Some MAX_SIZE macros are too small when PSA ECC is accelerated #7103
Conversation
valeriosetti
added
bug
component-crypto
valeriosetti
removed
the
needs-preceding-pr
|
Notes for reviewers:
BTW the double dependency |
valeriosetti
added
needs-preceding-pr
|
@mpg I just set the |
I don't think so. I agree it's technically a bug, but one that only shows in configurations that we don't really support in 2.28, considering that even the possibility of building with driver-only ECDSA or ECDH is new in development. Other reviewers please shout if you disagree.
I don't think that's needed here, as we didn't massively change existing dependency declarations. |
There was a problem hiding this comment.
I only have one minor comment otherwise this looks good to me. Thanks for the two well-crafted non-regression all.sh components. I have checked that when reverting the changes in crypto_size.h the PSA crypto unit tests actually fail in the two components. Otherwise I would say this deserves a change log as it's a bug fix.
|
|
||
| # Ensure also RSA_C is disabled so that the size of the public/private | ||
| # keys cannot be taken from there | ||
| scripts/config.py unset MBEDTLS_RSA_C |
There was a problem hiding this comment.
As the PSA configuration is enabled, some PSA_WANT_ALG_RSA_xxx are defined without acceleration this does not have any impact on the build I think.
All RSA associated algs are now forcedly disabled both on library and driver sides. Some PSA driver tests required to be fixed because they were just requiring for not having the built-in version, but they didn't check if the driver one was present (kind of assuming that RSA was always supported on the driver side). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
|
Despite this being a bug, and sort-of present in 2.28 already, I'm inclined not to backport, because the bug is only visible when using driver-only ECC, which only became possible in 3.4/development. (Practically, in 2.28 we'd have no way to test the fix like we did here.) @valeriosetti @ronald-cron-arm please shout if you disagree. |
I agree with you. Do I need to write this somewhere (i.e. the fact that we are intentionally not backporting this fix) for future reference? |
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Yes, we want it written in the "gatekeeper checklist" part of the PR description, but no, you don't need to, I had already written it :) Just wanted to make sure you two had an opportunity to tell if you disagreed, because it's easy to not notice I had edited the description. |
I am fine with that. |
mpg
added
the
approved
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Those components were introduced in Mbed-TLS#7103, resolving Mbed-TLS#6622: Some PSA ECC size macros are too small when the largest accelerated curve is larger than the largest built-in curve. At that point, it was not possible yet to omit all built-in curves, so we made these components that had only one (small) curve built-in and all the others accelerated. Now that it's possible to disable all ECC built-ins, and we have tests doing that, we don't need that kind of fiddling any more. Note: these component disabled RSA in order to make sure max key size macros were not taken from RSA. We have test components with all of ECC accelerated and RSA disabled (component_test_psa_crypto_config_accel_ecc_no_bignum and component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the "all curves except one" components really redundant. Note: removing them was one of the items in Mbed-TLS#7757. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Description
The goal of this PR is to fix
PSA_VENDOR_ECC_MAX_CURVE_BITSwhen some of the curves are accelerated.Resolve #6622
This PR is a draft because even though ECDH is accelerated there are tests failing due to key derivation. This issue is known and should be addressed in a different PR.This PR depends on #7321 (explanation here)Gatekeeper checklist