Openless PSA crypto APIs implementation #3547
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ronald-cron-arm
added
enhancement
mbed TLS team
needs-ci
ronald-cron-arm
added
the
needs-preceding-pr
ronald-cron-arm
force-pushed
the
psa-openless
branch
from
80cc786
to
b53bef4
Compare
ronald-cron-arm
force-pushed
the
psa-openless
branch
from
b53bef4
to
c21e149
Compare
ronald-cron-arm
removed
the
needs-preceding-pr
ronald-cron-arm
force-pushed
the
psa-openless
branch
2 times, most recently
from
9b6be96
to
d1f88fc
Compare
ronald-cron-arm
added
needs-review
|
The CI is as good as it can. Apart from Mbed OS tests, "merge TLS Testing" and "pr-merge" are falling because of the "ABI-API" testing as expected as this PR changes the definition of API parameter types. |
gilles-peskine-arm
previously approved these changes
Nov 19, 2020
Great. I agree with you that the lock/acquire terminology can and must be improved and I am going to work on it in the coming days. @bensze01 ok to approve on your side as well? |
bensze01
previously approved these changes
Nov 20, 2020
include/psa/crypto_compat.h
Outdated
| @@ -34,6 +34,40 @@ | |||
| extern "C" { | |||
| #endif | |||
|
|
|||
| /* | |||
| * To support temporary both openless APIs and psa_open_key(), define | |||
There was a problem hiding this comment.
Suggested change
| * To support temporary both openless APIs and psa_open_key(), define | |
| * To support both openless APIs and psa_open_key() temporarily, define |
library/psa_crypto_core.h
Outdated
| * key slot. | ||
| * | ||
| * This counter is decremented by one each time a library function stops | ||
| * accessing to the key slot and states it by calling the |
There was a problem hiding this comment.
Suggested change
| * accessing to the key slot and states it by calling the | |
| * accessing the key slot and states it by calling the |
|
|
||
| /* | ||
| * Create a new persistent or volatile key. When creating the key, | ||
| * one of the description of the previously created persistent key |
There was a problem hiding this comment.
Suggested change
| * one of the description of the previously created persistent key | |
| * one of the descriptions of the previously created persistent keys |
library/psa_crypto_core.h
Outdated
| @@ -38,16 +38,15 @@ typedef struct | |||
| psa_core_key_attributes_t attr; | |||
|
|
|||
| /* | |||
| * Number of on-going accesses, read and/or write, to the key slot by the | |||
| * library. | |||
| * Number of locks, read and/or write, to the key slot by the library. | |||
There was a problem hiding this comment.
Suggested change
| * Number of locks, read and/or write, to the key slot by the library. | |
| * Number of locks on the key slot held by the library. |
library/psa_crypto_core.h
Outdated
| * | ||
| * A key slot is accessed iff its access counter is strickly greater than | ||
| * 0. | ||
| * A key slot is locked iff its lock counter is strickly greater than 0. |
There was a problem hiding this comment.
Suggested change
| * A key slot is locked iff its lock counter is strickly greater than 0. | |
| * A key slot is locked iff its lock counter is strictly greater than 0. |
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
After a call to psa_get_key_attributes() to retrieve the attributes of a key into a psa_key_attributes_t structure, a call to psa_reset_key_attributes() is mandated to free the resources that may be referenced by the psa_key_attributes_t structure. Not calling psa_reset_key_attributes() may result in a memory leak. When a test function calls psa_get_key_parameters() the associated key attributes are systematically reset in the clean-up part of the function with a comment to emphasize the need for the reset and make it more visible. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
ronald-cron-arm
dismissed stale reviews from bensze01 and gilles-peskine-arm
via
3a4f0e3
ronald-cron-arm
force-pushed
the
psa-openless
branch
from
eb9a307
to
3a4f0e3
Compare
gilles-peskine-arm
approved these changes
Nov 20, 2020
gilles-peskine-arm
removed
the
needs-reviewer
bensze01
approved these changes
Nov 20, 2020
bensze01
added
approved
|
CI passed except for expected ABI/API changes ( |
2 tasks
| */ | ||
| static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) | ||
| { | ||
| return( ( key.key_id == 0 ) && ( key.owner == 0 ) ); |
There was a problem hiding this comment.
This should be just key.key_id == 0, shouldn't it? If a client passes a null key id, owner information will be attached to it, but owner information about a null key id is not relevant. Fixing in #4392.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR is the second part of the work related to #3265, the first part being #3527.
This PR implements the openless PSA crypo APIs that take as input or return a key identifier instead of a key handle (see #3265 for details).
Status
Done
Requires Backporting
No, PSA only