Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MD: X.509 hashing #5157

Closed
6 tasks done
mpg opened this issue Nov 12, 2021 · 0 comments · Fixed by #5510
Closed
6 tasks done

MD: X.509 hashing #5157

mpg opened this issue Nov 12, 2021 · 0 comments · Fixed by #5510
Assignees
Labels
enhancement size-s Estimated task size: small (~2d)

Comments

@mpg
Copy link
Contributor

mpg commented Nov 12, 2021

Currently X.509 uses PSA for hashing only in some places. This task is to use it (conditionally on MBEDTLS_USE_PSA_CRYPTO) everywhere.

Provide a PSA version, using psa_hash_compute(), of all remaining calls to mbedtls_md() or mbedtls_sha1_ret(), namely:

  • mbedtls_md() in x509_crt_verifycrl() in x509_crt.c
  • mbedtls_md() in mbedtls_x509write_crt_der() in x509write_crt.c
  • mbedtls_sha1_ret() in mbedtls_x509write_crt_set_subject_key_identifier()inx509write_crt.c`
  • mbedtls_sha1_ret() in mbedtls_x509write_crt_set_authority_key_identifier()inx509write_crt.c`

Note: a helper function mbedtls_psa_translate_md() is available from mbedtls/psa_util.h.

While at it, in the following functions that already have PSA version, it currently uses the multi-part API (with psa_hash_operation_t) but can be simplified to use the single-part API psa_hash_compute():

  • x509_crt_check_signature()
  • mbedtls_x509write_csr_der_internal()
@mpg mpg added this to Incoming Items in OBSOLETE - SEE https://github.com/orgs/Mbed-TLS/projects/3 via automation Nov 12, 2021
@mpg mpg added the size-s Estimated task size: small (~2d) label Nov 12, 2021
@mpg mpg changed the title Use PSA for hashing everywhere in X.509 MD: X.509 hashing Dec 7, 2021
@mpg mpg moved this from Use PSA Crypto more - part 1 to Use PSA Crypto more - part 2 in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/1 Dec 15, 2021
@silabs-PeterK silabs-PeterK self-assigned this Feb 3, 2022
@daverodgman daverodgman added this to Use PSA Crypto more - part 2 in EPICs for Mbed TLS Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants