Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Driver-only ECC: auto-enable ECP_LIGHT when needed #7442

Closed
mpg opened this issue Apr 14, 2023 · 2 comments · Fixed by #7717
Closed

Driver-only ECC: auto-enable ECP_LIGHT when needed #7442

mpg opened this issue Apr 14, 2023 · 2 comments · Fixed by #7717
Assignees
@valeriosetti
Labels
component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)

Comments

@mpg
Copy link
Contributor

mpg commented Apr 14, 2023
edited by valeriosetti
Loading

This is split from #7390 - the original plan was for ECP_LIGHT to be auto-enabled when needed, but we then decided to first implement it as an internal symbol with no official way for users to enable (other that -D in CFLAGS), and address auto-enablement as a 2nd step.

We should auto-enable ECP_LIGHT in the following circumstances:

When this is done, the following changes can be made in all.sh:

  • in component_test_psa_crypto_config_accel_all_ec_algs_use_psa() removed -DMBEDTLS_ECP_LIGHT as it's no longer needed (will be auto-enabled).
  • in config_psa_crypto_full_all_ec_algs_no_ecp_use_psa() we need to disable any option that would re-enable ECP_LIGHT.

Depends on:
@mpg mpg added enhancement component-crypto Crypto primitives and low-level interfaces size-s Estimated task size: small (~2d) labels Apr 14, 2023
@mpg mpg mentioned this issue Apr 14, 2023
Closed
@mpg mpg mentioned this issue Apr 14, 2023
Merged
3 tasks
@valeriosetti valeriosetti self-assigned this Apr 17, 2023
@valeriosetti valeriosetti mentioned this issue Apr 20, 2023
Merged
3 tasks
@mpg
Copy link
Contributor Author

mpg commented May 17, 2023
edited
Loading

Note: in the future we'll try to reduce the number of circumstances where ECP_LIGHT is auto-enabled.

  • When PK_C && USE_PSA && PSA_WANT_ALG_ECDSA

This will be addressed by the next EPIC shortly, so that's quite temporary.

  • When MBEDTLS_PK_PARSE_EC_EXTENDED is defined.

I think we could avoid that by having a table for how each curve we know is encoded as SpecifiedECDomain - I need to check though. If so, I'll create an issue in this EPIC to address that. Or perhaps we'll remove that in 4.0, and ignore it in the meantime.

  • When support for parsing compressed points is requested - MBEDTLS_PK_PARSE_EC_COMPRESSED

This will have to wait for PSA to support compressed points somehow.

  • When PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE is requested.

This will have to wait for the driver interface to support key derivation properly, see the dedicated EPIC.

@mpg
Copy link
Contributor Author

mpg commented May 19, 2023

Or perhaps we'll remove that in 4.0, and ignore it in the meantime.

See #6792 (comment)

@mpg mpg mentioned this issue Jun 7, 2023
Merged
3 tasks
@valeriosetti valeriosetti mentioned this issue Jun 8, 2023
Merged
3 tasks
@mpg mpg closed this as completed in #7717 Jun 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@valeriosetti valeriosetti

Labels
component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Driver-only ECC: auto-enable ECP_LIGHT when needed valeriosetti/mbedtls
2 participants
@mpg @valeriosetti