psa_util: properly handle secp224r1 private key size

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-03 15:22:46 +01:00 · 2024-01-03 15:22:46 +01:00 · 0bc8598d20
commit 0bc8598d20
parent 8bd330dff5
2 changed files with 11 additions and 2 deletions
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@ -80,6 +80,11 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits)
                case 224:
                case 256:
                    return PSA_SUCCESS;
+                /* secp224k1 has 224-bit coordinates but 225-bit private keys.
+                 * This means that private keys are represented with 232 bits. */
+                case 232:
+                    *bits = 225;
+                    return PSA_SUCCESS;
            }
            break;
    }
--- a/library/psa_util.c
+++ b/library/psa_util.c
@ -232,8 +232,10 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
            return PSA_ECC_FAMILY_SECP_K1;
 #endif
 #if defined(MBEDTLS_ECP_HAVE_SECP224K1)
+        /* secp224k1 has 224-bit coordinates but 225-bit private keys.
+         * The nominal key size in PSA is the private key size, hence 225. */
        case MBEDTLS_ECP_DP_SECP224K1:
-            *bits = 224;
+            *bits = 225;
            return PSA_ECC_FAMILY_SECP_K1;
 #endif
 #if defined(MBEDTLS_ECP_HAVE_SECP256K1)
@ -318,7 +320,9 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve,
                    return MBEDTLS_ECP_DP_SECP192K1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_K1_224)
-                case 224:
+                /* secp224k1 has 224-bit coordinates but 225-bit private keys.
+                 * The nominal key size in PSA is the private key size, hence 225. */
+                case 225:
                    return MBEDTLS_ECP_DP_SECP224K1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_K1_256)