psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
dc33200b74
commit
0e608807e3
3 changed files with 17 additions and 24 deletions
|
|
@ -126,16 +126,11 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
|
||||||
* \param curve A PSA elliptic curve identifier
|
* \param curve A PSA elliptic curve identifier
|
||||||
* (`PSA_ECC_FAMILY_xxx`).
|
* (`PSA_ECC_FAMILY_xxx`).
|
||||||
* \param bits The bit-length of a private key on \p curve.
|
* \param bits The bit-length of a private key on \p curve.
|
||||||
* \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
|
|
||||||
* to the nearest multiple of 8. This allows the caller
|
|
||||||
* to infer the exact curve from the length of a key
|
|
||||||
* which is supplied as a byte string.
|
|
||||||
*
|
*
|
||||||
* \return The corresponding Mbed TLS elliptic curve identifier
|
* \return The corresponding Mbed TLS elliptic curve identifier
|
||||||
* (`MBEDTLS_ECP_DP_xxx`).
|
* (`MBEDTLS_ECP_DP_xxx`).
|
||||||
* \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
|
* \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve
|
||||||
* \return #MBEDTLS_ECP_DP_NONE if \p bits is not
|
* and \p bits is not recognized.
|
||||||
* correct for \p curve.
|
|
||||||
*/
|
*/
|
||||||
mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve,
|
mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve,
|
||||||
size_t bits);
|
size_t bits);
|
||||||
|
|
|
||||||
|
|
@ -32,13 +32,16 @@
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
/* Helper function to verify if the provided EC's family and key bit size are
|
/* Helper function to verify if the provided EC's family and key bit size are valid.
|
||||||
* valid. */
|
*
|
||||||
static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup)
|
* Note: "bits" parameter is used both as input and output and it might be updated
|
||||||
|
* in case provided input value is not multiple of 8 ("sloppy" bits).
|
||||||
|
*/
|
||||||
|
static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits)
|
||||||
{
|
{
|
||||||
switch (family) {
|
switch (family) {
|
||||||
case PSA_ECC_FAMILY_SECP_R1:
|
case PSA_ECC_FAMILY_SECP_R1:
|
||||||
switch (bits) {
|
switch (*bits) {
|
||||||
case 192:
|
case 192:
|
||||||
case 224:
|
case 224:
|
||||||
case 256:
|
case 256:
|
||||||
|
|
@ -46,14 +49,13 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_
|
||||||
case 521:
|
case 521:
|
||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
case 528:
|
case 528:
|
||||||
if (allow_bit_size_roundup) {
|
*bits = 521;
|
||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
|
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
|
||||||
switch (bits) {
|
switch (*bits) {
|
||||||
case 256:
|
case 256:
|
||||||
case 384:
|
case 384:
|
||||||
case 512:
|
case 512:
|
||||||
|
|
@ -62,19 +64,18 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case PSA_ECC_FAMILY_MONTGOMERY:
|
case PSA_ECC_FAMILY_MONTGOMERY:
|
||||||
switch (bits) {
|
switch (*bits) {
|
||||||
case 448:
|
case 448:
|
||||||
case 255:
|
case 255:
|
||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
case 256:
|
case 256:
|
||||||
if (allow_bit_size_roundup) {
|
*bits = 255;
|
||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case PSA_ECC_FAMILY_SECP_K1:
|
case PSA_ECC_FAMILY_SECP_K1:
|
||||||
switch (bits) {
|
switch (*bits) {
|
||||||
case 192:
|
case 192:
|
||||||
case 224:
|
case 224:
|
||||||
case 256:
|
case 256:
|
||||||
|
|
@ -136,8 +137,7 @@ psa_status_t mbedtls_psa_ecp_load_representation(
|
||||||
}
|
}
|
||||||
mbedtls_ecp_keypair_init(ecp);
|
mbedtls_ecp_keypair_init(ecp);
|
||||||
|
|
||||||
status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits,
|
status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits);
|
||||||
!explicit_bits);
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -276,7 +276,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve,
|
||||||
#endif
|
#endif
|
||||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||||
case 521:
|
case 521:
|
||||||
case 528:
|
|
||||||
return MBEDTLS_ECP_DP_SECP521R1;
|
return MBEDTLS_ECP_DP_SECP521R1;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
@ -303,7 +302,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve,
|
||||||
switch (bits) {
|
switch (bits) {
|
||||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||||
case 255:
|
case 255:
|
||||||
case 256:
|
|
||||||
return MBEDTLS_ECP_DP_CURVE25519;
|
return MBEDTLS_ECP_DP_CURVE25519;
|
||||||
#endif
|
#endif
|
||||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue