-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PK tests: use PSA to generate keypairs when USE_PSA is enabled #7393
Merged
Merged
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
b6891b1
pk: add alternate function for keypair generation using PSA
valeriosetti 37194b9
gen_key: limit EC key generation to when USE_PSA is disabled
valeriosetti 0b30442
ecp: revert changes to ECP module and related tests/programs
valeriosetti 12a063a
test: use proper macros for PSA init/done
valeriosetti b3f20da
test: fix error handling in the new pk_genkey_ec() function
valeriosetti 7816c24
test: fix guards position in test_suite_pk
valeriosetti File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only test but I think we should also destroy key if key generation fails in the middle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it seems to me that this is the only point in that function for which there is a
return
instead ofgoto exit
. However this seems ok to me since ifpsa_generate_key
fails then there should be nothing to destroy. Other failures destroy the key. What am I missing?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that is all true. I'm not sure if we shouldn't also destroy key here. But looking at the description of
psa_generate_key
:It seems that current version is correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I would expect
psa_generate_key()
to act in an atomic way: either it succeeds, or it leave the key slot unchanged, so that callers don't need to call destroy on failure. However I checked the documentation and it doesn't say explicitly. I checked other uses in the library, and they seem to only call destroy when generate succeeded but an error occurred later. So I think the code is fine as it is, but out of precaution I'll ask on the PSA Crypto API channel.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I apparently didn't get enough sleep last night, because the documentation does say: "key On success, an identifier for the newly created key. PSA_KEY_ID_NULL on failure." So, we don't need to call
destroy()
on failure here. (It would however be legal, aspsa_destroy_key(PSA_KEY_ID_NULL)
is guaranteed to do nothing an return success.)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a general principle that a PSA function doesn't affect the system state on failure. (It might leave its in-out arguments in a changed state on failure, however: multipart operation functions put the operation object in an error state when they fail.)
psa_generate_key
and the other key creation functions are guaranteed to set thekey_id
output argument to 0 on failure. So it's guaranteed that callingpsa_destroy_key(key_id)
is always correct, but it's also guaranteed that it's a no-op if the creation function fails.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I should refresh the page more often when replying to comments :) I hadn't seen your replies when I wrote mines.