Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
M467: Support Crypto ECC H/W in full-module replacement
1. Replace ecp.c full-module, and other ec modules dependent on ecp.c (ecdh.c/ecdsa.c/ecjpake.c) will improve followingly.
2. Recover from Crypto ECC H/W failure:
(1) Enable timed-out wait to escape from ECC H/W trap
(2) On ECC H/W timeout, stop this ECC H/W operation
(3) Fall back to S/W implementation on failure
3. Support Short Weierstrass curve
NOTE: ECC H/W will trap on m*P with SCAP enabled, esp m = 2 or close to (order - 1).
Cannot work around by fallback to S/W, because following operations are easily to fail with data error.
Disable SCAP temporarily.
4. Support Montgomery curve
Montgomery curve has the form: B y^2 = x^3 + A x^2 + x
(1) In S/W impl, A is used as (A + 2) / 4. Figure out its original value for engine.
https://github.com/ARMmbed/mbed-os/blob/2eb06e76208588afc6cb7580a8dd64c5429a10ce/connectivity/mbedtls/include/mbedtls/ecp.h#L219-L220
(2) In S/W impl, B is unused. Actually, B is 1 for Curve25519/Curve448 and needs to configure to engine.
https://github.com/ARMmbed/mbed-os/blob/2eb06e76208588afc6cb7580a8dd64c5429a10ce/connectivity/mbedtls/include/mbedtls/ecp.h#L221-L222
(3) In S/W impl, y-coord is absent, but engine needs it. Deduce it from x-coord following:
https://tools.ietf.org/id/draft-jivsov-ecc-compact-05.html
https://www.rieselprime.de/ziki/Modular_square_root
NOTE: Fix wrong sign flag grp->N.s in ecp_curves_alt.c/ecp_use_curve448()
grp->N is in uninitialized state due to caller's having invoked mbedtls_ecp_group_free(grp) before.
In uninitialized state, grp->N.s is not initialized to 1 to indicate positive.
This can fix by re-initializing through mbedtls_mpi_lset(&grp->N, 0).
Raise one PR for this:
ARMmbed#15287- Loading branch information
