From efaee9a299081e2ec0cbd79d5e509611142d8cee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 20:49:47 +0200 Subject: [PATCH 1/5] Give a production-sounding name to the p256m option Now that p256-m is officially a production feature and not just an example, give it a more suitable name. Signed-off-by: Gilles Peskine --- 3rdparty/CMakeLists.txt | 2 +- 3rdparty/p256-m/p256-m/p256-m.c | 2 +- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 4 ++-- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 4 ++-- ChangeLog.d/p256-m.txt | 2 +- docs/psa-driver-example-and-guide.md | 14 +++++++------- include/mbedtls/mbedtls_config.h | 2 +- library/psa_crypto_driver_wrappers.h | 4 ++-- scripts/config.py | 2 +- .../driver_jsons/p256_transparent_driver.json | 4 ++-- .../psa_crypto_driver_wrappers.c.jinja | 16 ++++++++-------- 11 files changed, 28 insertions(+), 28 deletions(-) diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index 67db68da56..14a4674577 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,5 +1,5 @@ execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result) -execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED RESULT_VARIABLE p256m_result) +execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_PSA_P256M_DRIVER_ENABLED RESULT_VARIABLE p256m_result) if(${everest_result} EQUAL 0) add_subdirectory(everest) diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 050ffa5c3f..3f878f758d 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -13,7 +13,7 @@ #include #include -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) /* * Zeroize memory - this should not be optimized away diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index b2236e4877..7709301b62 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -26,7 +26,7 @@ #include #include -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) /* INFORMATION ON PSA KEY EXPORT FORMATS: * @@ -321,4 +321,4 @@ exit: return status; } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index a509ba94c8..d92a8f00b5 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -21,11 +21,11 @@ #ifndef P256M_DRIVER_ENTRYPOINTS_H #define P256M_DRIVER_ENTRYPOINTS_H -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #include "psa/crypto_types.h" diff --git a/ChangeLog.d/p256-m.txt b/ChangeLog.d/p256-m.txt index 0725488757..e473580527 100644 --- a/ChangeLog.d/p256-m.txt +++ b/ChangeLog.d/p256-m.txt @@ -2,4 +2,4 @@ Features * Applications using ECC over secp256r1 through the PSA API can use a new implementation with a much smaller footprint, but some minor usage restrictions. See the documentation of the new configuration - option MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED for details. + option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details. diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index 7fb70223d0..eb100d7028 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -140,23 +140,23 @@ This guide assumes you are building Mbed TLS from source alongside your project. [p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done. -The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: +The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_PSA_P256M_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: python3 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED + python3 scripts/config.py set MBEDTLS_PSA_P256M_DRIVER_ENABLED make -(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` for more information.) +(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_PSA_P256M_DRIVER_ENABLED` for more information.) The driver prefix for p256-m is `P256`/`p256`. The p256-m driver implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. There are no entry points for `sign_message` and `verify_message`, which are not necessary for a sign-and-hash algorithm. The core still implements these functions by doing the hashes and then calling the sign/verify-hash entry points. The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes. -The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called. +The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called. ``` -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && @@ -175,6 +175,6 @@ The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all fou if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ ``` -Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable. +Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_PSA_P256M_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ce8395e603..52fab1f099 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -883,7 +883,7 @@ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. */ -//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED +//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED /** * \def MBEDTLS_ECDSA_DETERMINISTIC diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index cf8fe696a9..0d20eaa66b 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -24,9 +24,9 @@ #include "psa/crypto.h" #include "psa/crypto_driver_common.h" -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) #include "../3rdparty/p256-m/p256-m_driver_entrypoints.h" -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ /* * Initialization and termination functions diff --git a/scripts/config.py b/scripts/config.py index b7167d1c5e..17fbe653a3 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -206,7 +206,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum - 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA + 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json index 97c11f97bd..7d2aabfb3a 100644 --- a/scripts/data_files/driver_jsons/p256_transparent_driver.json +++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json @@ -1,11 +1,11 @@ { "prefix": "p256", "type": "transparent", - "mbedtls/h_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)", "headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"], "capabilities": [ { - "mbedtls/c_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)", "_comment_entry_points": "This is not the complete list of entry points supported by this driver, only those that are currently supported in JSON. See docs/psa-driver-example-and-guide.md", "entry_points": ["import_key", "export_public_key"], "algorithms": ["PSA_ALG_ECDH", "PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)"], diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 1b52066259..63540617de 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -317,7 +317,7 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && @@ -336,7 +336,7 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ return( psa_sign_hash_builtin( attributes, @@ -421,7 +421,7 @@ psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && @@ -439,7 +439,7 @@ psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( psa_verify_hash_builtin( attributes, @@ -854,7 +854,7 @@ psa_status_t psa_driver_wrapper_generate_key( if( status != PSA_ERROR_NOT_SUPPORTED ) break; #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && attributes->core.bits == 256 ) @@ -867,7 +867,7 @@ psa_status_t psa_driver_wrapper_generate_key( break; } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -2806,7 +2806,7 @@ psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDH(alg) && PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && @@ -2824,7 +2824,7 @@ psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Software Fallback */ From 08b66cd7d7124cf5437f4e5422f304e8cedac81d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 20:51:47 +0200 Subject: [PATCH 2/5] Move MBEDTLS_PSA_P256M_DRIVER_ENABLED to keep alphabetical order Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 60 ++++++++++++++++---------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 52fab1f099..a2e10e1d14 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -855,36 +855,6 @@ */ //#define MBEDTLS_ECP_WITH_MPI_UINT -/** - * Uncomment to enable p256-m. This is an alternative implementation of - * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. - * Compared to the default implementation: - * - * - p256-m has a much smaller code size and RAM footprint. - * - p256-m is only available via the PSA API. This includes the pk module - * when #MBEDTLS_USE_PSA_CRYPTO is enabled. - * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols - * over the core arithmetic, or deterministic derivation of keys. - * - * We recommend enabling this option if your application uses the PSA API - * and the only elliptic curve support it needs is ECDH and ECDSA over - * SECP256R1. - * - * If you enable this option, you do not need to enable any ECC-related - * MBEDTLS_xxx option. You do need to separately request support for the - * cryptographic mechanisms through the PSA API: - * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based - * configuration; - * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; - * - #PSA_WANT_ECC_SECP_R1_256; - * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; - * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. - */ -//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED - /** * \def MBEDTLS_ECDSA_DETERMINISTIC * @@ -1446,6 +1416,36 @@ */ //#define MBEDTLS_PSA_CRYPTO_SPM +/** + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: + * + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + */ +//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED + /** * \def MBEDTLS_PSA_INJECT_ENTROPY * From 3aa79691fc8cc960123eacd519c2dfcd595404fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 20:54:50 +0200 Subject: [PATCH 3/5] Add a note about p256m near the option to enable secp256r1 Only document it with the PSA configuration, not for MBEDTLS_ECP_DP_SECP256R1_ENABLED, since p256m can't be used with the classic API. Signed-off-by: Gilles Peskine --- include/psa/crypto_config.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 4e7a71e1d4..d34cbf3397 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -115,6 +115,8 @@ #define PSA_WANT_ECC_SECP_K1_256 1 #define PSA_WANT_ECC_SECP_R1_192 1 #define PSA_WANT_ECC_SECP_R1_224 1 +/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED + * (see the description in mbedtls/mbedtls_config.h for details). */ #define PSA_WANT_ECC_SECP_R1_256 1 #define PSA_WANT_ECC_SECP_R1_384 1 #define PSA_WANT_ECC_SECP_R1_521 1 From 29d0bfba0d4e73699317d6cc03607e925a11623e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 23:11:33 +0200 Subject: [PATCH 4/5] Rename option where concatenated with -D Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4541b57470..22087831f3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2953,7 +2953,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" # Build crypto library specifying we want to use P256M code for EC operations - make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_PSA_P256M_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o From 67cf66b4278273453f4efb68d7049b8ac0b7b6b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 23:19:46 +0200 Subject: [PATCH 5/5] Add a note about the code size benefits We don't normally make promises related to code size, but this one is vague enough (just "to benefit"), and it's what a lot of users of this option care about. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index a2e10e1d14..e9354da5a4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1443,6 +1443,16 @@ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + * + * \note To genuinely benefit from the smaller code size of p256-m, make + * sure that you do not enable any ECC-related option that requires + * the built-in implementation of elliptic curve arithmetic. This + * means enabling #MBEDTLS_PSA_CRYPTO_C, #MBEDTLS_PSA_CRYPTO_CONFIG, + * #PSA_WANT_ECC_SECP_R1_256 and #MBEDTLS_PSA_P256M_DRIVER_ENABLED, + * plus any of the `PSA_WANT_ALG_xxx` and `PSA_WANT_KEY_TYPE_xxx` + * options listed above, and not enabling other ECC-related options + * through `PSA_WANT_xxx` or `MBEDTLS_xxx` (in particular, not + * enabling other curves or EC-JPAKE). */ //#define MBEDTLS_PSA_P256M_DRIVER_ENABLED