Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PSA interface to retrieve constants used by the implementation #7780

Open
gilles-peskine-arm opened this issue Jun 15, 2023 · 0 comments
Open

PSA interface to retrieve constants used by the implementation #7780

gilles-peskine-arm opened this issue Jun 15, 2023 · 0 comments
Labels
component-psa PSA keystore/dispatch layer (storage, drivers, …) enhancement help-wanted This issue is not being actively worked on, but PRs welcome. needs-design-approval priority-low Low priority - this may not receive review soon size-m Estimated task size: medium (~1w)

Comments

@gilles-peskine-arm
Copy link
Contributor

With certain cryptographic mechanisms, there are constants that an implementation must have internally, and that most applications don't need but some do need because those constants need to be embedded as metadata in some network protocol or file format. I'm specifically thinking of:

  • Diffie-Hellman prime and generator corresponding to a psa_dh_family_t value and bit-size.
  • ECC curve parameters corresponding to a psa_ecc_family_t value and bit-size.

Obviously the application can embed the constants it needs. That requires the application to know all of the groups/curves it supports, but it presumably needs this anyway because it needs to translate between the PSA representation and the protocol/format representation of the choice of group/curve. That requires the application to duplicate the numbers, which may be a concern on resource-constrained devices.

Whatever the interface is, it has to allow for the constant to be copied into application memory, since:

  • the crypto implementation may be running in its own memory space;
  • even if the crypto implementation is running in the same memory space, it may have a custom internal representation (e.g. different endianness, or perhaps no representation as such for ECC implementations with curve-specific optimized arithmetic).

I'm not sure that there is real demand for such an API. The Mbed TLS team currently has no plan to work on this. Please let us know if you need it and why.
@gilles-peskine-arm gilles-peskine-arm added enhancement help-wanted This issue is not being actively worked on, but PRs welcome. needs-design-approval component-psa PSA keystore/dispatch layer (storage, drivers, …) size-m Estimated task size: medium (~1w) priority-low Low priority - this may not receive review soon labels Jun 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-psa PSA keystore/dispatch layer (storage, drivers, …) enhancement help-wanted This issue is not being actively worked on, but PRs welcome. needs-design-approval priority-low Low priority - this may not receive review soon size-m Estimated task size: medium (~1w)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gilles-peskine-arm