PSA Update return code for non-existing key in various key operations #4198
Conversation
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
from
3ee50a2 to
70b4301
Compare
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
from
bb12893 to
aac7145
Compare
bensze01
added
the
needs-review
library/psa_crypto_slot_management.h
Outdated
| * | ||
| * \retval #PSA_SUCCESS | ||
| * \retval #PSA_ERROR_INVALID_HANDLE |
There was a problem hiding this comment.
Originally posted by @Summer-ARM in #4189 (comment)
sorry, do I miss something? didn't see this return value in the function implementation.
There was a problem hiding this comment.
@Summer-ARM It looks like psa_validate_key_id() is returning PSA_ERROR_INVALID_HANDLE instead of PSA_ERROR_INVALID_ARGUMENT, as it's documentation would suggest.
There was a problem hiding this comment.
There is indeed an issue here but not related to the issue this PR is solving. Thus not addressed in this PR. It is now addressed in #4279.
bensze01
changed the title
library/psa_crypto_slot_management.h
Outdated
| * | ||
| * \retval #PSA_SUCCESS | ||
| * \retval #PSA_ERROR_INVALID_HANDLE | ||
| * \p key_id is not a valid key identifier. |
There was a problem hiding this comment.
There is psa_validate_key_id() to validate key identifiers thus why do you introduce such validation in this function that validates the persistence of a key ?
bensze01
added
needs-work
and removed
needs-review
There was a problem hiding this comment.
In its current version, I think that there are still APIs that are returning PSA_ERROR_DOES_NOT_EXIST. The approach of this PR is to fix the return value just before they return. I think it would be better to fix the source of the PSA_ERROR_DOES_NOT_EXIST error code for APIs which seems to be only psa_get_and_lock_key_slot(). This implies some changes in PSA test suites and in the coding of psa_open/close_key() I think. I don't know how much time you can spend on this. Please let me know if you are ok to follow the suggested path of if you prefer me to do it.
|
Hello Ronald,
I have limited time this week as I need to prepare tf-m for your 2.26 release(development branch) and on training next week. If you do not need it soon, I will start looking into this, but I may not be as fast as you 🙂 . So I leave it upto you.
Thank you
Best Regards,
Maulik
…________________________________
From: Ronald Cron <[email protected]>
Sent: Monday, March 8, 2021 2:32 PM
To: ARMmbed/mbedtls <[email protected]>
Cc: Maulik Patel <[email protected]>; Author <[email protected]>
Subject: Re: [ARMmbed/mbedtls] PSA Update return code for non-existing key in various key operations (#4198)
@ronald-cron-arm requested changes on this pull request.
In its current version, I think that there are still APIs that are returning PSA_ERROR_DOES_NOT_EXIST. The approach of this PR is to fix the return value just before they return. I think it would be better to fix the source of the PSA_ERROR_DOES_NOT_EXIST error code for APIs which seems to be only psa_get_and_lock_key_slot(). This implies some changes in PSA test suites and in the coding of psa_open/close_key() I think. I don't know how much time you can spend on this. Please let me know if you are ok to follow the suggested path of if you prefer me to do it.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#4198 (review)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASCUHYX7JDSMYH44AHRQ3GDTCTNYBANCNFSM4YTGTBVA>.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
|
|
I started to investigate what is need to change in the PSA crypto implementation, in order for PSA APIs not to return PSA_ERROR_DOES_NOT_EXIST error code but for the deprecated psa_open_key() and thus address completely #4162. Please have a look to this. I've started to update the unit tests accordingly and I think it seems to go in the right direction, not completed though. Could you check that the changes in PSA crypto as done here fix the issues related to the PSA_ERROR_DOES_NOT_EXIST when running the compliance test suite ? |
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
2 times, most recently
from
ace4792 to
817f07b
Compare
There was a problem hiding this comment.
Thanks for the changes. The final result seems correct to me but I think the commit history should be reworked:
- Remove the three first commits.
- When fixing the return codes in the tests please do it in three commits: one with the fixes for psa_open_key, one with the fixes for psa_close_key and the last one for the other APIs.
Do that locally and then force push. In case you are not familiar with the force push: git push --force maulik-arm/fix-4162.
|
Please use |
|
I never had any issue with --force but if --force-with-lease is safer I will use that. |
Update expected return values of psa_open_key() to PSA_ERROR_DOES_NOT_EXIST for invalid key handle operations. Signed-off-by: Maulik Patel <[email protected]>
Update expected return values of psa_close_key() to PSA_ERROR_INVALID_HANDLE for invalid key handle operations. Signed-off-by: Maulik Patel <[email protected]>
Update expected return values of psa_get_key_attributes(), psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE for invalid key. Signed-off-by: Maulik Patel <[email protected]>
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
2 times, most recently
from
53cfe6c to
abfffd2
Compare
|
Hello Ronald, Giles. |
|
|
|
Brilliant. Thanks for the rework. The flow of changes is easy to follow and understand that way. The documentation of psa_open_key already lists PSA_ERROR_DOES_NOT_EXIST and not PSA_ERROR_INVALID_HANDLE (as defined in v1 beta 3 of the spec). I think it is rather the case that the documentation and the code were not aligned before but are aligned now. Thus nothing to change here I think. It seems the only things left to take care of are: |
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
from
abfffd2 to
29ca5d5
Compare
|
Thank you for review Ronald. There is Jenkins Test failure in checks: PR-4198-merging-TLS-Testing (https://jenkins-mbedtls.oss.arm.com/blue/organizations/jenkins/mbed-tls-pr-merge/detail/PR-4198-merge/18/pipeline) showing here.. I tried enabling config MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_BACKTRACE. and MBEDTLS_PLATFORM_MEMORY in config.h and it is passing tests locally on my ubuntu machine (taking really long though). Is there any cause of concern here? |
|
I think it is just a CI timeout thus nothing to worry on your side. |
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
from
29ca5d5 to
aa59823
Compare
Signed-off-by: Maulik Patel <[email protected]>
maulik-arm
force-pushed
the
maulik-arm/fix-4162
branch
from
aa59823 to
f41be14
Compare
ronald-cron-arm
dismissed
bensze01’s stale review
There are two comments associated to this "change requested". The first one is not longer relevant as related to code that is not changed anymore. The second one is still valid but not relevant to this PR and addressed in #4279.
PSA Update return code for non-existing key in various key operations
PSA Crypto API spec requests key operation to return error code PSA_ERROR_INVALID_HANDLE when the key doesn't exist. However, according to [1], PSA key operation implementation in Mbed TLS returns PSA_ERROR_DOES_NOT_EXIST instead. TF-M currently works normally since TF-M specific key handle check will return PSA_ERROR_INVALID_HANDLE for a non-existing key, without calling Mbed TLS PSA key operation. Apply the merged Mbed TLS fix to TF-M to prepare for enhancement of TF-M key handle check. [1]: Mbed-TLS/mbedtls#4198 Change-Id: I79dda1c54dc8377afbfaefdf180bb81c7ff99f02 Signed-off-by: David Hu <[email protected]>
Description
Update return code for non-existing key in various key operations
Fixes issue #4162
Status
READY
Requires Backporting
No, PSA only.
Migrations
If there is any API change, what's the incentive and logic for it.
YES | NO
Additional comments
Any additional information that could be of interest