Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added helper methods and changed safety of size macros #55

Merged
merged 1 commit into from
Aug 18, 2020

Conversation

sbailey-arm
Copy link
Contributor

Added temporary implementation for getting output size of shared secret with EDCH algorithm (will be replaced with call to mbed TLS once it supports the macro).

Changed safety of some output size macro shim declarations as they have undefined return.

Signed-off-by: Samuel Bailey samuel.bailey@arm.com

@hug-dev hug-dev self-requested a review August 17, 2020 17:15
@hug-dev hug-dev added the enhancement New feature or request label Aug 17, 2020
Copy link
Member

@hug-dev hug-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this 👍 A few comments.

i.e. the bit size of the order of the curve's coordinate field. When m is not a multiple of 8, the byte containing the most
significant bit of the shared secret is padded with zero bits.
*/
(key_bits - 1) / 9 // Round the division up
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if key_bits is 0? This might panic in debug mode and overflow in release mode. I propose the following:

(key_bits + 7) / 8

or even better using checked_add for overflows. We can choose and document to return 0 if an overflow would happen.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't think of that. Though, will a valid key ever have 0 bits? I like your proposal, nice and fast 🚀

/// This does not match any PSA macro, it will be replaces by PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE once
/// mbedTLS adds support for it.
pub unsafe fn PSA_RAW_ECDH_KEY_AGREEMENT_OUTPUT_SIZE(
_key_type: psa_key_type_t,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you keeping it because PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE will use it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was told by the psa crypto api guys to only bother implementing the ECDH one as Mbed TLS will gain the full macro before it gains support for FFDH. When Mbed TLS adds the macro, this will be removed from psa-crypto-sys.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh I meant specifically about the _key_type parameter that is not used, sorry.

Copy link
Contributor Author

@sbailey-arm sbailey-arm Aug 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aaah ok. Yes you are right, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE does require key_type so I thought I'd keep the parameters the same (even though the name is slightly different).

Comment on lines 433 to 434
pub fn mac_length(self, mac_alg: Mac) -> Result<usize> {
self.compatible_with_alg(mac_alg.into())?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure no-one is using this method?

pub fn raw_key_agreement_output_size(self, alg: RawKeyAgreement) -> Result<usize> {
self.compatible_with_alg(KeyAgreement::Raw(alg).into())?;
Ok(unsafe {
psa_crypto_sys::PSA_RAW_ECDH_KEY_AGREEMENT_OUTPUT_SIZE(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we check that alg Is only ECDH?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes 👀

@sbailey-arm sbailey-arm force-pushed the master branch 2 times, most recently from ccd520f to 01c06e3 Compare August 18, 2020 09:02
Copy link
Member

@hug-dev hug-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@hug-dev hug-dev requested a review from ionut-arm August 18, 2020 10:23
Signed-off-by: Samuel Bailey <samuel.bailey@arm.com>
self.compatible_with_alg(alg.into())?;
Ok(unsafe {
psa_crypto_sys::PSA_AEAD_DECRYPT_OUTPUT_SIZE(
/*self.key_type.try_into() PSA API specifies including this parameter*/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand very well what this comment is for?

Copy link
Contributor Author

@sbailey-arm sbailey-arm Aug 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought it'd make it easier to see what's going on in the future when Mbed TLS is brought up to date with the spec. If it stops compiling, the person looking into it should see it and have a strong lead? I can remove it if its redundant or creates clutter.


/// Sufficient buffer size for an encrypted message using the given aead algorithm
#[cfg(feature = "interface")]
pub fn aead_decrypt_output_size(self, alg: Aead, ciphertext_len: usize) -> Result<usize> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this just be a method on Aead? I'm not sure why we'd have a compatibility check on this kind of method (at least, looking at the name of the method I wouldn't expect it to do anything like that), and the resulting size isn't for the alg in the policy either

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I know there are other methods doing that already, I just noticed it now)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about doing that but I think I remember having this sort of conversation a while for a different helper method and it was decided that sticking it on Attributes was the most appropriate option at the time.

The PSA spec version does require key_type that is on Attributes and not on Aead, which is another reason I put it on Attributes (so it doesn't have to be moved in future to keep it in line with the existing methods).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, that makes sense if there's stuff from Attributes needed (or, will be)!

@ionut-arm ionut-arm merged commit 86c335c into parallaxsecond:master Aug 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants