Update the example to the new driver API #10
Conversation
Patater
changed the title
|
Could we please rebase this to apply fixups and remove the merge commits? |
|
I have tested this, with the
Which currently is the head of Andrzej's I confirm it works and passes all the tests on K64F, built with GCC_ARM. |
AndrzejKurek
force-pushed
the
psa-key-registration
branch
from
be221a1 to
8c0459e
Compare
|
@Patater done. |
|
I have repeated the test after the rebase and the tests still pass. |
|
Please note that before this PR is merged, the |
| exit: | ||
| psa_close_key(*private_handle); | ||
| psa_close_key(verify_handle); |
There was a problem hiding this comment.
verify_handle may be uninitialized if there was an error before the call to psa_open_key that uses it. Initialize it to 0.
atecc608a/main.c
Outdated
| exit: | ||
| psa_close_key(*private_handle); |
There was a problem hiding this comment.
*private_handle is guaranteed to be initialized because nothing in this function can fail before the call to psa_open_key that uses it. But this is very fragile. Please initialize *private_handle to 0 before doing anything that can fail.
|
The commit "Revert incorredt differentiation between priv..." should be applied as a fixup to the commit that caused the trouble. Does the example work after this reversion? The key size change was made to get the example working, but maybe we fixed that in another way. |
|
Please avoid fixups for nontrivial issues found during a review. I haven't checked how the code could work with incorrect sizes, but I suspect that it did because the sizes were never actually used in any calculation. For an ECC key, the key type determines everything and the bit size is redundant. |
|
Please avoid adding dead end wrong solutions to the permanent history. Keeps mistakes made on your own branches within your own branches. This issue is dumb enough that we don't even need a code comment explaining our past failed attempt. The key size is always 256 bits. |
The key slot numbers used in PSA currently map directly to the hardware slots. Because of this, as slot 0 is reserved in PSA, slot 1 is used for private key instead. Change direct low-level driver calls to calls to the PSA API. Remove the public key exporting during private key generation test, since this functionality is not present anymore. The storage is purged after the first key generation test for two reasons: first - so that the same key slot can be reused and second - so that key registration can be tested as a second way to have a key in a PSA slot. Update the pointer to the new driver library in mbed-os-atecc608a.lib
AndrzejKurek
force-pushed
the
psa-key-registration
branch
from
e84f4e6 to
0762c1e
Compare
|
Cleared the history and addressed all of the comments. @gilles-peskine-arm, @Patater - please re-review. |
AndrzejKurek
requested review from
Patater,
k-stachowiak and
gilles-peskine-arm
AndrzejKurek
force-pushed
the
psa-key-registration
branch
from
0762c1e to
a2f9133
Compare
|
What testing was done with this? |
|
Here's what I get |
|
After running |
|
Tested on K64F+HAS_CRYPTOSHIELD |
|
This was also tested by me on K64F with ATECC608A connected - I've run the test suites in succession and the tests passed. |
The key slot numbers used in PSA currently map directly to the hardware slots.
Because of this, as slot 0 is reserved in PSA, slot 1 is used for private key instead.
Change direct low-level driver calls to calls to the PSA API.
Remove the public key exporting during private key generation test, since this functionality is not present anymore.
The storage is purged after the first key generation test for two reasons:
first - so that the same key slot can be reused and second - so that key
registration can be tested as a second way to have a key in a PSA slot.
This PR is based on: