Add PSA interruptible key generation complete API #9651
Conversation
waleed-elmelegy-arm
added
DO-NOT-MERGE
needs-ci
waleed-elmelegy-arm
force-pushed
the
add-iop-key-gen-complete
branch
6 times, most recently
from
61dd5e9 to
897a1b8
Compare
paul-elliott-arm
force-pushed
the
add-iop-key-gen-complete
branch
7 times, most recently
from
4759795 to
89f5172
Compare
paul-elliott-arm
force-pushed
the
add-iop-key-gen-complete
branch
from
3faedb8 to
55c2121
Compare
| goto exit; | ||
| } | ||
|
|
||
| /* Test calling setup() 2 times consecutively will fail. */ |
There was a problem hiding this comment.
Still not entirely sure that this is the best place to put this testing - do we really need to do this for all key types and tests? Would like to hear other opinions.
waleed-elmelegy-arm
force-pushed
the
add-iop-key-gen-complete
branch
2 times, most recently
from
6a44d62 to
72f3178
Compare
waleed-elmelegy-arm
added
needs-review
Signed-off-by: Waleed Elmelegy <[email protected]>
Ecp key data length should not be measured by mbedtls_mpi_size(), as this does not count leading zeros, which are still part of the key. This resulted intermittently in the code attempting to import a wrongly sized key as the first byte was all zero. Signed-off-by: Paul Elliott <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
yanesca
added
needs-work
needs-ci
Signed-off-by: Waleed Elmelegy <[email protected]>
Add ecp prefix to internal iop generate key function names to emphasize that the functions are doing eliptic curves keys only and not any other types. Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
waleed-elmelegy-arm
added
needs-review
| @@ -175,6 +236,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( | |||
| * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription | |||
| * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription | |||
| */ | |||
|
|
|||
There was a problem hiding this comment.
In other entries there's no space between the documentation and the function's prototype, so I think we should follow the same pattern here.
| size_t *key_len) | ||
| { | ||
| *key_len = 0; | ||
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
There was a problem hiding this comment.
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
| int status = PSA_ERROR_CORRUPTION_DETECTED; |
Sorry for not catching this before, but the type is not strictly correct. Indeed this is used with mbedtls_ecp_gen_privkey and mbedtls_mpi_write_binary that return int and, also, you are using the converting function mbedtls_to_psa_error at the end to change int-->psa_status_t.
The same holds also for mbedtls_psa_ecp_generate_key_iop_setup.
Change internal iop generate key error variable to int instead of psa_status_t since the error variable get passed to mbedtls_to_psa_error() when being returned Signed-off-by: Waleed Elmelegy <[email protected]>
| { | ||
| #if defined(MBEDTLS_ECP_RESTARTABLE) | ||
| psa_status_t status; | ||
| uint8_t key_data[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)+1] = { 0 }; |
There was a problem hiding this comment.
Sorry, I didn't notice this before, but the +1 here looks like a missing guard issue to me...
The commit that added this says Prevent a warning in case PSA_VENDOR_ECC_MAX_CURVE_BITS is set to 0 and I suspect this was generated in builds where no PSA_WANT_ECC_xxx was defined, right? If that's the case then do we really need to support interruptible EC key generation if no EC curve is supported in PSA?
I think guards should be:
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATEinpsa_crypto.calong sidedefined(MBEDTLS_ECP_RESTARTABLE)inpsa_generate_key_iop_setup,psa_generate_key_iop_complete,psa_generate_key_iop_abort.MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATEinpsa_crypto_ecp.cto guard new interruptible functions for key pair generation.
Wdyt?
There was a problem hiding this comment.
I agree that the guards eventually should look something like that.
However, guarding this code with PSA_WANT defines is out of scope for this PR and is tracked here: #7029
(The driver despatch code is also out of scope and ideally we would add the PSA_WANT defines once we have that as well.)
There was a problem hiding this comment.
Ok, then I will approve this PR, but I will add a comment to #7029 to track that this line should be fixed there.
There was a problem hiding this comment.
That is a very good idea, thank you very much.
There was a problem hiding this comment.
#7029 is about having a PSA equivalent of MBEDTLS_ECP_RESTARTABLE (which may or may not be separate macros for each algorithm, depending on whether we minimize conceptual complexity or practical complexity in this particular case). Here the code is already guarded by MBEDTLS_ECP_RESTARTABLE so it's a different problem.
At a quick glance at the discussion, and not having read everytihing: maybe we should add something in check_config.h to prevent configurations with MBEDTLS_ECP_RESTARTABLE enabled but not some core of ECC, in particular at least one restartable curve?
yanesca
dismissed
paul-elliott-arm’s stale review
Most changes have been addressed and the PR has two approvals.
Description
Partially fixes #9106
Fixes #9643
Add PSA interruptible key generation complete API
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.
Notes for the submitter
Please refer to the contributing guidelines, especially the
checklist for PR contributors.
Help make review efficient: