Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to partially accelerate ECC #103

Closed
gilles-peskine-arm opened this issue May 29, 2024 · 2 comments
Closed

How to partially accelerate ECC #103

gilles-peskine-arm opened this issue May 29, 2024 · 2 comments
Labels
enhancement New feature or request needs-design-approval Needs design discussion / approval

Comments

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented May 29, 2024
edited
Loading

TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer expose single-function replacement in the ECC code (MBEDTLS_ECP_INTERNAL_ALT and its sub-options) or the replacement of core ECC arithmetic (MBEDTLS_ECP_ALT). Vendors who have partial acceleration for some functions, but want to use the Mbed TLS code for the rest of the arithmetic, will have to copy the Mbed TLS code.

Is this a problem? Should TF-PSA-Crypto offer an ECC function replacement at a lower level than algorithms such as ECDH and ECDSA?

Mailing list thread: https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/74FARSYBRCF33UIREIQCC4G3EVHSR4HV/
@gilles-peskine-arm gilles-peskine-arm added enhancement New feature or request needs-design-approval Needs design discussion / approval labels May 29, 2024
@gilles-peskine-arm gilles-peskine-arm moved this to Requirements needed in Mbed TLS 4.0 planning May 29, 2024
@mschulz-at-hilscher
Copy link
Contributor

mschulz-at-hilscher commented Jul 24, 2024
edited
Loading

To support our ECC hardware accelerator, we would like to call an alternative version of ecp_mul_comb if our accelerator can handle the group.

To achieve this, we currently edited the ecp_mul_restartable_internal function and require ecp_randomize_jac to be non-static. However, it would be nicer to have an interface to replace exactly that operation.

#if defined( MBEDTLS_ECP_INTERNAL_ALT ) && defined( MBEDTLS_ECP_WEIERSTRASS_MUL_ALT )
    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
    {
      if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
      {
        /* use hw accel */
        MBEDTLS_MPI_CHK(mbedtls_internal_ecp_mul( grp, R, m, P, f_rng, p_rng ));
      }
      else
      {
        /* use sw implementation */
        MBEDTLS_MPI_CHK(ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ));
      }
    }
#else
    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
        MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx));
    }
#endif

@mpg mpg mentioned this issue Aug 6, 2024
Closed
@gilles-peskine-arm
Copy link
Contributor Author

We are not going to keep the current ALT interfaces for function substitution. Instead, we are planning to have optional diversion points in the library, configured in the same way as accelerator drivers. For example, ecp_randomize_jac could have an optional dispatch to a driver. We haven't yet designed how these diversion points will look like, in particular their granularity and how data would be passed. I cannot promise that the design will be ready by the time of the release of TF-PSA-Crypto 1.0: it is likely that this work will appear gradually in 1.x versions.

@gilles-peskine-arm gilles-peskine-arm closed this as not planned Won't fix, can't repro, duplicate, stale Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request needs-design-approval Needs design discussion / approval
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gilles-peskine-arm @mschulz-at-hilscher