Implementation-specific extension: Keys may allow a second algorithm #128
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Manually cherry-picked from ca5bed7 by taking that patch, replacing KEYPAIR by KEY_PAIR throughout (renaming applied in this branch), and discarding parts about import_twice in test_suite_psa_crypto (this test function was removed from this branch).
In the tests for opening a persistent key after closing it, also read back and check the key data if permitted by policy, and the key policy.
gilles-peskine-arm
added
enhancement
gilles-peskine-arm
force-pushed
the
psa-policy_alg2-api
branch
from
f683c3d to
6202c99
Compare
|
CI passing except for expected failures because the API branch is not up-to-date (use_psa_crypto, ABI check, TLS). |
| * An operation on a key may indifferently use the algorithm set with | ||
| * psa_set_key_algorithm() or with this function. | ||
| * | ||
| * \param[out] attributes The attribute structure to write to. |
There was a problem hiding this comment.
Fixed in rebase. No other changes.
AndrzejKurek
previously approved these changes
May 27, 2019
Add a second permitted algorithm to key policies. This commit includes smoke tests that do not cover psa_copy_key.
The storage format has changed, so update the test data accordingly.
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2). This commit only tests with alg2=0, which is equivalent to not setting an enrollment algorithm.
gilles-peskine-arm
force-pushed
the
psa-policy_alg2-api
branch
from
6202c99 to
3027ba6
Compare
AndrzejKurek
approved these changes
May 29, 2019
Patater
removed
the
needs: review
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a second permitted algorithm to key policies, as an implementation-specific feature. This is an experimental feature which may or may not be added to the PSA Crypto API after 1.0.
This is a replay of https://github.com/ARMmbed/mbedtls-psa/pull/266 [private link] on the API branch. Because the development branch and the API branch have diverged (copy key policy, renamed identifiers, changed key creation interface), merging this feature from development to the API branch led to a lot of difficult-to-understand conflicts. Here, I take the commits from https://github.com/ARMmbed/mbedtls-psa/pull/266 one by one and modify them to suit the modern API.
Compared with https://github.com/ARMmbed/mbedtls-psa/pull/266:
PSA_ECC_CURVE_BITShave already been merged through PSA: EC curve size macro #107.docs/architecture/mbed-crypto-storage-specification.mdbecause this file has not been modified in the API branch.Once this PR is merged, the next step is to merge
developmentintopsa-api-1.0-beta. This merge will have conflicts but they will be easy to resolve (the merge commit is at https://github.com/gilles-peskine-arm/mbed-crypto/tree/psa-api-1.0-beta-merge_development_20190524, I'll make a PR for it once this one is merged).