PSA Sign Hash (Interruptible) Design #6279
Conversation
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
2 times, most recently
from
e3295ff
to
c5ac7f5
Compare
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
from
c5ac7f5
to
dae46e1
Compare
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
from
dae46e1
to
6b934da
Compare
|
CI Fail is due to 'missing' error code. I could fix this by defining it in file for the time being, if this is acceptable. |
paul-elliott-arm
added
enhancement
needs-design-approval
needs-review
|
You need to define the new error code, either in |
paul-elliott-arm
changed the title
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
from
6b934da
to
33de902
Compare
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
from
33de902
to
2a5e792
Compare
daverodgman
removed
the
needs-reviewer
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
from
2a5e792
to
e467aca
Compare
Signed-off-by: Paul Elliott <[email protected]>
paul-elliott-arm
force-pushed
the
psa_sign_hash_interruptable
branch
from
84acf6c
to
0cb0972
Compare
gilles-peskine-arm
added
the
needs-review
There was a problem hiding this comment.
I marked my comments as [T] for technical content that might affect the work in progress on implementation, and [E] for purely editorial comments.
There is quite a bit of repeated content (e.g. same note on sign and verify functions). When a comment of mine applies in multiple places, I have generally only reported it once. All comments in this review should be understood as “also applies in other places where applicable”.
I have verified that all my and @tom-cosgrove-arm 's comments from previous reviews have been addressed (or in one case, re-raised).
| */ | ||
|
|
||
| /** The type of the state data structure for interruptible hash | ||
| * verification operations. |
There was a problem hiding this comment.
[E]
| * verification operations. | |
| * signing operations. |
| * Implementation details can change in future versions without notice. */ | ||
| typedef struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_t; | ||
|
|
||
| /** The type of the state data structure for interruptible hash signing |
There was a problem hiding this comment.
[E]
| /** The type of the state data structure for interruptible hash signing | |
| /** The type of the state data structure for interruptible hash verification |
| * code; or to free the relevant context if the | ||
| * operation is to be aborted. | ||
| * | ||
| * \note The interpretation of this maximum number is |
There was a problem hiding this comment.
[E] What maximum number? Notes can be read out of order.
More generally this paragraph could use a rewrite, keeping the (lack of) context in mind.
| * \note The interpretation of this maximum number is | ||
| * obviously also implementation defined. On a | ||
| * hard real time system, this can indicate a hard | ||
| * deadline, which is good, as a real-time system |
There was a problem hiding this comment.
[E] This reads a bit too judgmental for a specification.
| * operation is to be aborted. | ||
| * | ||
| * \note The interpretation of this maximum number is | ||
| * obviously also implementation defined. On a |
There was a problem hiding this comment.
[E] Avoid “obviously”: if it was obvious, it wouldn't need stating explicitly.
| * operation. | ||
| * | ||
| * \retval #PSA_ERROR_NOT_SUPPORTED | ||
| * \retval #PSA_ERROR_INVALID_ARGUMENT |
There was a problem hiding this comment.
[T] Also NOT_PERMITTED.
| * please call this function again with the same operation object. | ||
| * | ||
| * \retval #PSA_ERROR_INVALID_HANDLE | ||
| * \retval #PSA_ERROR_NOT_PERMITTED |
There was a problem hiding this comment.
[T] No, NOT_PERMITTED would be detected at the start.
| * returned by the function performing the | ||
| * computation. It is then the caller's | ||
| * responsibility to either call again with the | ||
| * same parameters until it returns 0 or an error |
There was a problem hiding this comment.
[T] Same operation context, not same parameters. The other parameters can be different. For example, the output of psa_sign_hash_complete can be a stack variable in an intermediate function which is a different pointer at each call.
| * interface stability promises, and will only | ||
| * leave beta after implementation. |
There was a problem hiding this comment.
