PSA persistant key usage

Question

hello . i tested the sample for the persistance key it worked with the AES key . But when i tried with the EDDSA key i received that error psa_generate_key failed! (Error: -134). 
 ############### main.c ################ 
 
 #define SAMPLE_PERS_KEY_ID PSA_KEY_ID_USER_MIN 
 int generate_eddsa_keypair ( void ) 
 { 
 psa_status_t status ; 
 
 LOG_INF ( "Generating random EDDSA keypair..." ); 
 
 /* Configure the key attributes */ 
 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT ; 
 
 /* Configure the key attributes */ 
 psa_set_key_usage_flags ( & key_attributes , PSA_KEY_USAGE_SIGN_MESSAGE ); 
 psa_set_key_algorithm ( & key_attributes , PSA_ALG_PURE_EDDSA ); 
 psa_set_key_type ( & key_attributes , 
 PSA_KEY_TYPE_ECC_KEY_PAIR ( PSA_ECC_FAMILY_TWISTED_EDWARDS )); 
 psa_set_key_bits ( & key_attributes , 255 ); 
 /* Persistent key specific settings */ 
 psa_set_key_lifetime ( & key_attributes , PSA_KEY_LIFETIME_PERSISTENT ); 
 psa_set_key_id ( & key_attributes , SAMPLE_PERS_KEY_ID ); 
 /* Generate a random keypair. The keypair is not exposed to the application, 
 * we can use it to sign messages. 
 */ 
 status = psa_generate_key ( & key_attributes , & m_key_pair_id ); 
 if ( status != PSA_SUCCESS ) { 
 LOG_INF ( "psa_generate_key failed! (Error: %d )" , status ); 
 return APP_ERROR ; 
 } 
 
 /* Export the public key */ 
 status = psa_export_public_key ( m_key_pair_id , 
 m_pub_key , sizeof ( m_pub_key ), 
 & m_pub_key_len ); 
 if ( status != PSA_SUCCESS ) { 
 LOG_INF ( "psa_export_public_key failed! (Error: %d )" , status ); 
 return APP_ERROR ; 
 } 
 
 PRINT_HEX ( "Public-key" , m_pub_key , m_pub_key_len ); 
 /* Make sure the key is not in memory anymore, has the same affect then resetting the device 
 */ 
 status = psa_purge_key ( m_key_pair_id ); 
 if ( status != PSA_SUCCESS ) { 
 LOG_INF ( "psa_purge_key failed! (Error: %d )" , status ); 
 return APP_ERROR ; 
 } 
 /* Reset key attributes and free any allocated resources. */ 
 psa_reset_key_attributes ( & key_attributes ); 
 
 return APP_SUCCESS ; 
 }

############# prj.conf ################

# 
 # Copyright (c) 2024 Nordic Semiconductor ASA 
 # 
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 
 # 
 # The Zephyr CMSIS emulation assumes that ticks are ms, currently 
 CONFIG_SYS_CLOCK_TICKS_PER_SEC =1000 
 
 CONFIG_MAIN_STACK_SIZE =4096 
 CONFIG_HEAP_MEM_POOL_SIZE =4096 
 CONFIG_REBOOT =y 
 
 # Enable logging 
 CONFIG_CONSOLE =y 
 CONFIG_LOG =y 
 
 # Enable nordic security backend and PSA APIs 
 CONFIG_NRF_SECURITY =y 
 CONFIG_MBEDTLS_PSA_CRYPTO_C =y 
 
 # Enable persistent storage APIs 
 CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C =y 
 
 CONFIG_MBEDTLS_ENABLE_HEAP =y 
 CONFIG_MBEDTLS_HEAP_SIZE =8192 
 
 CONFIG_PSA_WANT_KEY_TYPE_AES =y 
 CONFIG_PSA_WANT_ALG_CTR =y 
 CONFIG_PSA_WANT_GENERATE_RANDOM =y 
 
 CONFIG_TFM_ITS_ENCRYPTED =y 
 
 #EDDSA 
 
 CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE =y 
 CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT =y 
 CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT =y 
 CONFIG_PSA_WANT_ECC_TWISTED_EDWARDS_255 =y 
 CONFIG_PSA_WANT_ALG_SHA_512 =y 
 CONFIG_PSA_WANT_ALG_PURE_EDDSA =y

Einar Thorsrud · Accepted Answer

Hi, 
 -134 is PSA_ERROR_NOT_SUPPORTED. I suggest debugging a bit to see more precicely why and where this error come from. 
 I am not able to build this as the main.c content is not complete. Can you upload the complete modified sample you are using? (You can either upload in a zip via Insert -> Image/video/file, or insert the filte content. Note that code can be inserted via Insert -> Code to be more readable). Also, which SDK version are you using?

PSA persistant key usage

Top Replies