Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid parse/unparse public ECC keys in PK with USE_PSA when !ECP_C #7554

Merged
merged 12 commits into from
May 23, 2023
Merged

Avoid parse/unparse public ECC keys in PK with USE_PSA when !ECP_C #7554

merged 12 commits into from
May 23, 2023

Conversation

valeriosetti
Copy link
Contributor

@valeriosetti valeriosetti commented May 5, 2023
edited by mpg
Loading

As suggested here, this PR is the reshaped version of #7202 which includes only the changes which are relevant to solve issue #7073.

Depends on:

Resolves #7073

PR checklist

@valeriosetti valeriosetti added enhancement needs-review Every commit must be reviewed by at least two team members, component-crypto Crypto primitives and low-level interfaces needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels May 5, 2023
@valeriosetti valeriosetti requested a review from mpg May 5, 2023 07:33
@valeriosetti valeriosetti self-assigned this May 5, 2023
@valeriosetti valeriosetti changed the title Issue7073 reshape Avoid parse/unparse public ECC keys in PK with USE_PSA May 5, 2023
@valeriosetti valeriosetti mentioned this pull request May 5, 2023
Closed
3 tasks
@valeriosetti valeriosetti removed the needs-preceding-pr Requires another PR to be merged first label May 5, 2023
@valeriosetti
Copy link
Contributor Author

Ok, even though I didn't list #7514 in the dependency list, it seems that its merging caused some conflict. I'll do a rebase

@valeriosetti valeriosetti force-pushed the issue7073-reshape branch 2 times, most recently from 6989284 to e25e9c0 Compare May 8, 2023 11:31
@mpg mpg removed the needs-ci Needs to pass CI tests label May 9, 2023
@mpg
Copy link
Contributor

mpg commented May 9, 2023

Fully agree. Most of the PR shouldn't be backported as it's a refactoring aimed at supporting new features, but the bug fix should be. Did you go over each function in test_suite_debug to check if there are others in this case? (Looks like we completely forgot about this file previously.)

If there are more changes to be done to test_suite_debug, perhaps we should have a separate PR doing just that. (And this one doesn't even need to depend on it - whichever we merge first, the other will be rebased if there are conflicts.) Wdyt?

@valeriosetti valeriosetti mentioned this pull request May 9, 2023
Merged
3 tasks
mpg
mpg requested changes May 9, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is clearly going in the right direction. I left a number of comments, but the general structure is looking good.

include/mbedtls/pk.h Outdated Show resolved Hide resolved
include/mbedtls/pk.h Outdated Show resolved Hide resolved
library/pkparse.c Outdated Show resolved Hide resolved
library/pkwrite.c Outdated Show resolved Hide resolved
library/pkparse.c Show resolved Hide resolved
library/pk_wrap.c Outdated Show resolved Hide resolved
library/pk_wrap.c Outdated Show resolved Hide resolved
library/pk.c Outdated Show resolved Hide resolved
library/pk.c Outdated Show resolved Hide resolved
library/pk.c Outdated Show resolved Hide resolved
@mpg
Copy link
Contributor

mpg commented May 9, 2023

@valeriosetti Btw, can you also address the comments Jerry left on 6838 as this is the first PR that builds on it?

@valeriosetti
Copy link
Contributor Author

@valeriosetti Btw, can you also address the comments Jerry left on 6838 as this is the first PR that builds on it?

Done! I just skipped this comment because it was related to a line being too long, but due to the changes done in this PR it should be fine now.

@valeriosetti valeriosetti requested a review from mpg May 9, 2023 15:48
@valeriosetti valeriosetti requested a review from mprse May 10, 2023 07:32
mpg
mpg previously approved these changes May 10, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing my comments. Looks good to me.

