Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add PSA interruptible key generation get num ops API #9665

Merged
merged 5 commits into from
Dec 2, 2024
Merged

Add PSA interruptible key generation get num ops API #9665

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
208c01b
Add PSA interruptible key generation get num ops API
waleed-elmelegy-arm Nov 13, 2024
c05a7f8
Add testing for PSA iop key generation get num ops API
waleed-elmelegy-arm Nov 13, 2024
f7ebd73
Add Changelog entry for interruptible key generation
waleed-elmelegy-arm Nov 18, 2024
6305f5d
Improve clarity of num_ops comparison in iop key generation testing
waleed-elmelegy-arm Nov 29, 2024
19d418a
Clarify why we set num_ops to 1 in iop key generation
waleed-elmelegy-arm Nov 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions ChangeLog.d/add-psa-iop-generate-key.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Features
* Add an interruptible version of generate key to the PSA interface.
See psa_generate_key_iop_setup() and related functions.
5 changes: 3 additions & 2 deletions tf-psa-crypto/core/psa_crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8121,8 +8121,7 @@ static psa_status_t psa_generate_key_iop_abort_internal(
uint32_t psa_generate_key_iop_get_num_ops(
psa_generate_key_iop_t *operation)
{
(void) operation;
return 0;
return operation->num_ops;
}

psa_status_t psa_generate_key_iop_setup(
Expand Down Expand Up @@ -8197,6 +8196,8 @@ psa_status_t psa_generate_key_iop_complete(
goto exit;
}

operation->num_ops = mbedtls_psa_generate_key_iop_get_num_ops(&operation->ctx);

status = psa_import_key(&operation->attributes,
key_data + (sizeof(key_data) - key_len),
key_len,
Expand Down
6 changes: 6 additions & 0 deletions tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -596,6 +596,12 @@ psa_status_t mbedtls_psa_key_agreement_ecdh(

#if defined(MBEDTLS_ECP_RESTARTABLE)

uint32_t mbedtls_psa_generate_key_iop_get_num_ops(
mbedtls_psa_generate_key_iop_t *operation)
{
return operation->num_ops;
}

psa_status_t mbedtls_psa_ecp_generate_key_iop_setup(
mbedtls_psa_generate_key_iop_t *operation,
const psa_key_attributes_t *attributes)
Expand Down
11 changes: 11 additions & 0 deletions tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,17 @@ psa_status_t mbedtls_psa_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);

/**
* \brief Get the total number of ops that a key generation operation has taken
* Since it's start.
*
* \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use.
* This must be initialized first.
* \return Total number of operations.
*/
uint32_t mbedtls_psa_generate_key_iop_get_num_ops(
mbedtls_psa_generate_key_iop_t *operation);

/**
* \brief Setup a new interruptible key generation operation.
*
Expand Down
19 changes: 19 additions & 0 deletions tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10099,6 +10099,9 @@ void generate_key(int type_arg,
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t iop_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_generate_key_iop_t operation = PSA_GENERATE_KEY_IOP_INIT;
size_t num_ops_prior = 0;
size_t num_ops = 0;


PSA_ASSERT(psa_crypto_init());

Expand Down Expand Up @@ -10162,8 +10165,20 @@ void generate_key(int type_arg,
goto exit;
}

num_ops_prior = psa_generate_key_iop_get_num_ops(&operation);
TEST_EQUAL(num_ops_prior, 0);

do {
status = psa_generate_key_iop_complete(&operation, &iop_key);

if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) {
num_ops = psa_generate_key_iop_get_num_ops(&operation);
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved

TEST_ASSERT(num_ops > num_ops_prior);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: we have TEST_LE_U which is similar to TEST_EQUAL, but for <=, the advantage being that it displays the values on failure.

Suggested change
TEST_ASSERT(num_ops > num_ops_prior);
TEST_LE_U(num_ops_prior + 1, num_ops);

We could define TEST_GT_U and variants for better readability.


num_ops_prior = num_ops;
}

} while (status == PSA_OPERATION_INCOMPLETE);

TEST_EQUAL(status, PSA_SUCCESS);
Expand All @@ -10178,6 +10193,10 @@ void generate_key(int type_arg,
status = psa_generate_key_iop_complete(&operation, &iop_key);
TEST_EQUAL(status, PSA_ERROR_BAD_STATE);

TEST_EQUAL(psa_generate_key_iop_abort(&operation), PSA_SUCCESS);
num_ops = psa_generate_key_iop_get_num_ops(&operation);
TEST_EQUAL(num_ops, 0);

exit:
psa_generate_key_iop_abort(&operation);
/*
Expand Down