-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add multipart cipher accelerator support and test driver #3644
Add multipart cipher accelerator support and test driver #3644
Conversation
@danh-arm Can you tell me what the internal CI is complaining about this time? |
The only CI failure is the ABI check, which signals that some structures in |
I've had a quick look to the commits and overall it looks as I was expecting (following the review of #3501) with regard to changes in psa_crypto.c, psa_crypto_driver_wrappers.c and the testing. Please rebase on top of development and update the changes according to the review of #3501 and I will do the complete review. |
Awesome, thanks. Will do tomorrow. |
Like Ronald, I've had a quick look and the general shape looks about right. I would suggest one design change: rather than a “cipher” driver, I think it makes more sense to have a “multipart” driver, which would be extended later with multipart hash, MAC and AEAD. |
Not sure I agree. I'm more convinced these should be grouped by functional (algorithm) group. |
5436492
to
e3fa23d
Compare
@ronald-cron-arm and @gilles-peskine-arm, I've now rebased, so actual review can go ahead. |
(void) iv; | ||
(void) iv_size; | ||
(void) iv_length; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto, please add the "usual" code for negative testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
(void) operation; | ||
(void) iv; | ||
(void) iv_length; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto, code for negative testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -39,3 +39,87 @@ generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS | |||
|
|||
generate_key through transparent driver: error | |||
generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add some negative testing as well as you did in #3501. We should have for each driver entry point at least one test where the driver entry point returns in error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@gilles-peskine-arm and @ronald-cron-arm , your review comments should now be incorporated in the changes. The one exception is negative testing, which I'll add, but I'd like you to review the changes already while I work on the negative testcases. |
The pr-merge job passed except for the expected ABI change in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly looking good, but a few issues remain.
@gilles-peskine-arm thanks for the continued feedback. All issues you flagged should now be resolved. |
@ronald-cron-arm negative testing is now implemented too. |
ok, thanks, looking. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for all the changes especially the addition of negative testing. Here is my second round of review, mostly suggestions for improvement.
@ronald-cron-arm Your feedback has been taken into account. Does this look good to you now? |
Thanks. I am attending a training right know. I will look at it this afternoon. |
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Added zeroization of the wrapper context on failure/abort, and reliance on the crypto core to not call an uninitialised wrapper. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
As pointed out by Ronald. The key slot is populated using get_key_from_slot, and after calling the driver the slot is validated to not contain an external key, so calling get_transparent_key is superfluous. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
As pointed out by Gilles Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
* Reworked the cipher context once again to be more robustly defined * Removed redundant memset * Unified behaviour on failure between driver and software in cipher_finish * Cipher test driver setup function now also returns early when its status is overridden, like the other test driver functions * Removed redundant test cases * Added bad-order checking to verify the driver doesn't get called where the spec says it won't. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
4d55104
to
6d81f7e
Compare
Rebased onto development due to merge conflict after merge of #3480. @ronald-cron-arm and @gilles-peskine-arm, please re-approve. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've been through the rebase myself and ended-up with a result compatible with the result in this PR. LGTM.
Description
This PR adds support for delegating multipart cipher operations to an accelerator driver complying to the spec in #3493. It also adds a multipart cipher test driver implementing AES-CTR, as requested in #3345. Test suite tests are added to make sure the test driver is called when expected.
Status
READY
Requires Backporting
NO
Migrations
NO
Additional comments
NOTE: this PR currently depends on #3501 (reflected in the fact that it is based on the head of 3501). Will rebase once 3501 gets merged to development, so for review, please only look at commits e6167ca .. b9eddca.
Todos
Steps to test or reproduce
Tests are added to the test suite.