Remove pkwrite dependency in pk using PSA for ECDSA #6389
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
enhancement
component-crypto
gilles-peskine-arm
force-pushed
the
ecdsa-use-psa-without-pkwrite
branch
from
a6fb419 to
cf4e95e
Compare
gilles-peskine-arm
force-pushed
the
ecdsa-use-psa-without-pkwrite
branch
from
cf4e95e to
f9c1cec
Compare
gilles-peskine-arm
added
needs-review
gilles-peskine-arm
added
needs-preceding-pr
gilles-peskine-arm
removed
the
needs-preceding-pr
mpg
added
the
priority-medium
library/pk_wrap.c
Outdated
Comment on lines
937
to
954
| unsigned char buf[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( | ||
| PSA_VENDOR_ECC_MAX_CURVE_BITS )]; |
There was a problem hiding this comment.
Isn't it possible to use the MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH define here? It seems to me that it should be equivalent
library/pk_wrap.c
Outdated
Comment on lines
1119
to
1136
| unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( | ||
| PSA_VENDOR_ECC_MAX_CURVE_BITS )]; |
There was a problem hiding this comment.
In case the above comment makes sense to you, what about creating a define to MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for this purpose?
Perhaps PSA_EXPORT_PUBLIC_KEY_MAX_SIZE is already OK for this?
|
I held off on this while other high-priority work was touching pk. Now I think it would help with the ongoing work on driver-only ECC. But I don't have time for it right now — if someone has time now and wants to adopt it, please feel free. Otherwise I'll get around to it eventually. |
I'll be glad to complete this work ;) |
valeriosetti
force-pushed
the
ecdsa-use-psa-without-pkwrite
branch
from
2099adb to
368fed2
Compare
|
I just did a force push in order to align with the new code style |
valeriosetti
added
needs-ci
mpg
previously approved these changes
Feb 8, 2023
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling mbedtls_pk_write_pubkey() to write a public key in the form of a subjectPublicKey, only to then extract the part that represents the EC point which psa_import_key() actually wants. Instead, call an ecp function to directly get the public key in the desired format (just the point). This slightly reduces the code size and stack usage, and removes a dependency on pk_write. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to then extract the part that represents the private value which is what psa_import_key() actually wants. Instead, call an mpi function to directly get the private key in the desired format. This slightly reduces the code size and stack usage, and removes a dependency on pk_write. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The dependency is still useful for RSA, for which PSA encodes keys with an ASN.1 structure. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
To better reflect what the code relies on, limit the headers that are included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including "pkwrite.h" when it is no longer needed. Include "mbedlts/platform_util.h" unconditionally. It was only included for RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked because other headers include "mbedtls/platform_util.h"). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
valeriosetti
force-pushed
the
ecdsa-use-psa-without-pkwrite
branch
from
f6a5b87 to
80d0798
Compare
|
Following the suggestion made previously and since #6970 was just merged into |
valeriosetti
removed
needs-ci
mpg
approved these changes
Feb 9, 2023
mprse
approved these changes
Feb 24, 2023
| * is not currently supported in PSA, the public key is one byte longer | ||
| * (header byte + 2 numbers, while the signature is only 2 numbers), | ||
| * so use that as the buffer size. */ | ||
| unsigned char buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; |
There was a problem hiding this comment.
This is buffer on stack and holds public key or signature, but just to confirm. Shouldn't this buffer be cleared in cleanup stage?
There was a problem hiding this comment.
Ah, excellent question! As the name implies, public keys are not supposed to be sensitive data so they don't need to be wiped out. I'd say signatures are not sensitive either in general, but I may be missing some corner cases, so I'll ask on slack.
mprse
added
approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remove the dependency on
MBEDTLS_PK_WRITE_CwhenMBEDTLS_PSA_CRYPTO_CandMBEDTLS_PK_Care enabled but notMBEDTLS_RSA_C, by no longer using pkwrite functions for ECDSA.Status:
needs to be rebased now that #6408 has been fixed.doneDepends on #6970Gatekeeper checklist