From 315e4afc0a6bc4e55340fe8de7891e076e277da5 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 5 Feb 2024 10:09:15 +0100
Subject: [PATCH] psa_util: change parameters order in ECDSA conversion
 functions

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/psa_util.h                    | 14 ++++++-------
 library/pk_wrap.c                             |  7 +++----
 library/psa_util.c                            | 10 ++++------
 .../test_suite_psa_crypto_util.function       | 20 ++++++++-----------
 4 files changed, 21 insertions(+), 30 deletions(-)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index b7b710f65..06732d8c5 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -186,6 +186,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa
 
 /** Convert an ECDSA signature from raw format to DER ASN.1 format.
  *
+ * \param       bits        Size of each coordinate in bits.
  * \param       raw         Buffer that contains the signature in raw format.
  * \param       raw_len     Length of \p raw in bytes.
  * \param[out]  der         Buffer that will be filled with the converted DER
@@ -194,14 +195,13 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa
  * \param[out]  der_len     On success it contains the amount of valid data
  *                          (in bytes) written to \p der. It's undefined
  *                          in case of failure.
- * \param       bits        Size of each coordinate in bits.
  */
-int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len,
-                             unsigned char *der, size_t der_size, size_t *der_len,
-                             size_t bits);
+int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
+                             unsigned char *der, size_t der_size, size_t *der_len);
 
 /** Convert an ECDSA signature from DER ASN.1 format to raw format.
  *
+ * \param       bits        Size of each coordinate in bits.
  * \param       der         Buffer that contains the signature in DER format.
  * \param       der_len     Size of \p der in bytes.
  * \param[out]  raw         Buffer that will be filled with the converted raw
@@ -210,11 +210,9 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len,
  * \param[out]  raw_len     On success it is updated with the amount of valid
  *                          data (in bytes) written to \p raw. It's undefined
  *                          in case of failure.
- * \param       bits        Size of each coordinate in bits.
  */
-int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len,
-                             unsigned char *raw, size_t raw_size, size_t *raw_len,
-                             size_t bits);
+int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
+                             unsigned char *raw, size_t raw_size, size_t *raw_len);
 
 #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
 
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 9a29d929e..c45fbd436 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -573,9 +573,8 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
     }
 
     p = (unsigned char *) sig;
-    ret = mbedtls_ecdsa_der_to_raw(p, sig_len, extracted_sig,
-                                   sizeof(extracted_sig), &converted_sig_len,
-                                   curve_bits);
+    ret = mbedtls_ecdsa_der_to_raw(curve_bits, p, sig_len, extracted_sig,
+                                   sizeof(extracted_sig), &converted_sig_len);
     if (ret != 0) {
         goto cleanup;
     }
@@ -730,7 +729,7 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg,
     }
 
 done:
-    ret = mbedtls_ecdsa_raw_to_der(sig, sig_size, sig, sig_size, sig_len, key_bits);
+    ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, sig_size, sig, sig_size, sig_len);
 
     return ret;
 }
diff --git a/library/psa_util.c b/library/psa_util.c
index b13d83d47..2491f2e45 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -402,9 +402,8 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra
     return len;
 }
 
-int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len,
-                             unsigned char *der, size_t der_size, size_t *der_len,
-                             size_t bits)
+int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
+                             unsigned char *der, size_t der_size, size_t *der_len)
 {
     unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
     unsigned char s[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
@@ -511,9 +510,8 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len,
     return (int) (p - der);
 }
 
-int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len,
-                             unsigned char *raw, size_t raw_size, size_t *raw_len,
-                             size_t bits)
+int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
+                             unsigned char *raw, size_t raw_size, size_t *raw_len)
 {
     unsigned char raw_tmp[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE];
     unsigned char *p = (unsigned char *) der;
diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function
index 9dc95b659..c102b0761 100644
--- a/tests/suites/test_suite_psa_crypto_util.function
+++ b/tests/suites/test_suite_psa_crypto_util.function
@@ -12,9 +12,8 @@ void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_r
 
     TEST_CALLOC(tmp_buf, tmp_buf_len);
 
-    TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len,
-                                        tmp_buf, tmp_buf_len, &ret_len,
-                                        key_bits), exp_ret);
+    TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len,
+                                        tmp_buf, tmp_buf_len, &ret_len), exp_ret);
 
     if (exp_ret == 0) {
         ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len);
@@ -35,17 +34,15 @@ void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_resul
 
     for (i = 1; i < tmp_buf_len; i++) {
         TEST_CALLOC(tmp_buf, i);
-        TEST_ASSERT(mbedtls_ecdsa_raw_to_der(input->x, input->len,
-                                             tmp_buf, i, &ret_len,
-                                             key_bits) != 0);
+        TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len,
+                                             tmp_buf, i, &ret_len) != 0);
         mbedtls_free(tmp_buf);
         tmp_buf = NULL;
     }
 
     TEST_CALLOC(tmp_buf, i);
-    TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len,
-                                        tmp_buf, i, &ret_len,
-                                        key_bits), 0);
+    TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len,
+                                        tmp_buf, i, &ret_len), 0);
 exit:
     mbedtls_free(tmp_buf);
 }
@@ -60,9 +57,8 @@ void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_r
 
     TEST_CALLOC(tmp_buf, tmp_buf_len);
 
-    TEST_EQUAL(mbedtls_ecdsa_der_to_raw(input->x, input->len,
-                                        tmp_buf, tmp_buf_len, &ret_len,
-                                        key_bits), exp_ret);
+    TEST_EQUAL(mbedtls_ecdsa_der_to_raw(key_bits, input->x, input->len,
+                                        tmp_buf, tmp_buf_len, &ret_len), exp_ret);
 
     if (exp_ret == 0) {
         ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len);