-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The PSA code is not thread-safe #3263
Comments
Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-919 |
@gilles-peskine-arm - could you please point me to current equivalent of https://armmbed.github.io/mbed-crypto/html/general.html#concurrent-calls, and/or any relevant documentation on this issue? |
@AndrzejKurek The section has been moved to https://armmbed.github.io/mbed-crypto/html/overview/conventions.html#concurrency. Every function that accesses a key slot already calls We should also validate that mutexes are used correctly (e.g. no double lock, no unlock on a non-locked mutex, no mutex left unlocked); I think that with Testing concurrent behavior is out of scope of this task. We don't have the prerequisites to write portable concurrent applications (our platform abstraction for threading doesn't include thread management, only concurrency management between externally created threads). |
Should this replace the key slot locking mechanism from |
Ah, sorry, I'd forgotten about that. The So the behavior should be:
|
Please take a look at this PoC: AndrzejKurek@f6ad162 |
Hello! We've got a workaround in place to do the following now in the Debian package tests: |
Yeah took that from rust-psa-crypto's CI script, which runs the tests with one thread only probably because of this very issue? https://github.com/parallaxsecond/rust-psa-crypto/blob/main/ci.sh#L39 |
Can you please update if the fix for this is planned ? If yes, by when can we expect it in the repo ? We plan to introduce PSA API's for our crypto accelerators and the applications using these need the implementation to be thread safe. |
@ruchi393 We'd like to fix this soon. We're currently looking at our planning for Jul-Sep and trying to see if this will fit. |
The roadmap has just been updated. We can't commit to September, but we're aiming to have this in the |
Closing as completed by Threading MVP Epic |
Description
The PSA Cryptography API specification defines who is responsible for managing concurrency in calls to the PSA Cryptography API, between the applications and the implementation.
In a nutshell, it's up to the application to not use operation objects concurrently, and it's up to the implementation to allow concurrent use of the key store.
Mbed Crypto currently does not have any protection against concurrent use of the key store, so it cannot be used in a multithreaded application.
As a first step, the goal of this issue is to comply with the API specification and nothing more. Just support API calls that access keys from concurrent threads. Protect the key store with a lock. Take the lock in any function that accesses the key store (in
psa_get_key_slot
), and add a release function. All API functions must call the release function before returning.This means that we do I/O to store and load persistent keys, and wait for a response from a secure element or hardware accelerator, with a lock held. This isn't ideal, but can be fixed later.
Note that to make the code fully thread-safe, RNG access must be protected, not just key access. This is tracked in #3391. RNG queries (not initialization or explicit reseeding, but including automatic reseeding) are thread-safe when using the built-in PRNG, but not when using
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
.Issue request type
The text was updated successfully, but these errors were encountered: