-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate ECP light #7357
Closed
Closed
Investigate ECP light #7357
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
fc2b797
WIP
mpg fc0c64e
rename FULL symbol to ECP_FULL to be more future proof
valeriosetti 2bcbc76
pkparse: adding temporary ECP_HAS_KEY_GENERATION symbol to pass all t…
valeriosetti e45ea62
pk: adding temporary symbol ECP_HAS_CHECK_PAIR for passing tests
valeriosetti 55e297e
pk: add alternate (PSA based) function for EC key pair verification
valeriosetti 95b3003
pkparse: adding a function for generating public key from private
valeriosetti 0c22798
ecp: adding alternate function for key-pair derivation based on PSA
valeriosetti d064b4a
pk: keep function for generating EC keypair in test_suite_pk
valeriosetti 1b10c2b
pk_wrap: improve eckey_alt_check_pair() function
valeriosetti File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, this is a problem with the "sign-verify" approach I suggested, indeed. In the meantime, I had another idea, inspired by what you did for key completion: we could just serialize the public key for both
prv
andpub
(usingmbedtls_pk_write_pubkey()
I think) and see if the results are identical.(Then later when #7202 is done, that would be
mbedtls_pk_write_pubkey()
onprv
and directly compare to the byte array inpub
, then when and its private counterpart is done, that would bepsa_import()
+psa_export_public()
onprv
and compare to byte array inpub
.)Wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this idea!
However I have a question: since also for the key creation we are already importing the private key into PSA to get its public part, why can't we go that way directly also here? In theory also 7202 is a sort of middle step toward having everything on the PSA side (or at least there is a discussion on this)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's continue this discussion in #7387.