Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate hash sign operation before execution. #623

Merged
merged 2 commits into from
Jul 20, 2022
Merged

Validate hash sign operation before execution. #623

merged 2 commits into from
Jul 20, 2022

Conversation

gowthamsk-arm
Copy link
Contributor

The backend implementations should ideally perform all the hash length checks. Mbed Crypto doesn't implement the hash length checks on its side. This PR adds the changes required to validate the hash signing operation done for mbed-crypto and trusted services providers.

Fixes #107

Signed-off-by: Gowtham Suresh Kumar gowtham.sureshkumar@arm.com

ionut-arm
ionut-arm reviewed Jul 15, 2022
View reviewed changes
Copy link
Member

@ionut-arm ionut-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, the changes look good. Could you please check whether sign_hash_bad_format_ecdsa_sha256 and verify_hash_bad_format_ecc now pass for the Mbed Crypto provider? I think those are the ones that lead to this issue being raised.

@gowthamsk-arm
Validate hash sign operation before execution.
56355b3 
The backend implementations should ideally perform all
the hash length checks.Mbed Crypto doesn't implement the
hash length checks on its side. This commit adds the changes
required to validate the hash signing operation done for
mbed-crypto and trusted services providers.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
Enable hash tests for mbed crypto and trusted services
947883f 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
Copy link
Contributor Author

gowthamsk-arm commented Jul 15, 2022
edited
Loading

Both sign_hash_bad_format_ecdsa_sha256 and verify_hash_bad_format_ecc are now passing for mbed crypto and trusted services provider config. I've enabled the tests for them in the new commit.

ionut-arm
ionut-arm approved these changes Jul 19, 2022
View reviewed changes
Copy link
Member

@ionut-arm ionut-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻

@ionut-arm ionut-arm merged commit 5e58a8f into parallaxsecond:main Jul 20, 2022
@gowthamsk-arm gowthamsk-arm deleted the validate_hash_sign branch July 27, 2022 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ionut-arm ionut-arm ionut-arm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate hash length for psa_sign_hash
2 participants
@gowthamsk-arm @ionut-arm