feat(auth): mbedtls psa key id mgmt
Currently the psa key is created and destroyed after each usage during
signature verification.
This redesign adds a key_cache to store the key ID, psa algorithm, and
key attributes associated with a particular pk_oid. This allows for the
psa key to be reused by each image that has the associated pk_oid.
The pk_oid of the image being authenticated is stored as the global
current_pk_oid variable, which is used during the psa crypto
verification stage to associate a key_cache entry with a particular
pk_oid.
Since the psa key is no longer destroyed after each usage, the psa keys
are therefore destroyed after all images have been loaded during each
boot phase in the new crypto_mod_finish() function that is registered
by the REGISTER_CRYPTO_LIB and enabled through the build option of
PSA_CRYTPO.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Iba330bc659a76493bd958673424efcc621bab1c4
diff --git a/include/drivers/auth/mbedtls/mbedtls_psa_crypto.h b/include/drivers/auth/mbedtls/mbedtls_psa_crypto.h
new file mode 100644
index 0000000..85c854d
--- /dev/null
+++ b/include/drivers/auth/mbedtls/mbedtls_psa_crypto.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2025, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef MBEDTLS_PSA_CRYPTO_H
+#define MBEDTLS_PSA_CRYPTO_H
+
+#define MAX_CACHED_KEYS 10
+
+typedef struct key_cache_s {
+ const char *pk_oid; /* Store OID of the public key */
+ psa_key_id_t key_id; /* PSA key ID */
+ psa_algorithm_t psa_alg; /* PSA Algorithm associated with the key */
+ psa_key_attributes_t psa_key_attr; /* PSA key attributes associated with the key */
+ bool valid; /* Whether this cache entry is valid */
+} key_cache_t;
+
+#endif /* MBEDTLS_PSA_CRYPTO_H */