Update Mbed OS for PSA Crypto API 1.0b3 #11315
Conversation
We'll use the new ARM-software/psa-arch-tests directly instead for PSA Crypto API 1.0b3. This commit removes the crypto compliance tests only for now, leaving attestation and storage tests.
Remove PSA_SUCCESS redefinitions in the PSA compliance test PAL.
Make crypto_struct_ipc.h (for use with PSA Crypto clients) match style with the file it is based on, crypto_struct.h (from Mbed Crypto). This helps to keep the file diff minimal so it's easy to see the meaningful (non-style) changes.
PSA_CRYPTO_INIT is defined as a service identifier. We don't need to redefine it as a secure function. There is only one function under this service identifier, so no secure function definitions are necessary to differentiate between.
Rename the reference count variable to something shorter and avoid using the mispelling "refence".
Order the IPC functions in the same order as the functions are listed in crypto.h for improved readability.
Make the service implementation use the same names as the API as declared in the crypto.h header. This improves readability and maintainability of the service.
Patater
force-pushed
the
psa-crypto-api-1.0b3
branch
from
0194997 to
c9569c6
Compare
|
Rebased to fix astyle issues. |
Patater
force-pushed
the
psa-crypto-api-1.0b3
branch
from
c9569c6 to
a116293
Compare
|
Rebased to actually fix astyle issues. |
|
@Patater, thank you for your changes. |
|
First CI run started |
Test run: FAILEDSummary: 4 of 4 test jobs failed Failed test jobs:
|
|
Build failures look related |
|
Thanks for testing. I'll work on fixing. |
Mbed Crypto also supplies include files. Ensure that our unit tests can find those headers.
Patater
force-pushed
the
psa-crypto-api-1.0b3
branch
from
a116293 to
69d7178
Compare
Test run: FAILEDSummary: 2 of 4 test jobs failed Failed test jobs:
|
|
CI aborted and restarted. |
|
Last test and we have the very last PR for 5.14.0-rc1 in 🎉 |
|
Looks like tests are failing, related to this changeset. @ARMmbed/mbed-os-crypto Please review |
Test run: FAILEDSummary: 1 of 11 test jobs failed Failed test jobs:
|
|
CC @jenia81 |
|
@Patater any status update on this ? |
We've discovered that |
The PSA Crypto API has moved on from 1.0b2 to 1.0b3, bringing along with it some breaking changes. Update Mbed OS to use the 1.0b3 API.
The release script must be run from mbed-os root, otherwise the test partition binaries will not be created. Add a note in the tool's README to make this clear and hopefully help save someone some debugging time in the future.
If psa_attestation_inject_key() is called twice, exit with a non-fatal error status without attempting to create another attestation key. The key already exists and doesn't need to be added again.
Be robust when keys can't be opened for deletion by erasing storage and thereby all keys.
Rebuild the TF-M binaries for the LPC55S69 and MUSCA_A1 using the latest service updates. This allows the boards to use the PSA Crypto API 1.0b3.
Patater
force-pushed
the
psa-crypto-api-1.0b3
branch
from
c80c32d to
a848cd6
Compare
|
Rebased to initialize |
|
CI started |
Test run: SUCCESSSummary: 11 of 11 test jobs passed |
|
All good, merging now 👍 |
0xc0170
added
ready for merge
BREAKING-CHANGE
and removed
BREAKING-CHANGE
needs: CI
labels
Is this still true in the release notes after changes done in this PR? |
Yes, the PSA Crypto APIs are different from what we shipped in Mbed OS 5.13. |
Description
Update Mbed OS for the PSA Crypto API 1.0 beta 3. This involves refactoring code that uses the PSA Crypto API, updating the PSA Crypto client/server implementation, and updating the versions of Mbed TLS and Mbed Crypto that come pre-integrated with Mbed OS.
Pull request type
Release Notes
Background
Mbed Crypto is our implementation of the PSA Crypto APIs. We shipped an implementations of prerelease versions of the PSA Crypto API in Mbed OS 5.11, 5.12, and 5.13, with a warning in the documentation that these APIs were subject to change and that we did not intend to maintain backwards compatibility with them. The PSA Crypto API has continued to develop and change over the past few months and a number of breaking changes have been made since the pre-release version we based our Mbed Crypto implementation on.
What is being broken?
The PSA Crypto APIs in Mbed OS as shipped in Mbed OS 5.13 are breaking.
PSA Crypto API 1.0b3 API breaking changes, addressed in Mbed OS 5.14 (see #11315)
Expected PSA Crypto API 1.0 API breaking changes, to be addressed in Mbed OS 5.15
Why is it being broken?
Mbed Crypto needs to track the upstream PSA Crypto API as maintained by ATG in order to pass ATG's PSA Compliance Kit tests. The PSA Crypto API was not yet finalized in Mbed OS 5.13 and continues to evolve. We shipped an implementation in Mbed OS 5.13 to enable other teams working on Mbed OS to develop their services a top APIs that should be mostly similar to the final APIs, rather than save up all the integration pain for a later Mbed OS release when the APIs are finalized.
Analysis of impact on users
There should be no surprises to users based on our statements of PSA API instability. We've worked with Mbed TLS, Pelion Client, Storage (ITS), SPM, and Attestation teams to ensure the message of API instability was understood and to coordinate our changes to the API. There are potentially other users of the PSA Crypto API, and our documentation states the stability level of the API for these users.
Alternatives
We could continue to provide the version of the PSA Crypto API shipped with Mbed OS 5.13, but to save flash size and reduce the maintenance burden of maintaining an API we clearly communicated we'd be breaking in the next release, this was deemed not worth the cost.
Mitigation and migration path for users
Users must update to use the new version of the API.
Renaming of key pair names
Replace
KEY_PAIRin names that would have usedKEYPAIRin the previous API version. For example,PSA_KEY_TYPE_ECC_KEY_PAIRreplacesPSA_KEY_TYPE_ECC_KEYPAIR.Using persistent keys
Use
psa_open_key()to open a persistent key. Previously, volatile keys could also be opened. With PSA Crypto API 1.0b3, keys are implicitly opened for you upon import, generation, or derivation.Only persistent keys can be opened, so there is no need to pass the lifetime anymore.
It is no longer necessary to call
psa_create_key()to make a key persistent. A key is persistent if it is created with a lifetime other thanPSA_KEY_LIFETIME_VOLATILE. As part of key creation, usepsa_set_key_id()to set both the key's persistent identifier and to set the lifetime to persistent and then call the key creation routine: like psa_generate_key() or psa_import_key()psa_open_key()psa_create_key()psa_set_key_id()Keys with IDs are made persistent implicitly upon creationAllocating keys
Key creation will implicitly allocate resources as necessary, so
psa_allocate_key()has been removed from the API and is no longer needed.psa_allocate_key()psa_allocate_key().Importing keys
Previously, you had create a policy structure and pass many function arguments to communicate the properties you wanted the imported key to have. Now, you describe them entirely within the attributes structure, passing only the attributes and data to
psa_import_key().psa_key_policy_init()psa_key_attributes_init()psa_key_policy_set_usage()psa_set_key_usage_flags(),psa_set_key_algorithm()psa_import_key()psa_set_key_type()psa_set_key_policy()psa_import_key()psa_import_key()Generating keys
Previously, you had create a policy structure and pass many function arguments to communicate the properties you wanted the imported key to have. Now, you describe them entirely within the attributes structure, passing only the attributes and data to
psa_generate_key().psa_key_policy_init()psa_key_attributes_init()psa_key_policy_set_usage()psa_set_key_usage_flags(),psa_set_key_algorithm()psa_import_key()psa_set_key_type()psa_set_key_policy()psa_generate_key()psa_generate_key()Reading key policy or information
What used to be two functions with many parameters each is now one function that returns the attributes in one structure, in the same format you'd use to create new keys.
psa_get_key_policy(),psa_get_key_information()psa_get_key_attributes()Deriving keys
The previous "generator" class of functions has been renamed to "key_derivation". The
psa_crypto_generator_tstructure was previously used to derive keys. Use of thepsa_key_derivation_operation_tstructure replacespsa_crypto_generator_tfor deriving keys.psa_crypto_generator_tpsa_key_derivation_operation_tpsa_generator_abort()psa_key_derivation_abort()psa_get_generator_capacity()psa_key_derivation_get_capacity()psa_key_derivation_set_capacity()psa_generator_read()psa_key_derivation_output_bytes()PSA_ALG_SELECT_RAWpsa_raw_key_agreement()psa_key_derivation()Key agreement
psa_key_agreement()psa_key_derivation_setup(),psa_key_derivation_key_agreement(),psa_key_derivation_output_key()Hashing
A few new functions have been added to help with hashing. Specifically, functions to perform one-shot computation or comparision of hashes.
psa_hash_compute()psa_hash_compare()Computing or verifying a MAC
A few new functions have been added to help with working with MACs. Specifically, functions to perform one-shot computation or comparision of MACs.
psa_mac_compute()psa_mac_verify()Symmetric cryptography
A few new functions have been added to help with working with symmetric ciphers. Specifically, functions to perform one-shot encryption or decryption. The types used by
psa_cipher_generate_iv(),psa_cipher_set_iv(), andpsa_cipher_update()have changed fromunsigned chartouint8_t.psa_cipher_encrypt()psa_cipher_decrypt()Authenticated encryption
The PSA Crypto API 1.0b3 introduces multi-part authenticated encryption functions. The original one-shot AEAD functions still remain and aren't being replaced.
New functions for multipart AEAD
Mbed Crypto entropy injection
Use of
uint8_treplacesunsigned charinmbedtls_psa_inject_entropy(). The macroMBEDTLS_PSA_INJECT_ENTROPYreplacesMBEDTLS_PSA_ENTROPY_INJECTION.