[T] Remove “will only leave beta after implementation”. It's not like the interface really exists until implementation, and it will stay beta for some time after implementation. It'll leave beta when we say it's out of beta and no sooner.
| * Operation was interrupted due to the setting of \c | ||
| * psa_interruptible_set_max_ops(), there is still work to be done, | ||
| * please call this function again with the same operation object. |
There was a problem hiding this comment.
[T]
| * Operation was interrupted due to the setting of \c | |
| * psa_interruptible_set_max_ops(), there is still work to be done, | |
| * please call this function again with the same operation object. | |
| * The operation was interrupted due to the setting of | |
| * \c psa_interruptible_set_max_ops(). There is still work to be done. | |
| * Call this function again with the same operation object. |
|
I'm marking this as approved for design. We'll still make minor changes to the API, but the fundamentals are good. |
|
General note about this PR: it's in the Mbed TLS repo but is written as a specification that may have multiple implementations. At some point while implementing this, we'll need to replace all places that says "XXX is implementation defined" with a description of what our implementation actually does. |
|
I'm sorry for having such thought that late in the process, but I've just been thinking about the naming for start/complete functions: should rename If this is similar enough to existing multi-part operations, the similarity should be reflected in the names chosen; just as well, if this is different enough, this should be reflected in the names. Note: currently we have similar names for the type Also, I don't think Also, since Gilles mentions that we're likely to want to have multi-part interruptible sign/verify at some point, can we quickly check how the naming scheme would work for that? [Edit: should we have Btw, I've also been wondering if |
There was a problem hiding this comment.
Looks good to me, except perhaps the naming question, which again I'm sorry for not raising earlier. Other than that, I don't have much to add to what Gilles already pointed out (which which I agree, even if I didn't systematically put a 👍 on it).
| * single call is implementation defined. | ||
| * | ||
| * \warning With implementations that interpret this number | ||
| * as a hard limit, setting this number too small |
There was a problem hiding this comment.
Note: the implementation in Mbed TLS is based on a soft limit: we first do one "uninterruptible block" (which can be a rather large number of basic ops, possibly larger than the limit), and only then check if we have budget for the next block. This was done mostly because with such a soft limit approach, progress is guaranteed.
I agree that hard limit implementations would benefit from the kind of thing you suggest, but since we're a soft limit implementation, we won't really be able to test it.
That was the logic:
|
|
All of the discussed changes that I saw as decided upon I have made in the implementation PR (#6737). Will revisit the ongoing discussions in the new year, and update this version if there is more review to be done here. |
| * | ||
| * In particular, calling \c psa_sign_hash_abort() after the operation has | ||
| * already been terminated by a call to \c psa_sign_hash_abort() or | ||
| * \c psa_sign_hash_complete() is safe and has no effect. |
There was a problem hiding this comment.
[T] That's actually not quite true: the abort function resets the value queried by get_num_ops to 0. Also applies to verify.
|
Should we have an implementation note somewhere in here that |
| * the maximum number of ops allowed to be executed by an interruptible | ||
| * function in a single call. | ||
| */ | ||
| #define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED INT32_MAX |
There was a problem hiding this comment.
[t]
| #define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED INT32_MAX | |
| #define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED UINT32_MAX |
|
I assume we no longer intend to merge this one, now that we have #6737. |
|
We don't, but I still have to review the differences between this and #6737. I'm happy that the API #6737 is good enough to release as a beta, but I want to check for differences and re-read some of the discussions with the benefit of having seen the implementation. This doesn't require keeping the PR open. |
daverodgman
added
the
historical-reviewing
|
@paul-elliott-arm can this be closed? |
|
Closing this for now as I think its reached its useful limit. Conversations about renaming functions etc can be done in new issues / PRs |
Description
A design for the psa_sign_hash (interruptible) interface. (Implementation to follow once design agreed). Fixes #6061
Draft for an upcoming PSA Crypto specification version.
Status
READY
Requires Backporting
NO
Migrations
NO
Todos