PSA: forced bits in Montgomery private keys #3399

gilles-peskine-arm · 2020-06-04T22:11:32Z

An upcoming revision of the PSA Crypto specification will clarify that the export format of Curve25519 and Curve448 private keys must have the forced bits set as specificed in RFC 7748 §5 (output of decodeScalar25519 and decodeScalar448).

Goal of this task:

Update the documentation of psa_export_key in crypto.h.
Add tests to validate that if you import a Curve25519 or Curve448 private key where the forced bits are incorrect, either the key is rejected, or the forced bits will be set on export.
Add tests to validate that the forced bits are correct in generated keys.

The text was updated successfully, but these errors were encountered:

gilles-peskine-arm · 2020-08-11T09:42:17Z

#3425 addresses Curve25519. The Curve448 part is still pending.

gilles-peskine-arm · 2022-04-04T14:09:00Z

This was done in #4626.

gilles-peskine-arm added enhancement component-crypto Crypto primitives and low-level interfaces PSA compliance good-first-issue Good for newcomers labels Jun 4, 2020

stevew817 mentioned this issue Jun 11, 2020

Fix endianness handling of Curve25519 in PSA Crypto core #3425

Merged

3 tasks

silabs-ArchanaM mentioned this issue Jun 8, 2021

Enable Curve448 support via the PSA API #4626

Merged

2 tasks

gilles-peskine-arm closed this as completed Apr 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PSA: forced bits in Montgomery private keys #3399

PSA: forced bits in Montgomery private keys #3399

gilles-peskine-arm commented Jun 4, 2020

gilles-peskine-arm commented Aug 11, 2020

gilles-peskine-arm commented Apr 4, 2022

PSA: forced bits in Montgomery private keys #3399

PSA: forced bits in Montgomery private keys #3399

Comments

gilles-peskine-arm commented Jun 4, 2020

gilles-peskine-arm commented Aug 11, 2020

gilles-peskine-arm commented Apr 4, 2022