ECDH: Add the Everest X25519 implementation #2073
Conversation
RonEld
added
enhancement
CLA valid
component-crypto
yanesca
added
needs-design-approval
needs-review
|
Thanks much for your contribution. This is the first third-party code we are adding to Mbed TLS, so we appreciate your patience so far in determining how best to integrate. I've looked at the code at a glance and can recommend a few changes straight away. We'll need to take the time to review in further detail, but in the mean time could you please, before additional reviewers spend too much time on this:
Thanks again! |
|
@Patater That all sounds good. Is it okay to rebase and force-push or do you want to keep the whole history? |
|
@wintersteiger Please link to the original branch in a comment and force push to this PR. You can see an example of this at #2007 (comment) Thanks! |
wintersteiger
force-pushed
the
everest-into-ecdh
branch
3 times, most recently
from
d0917b6 to
af516f8
Compare
|
Rebased; previous branch at https://github.com/project-everest/mbedtls/tree/everest-into-ecdh-old1. This is still based on the unmerged #1958, those commits have been reviewed before, so those commits don't need reviewing. |
There was a problem hiding this comment.
I have had a look at it and left a couple of comments. I also have a couple of remarks and questions that are not related to individual lines and therefore I am writing them here:
- @Patater mentioned that we would like to have the commit titles in imperative mood. For example instead of "Added minimized Everest Curve25519 code to 3rdparty/everest." we would like to have "Add minimized Everest Curve25519 code to 3rdparty/everest."
- The commit message in "Added minimized Everest Curve25519 code to 3rdparty/everest." says that these files are automatically generated by the Everest toolchain. Are all of these files generated? Aren't some of these part of KreMLin? (for example "3rdparty/everest/include/everest/kremlin/c_endianness.h").
FStar_UInt128_extracted.cis not added to CMake and a comment says that we need to pass -DKRML_VERIFIED_UINT128 to use it. How does it work, to which program should I pass that flag to use it?- There is a separate implementation for VS2010, I remember talking about it, but don't remember why do we need it and how it is different than the generic one. Could you please refresh my memory?
wintersteiger
force-pushed
the
everest-into-ecdh
branch
from
5a51f6e to
046e4c6
Compare
|
Rebased, previous branch at https://github.com/project-everest/mbedtls/tree/everest-into-ecdh-old2. |
|
Hi @wintersteiger, thank you very much for your answers and rework, I'll have a look at them at once! Meanwhile, could you please do another rebase on current development head? #1958 has been merged recently and would make the PR cleaner and the job of other reviewers easier. Also could you please update all of your commit message subject lines to
For example: - ECDH: Improves ECDH full handshake benchmark.
+ ECDH: Improve ECDH full handshake benchmark |
|
@yanesca I forgot to answer your 2. and 3.: Visual Studio 2010 does not support |
|
@wintersteiger thank you for your answer! Just to be sure I understand it correctly: I need to add |
|
@yanesca No, you don't need to add anything. I just forgot to add that definition to the VS project template in |
|
|
||
| /* GCC + using native unsigned __int128 support */ | ||
|
|
||
| uint128_t load128_le(uint8_t *b) { |
There was a problem hiding this comment.
And check-names.sh complains about it, for good reason because it isn't namespaced. If it's static then it doesn't need to be namespaced.
|
|
||
| /* GCC + using native unsigned __int128 support */ | ||
|
|
||
| uint128_t load128_le(uint8_t *b) { |
There was a problem hiding this comment.
Also GCC and Clang complain about it with -Wmissing-prototypes and we support a clean build with -Wmissing-prototypes.
library/Makefile
Outdated
| @@ -86,6 +89,13 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ | |||
| threading.o timing.o version.o \ | |||
| version_features.o xtea.o | |||
|
|
|||
| OBJS_CRYPTO+= \ | |||
There was a problem hiding this comment.
When building without Everest support, I'd prefer to avoid building these objects at all.
wintersteiger
force-pushed
the
everest-into-ecdh
branch
from
2de9896 to
1722d83
Compare
|
Rebased; old branch is at https://github.com/project-everest/mbedtls/tree/everest-into-ecdh-old3 I'm now going through @gilles-peskine-arm comments/requests. |
Mbed-TLS#2124 may suffer from the same problem.
Test a native build and a 32-bit build. For variety, the native build is with CMake and clang, and the 32-bit build is with GNU make and gcc.
|
All fixed! The build failures were due to changes in I still get some failures from |
|
I was referring to 92bd50e because those changes were necessary to pass the new tests. |
|
You're probably getting failures in The remaining failures are in jobs that use the |
library/ecdh.c
Outdated
| { | ||
| /* At this time, all groups support ECDH. */ | ||
| (void) gid; | ||
| return 1; |
There was a problem hiding this comment.
Style (here and elsewhere):
| return 1; | |
| return( 1 ); |
There was a problem hiding this comment.
No problem, those are easy to fix. 3487b9c
library/ecdsa.c
Outdated
| @@ -263,7 +263,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, | |||
| mbedtls_mpi *pk = &k, *pr = r; | |||
|
|
|||
| /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ | |||
| if( grp->N.p == NULL ) | |||
| if( !mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) | |||
There was a problem hiding this comment.
Style (here and elsewhere):
| if( !mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) | |
| if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) |
CMakeLists.txt
Outdated
| @@ -168,6 +168,8 @@ else() | |||
| set(LIB_INSTALL_DIR lib) | |||
| endif() | |||
|
|
|||
| include_directories(include/) | |||
There was a problem hiding this comment.
@Patater Do you see any incompatibility between this line and getting the proper include path with the crypto submodule?
There was a problem hiding this comment.
Yes, this shouldn't be necessary to add. Maybe this was mistakenly readded during a rebase.
See 4cb814e for why we don't want this line anymore. We used to have this line, but removed it for submodule support.
There was a problem hiding this comment.
I need include/CMakeLists.txt to be included so I can see the INSTALL_MBEDTLS_HEADERS option in 3rdparty/*. It definitely doesn't work without that line, but I've rearranged it make this a bit cleaner. Not sure what your strategy going forward is for this, so feel free to request changes to that. See 16bdf8c.
|
Apart from the build scripts, we've agreed on the design for a while. Since the build scripts work on the CI, we can take their design as fundamentally sound. So I'm removing the "needs design approval" label. |
The merge strategy is test this PR in CI (including a trial merge to Mbed Crypto), merge to Mbed TLS if all goes well. We'll then merge from TLS development to Mbed Crypto development, to get things up to date there as well. Any issues with build scripts not being synchronized we can address as they come up. |
yanesca
removed
the
needs-review
wintersteiger
dismissed stale reviews from yanesca and gilles-peskine-arm
via
16bdf8c
|
Just checking; is there anything missing from our side for this to progress to the next stage? |
|
No, it is all on us now. Thank you for checking! |
|
Closing in favor of #2799 |
Description
These commits add the formally verified X25519 implementation from Project Everest to ECDH.
Status
Waiting for #1958 to be merged
Additional comments
CC @fournet @ad-l