Fix issues in Cryptocell 310 cc_internal discovered by On Target Testing #8797
Conversation
|
@RonEld @ARMmbed/mbed-os-crypto Review please. 2 lines fix, should be quick |
|
@RonEld Could you please explain why is this change necessary? What are those negative tests testing? Which functions return these error codes and in what situation? |
|
@yanesca The failed tests are the "ECDSA zero private parameter" tests, which CC returned |
|
Could you please add this information to the commit message? |
|
@yanesca OK, but isn't the current commit message enough? |
Return `MBEDTLS_ERR_ECP_INVALID_KEY` when Cryptocell returns `CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR` or `CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR`, When the key size is invalid. Found by the "ECDSA zero private parameter" tests.
RonEld
force-pushed
the
cryptocell_ecc_errors_alt_fixes
branch
from
a447f6c to
c948eaa
Compare
|
@yanesca I amended the commit message with this information |
|
@RonEld Assuming only fix for 5.11? |
|
@0xc0170 If you mean that this PR is ready for review, then yes |
|
@RonEld I thought that the original commit message wasn't enough, because it didn't give context to the change. Now I can ask you about the context, but if somebody later reads your commit this might not be an option and even it is, it is uncomfortable for both of you. |
| @@ -143,6 +143,8 @@ int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err ) | |||
| case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR: | |||
| case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR: | |||
| case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR: | |||
| case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR: | |||
| case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR: | |||
There was a problem hiding this comment.
What about CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR and other CRYS_ECPKI_.*_INVALID_.*_KEY_.*_ERROR?
There was a problem hiding this comment.
I can add these, but since these aren't returned in any of our tests, there will be a full list of tests to add.
There was a problem hiding this comment.
Ok, so good enough for now.
|
All the PRs need to be engineering ready (marked as "needs: CI") by the end of the day (Austin time). Otherwise it won't make 5.11 and will need to come in the next release (5.12 for features, 5.11.1 for fixes and new platforms). |
|
CI started. |
|
@0xc0170 The CI failure doesn't seem to be related to the change. |
|
That is correct, there was a bug in CI that was recently fixed. As we got some important features to land still, can this be postponed to 5.11.1 ? I'll leave it for 5.11rc1 but won't restart CI until some other PR are ready/or CI is free |
I think so. Since this PR is basically translating one error to a different error, for the sake of tests passing, I think we can postpone to 5.11.1 . If it won't make it to 5.11 , I will work on adding the updates as commented by @gilles-peskine-arm |
|
Thanks @RonEld , that helps. Moved to 5.11.1 |
|
Fo rthe record: I have been looking at other error codes that can be returned from the underlying driver, related to key, and couldn't find those that can be returned by th API that is called in ecdh and ecdsa, that is likely to be returned. ( It doesn't mean there aren't any...) |
Will restart when able. |
|
CI restarted |
Test run: SUCCESSSummary: 4 of 4 test jobs passed |
Description
Return
MBEDTLS_ERR_ECP_INVALID_KEYwhen Cryptocell returnsCRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERRORor
CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR.This was discovered after new negative tests were added to the tests.
Pull request type