Backport 3.6: prepare for dynamic key store #9403
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
bug
needs-ci
5 tasks
At the top level, the macro would have had to be used without a following semicolon (except with permissive compilers that accept spurious semicolons outside of a function), which is confusing to humans and indenters. Fix that. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it possible, but not officially supported, to switch the CTR_DRBG module to PSA mode even if MBEDTLS_AES_C is defined. This is not really useful in practice, but is convenient to test the PSA mode without setting up drivers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Convert `#if !... A #else B #endif` to `#if ... B #else A`. No semantic change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_psa_register_se_key() is not usable with volatile keys, since there is no way to return the implementation-chosen key identifier which would be needed to use the key. Document this limitation. Reject an attempt to create such an unusable key. Fixes Mbed-TLS#9253. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Restricting the built-in key range would be an API break since applications can hard-code a built-in key value and expect that it won't clash with anything else. Make it harder to accidentally break the API. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Ensure that a key ID can't be in range for more than one of volatile keys, persistent (i.e. user-chosen) keys or built-in keys. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix interference between PSA volatile keys and built-in keys when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. This overlap used to make it possible that a volatile key would receive the identifier of a built-in key, and is now caught by a static assertion. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PSA_KEY_ID_VOLATILE_MIN-1 is now in the persistent key ID range, so it's no longer an invalid key ID for registration. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The description was misleading: setting the option doesn't “restrict” the number of slots, that restriction exists anyway. Setting the option merely determines the value of the limit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Split the "many transient keys" test function in two: one that expects to successfully create many keys, and one that expects to fill the key store. This will make things easier when we add a dynamic key store where filling the key store is not practical unless artificially limited. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When the PSA RNG uses AES through a PSA driver, it consumes one volatile key identifier. When MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled, that identifier happens to coincide with the key ID value that the test case assumes not to exist. Use a different value that avoids this coincidence. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When PSA uses CTR_DRBG for its random generator and CTR_DRBG uses PSA for AES, as currently implemented, there is one volatile key in permanent use for the CTR_DRBG instance. Account for that in tests that want to know exactly how many volatile keys are in use, or how many volatile keys can be created. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
psa-keystore-dynamic-prep-3.6
branch
from
d50b01f to
d66dc64
Compare
gilles-peskine-arm
added
needs-review
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
valeriosetti
previously approved these changes
Jul 19, 2024
gilles-peskine-arm
removed
the
needs-reviewer
4 tasks
gilles-peskine-arm
added
priority-very-high
5 tasks
davidhorstmann-arm
requested changes
Aug 7, 2024
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace the hard-coded 1 by the proper constant now that the proper constant exists. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
davidhorstmann-arm
requested changes
Aug 8, 2024
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
psa-keystore-dynamic-prep-3.6
branch
from
d226925 to
aaa9672
Compare
davidhorstmann-arm
approved these changes
Aug 8, 2024
valeriosetti
approved these changes
Aug 9, 2024
gilles-peskine-arm
added
approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Several robustness improvements that I made to prepare for #9240. I split them out to make the review easier, so #9240 will focus on the new feature.
This is work towards #9216, which will be completed in #9240.
PR checklist