diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5368e040e..e1dd822e5 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -144,8 +144,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * correct for \p curve. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy); + size_t bits); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/pk_internal.h b/library/pk_internal.h index 642a0c7bb..3d5adf8de 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -98,13 +98,13 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c } opaque_key_type = psa_get_key_type(&opaque_attrs); curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); - id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs)); psa_reset_key_attributes(&opaque_attrs); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ diff --git a/library/pkparse.c b/library/pkparse.c index ef3aff22b..5f95545af 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -250,7 +250,7 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, mbedtls_ecp_group_id ecp_group_id; int ret; - ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); + ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); mbedtls_ecp_keypair_init(&ecp_key); ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d39310981..850f20610 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5708,7 +5708,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, bits, 0); + mbedtls_ecc_group_from_psa(curve, bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3f2ec23e3..20ef29c12 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -41,6 +41,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; + size_t curve_bits_check; int explicit_bits = (curve_bits != 0); if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && @@ -84,7 +85,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( /* Load the group. */ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), - curve_bits, !explicit_bits); + curve_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { /* We can't distinguish between a nonsensical family/size combination * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a @@ -96,6 +97,17 @@ psa_status_t mbedtls_psa_ecp_load_representation( goto exit; } + /* Get the exact number of bits which are necessary for this key. This is + * used to validate the "curve_bits" input parameter (only in case it was + * provided). + * Note: we intentionally ignore the return value of mbedtls_ecc_group_to_psa() + * because we are only interested in the curve's bit size. */ + mbedtls_ecc_group_to_psa(grp_id, &curve_bits_check); + if (explicit_bits && (curve_bits_check != curve_bits)) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( mbedtls_ecp_group_load(&ecp->grp, grp_id)); if (status != PSA_SUCCESS) { @@ -285,7 +297,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, attributes->core.bits, 0); + mbedtls_ecc_group_from_psa(curve, attributes->core.bits); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/library/psa_util.c b/library/psa_util.c index f4685dbc6..abd7a5f6b 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -253,8 +253,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy) + size_t bits) { switch (curve) { case PSA_ECC_FAMILY_SECP_R1: @@ -277,12 +276,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, #endif #if defined(PSA_WANT_ECC_SECP_R1_521) case 521: - return MBEDTLS_ECP_DP_SECP521R1; case 528: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_SECP521R1; - } - break; + return MBEDTLS_ECP_DP_SECP521R1; #endif } break; @@ -308,12 +303,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, switch (bits) { #if defined(PSA_WANT_ECC_MONTGOMERY_255) case 255: - return MBEDTLS_ECP_DP_CURVE25519; case 256: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_CURVE25519; - } - break; + return MBEDTLS_ECP_DP_CURVE25519; #endif #if defined(PSA_WANT_ECC_MONTGOMERY_448) case 448: @@ -340,7 +331,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, break; } - (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */