Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PK: support SpecifiedECDomain without ECP_LIGHT #7789

Open
mpg opened this issue Jun 16, 2023 · 0 comments
Open

PK: support SpecifiedECDomain without ECP_LIGHT #7789

mpg opened this issue Jun 16, 2023 · 0 comments
Labels
enhancement size-s Estimated task size: small (~2d)

Comments

@mpg
Copy link
Contributor

mpg commented Jun 16, 2023
edited
Loading

This is a follow-up to #7779: take advantage of the new code structure in order to provide an alternative when ECP_LIGHT is not enabled.

This should consist of providing alternative implementation of the functions introduced in #7779: mbedtls_pk_group_id_from_p() and the various mbedtls_pk_validate_X() functions. Suggested strategy: have a table of curve data as follows:

struct curve_entry {
     mbedtls_ecp_group_id id,
     size_t p_len,
     unsigned char *p,
     /* ... */
};
static const struct curve_entry curves[] = {
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
     /* data for this curve */
#endif
    /* etc for each curve except the two Montgomery ones */
};

(Curve data can be found in ecp_curves.c though beware of endianness. This means we'll be duplicating the data in our source, but OTOH each config will only have one set of the data: either the one from ecp_curves.c or the one from pkparse.c, so we won't have duplication in any binary.)

Then mbedtls_pk_group_id_from_p() traverses this table looking for a match on p and returns the corresponding id, and the various mbedtls_pk_validate_X() functions traverse it looking for a match on id and return success or failure depending on whether X matches as well.

There is a subtlety for validate_g(): I suggest storing the point in compressed from in the table, in order to save size. Then if we get passed the point in uncompressed form, we should ignore the first byte (that indicates compressed or not), and make sure the x coordinate, as well as the lsb of y, are correct (as the current code does, see here and here). (We might want to add a test case for that, as the only test data we have so far uses compressed.)

Definition of Done
Once that's done, we can remove the part of build_info.h that auto-enables ECP_LIGHT when MBEDTLS_PK_PARSE_EXTENDED is requested, and add MBEDTLS_PK_PARSE_EXTENDED to the config of the all.sh that builds without ECP at all.

Note: it's OK to have source-level duplication of the curve constants (one copy in ecp_curves.c, one in pkparse.c) at the end of this issue. That duplication will be removed in #8065.

Depends on: #7779
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mpg