[Backport 3.6] PSA: use static key slots to store keys #9448
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
valeriosetti
added
needs-review
|
I removed the |
valeriosetti
force-pushed
the
psa-use-static-slots-backport
branch
from
3b4b7bc to
1c68450
Compare
|
Note: conflicts |
This was referenced Oct 4, 2024
|
Now that the main PR has been approved, please complete and rebase this backport. |
gilles-peskine-arm
added
needs-work
size-s
valeriosetti
force-pushed
the
psa-use-static-slots-backport
branch
from
1c68450 to
a65c8a0
Compare
valeriosetti
added
needs-review
|
I've just backported all the commits from #9302 to |
tests/suites/test_suite_pkwrite.data
Outdated
| depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C | ||
| pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.pem":TEST_PEM | ||
| depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 | ||
| pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.pem":TEST_PEM |
There was a problem hiding this comment.
How come this line needs ../../framework but line 7 only needs ../framework?
There was a problem hiding this comment.
Ops, sorry, that's one of the 2 files who had conflicts during the rebase and apprently I missed a change here :/
valeriosetti
force-pushed
the
psa-use-static-slots-backport
branch
from
a65c8a0 to
c6e50d0
Compare
…est symbols - MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always defined because they are only used in test_suite_psa_crypto tests. - MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in PK related test suites. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
…r size Instead of skipping some tests when !MBEDTLS_PSA_STATIC_KEY_SLOTS, add a proper check in the depends_on to verify if MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is actually large enough to contain the key used in such test. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
…EQUEST Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
…RT_RSA_xxx PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096]. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should not be defined in a public header such as "crypto_extra.h". "psa_crypto_helpers.h" is a better option. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- psa_crypto_helpers.h mbedtls-3.6 branch misses some crypto client changes that has been done in the development branch since the LTS release. Therefore CRYPTO_C guard here is more accurate than CRYPTO_CLIENT. - entropy.h In the development branch MBEDTLS_ENTROPY_BLOCK_SIZE is defined when PSA_WANT_ALG_SHA_[256/512] is defined while in the mbedtls-3.6 branch is guarded by MBEDTLS_MD_CAN_SHA[256/512] which is slightly different. Since MBEDTLS_ENTROPY_BLOCK_SIZE is used in some tests's data files, we need to have it defined also if the related test is skipped. Therefore we add the PSA_WANT_ALG_SHA conditions together with the MBEDTLS_MD_CAN_SHA ones to mimic the development behavior. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
valeriosetti
force-pushed
the
psa-use-static-slots-backport
branch
from
b287a40 to
40859ac
Compare
|
I just backported the same changes done in |
gilles-peskine-arm
approved these changes
Oct 23, 2024
There was a problem hiding this comment.
Looks good to me after rebase from my previous approval at b287a40 to the current head at 40859ac.
tom-cosgrove-arm
added
approved
Merged
via the queue into
Mbed-TLS:mbedtls-3.6
with commit Oct 24, 2024
0b8b7a1
4 of 5 checks passed
valeriosetti
added a commit
to valeriosetti/zephyr-mbedtls
that referenced
this pull request
Oct 24, 2024
This commit takes only the relevant part of PR Mbed-TLS/mbedtls#9448 that was merged in upstream Mbed TLS in the LTS branch "mbedtls-3.6". Since the original PR was made of several commits, but most of them were only affecting tests cases (not used in Zephyr), only relevant changes were extracted from the PR and squashed in a single commit. Changes introduced in this commit will be automatically included in 3.6.3, so by the time Zephyr's Mbed TLS fork repo is bumbed to that official release, this commit MUST be discarded. This commit introduces the possibility to use static key slot buffers in the PSA core instead of dynamically allocating them when needed. This helps reducing heap memory usage as well as potentially removing heap management ROM code if heap is not used anywhere else in the Zephyr application. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
valeriosetti
added a commit
to valeriosetti/zephyr-mbedtls
that referenced
this pull request
Oct 24, 2024
This commit takes only relevant changes of PR Mbed-TLS/mbedtls#9448 that was merged in upstream Mbed TLS in the LTS branch "mbedtls-3.6". Since the original PR was made of several commits, but most of them were only affecting tests cases (not used in Zephyr), only changes belonging to the "include" and "library" folders were included here. == IMPORTANT == Changes introduced in this commit will be automatically part of Mbed TLS release 3.6.3, so by the time Zephyr's Mbed TLS fork repo is bumbed to that official release, this commit MUST be discarded. This commit introduces the possibility to use static key slot buffers in the PSA core instead of dynamically allocating them when needed. This helps reducing heap memory usage as well as potentially removing heap management ROM code if heap is not used anywhere else in the Zephyr application. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
carlescufi
pushed a commit
to zephyrproject-rtos/mbedtls
that referenced
this pull request
Nov 20, 2024
This commit takes only relevant changes of PR Mbed-TLS/mbedtls#9448 that was merged in upstream Mbed TLS in the LTS branch "mbedtls-3.6". Since the original PR was made of several commits, but most of them were only affecting tests cases (not used in Zephyr), only changes belonging to the "include" and "library" folders were included here. == IMPORTANT == Changes introduced in this commit will be automatically part of Mbed TLS release 3.6.3, so by the time Zephyr's Mbed TLS fork repo is bumbed to that official release, this commit MUST be discarded. This commit introduces the possibility to use static key slot buffers in the PSA core instead of dynamically allocating them when needed. This helps reducing heap memory usage as well as potentially removing heap management ROM code if heap is not used anywhere else in the Zephyr application. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
frkv
pushed a commit
to frkv/sdk-mbedtls
that referenced
this pull request
Feb 4, 2025
This commit takes only relevant changes of PR Mbed-TLS/mbedtls#9448 that was merged in upstream Mbed TLS in the LTS branch "mbedtls-3.6". Since the original PR was made of several commits, but most of them were only affecting tests cases (not used in Zephyr), only changes belonging to the "include" and "library" folders were included here. == IMPORTANT == Changes introduced in this commit will be automatically part of Mbed TLS release 3.6.3, so by the time Zephyr's Mbed TLS fork repo is bumbed to that official release, this commit MUST be discarded. This commit introduces the possibility to use static key slot buffers in the PSA core instead of dynamically allocating them when needed. This helps reducing heap memory usage as well as potentially removing heap management ROM code if heap is not used anywhere else in the Zephyr application. Signed-off-by: Valerio Setti <vsetti@baylibre.com> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> (Cherry-picked from commit 4952e13)
Dat-NguyenDuy
pushed a commit
to nxp-upstream/zephyr-mbedtls
that referenced
this pull request
Apr 4, 2025
This commit takes only relevant changes of PR Mbed-TLS/mbedtls#9448 that was merged in upstream Mbed TLS in the LTS branch "mbedtls-3.6". Since the original PR was made of several commits, but most of them were only affecting tests cases (not used in Zephyr), only changes belonging to the "include" and "library" folders were included here. == IMPORTANT == Changes introduced in this commit will be automatically part of Mbed TLS release 3.6.3, so by the time Zephyr's Mbed TLS fork repo is bumbed to that official release, this commit MUST be discarded. This commit introduces the possibility to use static key slot buffers in the PSA core instead of dynamically allocating them when needed. This helps reducing heap memory usage as well as potentially removing heap management ROM code if heap is not used anywhere else in the Zephyr application. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This is the backport of #9302 to the 3.6 LTS branch.
PR checklist