Some MAX_SIZE macros are too small when PSA ECC is accelerated #6622
Assignees
Labels
bug
component-crypto
Crypto primitives and low-level interfaces
size-s
Estimated task size: small (~2d)
Comments
gilles-peskine-arm
added
bug
component-crypto
|
@gilles-peskine-arm @mpg
Perhaps |
|
Yes, we should test configurations like this. |
|
As agreed with @mpg, I am putting the work on this issue on hold until we found a solution to the problem mentioned here |
3 tasks
3 tasks
mpg
added a commit
to valeriosetti/mbedtls
that referenced
this issue
Sep 20, 2023
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
mpg
added a commit
to valeriosetti/mbedtls
that referenced
this issue
Sep 21, 2023
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
mpg
added a commit
to valeriosetti/mbedtls
that referenced
this issue
Sep 24, 2023
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
mpg
added a commit
to valeriosetti/mbedtls
that referenced
this issue
Sep 25, 2023
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At some time before Mbed TLS 2.28 and 3.0, we added support for signature through PSA accelerators. Accelerators can support elliptic curves that the core doesn't. So the definition of
PSA_VENDOR_ECC_MAX_CURVE_BITS, which determinesPSA_EXPORT_KEY_PAIR_MAX_SIZE,PSA_EXPORT_PUBLIC_KEY_MAX_SIZEand PSA_SIGNATURE_MAX_SIZE, is wrong. If the largest accelerated curve is larger than the largest built-in curve (for example if ECC is accelerated only), theMAX_SIZEmacros may end up being wrong (mostly, if there is no RSA support).This will also concern
PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZEwhen we add support for key agreement acceleration.The text was updated successfully, but these errors were encountered: