getting-started: Align with upstream getting started snippets, comment about pedagogical code, and reduce stack usage #49
Conversation
|
Tested with ARMC6 and the develop profile. IAR not yet tested. |
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
Ok for the workaround, but this should be documented as a workaround in the code itself, especially since this is in example code.
getting-started/main.cpp
Outdated
| psa_status_t status; | ||
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; | ||
| uint8_t key[] = RSA_KEY; | ||
| static uint8_t key[] = RSA_KEY; |
There was a problem hiding this comment.
Having a static variable is unusual, and usually done when the value needs to be preserved between calls, which is not the case here. Please add a comment in the code to indicate why these two variables are static.
getting-started/main.cpp
Outdated
| psa_status_t status; | ||
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; | ||
| uint8_t key[] = RSA_KEY; | ||
| static uint8_t key[] = RSA_KEY; |
There was a problem hiding this comment.
Preexisting, but would be nice to do what you're at it: key should be const.
|
This is not meant as any sort of workaround. This is meant to reduce stack usage to make the example more portable. We could use a global key instead if use of static in this situation appears uncouth. |
Patater
force-pushed
the
reduce-ram-rsa
branch
from
e00efdf to
f492a30
Compare
|
New patchset uses |
getting-started/main.cpp
Outdated
| uint8_t hash[] = "INPUT_FOR_SIGN"; | ||
| uint8_t signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0}; | ||
| /* 'signature' is static to reduce stack usage. */ | ||
| static uint8_t signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0}; |
There was a problem hiding this comment.
Making signature static is not necessary for the targets we run this example on so far. So, if we dislike adding static here, we can remove it as we don't need it yet. Just making the key static const is good enough to pass the tests with ARMC6-develop at least.
|
Buddy PR at ARMmbed/mbed-crypto#317 |
dgreen-arm
left a comment
dgreen-arm
left a comment
There was a problem hiding this comment.
With these changes, the example works with latest Mbed OS using ARMC6 or IAR
Make it more clear that one should not have global, hard-coded keys in their code. We do this for example purposes only and real-world applications should follow secure practices.
The getting started guide in Mbed Crypto was recently changed to make it more obvious that `AES_KEY` and `RSA_KEY` were shorthand for key material. The guide did this by using function parameters instead of all-caps shorthand. In order to better match what is in our getting started guide with this getting started example, we make the same function parameter changes here, passing global key data in via `main()`. Passing global key data in via `main()` has the additional benefit of reducing stack usage of each example snippet function. This enables the example to run on more boards, those with more limited stack space.
Patater
force-pushed
the
reduce-ram-rsa
branch
from
f492a30 to
e46b6ad
Compare
Patater
changed the title
Patater
changed the title
|
New patchset makes the keys global |
dgreen-arm
left a comment
dgreen-arm
left a comment
There was a problem hiding this comment.
Example runs successfully on ARMC6 and IAR, LGTM
3 participants
static constkeys, instead of#definesfor initializer lists to place keys on the stack.