An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
The function mbedtls_psa_register_se_key creates a PSA key object that is backed by a secure element. If you give it a volatile lifetime, the core chooses a volatile key identifier, which is needed to use the key subsequently. However, the API does not output that key identifier, so the created volatile key just leaks memory.
My original thinking was that you would call this function once to register a key during a provisioning phase. However, there are devices with no local storage of keys, not even key metadata, but that have a secure element, and this function is useful on such devices as well. The application would register the key each time it uses it.
In the next major version of Mbed TLS, change the function to have an extra argument to output the key identifier, like the other key creation functions (psa_generate_key, etc.).
The function
mbedtls_psa_register_se_keycreates a PSA key object that is backed by a secure element. If you give it a volatile lifetime, the core chooses a volatile key identifier, which is needed to use the key subsequently. However, the API does not output that key identifier, so the created volatile key just leaks memory.My original thinking was that you would call this function once to register a key during a provisioning phase. However, there are devices with no local storage of keys, not even key metadata, but that have a secure element, and this function is useful on such devices as well. The application would register the key each time it uses it.
In the next major version of Mbed TLS, change the function to have an extra argument to output the key identifier, like the other key creation functions (
psa_generate_key, etc.).