Vge0rge
commented
4 months ago That's a very good improvement! it's very useful and it simplifies the drivers to allow returning the error code that they see fit, thank you Andrew!
Closed athoelke closed 3 months ago
Vge0rge
commented
4 months ago That's a very good improvement! it's very useful and it simplifies the drivers to allow returning the error code that they see fit, thank you Andrew!
athoelke
commented
4 months ago simplifies the drivers to allow returning the error code that they see fit
I think that the behavior for implementations of the Crypto Driver API needs to be more tightly controlled. In particular, a driver entry-point should return PSA_ERROR_NOT_SUPPORTED for any algorithm, key type, or combination that it does not support or does not recognize.
This is because an implementation of the application API can include multiple drivers, and it makes the design of the core/dispatching code better if a PSA_ERROR_INVALID_ARGUMENT status code clearly indicates that the call should fail, but PSA_ERROR_NOT_SUPPORTED indicates that the dispatcher should check if another driver can handle the request.
Vge0rge
commented
4 months ago I think that the behavior for implementations of the Crypto Driver API needs to be more tightly controlled. In particular, a driver entry-point should return PSA_ERROR_NOT_SUPPORTED for any algorithm, key type, or combination that it does not support or does not recognize.
I agree with this, a driver should check only for valid/invalid configurations which it supports.
athoelke
commented
4 months ago @gilles-peskine-arm - thanks for the review, I have taken your suggestions.
Provide additional information about the flexibility in the Crypto API in relation to the use of
PSA_ERROR_INVALID_ARGUMENTandPSA_ERROR_NOT_SUPPORTED.