Remove references to key lifetime

Changes needed after they were removed from
parallaxsecond/parsec-interface-rs#5.

Signed-off-by: Hugues de Valon <[email protected]>

Author: hug-dev

docs/operation_directory/psa_crypto/key_attributes.md

@@ -16,12 +16,6 @@
 --->
 # **PSA Crypto Key Attributes**
 
-## **Key Lifetime**
-
-Key lifetime is an attribute that determines when the key is destroyed:
-* *volatile* - key is destroyed as soon as application closes the handle of the key (e.g. when the application terminates)
-* *persistent* - key is destroyed only when the [**PSA Destroy Key**](/psa_destroy_key.md) operation is executed
-
 ## **Key Type and Algorithm**
 
 Types of cryptographic keys and cryptographic algorithms are encoded separately. Each is encoded as a field in the *Key Attributes* structure.

docs/operation_directory/psa_crypto/psa_asymmetric_sign.md

@@ -26,7 +26,6 @@ Note that to perform a hash-and-sign signature algorithm, you must first calcula
 ## **Parameters**
 
 **`key_name`**  Name of the key used for signing the hash
-**`key_lifetime`**  Lifetime of the key named in the request (see the [**key attributes**](/key_attributes.md) file for more details)
 **`hash`**  Hash of the data that must be signed
 
 ## **Result values**

docs/operation_directory/psa_crypto/psa_asymmetric_verify.md

@@ -26,7 +26,6 @@ Note that to perform a hash-and-sign signature algorithm, you must first calcula
 ## **Parameters**
 
 **`key_name`**  Name of the key used for signing the hash
-**`key_lifetime`**  Lifetime of the key named in the request (see the [**key attributes**](/key_attributes.md) file for more details)
 **`hash`**  Hash of the data that was signed
 **`signature`**  Signature that must be verified
 

docs/operation_directory/psa_crypto/psa_destroy_key.md

@@ -28,7 +28,6 @@ This function also erases any metadata such as policies and frees all resources
 ## **Parameters**
 
 **`key_name`**  Name of the key used for signing the hash
-**`key_lifetime`**  Lifetime of the key named in the request (see the [**key attributes**](/key_attributes.md) file for more details)
 
 ## **Contract**
 

docs/operation_directory/psa_crypto/psa_export_public_key.md

@@ -30,10 +30,10 @@ For standard key types, the output format is as follows:
       RSAPublicKey ::= SEQUENCE {
         modulus             INTEGER, -- n
         publicExponent      INTEGER } -- e
-* For elliptic curve public keys (key of type [`ECC_Public_Key`](/key_attributes.md)), the format is the uncompressed representation defined by *SEC1 §2.3.3* as the content of an ECPoint. Let m be the bit size associated with the curve, i.e. the bit size of q for a curve over F_q. The representation consists of:
+* For elliptic curve public keys (key of type [`ECC_Public_Key`](/key_attributes.md)), the format is the uncompressed representation defined by *SEC1 §2.3.3* as the content of an ECPoint. Let m be the bit size associated with the curve, i.e. the bit size of q for a curve over F\_q. The representation consists of:
   – The byte 0x04;
-  – x_P as a ceiling(m/8)-byte string, big-endian;
-  – y_P as a ceiling(m/8)-byte string, big-endian.
+  – x\_P as a ceiling(m/8)-byte string, big-endian;
+  – y\_P as a ceiling(m/8)-byte string, big-endian.
 * For DSA public keys ([`DSA_Public_Key`](/key_attributes.md)), the `subjectPublicKey` format is defined by *RFC 3279 §2.3.2* as `DSAPublicKey`,  with the OID `id-dsa`, and with the parameters `DSS-Parms`.
       id-dsa OBJECT IDENTIFIER ::= {
          iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
@@ -47,7 +47,6 @@ For standard key types, the output format is as follows:
 ## **Parameters**
 
 **`key_name`**  Name of the key used for signing the hash
-**`key_lifetime`**  Lifetime of the key named in the request (see the [**key attributes**](/key_attributes.md) file for more details)
 
 ## **Result values**
 

docs/operation_directory/psa_crypto/psa_import_key.md

@@ -28,7 +28,6 @@ This specification supports a single format for each key type. Implementations m
 ## **Parameters**
 
 **`key_name`**  Name of the key used for signing the hash
-**`key_lifetime`**  Lifetime of the key named in the request (see the [**key attributes**](/key_attributes.md) file for more details)
 **`key_data`**  Bytes of the key in one of the formats described above
 
 ## **Contract**

docs/source_code_structure.md

@@ -58,7 +58,7 @@ Providers can be linked statically into the service. Where this is done, they mu
 
 The `core_provider` module is a provider of operations that are implemented by the service itself, rather than by the platform's underlying security facilities. These core operations include operations for discovery, configuration and housekeeping of the service. They are not cryptographic or key management operations. (The "ping" operation is an example of one that is serviced by the core provider: it allows a client to determine whether the service itself is responding).
 
-The `mbed_provider` module houses a provider based on [**MBed Crypto**](https://github.com/ARMmbed/mbed-crypto), which is the reference implementation of the PSA Crypto API Specification. The `mbed_provider` is a full provider in its own right, and allows for the full capabilities of the service to be provided in a software-only solution. But the `mbed_provider` also services as a branching point to connect with hardware or trusted applications through its own internal Harware Abstraction Layer (HAL).
+The `mbed_provider` module houses a provider based on [**MBed Crypto**](https://github.com/ARMmbed/mbed-crypto), which is the reference implementation of the PSA Crypto API Specification. The `mbed_provider` is a full provider in its own right, and allows for the full capabilities of the service to be provided in a software-only solution. But the `mbed_provider` also services as a branching point to connect with hardware or trusted applications through its own internal Harware Abstraction Layer (HAL). This provider only supports persistent key storage.
 
 Like the `client` folder, the `provider` folder is also a key extension point for partner contributors. This project eagerly welcomes contributions of new providers in order to connect the service with the security facilities of host platforms and extend the ecosystem.
 
@@ -90,4 +90,4 @@ The `client` folder is a key extension point for partner contributors. This proj
 ## **Repository Map**
 Please refer to the following diagram to understand the overall code structure and the dependency arcs between the modules.
 
-![Repository Map](diagrams/source_code_structure.png)
+![Repository Map](diagrams/source_code_structure.png)

src/providers/mbed_provider/constants.rs

@@ -157,7 +157,6 @@ pub const PSA_ALG_KEY_DERIVATION_MASK: psa_algorithm_t = 0x010f_ffff;
 pub const PSA_ALG_SELECT_RAW: psa_algorithm_t = 0x3100_0001;
 pub const PSA_ALG_FFDH_BASE: psa_algorithm_t = 0x2210_0000;
 pub const PSA_ALG_ECDH_BASE: psa_algorithm_t = 0x2220_0000;
-pub const PSA_KEY_LIFETIME_VOLATILE: psa_key_lifetime_t = 0x0000_0000;
 pub const PSA_KEY_LIFETIME_PERSISTENT: psa_key_lifetime_t = 0x0000_0001;
 pub const PSA_KEY_USAGE_EXPORT: psa_key_usage_t = 0x0000_0001;
 pub const PSA_KEY_USAGE_ENCRYPT: psa_key_usage_t = 0x0000_0100;

src/providers/mbed_provider/conversion_utils.rs

@@ -13,16 +13,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 use super::constants::*;
-use super::psa_crypto_binding::{
-    psa_algorithm_t, psa_key_lifetime_t, psa_key_type_t, psa_key_usage_t, psa_status_t,
-};
+use super::psa_crypto_binding::{psa_algorithm_t, psa_key_type_t, psa_key_usage_t, psa_status_t};
 use parsec_interface::operations::key_attributes::*;
 use parsec_interface::requests::ResponseStatus;
 use std::convert::TryFrom;
 
