search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.25k stars 2.56k forks source link

Make ASN.1 integer writing independent of MPI type #9372

Open gilles-peskine-arm opened 3 months ago

gilles-peskine-arm commented 3 months ago

In Mbed TLS 4.0, mbedtls_mpi is becoming private (to be removed in 4.0 or a later 4.x in favor of the representations in bignum_core.h and bignum_mod.h). We need to change the interface of the ASN.1 integer writing function accordingly.

The typical usage will be to encode an integer exported with mbedtls_mpi_core_write_be. What should the interface be? Note that ASN.1 encoding needs to know the exact bit-length, not just the exact byte-length, since the top bit of the first byte of the content must be 0 (it's a sign bit), e.g. 0x007f0000 is encoded as 02037f0000 but 0x00800000 as 020400080000. That makes it difficult to combine an ASN.1 writing function with mbedtls_mpi_core_write_be.

Definition of done:

gilles-peskine-arm commented 3 months ago

Interface proposal: reserve and copy

unsigned char *octets_head;
size_t octets_len;
size_t bits = mbedtls_mpi_core_bitlen(A, A_limbs); // or mbedtls_mpi_bitlen(A)
mbedtls_asn1_write_mpi(p, start, bits, &octets_head, &octets_len);
mbedtls_mpi_core_write_be(A, A_limbs, octets_head, octets_len);

Downside: two functions, requires the caller to pass matching arguments.

Interface proposal: shared knowledge

mbedtls_asn1_write_mpi_core(p, start, A, A_limbs);

Downside: the same code needs to understand both the ASN.1 encoding and the bignum representation.