Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mbed TLS: Fix wrong MPI N in ECP Curve448 curve #15287

Merged
merged 1 commit into from
Jun 2, 2022
Merged

Mbed TLS: Fix wrong MPI N in ECP Curve448 curve #15287

merged 1 commit into from
Jun 2, 2022

Conversation

ccli8
Copy link
Contributor

@ccli8 ccli8 commented May 20, 2022

Summary of changes

In loading ECP Curve448, MPI N is in uninitialized state due to caller having invoked mbedtls_ecp_group_free(grp) before and its sign flag N.s isn't initialized to 1 to indicate positive. Following most other code, this can be fixed by invoking mbedtls_mpi_lset() on it.

Pull request type 

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

@ccli8 ccli8 force-pushed the nuvoton_fix_ecp-load-curve448 branch from 7235ec8 to 82bdf07 Compare May 20, 2022 09:52
@ciarmcom ciarmcom added the release-type: patch Indentifies a PR as containing just a patch label May 20, 2022
@ciarmcom ciarmcom requested a review from a team May 20, 2022 10:00
@ciarmcom
Copy link
Member

@ccli8, thank you for your changes.
@ARMmbed/mbed-os-maintainers please review.

ccli8 added a commit to ccli8/mbed-os that referenced this pull request May 23, 2022
@ccli8
M467: Support Crypto ECC H/W in full-module replacement
80acf8a 
1.  Replace ecp.c full-module, and other ec modules dependent on ecp.c (ecdh.c/ecdsa.c/ecjpake.c) will improve followingly.
2.  Recover from Crypto ECC H/W failure:
    (1) Enable timed-out wait to escape from ECC H/W trap
    (2) On ECC H/W timeout, stop this ECC H/W operation
    (3) Fall back to S/W implementation on failure
3.  Support Short Weierstrass curve
    NOTE: ECC H/W will trap on m*P with SCAP enabled, esp m = 2 or close to (order - 1).
          Cannot work around by fallback to S/W, because following operations are easily to fail with data error.
          Disable SCAP temporarily.
4.  Support Montgomery curve
    Montgomery curve has the form: B y^2 = x^3 + A x^2 + x
    (1) In S/W impl, A is used as (A + 2) / 4. Figure out its original value for engine.
        https://github.com/ARMmbed/mbed-os/blob/2eb06e76208588afc6cb7580a8dd64c5429a10ce/connectivity/mbedtls/include/mbedtls/ecp.h#L219-L220
    (2) In S/W impl, B is unused. Actually, B is 1 for Curve25519/Curve448 and needs to configure to engine.
        https://github.com/ARMmbed/mbed-os/blob/2eb06e76208588afc6cb7580a8dd64c5429a10ce/connectivity/mbedtls/include/mbedtls/ecp.h#L221-L222
    (3) In S/W impl, y-coord is absent, but engine needs it. Deduce it from x-coord following:
        https://tools.ietf.org/id/draft-jivsov-ecc-compact-05.html
        https://www.rieselprime.de/ziki/Modular_square_root
    NOTE: Fix wrong sign flag grp->N.s in ecp_curves_alt.c/ecp_use_curve448()
          grp->N is in uninitialized state due to caller's having invoked mbedtls_ecp_group_free(grp) before.
          In uninitialized state, grp->N.s is not initialized to 1 to indicate positive.
          This can fix by re-initializing through mbedtls_mpi_lset(&grp->N, 0).
          Raise one PR for this:
          ARMmbed#15287
0xc0170
0xc0170 reviewed May 23, 2022
View reviewed changes
connectivity/mbedtls/source/ecp_curves.c Outdated
* re-initializing through mbedtls_mpi_lset(&grp->N, 0), following
* most other code.
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->N, 0 ) );
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this already fixed in the upstream or should it be ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The upstream hasn't fixed it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you send pull request there please? If tls is updated, this would be overwritten.

Copy link
Contributor Author

@ccli8 ccli8 May 23, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mbed-TLS/mbedtls#5811 is addressing the issue. This PR is updated to follow its solution.

@ccli8
Mbed TLS: Fix wrong MPI N in ECP Curve448 curve
9345c8a 
In loading Curve448, MPI N is in uninitialized state and its sign flag N.s isn't initialized to 1.
This is fixed by following:
Mbed-TLS/mbedtls#5811
@ccli8 ccli8 force-pushed the nuvoton_fix_ecp-load-curve448 branch from 82bdf07 to 9345c8a Compare May 24, 2022 08:26
@mergify mergify bot added needs: CI and removed needs: review labels May 30, 2022
@0xc0170
Copy link
Contributor

0xc0170 commented Jun 1, 2022

CI started

@mbed-ci
Copy link

mbed-ci commented Jun 1, 2022

Jenkins CI Test : ✔️ SUCCESS

Build Number: 1 | 🔒 Jenkins CI Job | 🌐 Logs & Artifacts

CLICK for Detailed Summary

jobs Status
jenkins-ci/mbed-os-ci_build-cloud-example-ARM ✔️
jenkins-ci/mbed-os-ci_build-cloud-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_unittests ✔️
jenkins-ci/mbed-os-ci_build-greentea-ARM ✔️
jenkins-ci/mbed-os-ci_build-greentea-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_build-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_build-example-ARM ✔️
jenkins-ci/mbed-os-ci_greentea-test ✔️

@0xc0170 0xc0170 merged commit 6170f55 into ARMmbed:master Jun 2, 2022
@mergify mergify bot removed the ready for merge label Jun 2, 2022
@ccli8 ccli8 deleted the nuvoton_fix_ecp-load-curve448 branch June 8, 2022 14:54
@mbedmain mbedmain added release-version: 6.16.0 Release-pending and removed release-type: patch Indentifies a PR as containing just a patch Release-pending labels Jun 14, 2022
@multiplemonomials multiplemonomials mentioned this pull request Jul 9, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

Assignees
No one assigned
Labels
component: security release-version: 6.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ccli8 @ciarmcom @0xc0170 @mbed-ci @mbedmain