Update TS submodule and add asym encryption #406
Conversation
ionut-arm
added
enhancement
ionut-arm
force-pushed
the
ts-asym-encr-v2
branch
from
06a2eee to
f6a7dd5
Compare
|
Looks like the initial issue I was hoping was fixed hasn't been fixed yet, hence the test failures on asym encryption. I'll keep this open and update it once that gets fixed and upstreamed 😬 |
ionut-arm
force-pushed
the
ts-asym-encr-v2
branch
from
f6a7dd5 to
2c4632e
Compare
| pub fn create_key_id(max_current_id: &AtomicU32) -> Result<u32> { | ||
| // fetch_add adds 1 to the old value and returns the old value, so add 1 to local value for new ID | ||
| let new_key_id = max_current_id.fetch_add(1, Relaxed) + 1; | ||
| if new_key_id > super::context::PSA_KEY_ID_USER_MAX { | ||
| // If storing key failed and no other keys were created in the mean time, it is safe to | ||
| // decrement the key counter. | ||
| let _ = max_current_id.store(super::context::PSA_KEY_ID_USER_MAX, Relaxed); | ||
| error!( | ||
| "PSA max key ID limit of {} reached", | ||
| super::context::PSA_KEY_ID_USER_MAX | ||
| ); | ||
| return Err(ResponseStatus::PsaErrorInsufficientMemory); | ||
| } | ||
|
|
||
| Ok(new_key_id) | ||
| } |
There was a problem hiding this comment.
I replaced the dependency on the Mbed Crypto provider here to decouple the two PSA Crypto APIs we're abstracting over, so we can change them independently in the future. There's a bit of code duplication, but I'm not that worried about one function.
ionut-arm
force-pushed
the
ts-asym-encr-v2
branch
from
2c4632e to
9885e60
Compare
This commit pulls in new changes to the upstream TS project and adds asymmetric encryption support for the provider. Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
ionut-arm
force-pushed
the
ts-asym-encr-v2
branch
from
9885e60 to
4004819
Compare
| RUN git config --global user.email "some@email.com" | ||
| RUN git config --global user.name "Parsec Team" |
There was a problem hiding this comment.
Was it failing before without this?
There was a problem hiding this comment.
Yes, they've added some step in their build process to apply git patches to some dependencies, I think, and this is needed :(
| @@ -66,7 +66,7 @@ mbed-crypto-provider = ["psa-crypto"] | |||
| pkcs11-provider = ["cryptoki", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "psa-crypto", "rand"] | |||
| tpm-provider = ["tss-esapi", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "hex"] | |||
| cryptoauthlib-provider = ["rust-cryptoauthlib"] | |||
| trusted-service-provider = ["mbed-crypto-provider", "bindgen", "prost-build", "prost"] | |||
| trusted-service-provider = ["psa-crypto", "bindgen", "prost-build", "prost"] | |||
There was a problem hiding this comment.
Where do we actually need psa-crypto for this provider?
There was a problem hiding this comment.
All over the place - we use the conversions implemented in psa-crypto to native types to fill in the protobuf objects. For example, the protobuf contract for KeyPolicy contains a u32 alg field to which we can just convert using the PSA crate, because it expects the same values as PSA Crypto would (just in a protobuf wrapper)
|
I'm putting this PR aside (again) because it seems asymmetric encryption and decryption is still broken for us 😢 Have raised #467 to deal with the bigger issue of updating the TS revision we use |
|
This PR is not intended to go into the |
|
Closing this PR in favour of a rebased version, PR to pop up shortly. |
This commit pulls in new changes to the upstream TS project and adds
asymmetric encryption support for the provider.
Signed-off-by: Ionut Mihalcea ionut.mihalcea@arm.com