Use macros for sizes in p256-m driver

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-08-09 11:53:09 +02:00
parent 138bdb6b17
commit ba63e0ce34

View file

@ -41,7 +41,17 @@
* keys is only 64 bytes; the same as PSA but without the leading byte (0x04).
* Hence, when passing public keys from PSA to p256-m, the leading byte is
* removed.
*
* Shared secret and signature have the same format between PSA and p256-m.
*/
#define PSA_PUBKEY_SIZE 65
#define PSA_PUBKEY_HEADER_BYTE 0x04
#define P256_PUBKEY_SIZE 64
#define PRIVKEY_SIZE 32
#define SHARED_SECRET_SIZE 32
#define SIGNATURE_SIZE 64
#define CURVE_BITS 256
/* Convert between p256-m and PSA error codes */
static psa_status_t p256_to_psa_error(int ret)
@ -69,21 +79,21 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
size_t *bits)
{
/* Check the key size */
if (*bits != 0 && *bits != 256) {
if (*bits != 0 && *bits != CURVE_BITS) {
return PSA_ERROR_NOT_SUPPORTED;
}
/* Validate the key (and its type and size) */
psa_key_type_t type = psa_get_key_type(attributes);
if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
if (data_length != 65) {
if (data_length != PSA_PUBKEY_SIZE) {
return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
}
if (p256_validate_pubkey(data + 1) != P256_SUCCESS) {
return PSA_ERROR_INVALID_ARGUMENT;
}
} else if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
if (data_length != 32) {
if (data_length != PRIVKEY_SIZE) {
return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
}
if (p256_validate_privkey(data) != P256_SUCCESS) {
@ -92,7 +102,7 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
} else {
return PSA_ERROR_NOT_SUPPORTED;
}
*bits = 256;
*bits = CURVE_BITS;
/* We only support the export format for input, so just copy. */
if (key_buffer_size < data_length) {
@ -114,23 +124,23 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr
/* Is this the right curve? */
size_t bits = psa_get_key_bits(attributes);
psa_key_type_t type = psa_get_key_type(attributes);
if (bits != 256 || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
if (bits != CURVE_BITS || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
return PSA_ERROR_NOT_SUPPORTED;
}
/* Validate sizes, as p256-m expects fixed-size buffers */
if (key_buffer_size != 32) {
if (key_buffer_size != PRIVKEY_SIZE) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (data_size < 65) {
if (data_size < PSA_PUBKEY_SIZE) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
/* Output public key in the PSA export format */
data[0] = 0x04;
data[0] = PSA_PUBKEY_HEADER_BYTE;
int ret = p256_public_from_private(data + 1, key_buffer);
if (ret == P256_SUCCESS) {
*data_length = 65;
*data_length = PSA_PUBKEY_SIZE;
}
return p256_to_psa_error(ret);
@ -147,7 +157,7 @@ psa_status_t p256_transparent_generate_key(
(void) attributes;
/* Validate sizes, as p256-m expects fixed-size buffers */
if (key_buffer_size != 32) {
if (key_buffer_size != PRIVKEY_SIZE) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
@ -156,11 +166,11 @@ psa_status_t p256_transparent_generate_key(
* keys. Allocate a buffer to which the public key will be written. The
* private key will be written to key_buffer, which is passed to this
* function as an argument. */
uint8_t public_key_buffer[64];
uint8_t public_key_buffer[P256_PUBKEY_SIZE];
int ret = p256_gen_keypair(key_buffer, public_key_buffer);
if (ret == P256_SUCCESS) {
*key_buffer_length = 32;
*key_buffer_length = PRIVKEY_SIZE;
}
return p256_to_psa_error(ret);
@ -184,10 +194,10 @@ psa_status_t p256_transparent_key_agreement(
(void) alg;
/* Validate sizes, as p256-m expects fixed-size buffers */
if (key_buffer_size != 32 || peer_key_length != 65) {
if (key_buffer_size != PRIVKEY_SIZE || peer_key_length != PSA_PUBKEY_SIZE) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (shared_secret_size < 32) {
if (shared_secret_size < SHARED_SECRET_SIZE) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
@ -196,7 +206,7 @@ psa_status_t p256_transparent_key_agreement(
* of the file. */
int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key + 1);
if (ret == P256_SUCCESS) {
*shared_secret_length = 32;
*shared_secret_length = SHARED_SECRET_SIZE;
}
return p256_to_psa_error(ret);
@ -220,22 +230,22 @@ psa_status_t p256_transparent_sign_hash(
(void) alg;
/* Validate sizes, as p256-m expects fixed-size buffers */
if (key_buffer_size != 32) {
if (key_buffer_size != PRIVKEY_SIZE) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (signature_size < 64) {
if (signature_size < SIGNATURE_SIZE) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
int ret = p256_ecdsa_sign(signature, key_buffer, hash, hash_length);
if (ret == P256_SUCCESS) {
*signature_length = 64;
*signature_length = SIGNATURE_SIZE;
}
return p256_to_psa_error(ret);
}
/* This function expects the key buffer to contain a 65 byte public key,
/* This function expects the key buffer to contain a PSA public key,
* as exported by psa_export_public_key() */
static psa_status_t p256_verify_hash_with_public_key(
const uint8_t *key_buffer,
@ -246,10 +256,10 @@ static psa_status_t p256_verify_hash_with_public_key(
size_t signature_length)
{
/* Validate sizes, as p256-m expects fixed-size buffers */
if (key_buffer_size != 65 || *key_buffer != 0x04) {
if (key_buffer_size != PSA_PUBKEY_SIZE || *key_buffer != PSA_PUBKEY_HEADER_BYTE) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (signature_length != 64) {
if (signature_length != SIGNATURE_SIZE) {
return PSA_ERROR_INVALID_SIGNATURE;
}
@ -277,10 +287,10 @@ psa_status_t p256_transparent_verify_hash(
(void) alg;
psa_status_t status;
uint8_t public_key_buffer[65];
size_t public_key_buffer_size = 65;
uint8_t public_key_buffer[PSA_PUBKEY_SIZE];
size_t public_key_buffer_size = PSA_PUBKEY_SIZE;
size_t public_key_length = 65;
size_t public_key_length = PSA_PUBKEY_SIZE;
/* As p256-m doesn't require dynamic allocation, we want to avoid it in
* the entrypoint functions as well. psa_driver_wrapper_export_public_key()
* requires size_t*, so we use a pointer to a stack variable. */