Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching errors: both assumed that there was a PSA public key object. Fix this. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
591e83d139
commit
cb3b4cae0a
3 changed files with 8 additions and 12 deletions
|
@ -253,6 +253,8 @@ typedef struct mbedtls_pk_context {
|
||||||
* inside the ecp_keypair structure
|
* inside the ecp_keypair structure
|
||||||
* - the following fields are used for all public key operations: signature
|
* - the following fields are used for all public key operations: signature
|
||||||
* verify, key pair check and key write.
|
* verify, key pair check and key write.
|
||||||
|
* - For a key pair, priv_id contains the private key. For a public key,
|
||||||
|
* priv_id is null.
|
||||||
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
|
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
|
||||||
* ecp_keypair structure is used for storing the public key and performing
|
* ecp_keypair structure is used for storing the public key and performing
|
||||||
* all the operations.
|
* all the operations.
|
||||||
|
|
14
library/pk.c
14
library/pk.c
|
@ -464,16 +464,12 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
|
||||||
int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH);
|
int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH);
|
||||||
int derive_ok = (pk_type != MBEDTLS_PK_ECDSA);
|
int derive_ok = (pk_type != MBEDTLS_PK_ECDSA);
|
||||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||||
psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_ecc_family_t family = pk->ec_family;
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
size_t bits = pk->ec_bits;
|
||||||
status = psa_get_key_attributes(pk->priv_id, &old_attributes);
|
int has_private = 0;
|
||||||
if (status != PSA_SUCCESS) {
|
if (pk->priv_id != MBEDTLS_SVC_KEY_ID_INIT) {
|
||||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
has_private = 1;
|
||||||
}
|
}
|
||||||
psa_key_type_t old_type = psa_get_key_type(&old_attributes);
|
|
||||||
int has_private = PSA_KEY_TYPE_IS_KEY_PAIR(old_type);
|
|
||||||
size_t bits = psa_get_key_bits(&old_attributes);
|
|
||||||
psa_ecc_family_t family = PSA_KEY_TYPE_ECC_GET_FAMILY(old_type);
|
|
||||||
#else
|
#else
|
||||||
const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
|
const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
|
||||||
int has_private = (ec->d.n != 0);
|
int has_private = (ec->d.n != 0);
|
||||||
|
|
|
@ -283,9 +283,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
|
||||||
PSA_KEY_USAGE_VERIFY_HASH);
|
PSA_KEY_USAGE_VERIFY_HASH);
|
||||||
psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY);
|
psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY);
|
||||||
PSA_ASSERT(psa_destroy_key(pk->priv_id));
|
PSA_ASSERT(psa_destroy_key(pk->priv_id));
|
||||||
PSA_ASSERT(psa_import_key(&pub_attributes,
|
pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
pk->pub_raw, pk->pub_raw_len,
|
|
||||||
&pk->priv_id));
|
|
||||||
#else
|
#else
|
||||||
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
|
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
|
||||||
mbedtls_mpi_free(&ec->d);
|
mbedtls_mpi_free(&ec->d);
|
||||||
|
|
Loading…
Reference in a new issue