refactor(core): secure session keys using platform storage

Grolleau-Benjamin · Grolleau-Benjamin · commit 942bfc606d59 · 2026-02-27T11:52:15.000+01:00
Signed-off-by: Benjamin Grolleau &lt;benjamin.grolleau@outlook.com&gt;
diff --git a/core/stse_device.h b/core/stse_device.h
@@ -161,8 +161,8 @@ struct stse_session_t {
     union {
         struct {
             stse_Handler_t *pSTSE;
-            PLAT_UI8 *pHost_MAC_key;
-            PLAT_UI8 *pHost_cypher_key;
+            PLAT_UI32 Host_MAC_key_idx;
+            PLAT_UI32 Host_cypher_key_idx;
             stse_aes_key_type_t key_type;
             PLAT_UI32 MAC_counter;
         } host;
diff --git a/core/stse_platform.h b/core/stse_platform.h
@@ -222,15 +222,34 @@ stse_ReturnCode_t stse_platform_nist_kw_encrypt(PLAT_UI8 *pPayload, PLAT_UI32 pa
 
 #if defined(STSE_CONF_USE_HOST_KEY_ESTABLISHMENT) || defined(STSE_CONF_USE_SYMMETRIC_KEY_ESTABLISHMENT) || defined(STSE_CONF_USE_HOST_SESSION)
 
+/*!
+ * \brief      Store session key in platform secure storage
+ * \param[in]  pCypherKey Pointer to the cypher key
+ * \param[out] pCypherKeyIdx Pointer to receive the index of the stored cypher key
+ * \param[in]  pMACKey Pointer to the MAC key
+ * \param[out] pMACKeyIdx Pointer to receive the index of the stored MAC key
+ * \param[in]  key_length Length of the keys in bytes
+ * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
+ */
+stse_ReturnCode_t stse_platform_store_session_key(PLAT_UI8 *pCypherKey, PLAT_UI32 *pCypherKeyIdx,
+                                                  PLAT_UI8 *pMACKey, PLAT_UI32 *pMACKeyIdx,
+                                                  PLAT_UI16 key_length);
+
+/*!
+ * \brief      Delete session key from platform secure storage
+ * \param[in]  CypherKeyIdx Index of the cypher key to delete
+ * \param[in]  MACKeyIdx Index of the MAC key to delete
+ * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
+ */
+stse_ReturnCode_t stse_platform_delete_key(PLAT_UI32 CypherKeyIdx, PLAT_UI32 MACKeyIdx);
+
 /*!
  * \brief      Initialize AES CMAC computation
- * \param[in]  pKey Pointer to the key
- * \param[in]  key_length Length of the key
+ * \param[in]  key_idx Index of the key in secure storage
  * \param[in]  exp_tag_size Expected tag size
  * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
  */
-stse_ReturnCode_t stse_platform_aes_cmac_init(const PLAT_UI8 *pKey,
-                                              PLAT_UI16 key_length,
+stse_ReturnCode_t stse_platform_aes_cmac_init(const PLAT_UI32 key_idx,
                                               PLAT_UI16 exp_tag_size);
 
 /*!
@@ -260,76 +279,71 @@ stse_ReturnCode_t stse_platform_aes_cmac_verify_finish(PLAT_UI8 *pTag);
  * \brief      Perform an AES CMAC encryption
  * \param[in]  pPayload Pointer to Payload
  * \param[in]  payload_length Length of the payload in bytes
- * \param[in]  pKey Pointer to key
- * \param[in]  key_length Length of the key in bytes
+ * \param[in]  key_idx Index of the key in secure storage
  * \param[in]  exp_tag_size Expected tag size in bytes
  * \param[out] pTag Pointer to Tag
  * \param[out] pTag_length Pointer to Tag length value output
  * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
  */
 stse_ReturnCode_t stse_platform_aes_cmac_compute(const PLAT_UI8 *pPayload, PLAT_UI16 payload_length,
-                                                 const PLAT_UI8 *pKey, PLAT_UI16 key_length,
+                                                 const PLAT_UI32 key_idx,
                                                  PLAT_UI16 exp_tag_size,
                                                  PLAT_UI8 *pTag, PLAT_UI16 *pTag_length);
 
 /*!
  * \brief      Perform an AES CMAC decryption
  * \param[in]  pPayload Pointer to Payload
  * \param[in]  payload_length Length of the payload in bytes
- * \param[in]  pKey Pointer to key
- * \param[in]  key_length Length of the key in bytes
+ * \param[in]  key_idx Index of the key in secure storage
  * \param[in]  pTag Pointer to Tag
  * \param[in]  tag_length Pointer to Tag length value output
  * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
  */
 stse_ReturnCode_t stse_platform_aes_cmac_verify(const PLAT_UI8 *pPayload, PLAT_UI16 payload_length,
-                                                const PLAT_UI8 *pKey, PLAT_UI16 key_length,
+                                                const PLAT_UI32 key_idx,
                                                 const PLAT_UI8 *pTag, PLAT_UI16 tag_length);
 
 /*!
  * \brief      Perform an AES CBC encryption
  * \param[in]  pPlaintext Pointer to the plaintext data
  * \param[in]  plaintext_length Length of the plaintext data
  * \param[in]  pInitial_value Pointer to encryption IV
- * \param[in]  pKey Pointer to the key
- * \param[in]  key_length Length of the key
+ * \param[in]  key_idx Index of the key in secure storage
  * \param[out] pEncryptedtext Pointer to the encrypted payload
  * \param[out] pEncryptedtext_length Length of encrypted payload
  * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
  */
 stse_ReturnCode_t stse_platform_aes_cbc_enc(const PLAT_UI8 *pPlaintext, PLAT_UI16 plaintext_length,
-                                            PLAT_UI8 *pInitial_value, const PLAT_UI8 *pKey,
-                                            PLAT_UI16 key_length, PLAT_UI8 *pEncryptedtext,
+                                            PLAT_UI8 *pInitial_value, const PLAT_UI32 key_idx,
+                                            PLAT_UI8 *pEncryptedtext,
                                             PLAT_UI16 *pEncryptedtext_length);
 
 /*!
  * \brief      Perform an AES CBC decryption
  * \param[in]  pEncryptedtext Pointer to the encrypted payload
  * \param[in]  encryptedtext_length Length of encrypted payload
  * \param[in]  pInitial_value Pointer to decryption IV
- * \param[in]  pKey Pointer to the key
- * \param[in]  key_length Length of the key
+ * \param[in]  key_idx Index of the key in secure storage
  * \param[out] pPlaintext Pointer to PlainText payload
  * \param[out] pPlaintext_length Length of the PlainText payload
  * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
  */
 stse_ReturnCode_t stse_platform_aes_cbc_dec(const PLAT_UI8 *pEncryptedtext, PLAT_UI16 encryptedtext_length,
-                                            PLAT_UI8 *pInitial_value, const PLAT_UI8 *pKey,
-                                            PLAT_UI16 key_length, PLAT_UI8 *pPlaintext,
+                                            PLAT_UI8 *pInitial_value, const PLAT_UI32 key_idx,
+                                            PLAT_UI8 *pPlaintext,
                                             PLAT_UI16 *pPlaintext_length);
 
 /*!
  * \brief      Perform an AES ECB encryption
  * \param[in]  pPlaintext Pointer to the plaintext data
  * \param[in]  plaintext_length Length of the plaintext data
- * \param[in]  pKey Pointer to the key
- * \param[in]  key_length Length of the key
+ * \param[in]  key_idx Index of the key in secure storage
  * \param[out] pEncryptedtext Pointer to the encrypted payload
  * \param[out] pEncryptedtext_length Length of encrypted payload
  * \return     \ref STSE_OK on success; \ref stse_ReturnCode_t error code otherwise
  */
 stse_ReturnCode_t stse_platform_aes_ecb_enc(const PLAT_UI8 *pPlaintext, PLAT_UI16 plaintext_length,
-                                            const PLAT_UI8 *pKey, PLAT_UI16 key_length,
+                                            const PLAT_UI32 key_idx,
                                             PLAT_UI8 *pEncryptedtext, PLAT_UI16 *pEncryptedtext_length);
 
 #endif /* defined(STSE_CONF_USE_HOST_KEY_ESTABLISHMENT) || defined(STSE_CONF_USE_SYMMETRIC_KEY_ESTABLISHMENT) || defined(STSE_CONF_USE_HOST_SESSION) */
diff --git a/services/stsafea/stsafea_sessions.c b/services/stsafea/stsafea_sessions.c
@@ -75,9 +75,21 @@ stse_ReturnCode_t stsafea_open_host_session(stse_Handler_t *pSTSE, stse_session_
         pSession->context.host.MAC_counter = ARRAY_3B_SWAP_TO_UI32(host_key_slot.cmac_sequence_counter);
     }
 
+    PLAT_UI32 HostMacKeyIdx;
+    PLAT_UI32 HostCypherKeyIdx;
+    PLAT_UI16 key_length = (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE;
+
+    ret = stse_platform_store_session_key(pHost_cypher_key, &HostCypherKeyIdx, pHost_MAC_key, &HostMacKeyIdx, key_length);
+    if (ret != STSE_OK) {
+        return ret;
+    }
+
+    memset(pHost_MAC_key, 0x00, key_length);
+    memset(pHost_cypher_key, 0x00, key_length);
+
     pSession->type = STSE_HOST_SESSION;
-    pSession->context.host.pHost_MAC_key = pHost_MAC_key;
-    pSession->context.host.pHost_cypher_key = pHost_cypher_key;
+    pSession->context.host.Host_MAC_key_idx = HostMacKeyIdx;
+    pSession->context.host.Host_cypher_key_idx = HostCypherKeyIdx;
     pSession->context.host.pSTSE = pSTSE;
     pSTSE->pActive_host_session = pSession;
 
@@ -107,6 +119,12 @@ void stsafea_session_clear_context(stse_session_t *pSession) {
         return;
     }
 
+    if (pSession->context.host.Host_MAC_key_idx && pSession->context.host.Host_cypher_key_idx) {
+        stse_platform_delete_key(pSession->context.host.Host_cypher_key_idx, pSession->context.host.Host_MAC_key_idx);
+        pSession->context.host.Host_MAC_key_idx = 0x00;
+        pSession->context.host.Host_cypher_key_idx = 0x00;
+    }
+
     /* - Clear session context */
     memset(pSession, 0x00, sizeof(stse_session_t));
 }
@@ -164,8 +182,7 @@ stse_ReturnCode_t stsafea_session_frame_encrypt(stse_session_t *pSession,
     /* - Perform first AES ECB round on IV */
     ret = stse_platform_aes_ecb_enc(initial_value,
                                     STSAFEA_HOST_AES_BLOCK_SIZE,
-                                    pSession->context.host.pHost_cypher_key,
-                                    (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE,
+                                    pSession->context.host.Host_cypher_key_idx,
                                     initial_value,
                                     &encrypted_iv_len);
     if (ret != STSE_OK) {
@@ -196,8 +213,7 @@ stse_ReturnCode_t stsafea_session_frame_encrypt(stse_session_t *pSession,
         pEnc_payload_element->pData,
         pEnc_payload_element->length,
         initial_value,
-        pSession->context.host.pHost_cypher_key,
-        (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE,
+        pSession->context.host.Host_cypher_key_idx,
         pEnc_payload_element->pData,
         &encrypted_payload_len);
     if (ret != 0) {
@@ -256,8 +272,7 @@ static stse_ReturnCode_t stsafea_session_frame_decrypt(stse_session_t *pSession,
     /* - Transform IV using AES ECB */
     ret = stse_platform_aes_ecb_enc(initial_value,
                                     STSAFEA_HOST_AES_BLOCK_SIZE,
-                                    pSession->context.host.pHost_cypher_key,
-                                    (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE,
+                                    pSession->context.host.Host_cypher_key_idx,
                                     initial_value,
                                     &out_len);
 
@@ -271,8 +286,7 @@ static stse_ReturnCode_t stsafea_session_frame_decrypt(stse_session_t *pSession,
     ret = stse_platform_aes_cbc_dec(decrypt_buffer,
                                     encrypted_payload_len,
                                     initial_value,
-                                    pSession->context.host.pHost_cypher_key,
-                                    (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE,
+                                    pSession->context.host.Host_cypher_key_idx,
                                     decrypt_buffer,
                                     &decrypted_payload_len);
 
@@ -328,8 +342,7 @@ static stse_ReturnCode_t stsafea_session_frame_c_mac_compute(stse_session_t *pSe
 
     /*- Initialize AES C-MAC computation */
 
-    ret = stse_platform_aes_cmac_init(pSession->context.host.pHost_MAC_key,
-                                      (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE,
+    ret = stse_platform_aes_cmac_init(pSession->context.host.Host_MAC_key_idx,
                                       STSAFEA_MAC_SIZE);
     if (ret != STSE_OK) {
         return ret;
@@ -420,8 +433,7 @@ static stse_ReturnCode_t stsafea_session_frame_r_mac_verify(stse_session_t *pSes
 
         /*- Initialize AES CMAC computation */
         stse_platform_aes_cmac_init(
-            pSession->context.host.pHost_MAC_key,
-            (pSession->context.host.key_type == STSE_AES_128_KT) ? STSE_AES_128_KEY_SIZE : STSE_AES_256_KEY_SIZE,
+            pSession->context.host.Host_MAC_key_idx,
             STSAFEA_MAC_SIZE);
 
         /*- Perform First AES-CMAC round */