@valeriosetti
test_suite_debug: fix USE_PSA_INIT/DONE guards in a test
92c3f36 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
tests: fixes for using the new public key raw format
483738e 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti valeriosetti requested a review from mpg May 17, 2023 14:00
@valeriosetti
pk: minor fixes (guards and a wrong assignment)
c1541cb 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
mpg
mpg requested changes May 19, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking pretty good to me! I could only find minor issues in comments :)

include/mbedtls/pk.h Show resolved Hide resolved
include/mbedtls/pk.h Outdated Show resolved Hide resolved
include/mbedtls/pk.h Outdated Show resolved Hide resolved
library/pk_internal.h Show resolved Hide resolved
library/pkparse.c Show resolved Hide resolved
library/pk_wrap.c Outdated Show resolved Hide resolved
library/debug.c Show resolved Hide resolved
@valeriosetti
pk: fixing and improving comments
f57007d 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti valeriosetti requested a review from mpg May 19, 2023 11:55
mprse
mprse reviewed May 22, 2023
View reviewed changes
Copy link
Contributor

@mprse mprse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.
Left few comments and propositions for minor improvements.

library/pk.c
return ret;
}

pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should check here if the conversion was successful and if not then return an error.
It is checked in ecdsa_verify_wrap function.

library/pkparse.c Outdated
} else {
/* Uncompressed format */
if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;

include/mbedtls/pk.h Outdated
* - the following fields are used for all public key operations: signature
* verify, key pair check and key write.
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
* ecp_keypair structure is used for storing the public key and perform
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* ecp_keypair structure is used for storing the public key and perform
* ecp_keypair structure is used for storing the public key and performing

library/pk_wrap.c
size_t curve_bits;
const psa_ecc_family_t curve =
mbedtls_ecc_group_to_psa(prv_ctx->grp.id, &curve_bits);
mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should check here if the conversion was successful and if not then return an error.

tests/suites/test_suite_pk.function
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
size_t curve_bits;
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id,
&curve_bits);
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should check here if the conversion was successful and if not then return an error.

@valeriosetti
pk: add checks for the returned ECC family
a7cb845 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
pk: fix a return value and a typo in comment
016264b 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti valeriosetti requested a review from mprse May 22, 2023 16:41
mpg
mpg approved these changes May 23, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mpg mpg added the needs-backports Backports are missing or are pending review and approval. label May 23, 2023
@mpg
Copy link
Contributor

mpg commented May 23, 2023

@valeriosetti I think now would be a good time to prepare the partial backport (just the test_suite_debug fix), so we can merge this quickly once @mprse has re-reviewed.

@valeriosetti valeriosetti mentioned this pull request May 23, 2023
Merged
3 tasks
@valeriosetti
Copy link
Contributor Author

@valeriosetti I think now would be a good time to prepare the partial backport (just the test_suite_debug fix), so we can merge this quickly once @mprse has re-reviewed.

Done! Please see #7642

mprse
mprse approved these changes May 23, 2023
View reviewed changes
Copy link
Contributor

@mprse mprse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mpg mpg added the approved Design and code approved - may be waiting for CI or backports label May 23, 2023
@mprse mprse removed the needs-review Every commit must be reviewed by at least two team members, label May 23, 2023
@mpg mpg removed the needs-backports Backports are missing or are pending review and approval. label May 23, 2023
@mpg mpg merged commit 9dc9204 into Mbed-TLS:development May 23, 2023
@valeriosetti valeriosetti mentioned this pull request May 23, 2023
Merged
3 tasks
@valeriosetti valeriosetti mentioned this pull request Jun 15, 2023
Closed
@valeriosetti valeriosetti deleted the issue7073-reshape branch December 6, 2024 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mprse mprse mprse approved these changes

@mpg mpg mpg approved these changes

@gilles-peskine-arm gilles-peskine-arm Awaiting requested review from gilles-peskine-arm

Assignees

@valeriosetti valeriosetti

Labels
approved Design and code approved - may be waiting for CI or backports component-crypto Crypto primitives and low-level interfaces enhancement priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Avoid parse/unparse public ECC keys in PK with USE_PSA when !ECP_C
4 participants
@valeriosetti @mpg @gilles-peskine-arm @mprse