Add multipart cipher accelerator support and test driver #3644
Conversation
|
@danh-arm Can you tell me what the internal CI is complaining about this time? |
|
The only CI failure is the ABI check, which signals that some structures in |
|
I've had a quick look to the commits and overall it looks as I was expecting (following the review of #3501) with regard to changes in psa_crypto.c, psa_crypto_driver_wrappers.c and the testing. Please rebase on top of development and update the changes according to the review of #3501 and I will do the complete review. |
|
Awesome, thanks. Will do tomorrow. |
|
Like Ronald, I've had a quick look and the general shape looks about right. I would suggest one design change: rather than a “cipher” driver, I think it makes more sense to have a “multipart” driver, which would be extended later with multipart hash, MAC and AEAD. |
Not sure I agree. I'm more convinced these should be grouped by functional (algorithm) group. |
stevew817
force-pushed
the
feature/transparent_multipart_driver
branch
from
5436492 to
e3fa23d
Compare
|
@ronald-cron-arm and @gilles-peskine-arm, I've now rebased, so actual review can go ahead. |
gilles-peskine-arm
added
component-crypto
| (void) iv; | ||
| (void) iv_size; | ||
| (void) iv_length; | ||
|
|
There was a problem hiding this comment.
Ditto, please add the "usual" code for negative testing.
| (void) operation; | ||
| (void) iv; | ||
| (void) iv_length; | ||
|
|
There was a problem hiding this comment.
ditto, code for negative testing.
|
|
||
| generate_key through transparent driver: error | ||
| generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR | ||
|
|
There was a problem hiding this comment.
Please add some negative testing as well as you did in #3501. We should have for each driver entry point at least one test where the driver entry point returns in error.
|
@gilles-peskine-arm and @ronald-cron-arm , your review comments should now be incorporated in the changes. The one exception is negative testing, which I'll add, but I'd like you to review the changes already while I work on the negative testcases. |
|
The pr-merge job passed except for the expected ABI change in |
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
Mostly looking good, but a few issues remain.
|
@gilles-peskine-arm thanks for the continued feedback. All issues you flagged should now be resolved. |
|
@ronald-cron-arm negative testing is now implemented too. |
|
ok, thanks, looking. |
ronald-cron-arm
left a comment
ronald-cron-arm
left a comment
There was a problem hiding this comment.
Thank you very much for all the changes especially the addition of negative testing. Here is my second round of review, mostly suggestions for improvement.
|
@ronald-cron-arm Your feedback has been taken into account. Does this look good to you now? |
|
Thanks. I am attending a training right know. I will look at it this afternoon. |
|
@ronald-cron-arm Final cosmetic changes done per your request |
Once an operation has been 'accepted' by a driver, the remainder is bound to the same driver, since driver-specific context structs cannot be shared. This provides a pretty good gate mechanism for the fallback logic, too. Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Added zeroization of the wrapper context on failure/abort, and reliance on the crypto core to not call an uninitialised wrapper. Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
As pointed out by Ronald. The key slot is populated using get_key_from_slot, and after calling the driver the slot is validated to not contain an external key, so calling get_transparent_key is superfluous. Signed-off-by: Steven Cooreman <[email protected]>
As pointed out by Gilles Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
* Reworked the cipher context once again to be more robustly defined * Removed redundant memset * Unified behaviour on failure between driver and software in cipher_finish * Cipher test driver setup function now also returns early when its status is overridden, like the other test driver functions * Removed redundant test cases * Added bad-order checking to verify the driver doesn't get called where the spec says it won't. Signed-off-by: Steven Cooreman <[email protected]>
Signed-off-by: Steven Cooreman <[email protected]>
stevew817
force-pushed
the
feature/transparent_multipart_driver
branch
from
4d55104 to
6d81f7e
Compare
|
Rebased onto development due to merge conflict after merge of #3480. @ronald-cron-arm and @gilles-peskine-arm, please re-approve. |
ronald-cron-arm
left a comment
ronald-cron-arm
left a comment
There was a problem hiding this comment.
I've been through the rebase myself and ended-up with a result compatible with the result in this PR. LGTM.
gilles-peskine-arm
removed
the
needs-review
3 participants
Description
This PR adds support for delegating multipart cipher operations to an accelerator driver complying to the spec in #3493. It also adds a multipart cipher test driver implementing AES-CTR, as requested in #3345. Test suite tests are added to make sure the test driver is called when expected.
Status
READY
Requires Backporting
NO
Migrations
NO
Additional comments
NOTE: this PR currently depends on #3501 (reflected in the fact that it is based on the head of 3501). Will rebase once 3501 gets merged to development, so for review, please only look at commits e6167ca .. b9eddca.
Todos
Steps to test or reproduce
Tests are added to the test suite.