mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Adjust declared dependencies in test_suite_ecdsa

Open mpg opened this issue 3 years ago • 2 comments

Currently, dependencies in test_suite_ecdsa (both the data and the function file) are expressed in terms of MBEDTLS_SHAxxx_C macros. However, except for deterministic ECDSA, the ECDSA module doesn't compute hashes, and after #6097, neither does its test suite. So, this dependency is too strong, and should be diminished when possible (info about the hash, for example to check length, should be enough).

mpg avatar Jul 25 '22 08:07 mpg

I was thinking we could create a set of macros just for this test suite, in the header section of test_suite_ecdsa.function, like:

#include "legacy_or_psa.h"
#if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \
    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
#endif

That is: when DETERMINISTIC is defined, we absolutely need the software implementation of SHA-256 (because DETERMINISTIC depends on HMAC-DRBG which depends on MD which can only use the software implementation); otherwise we only need info about the hash, which is controlled by LOWLEVEL_OR_PSA.

(Not tested, just sharing my thoughts as I'm unassigning myself, as I won't have time to do it before going on leave.)

Edited by Andrzej Kurek: I took the liberty to change MBEDTLS_DETERMINISTIC_ECDSA to MBEDTLS_ECDSA_DETERMINISTIC, as this is the define present in the library.

mpg avatar Jul 28 '22 07:07 mpg

I was thinking we could create a set of macros just for this test suite, in the header section of test_suite_ecdsa.function, like:

#include "legacy_or_psa.h"
#if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \
    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
#endif

That is: when DETERMINISTIC is defined, we absolutely need the software implementation of SHA-256 (because DETERMINISTIC depends on HMAC-DRBG which depends on MD which can only use the software implementation); otherwise we only need info about the hash, which is controlled by LOWLEVEL_OR_PSA.

(Not tested, just sharing my thoughts as I'm unassigning myself, as I won't have time to do it before going on leave.)

This set of defines will be functionally identical to MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA:

( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || 
defined(MBEDTLS_SHA256_C) || 
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )

No matter if MBEDTLS_ECDSA_DETERMINISTIC is defined or not, MBEDTLS_SHA256_C will be enough. This can cause a problem where MBEDTLS_DETERMINISTIC_ECDSA is defined, but MBEDTLS_SHA256_C is not and the basic required info comes from ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) : the deterministic tests will fail.

( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || 
( !defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) )

Would be good in this case. Our current set of tests wouldn't pick up this case, but I'm not sure if it's worth adding a new all.sh component for that.

AndrzejKurek avatar Aug 08 '22 11:08 AndrzejKurek