mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-01-23 11:05:34 +01:00
parent 7354f1e178
commit f3dbc98d96
2 changed files with 38 additions and 11 deletions

View file

@ -464,11 +464,24 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
{
int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH);
int derive_ok = (pk_type != MBEDTLS_PK_ECDSA);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
status = psa_get_key_attributes(pk->priv_id, &old_attributes);
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
psa_key_type_t old_type = psa_get_key_type(&old_attributes);
int has_private = PSA_KEY_TYPE_IS_KEY_PAIR(old_type);
size_t bits = psa_get_key_bits(&old_attributes);
psa_ecc_family_t family = PSA_KEY_TYPE_ECC_GET_FAMILY(old_type);
#else
mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
int has_private = (ec->d.n != 0);
size_t bits = 0;
psa_ecc_family_t family =
mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
#endif
int want_private = 0;
psa_algorithm_t alg = 0;
switch (usage) {

View file

@ -111,7 +111,14 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
int ret;
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
ret = pk_genkey_ec(pk, curve_or_keybits);
if (ret != 0) {
return ret;
}
return 0;
#else
ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits);
if (ret != 0) {
return ret;
@ -120,16 +127,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
&mbedtls_pk_ec_rw(*pk)->d,
&mbedtls_pk_ec_rw(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
ret = pk_genkey_ec(pk, curve_or_keybits);
if (ret != 0) {
return ret;
}
return 0;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_ECP_C && !MBEDTLS_PK_USE_PSA_EC_DATA */
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
@ -208,8 +206,24 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
*psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits));
TEST_EQUAL(pk_genkey(pk, grp_id), 0);
if (!want_pair) {
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type(&pub_attributes,
PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type));
psa_set_key_usage_flags(&pub_attributes,
PSA_KEY_USAGE_EXPORT |
PSA_KEY_USAGE_COPY |
PSA_KEY_USAGE_VERIFY_MESSAGE |
PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY);
PSA_ASSERT(psa_destroy_key(pk->priv_id));
PSA_ASSERT(psa_import_key(&pub_attributes,
pk->pub_raw, pk->pub_raw_len,
&pk->priv_id));
#else
mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
mbedtls_mpi_free(&ec->d);
#endif
}
break;
}