-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow bypassing ASN.1 processing of public key for ED25519 #2089
base: main
Are you sure you want to change the base?
Conversation
…ey import The commit adds MCUBOOT_KEY_IMPORT_BYPASS_ASN configuration option that allows bypassing ASN.1 decoding of ED25519 public key, compiled into MCUboot. When the option is enabled the key will be accessed directly and ASN.1 processing is not compiled in, resulting in smaller footprint of MCUboot, at a cost of reduced detection of invalid key, i.e. public key designated for different method than compiled in. Upstream PR: mcu-tools/mcuboot#2089 Signed-off-by: Dominik Ermel <[email protected]>
…SS_ASN The option enables MCUboot configuration option MCUBOOT_KEY_IMPORT_BYPASS_ASN. Upstream PR: mcu-tools/mcuboot#2089 Signed-off-by: Dominik Ermel <[email protected]>
1cdb478
to
86e26fa
Compare
…ey import The commit adds MCUBOOT_KEY_IMPORT_BYPASS_ASN configuration option that allows bypassing ASN.1 decoding of ED25519 public key, compiled into MCUboot. When the option is enabled the key will be accessed directly and ASN.1 processing is not compiled in, resulting in smaller footprint of MCUboot, at a cost of reduced detection of invalid key, i.e. public key designated for different method than compiled in. Upstream PR: mcu-tools/mcuboot#2089 Signed-off-by: Dominik Ermel <[email protected]>
…SS_ASN The option enables MCUboot configuration option MCUBOOT_KEY_IMPORT_BYPASS_ASN. Upstream PR: mcu-tools/mcuboot#2089 Signed-off-by: Dominik Ermel <[email protected]>
@d3zd3z hej, got time to review? |
It looks good to me, I only have:
|
I will implement the changes. |
As I already mentioned, the parsing of ECDSA is handled differently in the existing code, but I think your solution is also reliable as the variability in size is only present for the signatures (encoding unsigned values as signed integers). The key is encoded as a bit string with 2 extra bytes (num of unused bits and compression) and its size is deterministic. |
86e26fa
to
e27d7fa
Compare
I have applied the comment regarding ifdefing includes. |
The commit adds MCUBOOT_KEY_IMPORT_BYPASS_ASN configuration option that allows bypassing ASN.1 decoding of ED25519 public key, compiled into MCUboot. When the option is enabled the key will be accessed directly and ASN.1 processing is not compiled in, resulting in smaller footprint of MCUboot, at a cost of reduced detection of invalid key, i.e. public key designated for different method than compiled in. Signed-off-by: Dominik Ermel <[email protected]>
The option enables MCUboot configuration option MCUBOOT_KEY_IMPORT_BYPASS_ASN. Signed-off-by: Dominik Ermel <[email protected]>
e27d7fa
to
1da4a11
Compare
Add conditional compilation of ASN.1 decoding of ED25519 key.
This allows to cut out the ASN.1 encoding, which results in reduced flash size.
Comparison on nrf52840dk/nrf52840 build of MCUboot with the ED25519 enabled
Reduces code from 40422 bytes to 39918 bytes, when
-DCONFIG_BOOT_KEY_IMPORT_BYPASS_ASN=y
is added.Another benefit of the option is that it is no longer needed to have portion of the mbedTLS, that does the ASN.1 support, enabled when compiling MCUboot with ED25519 for TinyCrypt.