PSA Storage: Add psa_trusted_storage_linux persistent storage support for v1.0.0 APIs #180
Conversation
simonqhughes
changed the title
|
@jenia81 @moshe-shahar @shelib01 Please request the project administrators to add you as reviewers as I'm unable to do so. |
library/CMakeLists.txt
Outdated
| @@ -1,7 +1,6 @@ | |||
| option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON) | |||
| option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF) | |||
| option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF) | |||
| option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." ON) | |||
There was a problem hiding this comment.
5c61791
@Patater ,
@simonqhughes revert this commit because of the tests fails.
Can you please help me integrate that change so it will not fails the tests?
|
This PR has been submitted to mbedtls, which @Patater request for completing automated testing of the current PR: |
include/mbedtls/config.h
Outdated
| #if ! defined(MBEDTLS_PSA_ITS_FILE_C_STORAGE_PREFIX) | ||
| #define MBEDTLS_PSA_ITS_FILE_C_STORAGE_PREFIX "" | ||
| #endif | ||
|
|
There was a problem hiding this comment.
Please revert the config.h changes. Each new option is something we are stuck with for a long time, and it seems like these are options made just for now.
- MBEDTLS_PSA_ITS_FILE_C_INCLUDE_TEST is so we can test the Linux-native PSA storage using Mbed Crypto's test suite. Long term, the Linux-native PSA storage library would have its own test suite and Mbed Crypto could trust that it is implemented correctly and just use it. Mbed Crypto's own ITS tests would test that its own impelementation of ITS was OK, and, even if it doesn't do so now, it can make assumptions about the implementation that a more generic test couldn't.
MBEDTLS_PSA_ITS_FILE_C_STORAGE_PREFIXisn't needed. We could addPSA_ITS_STORAGE_PREFIXto your Mbed TLS user config file for the same effect.
library/psa_crypto_storage.c
Outdated
| @@ -40,6 +40,7 @@ | |||
| #else /* Native ITS implementation */ | |||
| #include "psa/error.h" | |||
| #include "psa/internal_trusted_storage.h" | |||
|
|
|||
There was a problem hiding this comment.
Avoid adding this extra newline, please.
There was a problem hiding this comment.
OK, extra line removed. Thanks.
library/psa_its_file.c
Outdated
| @@ -44,7 +44,7 @@ | |||
| #include <stdio.h> | |||
| #include <string.h> | |||
|
|
|||
| #define PSA_ITS_STORAGE_PREFIX "" | |||
| #define PSA_ITS_STORAGE_PREFIX MBEDTLS_PSA_ITS_FILE_C_STORAGE_PREFIX | |||
There was a problem hiding this comment.
Suggested change:
- #define PSA_ITS_STORAGE_PREFIX ""
+ #if !defined(PSA_ITS_STORAGE_PREFIX)
+ #define PSA_ITS_STORAGE_PREFIX ""
+ #endifThere was a problem hiding this comment.
OK thanks. Done.
| #include "../library/psa_crypto_its.h" | ||
| #else | ||
| #include "psa/internal_trusted_storage.h" | ||
| #endif |
There was a problem hiding this comment.
Probably don't need this change if we remove MBEDTLS_PSA_ITS_FILE_C_INCLUDE_TEST, since this test isn't really meant to test any "psa/internal_trusted_storage.h" implementation, just Mbed Crypto's own.
library/psa_its_file.c
Outdated
| @@ -137,7 +137,8 @@ psa_status_t psa_its_get_info( psa_storage_uid_t uid, | |||
| psa_status_t psa_its_get( psa_storage_uid_t uid, | |||
| uint32_t data_offset, | |||
| uint32_t data_length, | |||
| void *p_data ) | |||
| void *p_data, | |||
| size_t* p_data_length ) | |||
There was a problem hiding this comment.
Please put the * next to the variable name, not the type.
|
|
||
| ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) ); | ||
|
|
||
| PSA_ASSERT( psa_its_set_wrap( uid, data1->len, data1->x, flags1 ) ); | ||
| PSA_ASSERT( psa_its_get_info( uid, &info ) ); | ||
| TEST_ASSERT( info.size == data1->len ); | ||
| TEST_ASSERT( info.flags == flags1 ); | ||
| PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer ) ); | ||
| PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer, &ret_len ) ); |
There was a problem hiding this comment.
We should probably assert that ret_len is equal to data1->len.
| ASSERT_COMPARE( data1->x, data1->len, buffer, data1->len ); | ||
|
|
||
| PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) ); | ||
| PSA_ASSERT( psa_its_get_info( uid, &info ) ); | ||
| TEST_ASSERT( info.size == data2->len ); | ||
| TEST_ASSERT( info.flags == flags2 ); | ||
| PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer ) ); | ||
| ret_len = 0; | ||
| PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer, &ret_len ) ); |
There was a problem hiding this comment.
We should probably assert that ret_len is equal to data2->len.
| @@ -143,11 +152,11 @@ void set_multiple( int first_id, int count ) | |||
| { | |||
| mbedtls_snprintf( stored, sizeof( stored ), | |||
| "Content of file 0x%08lx", (unsigned long) uid ); | |||
| PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved ) ); | |||
| PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved, &ret_len ) ); | |||
There was a problem hiding this comment.
We should probably assert that ret_len is equal to sizeof( stored ).
| ASSERT_COMPARE( retrieved, sizeof( stored ), | ||
| stored, sizeof( stored ) ); | ||
| PSA_ASSERT( psa_its_remove( uid ) ); | ||
| TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) == | ||
| TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) == |
There was a problem hiding this comment.
Good to see that we are also testing the NULL data_length parameter case.
|
|
||
| ASSERT_ALLOC( buffer, length + 16 ); | ||
| trailer = buffer + length; | ||
| memset( trailer, '-', 16 ); | ||
|
|
||
| PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) ); | ||
|
|
||
| status = psa_its_get( uid, offset, length_arg, buffer ); | ||
| status = psa_its_get( uid, offset, length_arg, buffer, &ret_len ); |
There was a problem hiding this comment.
We should probably assert that ret_len is equal to length when status == PSA_SUCCESS
|
This PR should be squashed and merged. The following is offered as the squash commit message having done the rework: |
library/psa_crypto_its.h
Outdated
| @@ -106,7 +107,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, | |||
| psa_status_t psa_its_get(psa_storage_uid_t uid, | |||
| uint32_t data_offset, | |||
| uint32_t data_length, | |||
| void *p_data); | |||
| void *p_data, | |||
| size_t* p_data_length ); | |||
There was a problem hiding this comment.
Please put the * next to the variable name.
|
|
||
| status = psa_its_get_info( data_identifier, &data_identifier_info ); | ||
| if( status != PSA_SUCCESS ) | ||
| return( status ); | ||
|
|
||
| status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data ); | ||
| status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length ); |
There was a problem hiding this comment.
Should we check data_length is equal to data_size and return an error (probably PSA_ERROR_STORAGE_FAILURE) if not?
There was a problem hiding this comment.
yes, its better.
| TEST_ASSERT( status == (psa_status_t) expected_status ); | ||
| if( status == PSA_SUCCESS ) | ||
| { | ||
| TEST_ASSERT( (size_t) length_arg == ret_len ); | ||
| ASSERT_COMPARE( data->x + offset, length, |
There was a problem hiding this comment.
We can do this in one assert if we replace the second length with length_arg. Same applies to other similar asserts added in this PR.
There was a problem hiding this comment.
I think you mean the code changes to the following (which uses ret_len rather than length_arg):
if( status == PSA_SUCCESS )
ASSERT_COMPARE( data->x + offset, length,
buffer, ret_len );
Otherwise you're not testing the returned value. The above is the change that will go into the rework as I think this is what you're requesting.
However, it would be better to have this:
if( status == PSA_SUCCESS )
ASSERT_COMPARE( data->x + offset, length_arg, buffer, ret_len );
as it's length_arg that's supplied to the psa_its_get(), not length which may be different. This version tests psa_its_get() rather than get_at().
But I think this is marginal.
There was a problem hiding this comment.
Yes, I like your suggestion better, to match what's passed to psa_its_get().
There was a problem hiding this comment.
Ok, will change it to the new version.
Patater
added
needs: review
The following provides more information on this PR: - PSA stands for Platform Security Architecture. - Add support for use of psa_trusted_storage_api internal_trusted_storage.h v1.0.0 as the interface to the psa_trusted_storage_linux backend (i.e. for persistent storage when MBEDTLS_PSA_ITS_FILE_C is not defined). This requires changes to psa_crypto_its.h and psa_crypto_storage.c to migrate to the new API.
|
CI failure on merge run is flaky |
This PR should be squashed and merged. The following is offered as the squash commit message: