Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Failure in Cryptocell tests on Montgomrery curve #11512

Merged
merged 1 commit into from
Oct 15, 2019

Conversation

RonEld
Copy link
Contributor

@RonEld RonEld commented Sep 18, 2019

Description

After the addition of ECDH tests for curve 25519, they failed for Cryptocell, because of different endianity of the input keys and outpu calulated secret. This fix changes the input and output to correct endianity as expected by Mbed TLS and Cryptocell.

This was tested with test_suite_ecdh on target NRF52840_DK

Pull request type

[x] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@ARMmbed/mbed-os-crypto

Release Notes

Change the order of the input keys and output secret given and
returned from the CC API, to address correct endianity.
@ciarmcom ciarmcom requested review from a team September 18, 2019 15:00
@ciarmcom
Copy link
Member

@RonEld, thank you for your changes.
@ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-maintainers please review.

@0xc0170
Copy link
Contributor

0xc0170 commented Sep 24, 2019

@ARMmbed/mbed-os-crypto Please review

@adbridge
Copy link
Contributor

@ARMmbed/mbed-os-crypto Please review

bump

Copy link
Contributor

@k-stachowiak k-stachowiak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the general algorithm has been maintained, but I don't understand one of the conversions' direction. @RonEld could you please clarify that for me?

ecdhParams->privKey, CURVE_25519_KEY_SIZE ,
ecdhParams->pubKey, CURVE_25519_KEY_SIZE ,
&ecdhParams->kgTempData ) );
if ( ret != 0 )
{
goto cleanup;
}
ret = convert_CrysError_to_mbedtls_err(
CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( secret,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this conversion go the other way? We have converted the private and public key to the MsbLsbBytes so that CRYS_ECMONT_Scalarmult() can operate on them, but I would expect the output temp_buf to still be in that encoding. If we now want to operate on it further, outside the Cryptocell world, I'd expect the temp_buf to be converted to the LswMswWords again here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But this is what mbedtls_mpi_read_binary() does in line 282.
Note that this operation was added after the test vector in our tests failed, so the output of this function is now as expected outside the Cryptocell world

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the clarification 👍

@adbridge
Copy link
Contributor

adbridge commented Oct 7, 2019

CI started

@mbed-ci
Copy link

mbed-ci commented Oct 7, 2019

Test run: FAILED

Summary: 1 of 11 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_exporter

@adbridge
Copy link
Contributor

adbridge commented Oct 7, 2019

Looks like a CI license issue so restarting

@mbed-ci
Copy link

mbed-ci commented Oct 7, 2019

Test run: FAILED

Summary: 2 of 11 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_cloud-client-test
  • jenkins-ci/mbed-os-ci_exporter

@mbed-ci
Copy link

mbed-ci commented Oct 7, 2019

Test run: FAILED

Summary: 1 of 11 test jobs failed
Build number : 3
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_exporter

@0xc0170
Copy link
Contributor

0xc0170 commented Oct 14, 2019

Exporters restarted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants