Figure out whether we can use micro-ecc as a backend for our CryptoPal #8487
Comments
|
I should note that micro-ecc does not provide all the bits our crypto PAL needs (e.g. does not include hashing), so we would need to see what we do with that. |
|
Yes, micro-ecc is not enough. You need another library such as libsodium or tinycrypt that provides the missing primitives |
|
Note that many cryptographic primitives back-ends do not necessarily protect against side-channel attacks. Tinycrypt for instance, does not claim to be fully side-channel-attack-resistant on all platforms, for all algorithms, as this adds complexity. I would argue that the easiest way to reduce size of the crypto library is to make it as straightforward as possible for an implementer to completely replace the implementation. This is mostly possible already, but BUILD.gn enforces using either the built-in backend of OpenSSL or mbedTLS and does not allow alternate choice (e.g. "custom back-end, irrespective of library used") |
|
The only component for which we may need a custom implementation is the CSRReq. from Intel is also using |
Maybe we should just focus on this part, then. And yes, I did also see some worries about how micro-ecc handles side-channel attacks.... |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Problem
We don't have a micro-ecc backend for our crypto PAL
Proposed Solution
Maybe we should.
The text was updated successfully, but these errors were encountered: