2fa6b5f503
Attempting to create an ECC key with a curve specification that is not valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may be a curve specification, but not one I support"). The choice of error is somewhat subjective. Before this commit, due to happenstance in the implementation, an attempt to use a curve that is declared in the PSA API but not implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas an attempt to use a curve that Mbed TLS supports but for which support was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This inconsistency made it difficult to write negative tests that could work whether the curve is implemented via Mbed TLS code or via a driver. After this commit, any attempt to use parameters that are not recognized fails with NOT_SUPPORTED, whether a curve with the specified size might plausibly exist or not, because "might plausibly exist" is not something Mbed TLS can determine. To keep returning INVALID_ARGUMENT when importing an ECC key with an explicit "bits" attribute that is inconsistent with the size of the key material, this commit changes the way mbedtls_ecc_group_of_psa() works: it now works on a size in bits rather than bytes, with an extra flag indicating whether the bit-size must be exact or not. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> |
||
---|---|---|
.. | ||
00README.md | ||
issue3819.txt | ||
issue4093.txt | ||
mbedtls_ecc_group_of_psa.txt | ||
mpi_sub_abs.txt | ||
no_ecp_fallback.txt | ||
programs-ssl-use-after-scope.txt | ||
psa-crypto-hmac-drbg.txt | ||
psa-crypto-rename-output-buffer-size-macros.txt | ||
psa_close_key_memory_leak_fix.txt | ||
rsa_private-ret.txt |