commit d9246559cabf0e3481a2cecb0edefef3629eee2f
author Torstein Nesse <torstein.nesse@silabs.com> Wed Oct 21 09:27:37 2020 +0200
committer Torstein Nesse <torstein.nesse@silabs.com> Wed Oct 21 11:17:09 2020 +0200
tree 68a2f7ed896078fb64be8b53be6ea83dce25f305
parent 162a1104be6109c72d142e0eb24a541124a86be3

Update changelog entry, format specification, and correct test vectors

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>

docs/architecture/mbed-crypto-storage-specification.md

diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
index 0d33ba5..914bca3 100644
--- a/docs/architecture/mbed-crypto-storage-specification.md
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -204,7 +204,6 @@
 
 * The layout of a key file now has a lifetime field before the type field.
 * Key files can store references to keys in a secure element. In such key files, the key material contains the slot number.
-* The type field has been split into a type and a bits field of 2 bytes each.
 
 ### File namespace on a PSA platform on TBD
 
@@ -245,8 +244,7 @@
 * magic (8 bytes): `"PSA\0KEY\0"`.
 * version (4 bytes): 0.
 * lifetime (4 bytes): `psa_key_lifetime_t` value.
-* type (2 bytes): `psa_key_type_t` value.
-* bits (2 bytes): `psa_key_bits_t` value.
+* type (4 bytes): `psa_key_type_t` value.
 * policy usage flags (4 bytes): `psa_key_usage_t` value.
 * policy usage algorithm (4 bytes): `psa_algorithm_t` value.
 * policy enrollment algorithm (4 bytes): `psa_algorithm_t` value.
@@ -283,3 +281,36 @@
     * The slot in the secure element designated by the slot number.
     * The file containing the key metadata designated by the key identifier.
     * The driver persistent data.
+
+Mbed Crypto TBD
+---------------
+
+Tags: TBD
+
+Released in TBD 2020. <br>
+Integrated in Mbed OS TBD.
+
+### Changes introduced in TBD
+
+* The type field has been split into a type and a bits field of 2 bytes each.
+
+### Key file format for TBD
+
+All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated.
+
+The layout of a key file is:
+
+* magic (8 bytes): `"PSA\0KEY\0"`.
+* version (4 bytes): 0.
+* lifetime (4 bytes): `psa_key_lifetime_t` value.
+* type (2 bytes): `psa_key_type_t` value.
+* bits (2 bytes): `psa_key_bits_t` value.
+* policy usage flags (4 bytes): `psa_key_usage_t` value.
+* policy usage algorithm (4 bytes): `psa_algorithm_t` value.
+* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value.
+* key material length (4 bytes).
+* key material:
+    * For a transparent key: output of `psa_export_key`.
+    * For an opaque key (unified driver interface): driver-specific opaque key blob.
+    * For an opaque key (key in a secure element): slot number (8 bytes), in platform endianness.
+* Any trailing data is rejected on load.