultKeyAllocator instance, key allocation and if attributes are ont changed. - Creates a new testing key allocator and verifies if it works as expected and differently than the default ones. - Switches back to the defaultKeyAllocator instance and checks if code works properly. Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no> --------- Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PSAKeyAllocator introduces a new possibility to manage PSA keys depending on the platform.
Now we can still use common PSA API in the Matter stack, but we can inject the platform-specific implementation for storing the persistent keys. Thanks to that we can use PSA ITS as well as custom a crypto driver which is available on vendor-specific platform
Allowed setting session keystore by platform. If any keystore is not set, assign the default one.
Moved the PSA key definitions from the CHIPCryptoPALPSA.h file to
the newly created PSAKeyAllocator.
The new PSAKeyAllocator class allows for the allocation of keys
in secure storage. Users can create their own PSAKeyAllocator
implementation and set it to be used by the Matter stack.
If the custom implementation is not provided the default one is
used and it works as the legacy solution the mechanism is
about stored keys in the PSA ITS storage.
Testing
Added a new unit test for the PSAKeyAllocator under the
TestPSAOpKeyStoretest suite (Separate commit in this PR).The solution is tested within the examples-nrfconnect workflow where the unit tests of the TestPSAOpKeyStore suite are run on the Posix platform.