Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for arbitrary callbacks into PSA Crypto from within driver entry points #7043

Open
adeaarm opened this issue Feb 3, 2023 · 0 comments
Open

Support for arbitrary callbacks into PSA Crypto from within driver entry points #7043

adeaarm opened this issue Feb 3, 2023 · 0 comments
Assignees
@gilles-peskine-arm
Labels
component-crypto Crypto primitives and low-level interfaces enhancement needs-design-approval

Comments

@adeaarm
Copy link
Contributor

adeaarm commented Feb 3, 2023
edited
Loading

Suggested enhancement

Mbed TLS currently does not specify what is allowed and what is forbidden to be called from within a driver entry point implementing the PSA cryptoprocessor driver interface. For example, a driver entry point could be calling back into PSA Crypto to perform an arbitrary crypto operation, leading to another re-entry into a PSA Crypto API.

An example could be in the function psa_get_and_lock_key_slot() which interacts with the builtin key management system through psa_load_builtin_key_into_slot(), i.e. a function which accesses driver entry points again to load opaque keys (i.e. a builtin keys). This can lead to a situation where the state of the PSA Crypto APIs must remain consistent subject to re-entry. Generally speaking, this is something which can be related also to re-entrancy due to support for multithreading (even though currently the code is not thread-safe yet, in general, see this issue ).

So one particular problem connected to this (but not limited to this particular example in the general case) is that the PSA Crypto way of requiring an empty key slot to be filled with keys is not reentrant. An empty key slot is returned by psa_get_empty_key_slot() but is marked as occupied iff the type attribute is non-zero (see the source code ). This means that if a function which fills a slot is interrupted and re-entered it can be in a non-consistent state if a concurrent context has been trying to require and fill the same slot.

To summarise, this possible enhancement is directly connected to several topics:

  • The programming model associated to PSA Crypto drivers entry points following the cryptoprocessor spec;
  • The support for re-entrant code when multithreaded support is enabled
  • More specifically, the concept of "occupied" slot during a slot request operation (e.g. a slot in the process of being filled can't be locked through mutual exclusion if the programming model of the drivers, for example, allows call backs into PSA Crypto, to avoid deadlocks). It's quite closely related to how PSA Crypto decides to evolve the interface for builtin keys.

Justification

Mbed TLS needs this to achieve eventually thread-safety in PSA Crypto, to support specific use cases and increase flexibility, to achieve a more mature support for the cryptoprocessor driver spec.
@adeaarm adeaarm changed the title Support for arbitrary callbacks into PSA Crypto from within driver wrappers Support for arbitrary callbacks into PSA Crypto from within driver entry points Feb 3, 2023
@tom-cosgrove-arm tom-cosgrove-arm added enhancement component-crypto Crypto primitives and low-level interfaces labels Feb 3, 2023
@gilles-peskine-arm gilles-peskine-arm self-assigned this Feb 4, 2023
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Feb 7, 2023
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gilles-peskine-arm gilles-peskine-arm

Labels
component-crypto Crypto primitives and low-level interfaces enhancement needs-design-approval
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gilles-peskine-arm @adeaarm @tom-cosgrove-arm