Dispatch hash operations through the driver wrapper layer #4157
Conversation
stevew817
added
HwDrivers
needs-review
|
CI is failing.
CC aes.c CC aesni.c CC arc4.c CC aria.c CC asn1parse.c CC asn1write.c CC base64.c CC bignum.c CC blowfish.c CC camellia.c CC ccm.c CC chacha20.c CC chachapoly.c CC cipher.c In file included from cipher.c:29: In file included from ../include/mbedtls/cipher_internal.h:36: In file included from ../include/psa/crypto.h:3763: ../include/psa/crypto_struct.h:98:43: error: missing field 'ctx' initializer [-Werror,-Wmissing-field-initializers] ../include/psa/crypto_struct.h:95:36: note: expanded from macro 'PSA_HASH_OPERATION_INIT' #define PSA_HASH_OPERATION_INIT {{0}} 1 error generated. make[1]: *** [Makefile:270: cipher.o] Error 1 make: *** [Makefile:17: lib] Error 2 ^^^^test_clang_opt: build/test: clang -O0, full config: command make CC=clang CFLAGS=-O0 -std=c99 -pedantic -Wall -Wextra -Werror -> 2^^^^ (skipped because the build failed) |
|
Other jobs are failing but it seems it is always the same error as above. |
stevew817
force-pushed
the
dispatch_hash_operations
branch
from
f42635b to
2f89728
Compare
|
@ronald-cron-arm should be fixed now. Strange that the local test runs are not complaining about that. |
|
This PR is changing the API. Please add a changelog entry. |
|
@mstarzyk-mobica It is not changing any public API. The content of the struct is checked by the CI ABI checker, but changing these hasn't required a changelog entry before... |
|
I confirm that |
Ah, alright! :) |
There was a problem hiding this comment.
Please find my comments below. I see four principal issues with the current version:
- The hash operation context, see comment in crypto_struct.h
- The addition of checks that pointers are not NULL where I think the Mbed TLS avoid on-purpose to do them (see the Parameter conventions section of the PSA spec for the justification of this).
- Some code in the wrapper and in psa_crypto_hash.c would be better in psa_crypto.c in my opinion. For code being in psa_crypto.c and not in the wrapper whenever possible the rationale to me is for the wrapper code to do as little as possible to ease its generation.
- The absence of transparent test driver hash entry points (arguably this could be done in a follow-up PR). As for the operations for which we currently support driver delegation (import/export/generate/sign_hash/verify_hash/cipher) we need support for hash operations in the transparent test driver. Due to the code reorganization of this PR the transparent test driver hash functions should just call mbedtls_transparent_test_driver_hash_xyz() functions from psa_crypto_hash.c functions. Please have a look in psa_crypto_rsa/ecp.c to see how mbedtls_transparent_test_driver_hash_xyz() functions should relate to mbedtls_psa_hash_xyz() functions and in particular the (BEYOND THIS POINT ... sections). This is a trick we have to currently do some testing of the PSA configuration with test accelerators (see the test_psa_crypto_config_basic component in all.sh) while we don't support double compilation (one compilation for the library and one compilation for the test drivers) in the tests.
|
@ronald-cron-arm I believe I have addressed all of your feedback now.
|
|
A few jobs are failing. All the ones I have checked have the same error: psa_crypto_hash.c: In function 'mbedtls_psa_hash_update': |
|
Thanks, should be fixed now |
There was a problem hiding this comment.
Thanks for the changes. I am happy with the way things are organized now. I find psa_crypto.c and psa_crypto_driver_wrappers.c code is simple and easy to follow. There is still a bit of pre-compiler guards tweaks to do in psa_crypto_hash.c due to the way we currently test PSA config and driver accelerators. I've tried to explain what is missing and you have psa_crypto_rsa/ecp.c/h as examples but feel free to ask if you have questions. Then, the last thing will be to update the all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components with full hash acceleration (see 17b3afc as an example).
include/psa/crypto_struct.h
Outdated
| #include "mbedtls/sha512.h" | ||
|
|
||
| /* Include the context definition for the compiled-in drivers */ | ||
| #include "../../library/psa_crypto_driver_wrappers_contexts.h" |
There was a problem hiding this comment.
To use Mbed TLS, it is sufficient to have the headers in include and compiled libraries (e.g. libmbed*.a or libmbed*.so libmbed*.dll). In particular, headers in include may not depend on headers anywhere else in the source tree.
There was a problem hiding this comment.
Do you have a suggestion for how to organise this, then? Or are you suggesting that psa_crypto_driver_wrappers_contexts.h move into include/psa, and that all (supposedly internal) software drivers also place their headers there?
There was a problem hiding this comment.
psa_crypto_driver_wrappers_contexts needs to move to include/psa, yes. But it also needs to lose some things, including references to the test drivers. And yes, drivers need to place their context information under include. The driver wrapper generator will produce both include/psa/something.h and library/something.c as outputs.
There was a problem hiding this comment.
Test driver contexts are driver contexts, too. So how would psa_crypto_driver_wrappers_contexts move to include/psa and simultaneously drop the test driver references?
There was a problem hiding this comment.
Not doing dynamic allocation means all driver contexts need to be fully-typed by the time the driver context union in the struct gets evaluated. So all driver contexts (including the test driver's) need to be reachable from (and thus according to your stated goal, located inside of) the library's /include folder.
So... Are we back to creating a /include/psa/drivers/ folder where all drivers (including both mbedTLS software-based and test) drivers need to put their context structure declarations? And the autogenerated include/psa/psa_crypto_driver_wrappers_contexts.h will pull in all declared drivers' context structure headers?
There was a problem hiding this comment.
Namespacing drivers as psa/drivers/*.h seems sensible to me. Mbed TLS itself wouldn't include a include/psa/drivers directory though, since we'd have nothing to put there. (Unless we put headers for the built-in implementations there?) If you package Mbed TLS with your own drivers, is it up to Mbed TLS to tell you where to put your headers?
And the autogenerated include/psa/psa_crypto_driver_wrappers_contexts.h will pull in all declared drivers' context structure headers?
Yes.
There was a problem hiding this comment.
Unless we put headers for the built-in implementations there
That's exactly what I was saying. They'd need to go there, since apparently all of their structures need to be declared in /include, and just dumping them flat in include/psa will (IMO) be terribly messy.
|
CI is OK no genuine failure. |
|
Does this fit the bill now, @gilles-peskine-arm ? |
Signed-off-by: Steven Cooreman <[email protected]>
Reordered the cases to be in numeric order. Signed-off-by: Steven Cooreman <[email protected]>
The PSA Core is already calling psa_hash_abort, so the driver doesn't have to do that explicitly. Signed-off-by: Steven Cooreman <[email protected]>
stevew817
force-pushed
the
dispatch_hash_operations
branch
from
1efe556 to
61bb8fc
Compare
|
All of @ronald-cron-arm 's feedback should now be addressed. I rebased as per the rewrite request, and added the other changes as new commits. |
library/psa_crypto.c
Outdated
| if( !PSA_ALG_IS_HASH( alg ) ) | ||
| return( PSA_ERROR_INVALID_ARGUMENT ); | ||
|
|
||
| /* Ensure all of the context is zeroized, not just the dummy int */ |
There was a problem hiding this comment.
Not sure what you mean by "not just the dummy int".
There was a problem hiding this comment.
When a user initialises the context structure with PSA_HASH_OPERATION_INIT, the macro is built in such a way that the underlying union psa_driver_hash_context_t can be initialised with a single item, to avoid the init macro from having to know the details of the other union member's content.
But this also means the only thing that's guaranteed to be set to zero in that union is the unsigned dummy member of the union, and not the entire struct, therefore the need for a full memset (to guarantee that the driver code gets a fully-zeroized context structure upon a setup call).
There was a problem hiding this comment.
Updated the language to be clearer.
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
The hash driver entry points (and consequentially the hash driver core) are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on. Signed-off-by: Steven Cooreman <[email protected]>
|
@ronald-cron-arm I updated the define guards like you asked. |
|
@tom-daubney-arm Please have a look to the last version. |
|
@mpg @gilles-peskine-arm @yanesca Could you have the final look to this PR and merge it if this is ok ? |
ronald-cron-arm
added
approved
There was a problem hiding this comment.
I have done a design review (basically, I read the header files and looked at what functions are being created and moved around, without checking all details). Consider this approved for design.
If this was a full review with no urgency, I'd leave some minor change requests. Because none of these changes are actual bugs or raise commitments to backward compatibility, I'm going to go ahead and merge this pull request, but I've filed an issue for doing these minor changes: #4242.
Dispatch hash operations through the driver wrapper layer
Description
This PR is (mostly) a refactoring of existing code, in order to dispatch
psa_hash_xxxcalls through the driver wrapper layer. The hashing implementation on top of Mbed TLS code that used to reside inside ofpsa_crypto.chas been moved out into its own compile unitpsa_crypto_hash.cas defined by the documentation work from @ronald-cron-arm in #3933There is one other change: the implementation of
psa_hash_comparenow first calls the all-in-onepsa_hash_computefunction to calculate the hash into a local buffer, and then does a time-constant memcmp. This way of setting up the call tree will lead to more efficient execution when plugging in actual hardware drivers, since you'll only hit the driver once instead of potentially up to three times (setup/update/verify).Supersedes #4043
Status
READY
Requires Backporting
NO
(new functionality)
Migrations
NO
(not present in earlier releases)
Todos
Steps to test or reproduce
Test coverage through existing test cases, since the previous implementation has been fully moved inside of a 'software driver'.