-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interruptible/bounded-latency asymmetric operations #23
Comments
Counter-proposalAfter doing more analysis of the Mbed TLS experimental API for interruptible sign-hash operations, and considering additional future use cases for asymmetric signature operations, I would like to propose a different (but similar) interface for these operations. The background, analysis, and rationale is rather much to put into a comment in this issue, and may be important for future work that addresses some of the use cases. So I've written this up as discussion topic #98. I've replicated the interruptible API definition part of that below. API design proposalThe API concepts are the same: the The proposed structures and functions for interruptible signature operations, are as follows:
Many signature and verification algorithms involve complex processing of the key and/or signature prior to processing the message data. This is why the setup functions have a matching completion function that enables this step to be interruptible. The application must either provide a message digest by calling The structure and naming of this API does permit Mbed TLS to continue to provide its experimental interruptible sign-hash API, implemented as a thin wrapper over this proposal. Example usage of the interruptible sign operationThis is simplified code, to demonstrate the API flow.
|
Use case
There are some systems in which there is a requirement for asymmetric cryptographic operations in execution contexts that cannot tolerate long-running functions. However, some asymmetric operations have long, very long, or even arbitrary execution times.
For example, these use cases can arise in constrained microcontrollers that have real-time response requirements, or in firmware that executes in highly-privileged execution modes.
Proposal
The long-duration asymmetric operations are typically composed of many repeated smaller steps. If the Crypto API exposed a mechanism for the application to perform the operation in a step-wise — 'interruptible' — manner, then the application can meet the bounded-latency requirement by repeatedly calling the API to make progress on the operation.
Mbed-TLS now has a prototype API for interruptible hash signature operations (sigh-hash and verify-hash), which effectively proposes a general pattern for this type of API.
The API is composed of the following building-blocks. For details of the proposal please see Mbed-TLS/mbedtls#6279.
PSA_OPERATION_INCOMPLETE
(macro)This is a non-error status code to indicate an incomplete interruptible operation. This is already defined in the Status code API.
ops
This is a term used to describe a 'unit of work' that can be carried out within an interruptible operation. The actual 'size' or time duration for one op is implementation- and function- specific, and can also be dependent on the algorithm inputs (such as the key size).
An application can set a global 'max ops' value, that limits the ops performed within any interruptible function. If an interruptible function does not complete before reaching this threshold it will return
PSA_OPERATION_INCOMPLETE
instead of an error or success status.The current threshold can also be queried. When an interruptible operation completes, the application can also query the total number of ops required: this can allow an application to tune the threshold value it uses.
Interruptible operation object
An interruptible operation requires the management of state relating to the operation. This is held (or referenced, depending on implementation) in an implementation-defined object that this allocated by the application. The allocation and lifecycle of these objects follows a similar pattern to that used for multi-part operations in the existing API.
Interruptible operation objects must be initialized before first use, also like the multi-part operation objects.
Interruptible operation sequence
Each interruptible operation will have a set-up function to provide the input parameters. This is typically named
psa_xxx_start()
, for example,psa_sign_hash_start()
.To progress the operation, a matching
psa_xxx_complete()
function is called repeatedly, providing any required output parameters:PSA_SUCCESS
is returned.PSA_OPERATION_INCOMPLETE
is returned. The caller should invoke thepsa_xxx_complete()
function againOn successful completion, the operation object is reset, but can still be queried to determine the number of ops required.
On error, the operation object enters an error state, and must be reset by a call to
psa_xxx_abort()
. The application can also callpsa_xxx_abort()
to cancel an in-progress interruptible operation.The text was updated successfully, but these errors were encountered: