Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement interruptible ECC export-public #9510

Closed
gilles-peskine-arm opened this issue Aug 27, 2024 · 3 comments
Closed

Implement interruptible ECC export-public #9510

gilles-peskine-arm opened this issue Aug 27, 2024 · 3 comments
Labels
component-psa PSA keystore/dispatch layer (storage, drivers, …) size-m Estimated task size: medium (~1w)

Comments

@gilles-peskine-arm
Copy link
Contributor

Implement and test interruptible export-public-key functions as specfied in ARM-software/psa-api#199 :

psa_status_t psa_export_public_key_iop_abort(psa_export_public_key_iop_t * operation);
psa_status_t psa_export_public_key_iop_complete(psa_export_public_key_iop_t * operation,
                                                uint8_t * data,
                                                size_t data_size,
                                                size_t * data_length);
uint32_t psa_export_public_key_iop_get_num_ops(psa_export_public_key_iop_t * operation);
psa_export_public_key_iop_t psa_export_public_key_iop_init(void);
psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t * operation,
                                             psa_key_id_t key);

The scope of this issue is:

  • The functions work for all key pair and public-key types.
  • For RSA and DH, complete() returns on the first call.
  • For ECC, complete() is interruptible according to the iop setting.
  • Unit test to the usual coverage level.
@gilles-peskine-arm gilles-peskine-arm added component-psa PSA keystore/dispatch layer (storage, drivers, …) size-m Estimated task size: medium (~1w) labels Aug 27, 2024
@paul-elliott-arm paul-elliott-arm mentioned this issue Aug 28, 2024
Closed
@paul-elliott-arm
Copy link
Member

Given we don't support RSA / DH keys for any other interruptible operation, I think for the first version, given how short we are on time I would just implement ECC keys for now. The others can be added later when we have more time - its not the implementation that is going to take time here, but all the testing and extended testing that this will bring in, and we are already over time.

@gilles-peskine-arm
Copy link
Contributor Author

I think for the first version, given how short we are on time I would just implement ECC keys for now.

Good point, in the first pass we should focus on what we need for X.509/TLS. Those modules go through pk. So we can do the selection of interruptible APIs in pk, which requires less testing because it'll be oriented towards how it's eventually used in X.509/TLS and we don't need much testing beyond what's covered by the X.509/TLS usage.

@gilles-peskine-arm gilles-peskine-arm mentioned this issue Aug 28, 2024
Open
6 tasks
@paul-elliott-arm
Copy link
Member

paul-elliott-arm commented Sep 27, 2024
edited
Loading

Closing this as we are splitting it into 5 parts:

PSA Headers : #9646
Setup and Abort Functions : #9647
Complete function and full tests: #9648
IOP based functions and tests: #9649
Driver wrappers: #9650

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-psa PSA keystore/dispatch layer (storage, drivers, …) size-m Estimated task size: medium (~1w)
Projects
Mbed TLS Epics
Status: PSA Interruptible ECC (Part 2)
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gilles-peskine-arm @paul-elliott-arm and others