Add PSA interruptible key generation setup & abort APIs #9639
Conversation
waleed-elmelegy-arm
added
DO-NOT-MERGE
needs-ci
waleed-elmelegy-arm
force-pushed
the
add-iop-key-gen-setup
branch
6 times, most recently
from
989ca52 to
6ba71ec
Compare
waleed-elmelegy-arm
added
needs-review
waleed-elmelegy-arm
requested review from
paul-elliott-arm and
gilles-peskine-arm
|
CI failure not related |
tf-psa-crypto/core/psa_crypto.c
Outdated
| goto exit; | ||
| } | ||
|
|
||
|
|
| goto exit; | ||
| } | ||
|
|
||
| operation->attributes = *attributes; |
There was a problem hiding this comment.
Question: is this really the best way to copy attributes? I admittedly can't find any other operations copying attributes, but this feels dangerous.
There was a problem hiding this comment.
There are no pointers in the struct currently, there might be an issue if someone adds a pointer in the future and it soesn't seem very propable to add a pointer to attributes, if we decide that it is still dangerous what I can do is add copy_attributes() function that still does a shallow copy and later will do a deep copy if needed.
There was a problem hiding this comment.
Good question!
There used to be a pointer in the attributes (domain parameters). We removed it in 3.6.0. I don't recall that we ever copied the data at that pointer: either we never copied attributes anywhere (most likely — we used to copy a sub-structure that didn't have pointers), or we only copied attributes at a point where we knew there were no domain parameters, or we had a memory management bug.
At this point I can't think of anything in the proposed evolution of the PSA API that would make us add a pointer back. But just in case it would be good to write and use a copy function, that can be just a static inline that does an assignment.
There was a problem hiding this comment.
Actually there is one place where we are copying the attribute structure: in psa_start_key_creation. We used to copy a sub-structure (attributes.core) that didn't have any embedded pointer, and we flattened the structure when we removed the pointer.
So at this point it's a preexisting issue. (Of my doing, incidentally — I did the patch that flattened the structure.) It would be good to use a copy function for future-proofing. But we would also need to ensure that we're calling psa_key_attributes_reset on all paths where the attributes become dead. We used to do that, but one of the advantages of simplifying the attribute structure was that we wouldn't have to do it any longer.
So at this point, I lean weakly towards not bothering. If we ever add a pointer into the attribute structure, we'll have to review the code carefully to ensure that all places that might possibly copy or free an attribute structure are covered by the copy/free function, anyway. We won't gain much just because there are places where the copy/free functions are used, since there'll be no way to know that it's missing in other places.
Signed-off-by: Waleed Elmelegy <[email protected]>
waleed-elmelegy-arm
force-pushed
the
add-iop-key-gen-setup
branch
from
6ba71ec to
cca4dbe
Compare
There was a problem hiding this comment.
I have a couple of questions and suggestions which I left inline.
One generic remark: it is easier to review a PR when it is divided into smaller commits. This one for example could have been 3 commits. (I am not asking you to split it up, this is just a remark/ask for future PRs which haven't been raised yet.)
yanesca
added
needs-work
and removed
needs-review
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
waleed-elmelegy-arm
added
needs-review
|
(API break CI failure is necessary and acceptable.) |
…ey generation Signed-off-by: Waleed Elmelegy <[email protected]>
yanesca
added
needs-work
needs-ci
…in iop key generation" This reverts commit 005b78c. Signed-off-by: Waleed Elmelegy <[email protected]>
…tion Signed-off-by: Waleed Elmelegy <[email protected]>
waleed-elmelegy-arm
force-pushed
the
add-iop-key-gen-setup
branch
from
2766f10 to
df186be
Compare
|
Had to force push because the revert commit lacked signing off |
Both of these curves are scheduled to be removed in 4.0, I think it is acceptable to remove these two test cases to have a clean CI. |
Remove generate key brainpool160r1 & SECP224K1 test cases as they are scheduled to be removed in 4.0 . Signed-off-by: Waleed Elmelegy <[email protected]>
yanesca
added
needs-review
paul-elliott-arm
added
approved
|
(API break CI failure is necessary and acceptable.) |
Description
Partially fixes #9106
fixes #9642
Add PSA interruptible key generation setup & abort APIs
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.
Notes for the submitter
Please refer to the contributing guidelines, especially the
checklist for PR contributors.
Help make review efficient: