Suggested enhancement Currently the two compile-time options MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ECP_RESTARTABLE are mutually incompatible, because the first one wants to use psa_ APIs which currently don't support restartable operations...
# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set # CONFIG_MBEDTLS_CMAC_C is not set CONFIG_MBEDTLS_HARDWARE_AES=y CONFIG_MBEDTLS_AES_USE_INTERRUPT=y CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_HARDWARE_SHA=y CONFIG_MBEDTLS_ROM_MD5=y # CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN is not set # CONFIG_MB...
/* Initialize internal DRBG if necessary */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx == NULL || rs_ctx->rsm == NULL || rs_ctx->rsm->drbg_seeded == 0 ) #endif { const size_t m_len = ( grp->nbits + 7 ) / 8; MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len...
Hi guys, I’m currently using “mbedtls_ecdsa_verify” as suggested here for ecdsa verification because my signature is encoded as ‘r+s’ (binary data 64 bytes for the MBEDTLS_ECP_DP_SECP256R1 curve). The problem is that …
#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Internal restart context for multiplication * * \note Opaque struct */ typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; /** * \brief Internal restart context for ecp_muladd() ...
==2927== by 0x55001AC: ecp_mul_comb (ecp.c:2080) ==2927== by 0x55011AB: mbedtls_ecp_mul_restartable (ecp.c:2369) ==2927== by 0x54FADE2: ecdh_compute_shared_restartable (ecdh.c:122) ==2927== by 0x54FAE82: mbedtls_ecdh_compute_shared (ecdh.c:151) ...
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. ...
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;gotocleanup; }#ifdefined(MBEDTLS_ECDSA_VERIFY_ALT)if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &r, &s ) ) !=0)gotocleanup;#elseif( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, ...
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;gotocleanup; }#ifdefined(MBEDTLS_ECDSA_VERIFY_ALT)if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &r, &s ) ) !=0)gotocleanup;#elseif( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, ...
It'll be effectively a new name for MBEDTLS_ECP_RESTARTABLE: define one from the other (the direction depends on MBEDTLS_PSA_CRYPTO_CONFIG, eventually we'll get rid of MBEDTLS_ECP_RESTARTABLE internally but that's a task for later that can wait until after 4.0). Contributor gilles-peskine...