Open bzbarsky-apple opened 3 years ago
I should note that micro-ecc does not provide all the bits our crypto PAL needs (e.g. does not include hashing), so we would need to see what we do with that.
Yes, micro-ecc is not enough. You need another library such as libsodium or tinycrypt that provides the missing primitives
Note that many cryptographic primitives back-ends do not necessarily protect against side-channel attacks. Tinycrypt for instance, does not claim to be fully side-channel-attack-resistant on all platforms, for all algorithms, as this adds complexity.
I would argue that the easiest way to reduce size of the crypto library is to make it as straightforward as possible for an implementer to completely replace the implementation. This is mostly possible already, but BUILD.gn enforces using either the built-in backend of OpenSSL or mbedTLS and does not allow alternate choice (e.g. "custom back-end, irrespective of library used")
micro-ecc
is sufficient to implement all the ECC functions in CryptoPal.
Other crypto primitives can be taken from libraries like libsodium
or tinycrypt
(which by the way uses micro-ecc).
The only component for which we may need a custom implementation is the CSRReq.
from Intel is also using micro-ecc
and adds AES-CCM, HMAC and SHA256
and does not allow alternate choice (e.g. "custom back-end, irrespective of library used")
Maybe we should just focus on this part, then.
And yes, I did also see some worries about how micro-ecc handles side-channel attacks....
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Problem
We don't have a micro-ecc backend for our crypto PAL
Proposed Solution
Maybe we should.