-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Failure in Cryptocell tests on Montgomrery curve #11512
Conversation
Change the order of the input keys and output secret given and returned from the CC API, to address correct endianity.
@RonEld, thank you for your changes. |
@ARMmbed/mbed-os-crypto Please review |
bump |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like the general algorithm has been maintained, but I don't understand one of the conversions' direction. @RonEld could you please clarify that for me?
ecdhParams->privKey, CURVE_25519_KEY_SIZE , | ||
ecdhParams->pubKey, CURVE_25519_KEY_SIZE , | ||
&ecdhParams->kgTempData ) ); | ||
if ( ret != 0 ) | ||
{ | ||
goto cleanup; | ||
} | ||
ret = convert_CrysError_to_mbedtls_err( | ||
CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( secret, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this conversion go the other way? We have converted the private and public key to the MsbLsbBytes
so that CRYS_ECMONT_Scalarmult()
can operate on them, but I would expect the output temp_buf
to still be in that encoding. If we now want to operate on it further, outside the Cryptocell world, I'd expect the temp_buf
to be converted to the LswMswWords
again here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But this is what mbedtls_mpi_read_binary()
does in line 282.
Note that this operation was added after the test vector in our tests failed, so the output of this function is now as expected outside the Cryptocell world
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the clarification 👍
CI started |
Test run: FAILEDSummary: 1 of 11 test jobs failed Failed test jobs:
|
Looks like a CI license issue so restarting |
Test run: FAILEDSummary: 2 of 11 test jobs failed Failed test jobs:
|
Test run: FAILEDSummary: 1 of 11 test jobs failed Failed test jobs:
|
Exporters restarted |
Description
After the addition of ECDH tests for curve 25519, they failed for Cryptocell, because of different endianity of the input keys and outpu calulated secret. This fix changes the input and output to correct endianity as expected by Mbed TLS and Cryptocell.
This was tested with test_suite_ecdh on target NRF52840_DK
Pull request type
Reviewers
@ARMmbed/mbed-os-crypto
Release Notes