Make number of key slots externally configurable #9
Conversation
fixed processing of PSA macros in check names script. This required changes in: *list-macros.sh to scan the PSA headers *check-names to scan PSA files and allow PSA_* macro names
changes to make number of key slots externally configurable changed define name from PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
include/psa/crypto_extra.h
Outdated
| @@ -121,6 +121,14 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, | |||
| size_t seed_size); | |||
|
|
|||
|
|
|||
| /* The Number of key slots (plus one because 0 is not used). | |||
| * The value is a compile-time constant for now, for simplicity. */ | |||
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | |||
There was a problem hiding this comment.
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | |
| #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT) |
There was a problem hiding this comment.
I was told the preffernce was for positive ifdef checks as opposed to negative ones.
I agree that the negative route is shorter. I don't mind changing if this doesn't present a problem.
There was a problem hiding this comment.
Please avoid #ifdef !xxx if there's an #else. If there's no #else, just write the condition you need. In all cases the preference is for the simplest way to write the code.
There was a problem hiding this comment.
great, thanks @gilles-peskine-arm, will fix this to the simpler version
include/psa/crypto_extra.h
Outdated
| /* The Number of key slots (plus one because 0 is not used). | ||
| * The value is a compile-time constant for now, for simplicity. */ | ||
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | ||
| #else |
There was a problem hiding this comment.
not needed if above accepted
| * The value is a compile-time constant for now, for simplicity. */ | ||
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | ||
| #else | ||
| #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
There was a problem hiding this comment.
i understand this is the naming convention for external define.
but still mbedtls has nothing to do with psa key slots number.
can we not have the mbedtls prefix? have some other?
why not leave it PSA_KEY_SLOT_COUNT?
There was a problem hiding this comment.
I asked @gilles-peskine-arm and @Patater on their inputs on this and this is the name @gilles-peskine-arm requested.
There was a problem hiding this comment.
We currently have two prefixes: PSA_xxx and MBEDTLS_xxx (and the lowercase versions). To avoid confusion, for the time being, please reserve PSA_xxx or psa_xxx names in public headers for official parts of the PSA API, and use MBEDTLS_xxx or mbedtls_xxx for implementation-specific names. I expect that we'll change the conventions at some point, but not before we've finished splitting Mbed Crypto from Mbed TLS and released PSA Crypto as a specification separate from its reference implementation.
There was a problem hiding this comment.
slot count is public define now, so it can be PSA_xxx ...
There was a problem hiding this comment.
I think @gilles-peskine-arm said that PSA_XXX is only for public PSA API and this is not as it is a configuration for MbedCrypto that other implementations do not currently have to support.
include/psa/crypto_extra.h
Outdated
| @@ -121,6 +121,14 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, | |||
| size_t seed_size); | |||
|
|
|||
|
|
|||
| /* The Number of key slots (plus one because 0 is not used). | |||
| * The value is a compile-time constant for now, for simplicity. */ | |||
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | |||
There was a problem hiding this comment.
Please avoid #ifdef !xxx if there's an #else. If there's no #else, just write the condition you need. In all cases the preference is for the simplest way to write the code.
| * The value is a compile-time constant for now, for simplicity. */ | ||
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | ||
| #else | ||
| #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
There was a problem hiding this comment.
We currently have two prefixes: PSA_xxx and MBEDTLS_xxx (and the lowercase versions). To avoid confusion, for the time being, please reserve PSA_xxx or psa_xxx names in public headers for official parts of the PSA API, and use MBEDTLS_xxx or mbedtls_xxx for implementation-specific names. I expect that we'll change the conventions at some point, but not before we've finished splitting Mbed Crypto from Mbed TLS and released PSA Crypto as a specification separate from its reference implementation.
| * The value is a compile-time constant for now, for simplicity. */ | ||
| #if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | ||
| #else | ||
| #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
There was a problem hiding this comment.
Since this is a build-time configuration option, I think it should be in include/mbedtls/config.h. See that file for other similar options (near the end, after the boolean options).
There was a problem hiding this comment.
Hi @gilles-peskine-arm,
regarding adding this flag to config.h, you wrote in the email chain:
"I'm not keen on adding it to mbedtls/config.h because it isn't necessarily something that we'll maintain backward compatibility with. "
This is the reason it was left out, I can add it now if you prefer
There was a problem hiding this comment.
Hmm, yes, that is a good point, we aren't going to promise backward compatibility for this, so it shouldn't be in config.h, or at least not until we revise (and document!) our backward compatibility rules. So please keep it in crypto_extra.h, and add a comment that states that this is an implementation detail that may change or be removed in future versions. By default we do promise to maintain backward compatibility with things defined in crypto_extra.h.
There was a problem hiding this comment.
sure, comment added
There was a problem hiding this comment.
We do have precedents for defining options in config.h that we don't intend to preserve backward compatibility for: MBEDTLS_PSA_HAS_ITS_IO, MBEDTLS_PSA_CRYPTO_SPM, the PSA storage modules. We intend to preserve the functionality, but not necessarily the configuration interface.
@Patater What's your opinion on this?
There was a problem hiding this comment.
More generally, in Mbed Crypto, we don't intend to preserve compatibility with MBEDTLS_xxx APIs in the long term. So I think my view of backward compatibility is behind the times and the configuration option should go in config.h.
There was a problem hiding this comment.
@gilles-peskine-arm and @Patater , what is the final ruling on this? (add to config.h or not)
NirSonnenschein
force-pushed
the
add_external_slot_count_config
branch
from
b22d6cc to
9c728e6
Compare
| * Note: this configuration flag is an implementation detail that may change | ||
| * or be removed in future versions */ | ||
| #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT) | ||
| #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
There was a problem hiding this comment.
how about default number of 16 or 20?
cc @gilles-peskine-arm
There was a problem hiding this comment.
as was mentioned in the email discussion, we need to see some testing on real world use (e.g. mbed client usage) to decide on a new default value. So for now I've left the default as it is. If we can decide on a new value I will set it.
|
Closing as stale. The check-names updates have been merged already. The benefit of moving the number of slots configuration option from one impelentation-specifc header to another is of questionable benefit. Better to move into config.h if we want this user configurable. |
Patater
added
the
stale
changes to make number of key slots externally configurable
changed define name from PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
moved define to crypto_extra.h and made it possible to externally override
depends on fixes from (and is rebased on) : #8