From 91cbf56d4c5b928efd5e9094dddc64735c464c0a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 23:25:33 +0200 Subject: [PATCH] Specify what happens if multiple capabilities apply It's ok if they map to the same function names and an error otherwise. It's an error to have multiple opaque drivers for the same location. If multiple transparent drivers apply, which one applies is unspecified. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 823311022..af53f985c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/07 21:22:01 GMT" +Time-stamp: "2020/08/07 21:30:02 GMT" ## Introduction @@ -112,6 +112,10 @@ A driver is considered available for a cryptographic mechanism that invokes a gi * either the capability does not have a `"key_sizes"` property; * or the value of the capability's `"key_sizes"` property includes the key's size. +If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and all the capabilities map the entry point to the same function name, the driver is considered available for this cryptographic mechanism. If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and at least two of these capabilities map the entry point to the different function names, the driver specification is invalid. + +If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, which driver is invoked (or which drivers are invoked, if some of those capabilities have [fallback](#fallback) enabled) is unspecified. If multiple opaque driver have the same location, the list of driver specifications is invalid. + #### Capability examples The following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`.