Skip to content

Adapt ECDSA wrapper to new EC public key format #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 29, 2019
Merged

Adapt ECDSA wrapper to new EC public key format #28

merged 2 commits into from
Jan 29, 2019

Conversation

hanno-becker
Copy link

@hanno-becker hanno-becker commented Jan 25, 2019
edited
Loading

Summary: Previously, PSA used SubjectPublicKeyInfo structures to serialize EC public keys. This has been changed in #13 to using ECPoint structures instead, but the wrapper making PSA ECDSA verification available through Mbed TLS' PK API hasn't yet been adapted accordingly - which is what this PR does.

Luckily, Mbed TLS' PK API offers two functions mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der(), the latter exporting a SubjectPublicKeyInfo structure and the former exporting an ECPoint structure in case of EC public keys. For the adaptation of the ECDSA wrapper ecdsa_verify_wrap() it is therefore sufficient to use mbedtls_pk_write_pubkey() instead of mbedtls_pk_write_pubkey_der().

This PR is the sibling of Mbed-TLS/mbedtls#2382 to the Mbed TLS repository.

@AndrzejKurek
Copy link
Contributor

Could you please mention what tests did you perform on that code?

Adapt ecdsa_verify_wrap() to new EC public key format
5d5e90a 
Previously, PSA used SubjectPublicKeyInfo structures to serialize EC public keys.
This has recently been changed to using ECPoint structures instead, but the wrapper
making PSA ECDSA verification available through Mbed TLS' PK API hasn't yet been
adapted accordingly - which is what this commit does.

Luckily, Mbed TLS' PK API offers two functions mbedtls_pk_write_pubkey()
and mbedtls_pk_write_pubkey_der(), the latter exporting a SubjectPublicKeyInfo
structure and the former exporting an ECPoint structure in case of EC public
keys. For the adaptation of the ECDSA wrapper ecdsa_verify_wrap() it is therefore
sufficient to use mbedtls_pk_write_pubkey() instead of mbedtls_pk_write_pubkey_der().
@hanno-becker hanno-becker force-pushed the ec_pubkey_fmt_adapt_ecdsa_verify_wrap branch from 5a0810e to 5d5e90a Compare January 28, 2019 11:42
@hanno-becker hanno-becker mentioned this pull request Jan 28, 2019
Merged
@hanno-becker hanno-becker requested a review from mpg January 28, 2019 12:00
@hanno-becker
Copy link
Author

Sibling Mbed-TLS/mbedtls#2382 passes ssl-opt.sh (apart from known 3d interop issue with GnuTLS) and compat.sh.

@hanno-becker hanno-becker added the needs: review The pull request is ready for review. This generally means that it has no known issues. label Jan 28, 2019
AndrzejKurek
AndrzejKurek previously approved these changes Jan 28, 2019
View reviewed changes
@mpg
Copy link
Contributor

mpg commented Jan 28, 2019
edited
Loading

Note: the only travis failures are in a known-fragile DTLS 3d interop test. The same tests passed on Jenkins passed.

mpg
mpg previously approved these changes Jan 28, 2019
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

I noted an outdated comment, but I don't think it's problematic enough to be worth fixing at this point.

@mpg mpg removed the needs: review The pull request is ready for review. This generally means that it has no known issues. label Jan 28, 2019
Patater
Patater reviewed Jan 28, 2019
View reviewed changes
Copy link
Contributor

@Patater Patater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would recommend fixing the comment @mpg pointed out. Otherwise, looks fine.

@hanno-becker hanno-becker dismissed stale reviews from mpg and AndrzejKurek via d288494 January 29, 2019 08:22
@hanno-becker
Copy link
Author

@AndrzejKurek @mpg @Patater Fixed, please re-review.

mpg
mpg approved these changes Jan 29, 2019
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing the comment. Result looks good to me.

@mpg
Copy link
Contributor

mpg commented Jan 29, 2019

CI only failed in known-intermittent timing test on BSD, so is as good as a pass.

@Patater Patater merged commit 472c20b into ARMmbed:development Jan 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpg mpg mpg approved these changes

@Patater Patater Patater approved these changes

@AndrzejKurek AndrzejKurek AndrzejKurek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hanno-becker @AndrzejKurek @mpg @Patater