From 30a303f1a8b856cfd6d44ad89754a018e49fb479 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 6 Feb 2024 19:45:11 +0100 Subject: [PATCH 1/2] ECDSA signature conversion: put bits first Metadata, then inputs, then outputs. https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136 Signed-off-by: Gilles Peskine --- .../architecture/psa-migration/psa-legacy-bridges.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md index e09d23c49..ec3fcd0b1 100644 --- a/docs/architecture/psa-migration/psa-legacy-bridges.md +++ b/docs/architecture/psa-migration/psa-legacy-bridges.md @@ -330,12 +330,12 @@ Based on the [gap analysis](#signature-formats): [ACTION] [#7765](https://github.com/Mbed-TLS/mbedtls/issues/7765) Implement `mbedtls_ecdsa_raw_to_der` and `mbedtls_ecdsa_der_to_raw` as described below. ``` -int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, - unsigned char *der, size_t der_size, size_t *der_len, - size_t bits); -int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, - unsigned char *raw, size_t raw_size, size_t *raw_len, - size_t bits); +int mbedtls_ecdsa_raw_to_der(size_t bits, + const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len); +int mbedtls_ecdsa_der_to_raw(size_t bits, + const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len); ``` * These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`. From 3f557ad59c3279c00258be0660723290e9ee20af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Feb 2024 11:22:16 +0100 Subject: [PATCH 2/2] Wording improvement Signed-off-by: Gilles Peskine --- docs/architecture/psa-migration/psa-legacy-bridges.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md index ec3fcd0b1..912344e31 100644 --- a/docs/architecture/psa-migration/psa-legacy-bridges.md +++ b/docs/architecture/psa-migration/psa-legacy-bridges.md @@ -340,5 +340,5 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, * These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`. * The input and output buffers can overlap. -* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is not needed in the raw-to-DER direction, but [it can help catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971) and the information is readily available in practice. +* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is redundant in the raw-to-DER direction, but we have it anyway because [it helps catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971), and it isn't a burden on the caller because the information is readily available in practice. * Should these functions rely on the ASN.1 module? We experimented [calling ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8681), [reimplementing simpler ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8696), and [providing the functions from the ASN.1 module](https://github.com/Mbed-TLS/mbedtls/pull/8703). Providing the functions from the ASN.1 module [won on a compromise of code size and simplicity](https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1893670015).