-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ESP32 TFM fix for RSA key size 512 and 2048 #6286
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is
WOLFSSL_RSA_KEY_SIZE
documented? Did you considerRSA_MAX_SIZE
? Why is the logic not a >= 512? If this is ESP32 specific please use a macro that includes it.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, not yet. I do not know exactly why the hardware-accelerated calc fails for certain RSA lengths. I wanted to at least get a fix in place before diving into the HW. It may take some time to fully resolve this. I chose to instead get other, higher visibility changes in place and backburner this for now.
I neglected to add documentation on
WOLFSSL_RSA_KEY_SIZE
. I can add it if you are in favor of keeping this, or some other equivalent functionality.The intent is for this value to be used for explicit user RSA key sizes. We could put this in the default ESP32
user_settings.h
.I didn't use
RSA_MAX_SIZE
as I wanted to define an explicit size, not a maximum size. Also, it appears other settings may imply a specificRSA_MAX_SIZE
value.There's a specific problem for lengths of exactly 512 and a different problem for 2048 length.
The TFM library only uses this gate when the
WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI
is enabled. Otherwise, I use it in the demo app that I used when testing #6205.Would you prefer an ESP32-specific name? It would seem best to have a macro for RSA lengths for the end user. The use of this macro in TFM does however, leave a bit to be desired. Once the HW math is fixed, the only use of this would be be the end user when calling something like
wc_MakeRsaKey
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this code is only for ESP32 I would remove
WOLFSSL_RSA_KEY_SIZE
logic and have this check always enabled and document the workaround for HW issue. TheWOLFSSL_RSA_KEY_SIZE
logic here is too limiting. RSA should support a range of key sizes.