yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

mbedtls_ecp_write_key_ext(): migrate internally

Browse source 
Stop using mbedtls_ecp_write_key() except to test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-02-19 16:44:29 +01:00
parent acdc52e154
commit 84b9f1b039
5 changed files with 30 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
library/pk.c
View file

@ -1401,8 +1401,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
d_len = PSA_BITS_TO_BYTES(ec->grp.nbits); if ((ret = mbedtls_ecp_write_key_ext(ec, &d_len, d, sizeof(d))) != 0) {
if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
return ret; return ret;
} }

2
library/pkwrite.c
View file

@ -202,7 +202,7 @@ static int pk_write_ec_private(unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
byte_length = (ec->grp.pbits + 7) / 8; byte_length = (ec->grp.pbits + 7) / 8;
ret = mbedtls_ecp_write_key(ec, tmp, byte_length); ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp));
if (ret != 0) { if (ret != 0) {
goto exit; goto exit;
} }

21
library/psa_crypto_ecp.c
View file

@ -281,20 +281,8 @@ psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type,
return status; return status;
} else { } else {
if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_ecp_write_key(ecp, mbedtls_ecp_write_key_ext(ecp, data_length, data, data_size));
data,
PSA_BITS_TO_BYTES(ecp->grp.nbits)));
if (status == PSA_SUCCESS) {
*data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits);
} else {
memset(data, 0, data_size);
}
return status; return status;
} }
} }
@ -359,14 +347,11 @@ psa_status_t mbedtls_psa_ecp_generate_key(
} }
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size)); mbedtls_ecp_write_key_ext(&ecp, key_buffer_length,
key_buffer, key_buffer_size));
mbedtls_ecp_keypair_free(&ecp); mbedtls_ecp_keypair_free(&ecp);
if (status == PSA_SUCCESS) {
*key_buffer_length = key_buffer_size;
}
return status; return status;
} }
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */

3
library/ssl_tls12_server.c
View file

@ -2703,8 +2703,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf));
ret = mbedtls_ecp_write_key(key, buf, key_len);
if (ret != 0) { if (ret != 0) {
mbedtls_platform_zeroize(buf, sizeof(buf)); mbedtls_platform_zeroize(buf, sizeof(buf));
break; break;

35
tests/suites/test_suite_ecp.function
View file

@ -1204,27 +1204,40 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0);
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0);
if (canonical) { if (canonical && in_key->len == (key.grp.nbits + 7) / 8) {
unsigned char buf[MBEDTLS_ECP_MAX_BYTES]; unsigned char buf[MBEDTLS_ECP_MAX_BYTES];
size_t length = 0xdeadbeef;
ret = mbedtls_ecp_write_key(&key, buf, in_key->len); TEST_EQUAL(mbedtls_ecp_write_key_ext(&key,
TEST_ASSERT(ret == 0); &length, buf, in_key->len), 0);
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
buf, length);
memset(buf, 0, sizeof(buf));
TEST_EQUAL(mbedtls_ecp_write_key(&key, buf, in_key->len), 0);
TEST_MEMORY_COMPARE(in_key->x, in_key->len, TEST_MEMORY_COMPARE(in_key->x, in_key->len,
buf, in_key->len); buf, in_key->len);
} else { } else {
unsigned char export1[MBEDTLS_ECP_MAX_BYTES]; unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
unsigned char export2[MBEDTLS_ECP_MAX_BYTES]; unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
ret = mbedtls_ecp_write_key(&key, export1, in_key->len); size_t length1 = 0xdeadbeef;
TEST_ASSERT(ret == 0); TEST_EQUAL(mbedtls_ecp_write_key_ext(&key, &length1,
export1, sizeof(export1)), 0);
ret = mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len); TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key2, export1, length1),
TEST_ASSERT(ret == expected); expected);
size_t length2 = 0xdeadbeef;
ret = mbedtls_ecp_write_key(&key2, export2, in_key->len); TEST_EQUAL(mbedtls_ecp_write_key_ext(&key2, &length2,
TEST_ASSERT(ret == 0); export2, sizeof(export2)), 0);
TEST_MEMORY_COMPARE(export1, length1,
export2, length2);
memset(export1, 0, sizeof(export1));
memset(export2, 0, sizeof(export2));
TEST_EQUAL(mbedtls_ecp_write_key(&key, export1, in_key->len), 0);
TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len),
expected);
TEST_EQUAL(mbedtls_ecp_write_key(&key2, export2, in_key->len), 0);
TEST_MEMORY_COMPARE(export1, in_key->len, TEST_MEMORY_COMPARE(export1, in_key->len,
export2, in_key->len); export2, in_key->len);
} }