Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA

The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-02-02 13:12:39 +01:00
parent 591e83d139
commit cb3b4cae0a
3 changed files with 8 additions and 12 deletions

View file

@ -253,6 +253,8 @@ typedef struct mbedtls_pk_context {
* inside the ecp_keypair structure * inside the ecp_keypair structure
* - the following fields are used for all public key operations: signature * - the following fields are used for all public key operations: signature
* verify, key pair check and key write. * verify, key pair check and key write.
* - For a key pair, priv_id contains the private key. For a public key,
* priv_id is null.
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
* ecp_keypair structure is used for storing the public key and performing * ecp_keypair structure is used for storing the public key and performing
* all the operations. * all the operations.

View file

@ -464,16 +464,12 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH); int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH);
int derive_ok = (pk_type != MBEDTLS_PK_ECDSA); int derive_ok = (pk_type != MBEDTLS_PK_ECDSA);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_ecc_family_t family = pk->ec_family;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t bits = pk->ec_bits;
status = psa_get_key_attributes(pk->priv_id, &old_attributes); int has_private = 0;
if (status != PSA_SUCCESS) { if (pk->priv_id != MBEDTLS_SVC_KEY_ID_INIT) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA; has_private = 1;
} }
psa_key_type_t old_type = psa_get_key_type(&old_attributes);
int has_private = PSA_KEY_TYPE_IS_KEY_PAIR(old_type);
size_t bits = psa_get_key_bits(&old_attributes);
psa_ecc_family_t family = PSA_KEY_TYPE_ECC_GET_FAMILY(old_type);
#else #else
const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
int has_private = (ec->d.n != 0); int has_private = (ec->d.n != 0);

View file

@ -283,9 +283,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
PSA_KEY_USAGE_VERIFY_HASH); PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY);
PSA_ASSERT(psa_destroy_key(pk->priv_id)); PSA_ASSERT(psa_destroy_key(pk->priv_id));
PSA_ASSERT(psa_import_key(&pub_attributes, pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
pk->pub_raw, pk->pub_raw_len,
&pk->priv_id));
#else #else
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
mbedtls_mpi_free(&ec->d); mbedtls_mpi_free(&ec->d);