 /// This structure holds key attribute values to be used by the Mbed Crypto library.
 pub struct MbedKeyAttributes {
-    pub key_lifetime: psa_key_lifetime_t,
     pub key_type: psa_key_type_t,
     pub algorithm: psa_algorithm_t,
     pub key_size: usize,
@@ -32,22 +29,13 @@ pub struct MbedKeyAttributes {
 /// Converts between native and Mbed Crypto key attributes values.
 pub fn convert_key_attributes(attrs: &KeyAttributes) -> MbedKeyAttributes {
     MbedKeyAttributes {
-        key_lifetime: convert_key_lifetime(attrs.key_lifetime),
         key_type: convert_key_type(attrs.key_type),
         algorithm: convert_algorithm(&attrs.algorithm),
         key_size: usize::try_from(attrs.key_size).expect("Key size cannot be represented as usize"),
         key_usage: convert_key_usage(attrs),
     }
 }
 
-/// Converts between native and Mbed Crypto key lifetime values.
-pub fn convert_key_lifetime(lifetime: KeyLifetime) -> psa_key_lifetime_t {
-    match lifetime {
-        KeyLifetime::Persistent => PSA_KEY_LIFETIME_PERSISTENT,
-        KeyLifetime::Volatile => PSA_KEY_LIFETIME_VOLATILE,
-    }
-}
-
 /// Converts between native and Mbed Crypto type values.
 ///
 /// # Panics

src/providers/mbed_provider/mod.rs

@@ -20,7 +20,6 @@ use std::convert::TryInto;
 use std::sync::{Arc, Mutex, RwLock};
 
 use log::{error, info, warn};
-use parsec_interface::operations::key_attributes::KeyLifetime;
 use parsec_interface::operations::ProviderInfo;
 use parsec_interface::operations::{OpAsymSign, ResultAsymSign};
 use parsec_interface::operations::{OpAsymVerify, ResultAsymVerify};
@@ -201,11 +200,13 @@ impl MbedProvider {
                             }
                         };
                         // Use psa_open_key to check if the key ID actually exists or not.
-                        let lifetime =
-                            conversion_utils::convert_key_lifetime(KeyLifetime::Persistent);
                         let mut key_handle: psa_crypto_binding::psa_key_handle_t = 0;
                         let open_key_status = unsafe {
-                            psa_crypto_binding::psa_open_key(lifetime, key_id, &mut key_handle)
+                            psa_crypto_binding::psa_open_key(
+                                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                                key_id,
+                                &mut key_handle,
+                            )
                         };
                         if open_key_status == constants::PSA_ERROR_DOES_NOT_EXIST {
                             to_remove.push(key_triple.clone());
@@ -285,7 +286,11 @@ impl Provide for MbedProvider {
                 .key_handle_mutex
                 .lock()
                 .expect("Grabbing key handle mutex failed");
-            psa_crypto_binding::psa_create_key(key_attrs.key_lifetime, key_id, &mut key_handle)
+            psa_crypto_binding::psa_create_key(
+                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                key_id,
+                &mut key_handle,
+            )
         };
 
         let ret_val: Result<ResultCreateKey>;
@@ -378,7 +383,11 @@ impl Provide for MbedProvider {
                 .key_handle_mutex
                 .lock()
                 .expect("Grabbing key handle mutex failed");
-            psa_crypto_binding::psa_create_key(key_attrs.key_lifetime, key_id, &mut key_handle)
+            psa_crypto_binding::psa_create_key(
+                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                key_id,
+                &mut key_handle,
+            )
         };
 
         let ret_val: Result<ResultImportKey>;
@@ -452,12 +461,10 @@ impl Provide for MbedProvider {
         info!("Mbed Provider - Export Public Key");
         let _semaphore_guard = self.key_slot_semaphore.access();
         let key_name = op.key_name;
-        let key_lifetime = op.key_lifetime;
         let key_triple = KeyTriple::new(app_name, ProviderID::MbedProvider, key_name);
         let store_handle = self.key_id_store.read().expect("Key store lock poisoned");
         let key_id = get_key_id(&key_triple, &*store_handle)?;
 
-        let lifetime = conversion_utils::convert_key_lifetime(key_lifetime);
         let mut key_handle: psa_crypto_binding::psa_key_handle_t = 0;
 
         let ret_val: Result<ResultExportPublicKey>;
@@ -467,7 +474,11 @@ impl Provide for MbedProvider {
                 .key_handle_mutex
                 .lock()
                 .expect("Grabbing key handle mutex failed");
-            psa_crypto_binding::psa_open_key(lifetime, key_id, &mut key_handle)
+            psa_crypto_binding::psa_open_key(
+                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                key_id,
+                &mut key_handle,
+            )
         };
 
         if open_key_status == constants::PSA_SUCCESS {
@@ -514,21 +525,23 @@ impl Provide for MbedProvider {
         info!("Mbed Provider - Destroy Key");
         let _semaphore_guard = self.key_slot_semaphore.access();
         let key_name = op.key_name;
-        let key_lifetime = op.key_lifetime;
         let key_triple = KeyTriple::new(app_name, ProviderID::MbedProvider, key_name);
         let mut store_handle = self.key_id_store.write().expect("Key store lock poisoned");
         let mut local_ids_handle = self.local_ids.write().expect("Local ID lock poisoned");
         let key_id = get_key_id(&key_triple, &*store_handle)?;
 
-        let lifetime = conversion_utils::convert_key_lifetime(key_lifetime);
         let mut key_handle: psa_crypto_binding::psa_key_handle_t = 0;
 
         let open_key_status = unsafe {
             let _guard = self
                 .key_handle_mutex
                 .lock()
                 .expect("Grabbing key handle mutex failed");
-            psa_crypto_binding::psa_open_key(lifetime, key_id, &mut key_handle)
+            psa_crypto_binding::psa_open_key(
+                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                key_id,
+                &mut key_handle,
+            )
         };
 
         if open_key_status == constants::PSA_SUCCESS {
@@ -554,21 +567,23 @@ impl Provide for MbedProvider {
         info!("Mbed Provider - Asym Sign");
         let _semaphore_guard = self.key_slot_semaphore.access();
         let key_name = op.key_name;
-        let key_lifetime = op.key_lifetime;
         let hash = op.hash;
         let key_triple = KeyTriple::new(app_name, ProviderID::MbedProvider, key_name);
         let store_handle = self.key_id_store.read().expect("Key store lock poisoned");
         let key_id = get_key_id(&key_triple, &*store_handle)?;
 
-        let lifetime = conversion_utils::convert_key_lifetime(key_lifetime);
         let mut key_handle: psa_crypto_binding::psa_key_handle_t = 0;
 
         let open_key_status = unsafe {
             let _guard = self
                 .key_handle_mutex
                 .lock()
                 .expect("Grabbing key handle mutex failed");
-            psa_crypto_binding::psa_open_key(lifetime, key_id, &mut key_handle)
+            psa_crypto_binding::psa_open_key(
+                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                key_id,
+                &mut key_handle,
+            )
         };
 
         if open_key_status == constants::PSA_SUCCESS {
@@ -627,22 +642,24 @@ impl Provide for MbedProvider {
         info!("Mbed Provider - Asym Verify");
         let _semaphore_guard = self.key_slot_semaphore.access();
         let key_name = op.key_name;
-        let key_lifetime = op.key_lifetime;
         let hash = op.hash;
         let signature = op.signature;
         let key_triple = KeyTriple::new(app_name, ProviderID::MbedProvider, key_name);
         let store_handle = self.key_id_store.read().expect("Key store lock poisoned");
         let key_id = get_key_id(&key_triple, &*store_handle)?;
 
-        let lifetime = conversion_utils::convert_key_lifetime(key_lifetime);
         let mut key_handle: psa_crypto_binding::psa_key_handle_t = 0;
 
         let open_key_status = unsafe {
             let _guard = self
                 .key_handle_mutex
                 .lock()
                 .expect("Grabbing key handle mutex failed");
-            psa_crypto_binding::psa_open_key(lifetime, key_id, &mut key_handle)
+            psa_crypto_binding::psa_open_key(
+                constants::PSA_KEY_LIFETIME_PERSISTENT,
+                key_id,
+                &mut key_handle,
+            )
         };
 
         if open_key_status == constants::PSA_SUCCESS {