Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix and add information around policies #110

Merged
merged 1 commit into from
Apr 14, 2021
Merged

Fix and add information around policies #110

merged 1 commit into from
Apr 14, 2021

Conversation

hug-dev
Copy link
Member

@hug-dev hug-dev commented Apr 14, 2021

Specifically for signing/verifying hashes/messages.

Signed-off-by: Hugues de Valon hugues.devalon@arm.com

@hug-dev
Fix and add information around policies
f252853 
Specifically for signing/verifying hashes/messages.

Signed-off-by: Hugues de Valon <hugues.devalon@arm.com>
@hug-dev hug-dev added the bug Something isn't working label Apr 14, 2021
@hug-dev hug-dev requested a review from ionut-arm as a code owner April 14, 2021 13:11
hug-dev
hug-dev commented Apr 14, 2021
View reviewed changes
src/parsec_client/operations/psa_key_attributes.md
operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys
used when calling PsaSignHash.

This flag automatically sets `sign_message`: if an application sets the flag `sign_hash` when
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and next paragraph might mean that we need to change/adapt our checks in the Parsec interface. Either modify the checks for sign_message or have private fields on the usage flags and setters that do the correct thing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So do we do the fixes in the service first before merging this, or is it irrelevant between releases?

Also, on a similar note, did we ever decide what happens with "versions" of the book? I mean, some parts in the book might change in a way that isn't consistent with version 0.6.0 of the service. How would someone know what the book looked like back then, and how it changed since?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So do we do the fixes in the service first before merging this, or is it irrelevant between releases?

I think it's ok to merge this but we should create the relevent issues on the various repos. I think mostly psa-crypto and then import the changes upwards.

Also, on a similar note, did we ever decide what happens with "versions" of the book? I mean, some parts in the book might change in a way that isn't consistent with version 0.6.0 of the service. How would someone know what the book looked like back then, and how it changed since?

Good point, not sure if we want to have a mapping between service version and book version but that sounds like a good idea. I guess for now they can still browse the git history 🤡 We only publish the main branch of the book anyway...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only publish the main branch of the book anyway...

Yeah, I know, but someone would have to go through the release history of the service, align it with the changes here and then rebuild it from source. I suggest creating releases of the book for some milestones (e.g. version 0.7.0 of the service) and attaching a built version of the book. That can just be downloaded, unzipped and opened in a browser from disk.

An unfortunate issue is that we track both service and clients in the book (and much more, actually), so we have to decide what we create new "releases" for.

ionut-arm
ionut-arm approved these changes Apr 14, 2021
View reviewed changes
src/parsec_client/operations/psa_key_attributes.md
operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys
used when calling PsaSignHash.

This flag automatically sets `sign_message`: if an application sets the flag `sign_hash` when
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So do we do the fixes in the service first before merging this, or is it irrelevant between releases?

Also, on a similar note, did we ever decide what happens with "versions" of the book? I mean, some parts in the book might change in a way that isn't consistent with version 0.6.0 of the service. How would someone know what the book looked like back then, and how it changed since?

@hug-dev hug-dev merged commit 24100c4 into parallaxsecond:main Apr 14, 2021
@hug-dev hug-dev deleted the policy-fixes branch April 14, 2021 13:25
@hug-dev hug-dev mentioned this pull request Apr 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ionut-arm ionut-arm ionut-arm approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hug-dev @ionut-arm