From ddba51e6c9120869c15bd931d4dad9bd3d35e787 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 10:16:33 +0100 Subject: [PATCH 01/25] psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa" Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 6 +++--- library/pk_internal.h | 4 ++-- library/pkparse.c | 2 +- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 6 +++--- library/psa_util.c | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5f6a05315a..5368e040e4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -143,9 +143,9 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * \return #MBEDTLS_ECP_DP_NONE if \p bits is not * correct for \p curve. */ -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy); +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/pk_internal.h b/library/pk_internal.h index 025ee8b019..642a0c7bb7 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -98,13 +98,13 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c } opaque_key_type = psa_get_key_type(&opaque_attrs); curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); - id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs), 0); psa_reset_key_attributes(&opaque_attrs); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ diff --git a/library/pkparse.c b/library/pkparse.c index d36fa3f838..ef3aff22b0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -250,7 +250,7 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, mbedtls_ecp_group_id ecp_group_id; int ret; - ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); mbedtls_ecp_keypair_init(&ecp_key); ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8baa6b6f5..d393109811 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5708,7 +5708,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa(curve, bits, 0); + mbedtls_ecc_group_from_psa(curve, bits, 0); if (grp_id == MBEDTLS_ECP_DP_NONE) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index e4a372d242..3f2ec23e3d 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -83,8 +83,8 @@ psa_status_t mbedtls_psa_ecp_load_representation( mbedtls_ecp_keypair_init(ecp); /* Load the group. */ - grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), - curve_bits, !explicit_bits); + grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), + curve_bits, !explicit_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { /* We can't distinguish between a nonsensical family/size combination * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a @@ -285,7 +285,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0); + mbedtls_ecc_group_from_psa(curve, attributes->core.bits, 0); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/library/psa_util.c b/library/psa_util.c index 36b7175dfb..f4685dbc69 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -252,9 +252,9 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } } -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy) +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy) { switch (curve) { case PSA_ECC_FAMILY_SECP_R1: From d36c313b53b4ba45561bbcde9408f8c0f39b8ece Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 14:03:51 +0100 Subject: [PATCH 02/25] psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa() Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 3 +-- library/pk_internal.h | 4 ++-- library/pkparse.c | 2 +- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 16 ++++++++++++++-- library/psa_util.c | 16 +++------------- 6 files changed, 22 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5368e040e4..e1dd822e53 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -144,8 +144,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * correct for \p curve. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy); + size_t bits); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/pk_internal.h b/library/pk_internal.h index 642a0c7bb7..3d5adf8de7 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -98,13 +98,13 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c } opaque_key_type = psa_get_key_type(&opaque_attrs); curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); - id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs)); psa_reset_key_attributes(&opaque_attrs); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ diff --git a/library/pkparse.c b/library/pkparse.c index ef3aff22b0..5f95545af6 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -250,7 +250,7 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, mbedtls_ecp_group_id ecp_group_id; int ret; - ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); + ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); mbedtls_ecp_keypair_init(&ecp_key); ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d393109811..850f206101 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5708,7 +5708,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, bits, 0); + mbedtls_ecc_group_from_psa(curve, bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3f2ec23e3d..20ef29c122 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -41,6 +41,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; + size_t curve_bits_check; int explicit_bits = (curve_bits != 0); if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && @@ -84,7 +85,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( /* Load the group. */ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), - curve_bits, !explicit_bits); + curve_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { /* We can't distinguish between a nonsensical family/size combination * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a @@ -96,6 +97,17 @@ psa_status_t mbedtls_psa_ecp_load_representation( goto exit; } + /* Get the exact number of bits which are necessary for this key. This is + * used to validate the "curve_bits" input parameter (only in case it was + * provided). + * Note: we intentionally ignore the return value of mbedtls_ecc_group_to_psa() + * because we are only interested in the curve's bit size. */ + mbedtls_ecc_group_to_psa(grp_id, &curve_bits_check); + if (explicit_bits && (curve_bits_check != curve_bits)) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( mbedtls_ecp_group_load(&ecp->grp, grp_id)); if (status != PSA_SUCCESS) { @@ -285,7 +297,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, attributes->core.bits, 0); + mbedtls_ecc_group_from_psa(curve, attributes->core.bits); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/library/psa_util.c b/library/psa_util.c index f4685dbc69..abd7a5f6b9 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -253,8 +253,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy) + size_t bits) { switch (curve) { case PSA_ECC_FAMILY_SECP_R1: @@ -277,12 +276,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, #endif #if defined(PSA_WANT_ECC_SECP_R1_521) case 521: - return MBEDTLS_ECP_DP_SECP521R1; case 528: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_SECP521R1; - } - break; + return MBEDTLS_ECP_DP_SECP521R1; #endif } break; @@ -308,12 +303,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, switch (bits) { #if defined(PSA_WANT_ECC_MONTGOMERY_255) case 255: - return MBEDTLS_ECP_DP_CURVE25519; case 256: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_CURVE25519; - } - break; + return MBEDTLS_ECP_DP_CURVE25519; #endif #if defined(PSA_WANT_ECC_MONTGOMERY_448) case 448: @@ -340,7 +331,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, break; } - (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ From 673868be5df7918878c78b98f4ef87f7ec76b7a8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 14:48:31 +0100 Subject: [PATCH 03/25] psa_crypto_ecp: add helper for checking EC parameters This commit also updates "test_suite_psa_crypto.data" replacing PSA_ERROR_NOT_SUPPORTED with PSA_ERROR_INVALID_ARGUMENT when a wrong bit size is provided while importing key. Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 78 +++++++++++++++++++------ tests/suites/test_suite_psa_crypto.data | 6 +- 2 files changed, 63 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 20ef29c122..866ef7956a 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -32,6 +32,60 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) +/* Helper function to verify if the provided EC's family and key bit size are + * valid. */ +static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup) +{ + switch (family) { + case PSA_ECC_FAMILY_SECP_R1: + switch (bits) { + case 192: + case 224: + case 256: + case 384: + case 521: + return PSA_SUCCESS; + case 528: + if (allow_bit_size_roundup) { + return PSA_SUCCESS; + } + } + break; + + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: + switch (bits) { + case 256: + case 384: + case 512: + return PSA_SUCCESS; + } + break; + + case PSA_ECC_FAMILY_MONTGOMERY: + switch (bits) { + case 448: + case 255: + return PSA_SUCCESS; + case 256: + if (allow_bit_size_roundup) { + return PSA_SUCCESS; + } + } + break; + + case PSA_ECC_FAMILY_SECP_K1: + switch (bits) { + case 192: + case 224: + case 256: + return PSA_SUCCESS; + } + break; + } + + return PSA_ERROR_INVALID_ARGUMENT; +} + psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, @@ -41,7 +95,6 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; - size_t curve_bits_check; int explicit_bits = (curve_bits != 0); if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && @@ -83,27 +136,16 @@ psa_status_t mbedtls_psa_ecp_load_representation( } mbedtls_ecp_keypair_init(ecp); + status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits, + !explicit_bits); + if (status != PSA_SUCCESS) { + goto exit; + } + /* Load the group. */ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { - /* We can't distinguish between a nonsensical family/size combination - * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a - * well-regarded curve that Mbed TLS just doesn't know about (which - * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how - * curves that Mbed TLS knows about but for which support is disabled - * at build time, return NOT_SUPPORTED. */ - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - - /* Get the exact number of bits which are necessary for this key. This is - * used to validate the "curve_bits" input parameter (only in case it was - * provided). - * Note: we intentionally ignore the return value of mbedtls_ecc_group_to_psa() - * because we are only interested in the curve's bit size. */ - mbedtls_ecc_group_to_psa(grp_id, &curve_bits_check); - if (explicit_bits && (curve_bits_check != curve_bits)) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 1bd8b65002..0cb800573e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -684,7 +684,7 @@ import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=255 for secp256r1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED +import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=521 for secp521r1 (good) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521 @@ -692,7 +692,7 @@ import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521 -import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED +import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, DER format depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 @@ -716,7 +716,7 @@ import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba0120 PSA import EC keypair: implicit bit-size, not a valid length depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED +import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, all-bits-zero (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 From 3b7663de29940dd6b6c00995711936f50ebf7c62 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 14:56:14 +0100 Subject: [PATCH 04/25] psa_util: update the documentation of ECC conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e1dd822e53..a2604e1f31 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -109,9 +109,6 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. * * \param grpid An Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). @@ -125,9 +122,6 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits); /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. * * \param curve A PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). From bf999cb22ec7de888cf3ca3baf79bca137f53f57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 17:48:13 +0100 Subject: [PATCH 05/25] test_suite_psa_crypto: add test functions and cases for ECC conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 55 +++++++++++++++++++++ tests/suites/test_suite_psa_crypto.function | 29 +++++++++++ 2 files changed, 84 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0cb800573e..d2fa842500 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7406,3 +7406,58 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY + +ECP group ID <-> PSA family - SECP192R1 +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1 + +ECP group ID <-> PSA family - SECP224R1 +depends_on:PSA_WANT_ECC_SECP_R1_224 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1 + +ECP group ID <-> PSA family - SECP256R1 +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1 + +ECP group ID <-> PSA family - SECP384R1 +depends_on:PSA_WANT_ECC_SECP_R1_384 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1 + +ECP group ID <-> PSA family - SECP521R1 +depends_on:PSA_WANT_ECC_SECP_R1_521 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1 + +ECP group ID <-> PSA family - BP256R1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1 + +ECP group ID <-> PSA family - BP384R1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1 + +ECP group ID <-> PSA family - BP512R1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1 + +ECP group ID <-> PSA family - CURVE25519 +depends_on:PSA_WANT_ECC_MONTGOMERY_255 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519 + +ECP group ID <-> PSA family - SECP192K1 +depends_on:PSA_WANT_ECC_SECP_K1_192 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1 + +ECP group ID <-> PSA family - SECP224K1 +depends_on:PSA_WANT_ECC_SECP_K1_224 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1 + +ECP group ID <-> PSA family - SECP256K1 +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1 + +ECP group ID <-> PSA family - CURVE448 +depends_on:PSA_WANT_ECC_MONTGOMERY_448 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448 + +ECP group ID <-> PSA family - fail +ecc_conversion_functions_fail: \ No newline at end of file diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4c08a9017c..a2d156d4ee 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6,6 +6,8 @@ #include "mbedtls/oid.h" #include "common.h" +#include "mbedtls/psa_util.h" + /* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() * uses mbedtls_ctr_drbg internally. */ #include "mbedtls/ctr_drbg.h" @@ -9479,6 +9481,33 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecc_conversion_functions(int grp_id_arg) +{ + mbedtls_ecp_group_id grp_id = grp_id_arg; + psa_ecc_family_t ecc_family; + size_t bits; + + ecc_family = mbedtls_ecc_group_to_psa(grp_id, &bits); + TEST_ASSERT(ecc_family != 0); + TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecc_conversion_functions_fail(void) +{ + psa_ecc_family_t ecc_family; + size_t bits; + + // Pick an invalid group ID (MBEDTLS_ECP_DP_CURVE448 is the last enum) + ecc_family = mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_CURVE448 + 1, &bits); + TEST_EQUAL(ecc_family, 0); + + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 0)); +} +/* END_CASE */ + /* BEGIN_CASE */ void key_agreement_output(int alg_arg, int our_key_type_arg, data_t *our_key_data, From 90e764c1bff2416eadfca2a901786c98f32966f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 18:16:33 +0100 Subject: [PATCH 06/25] changelog: added documentation for the 2 new public functions Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/7764.txt diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt new file mode 100644 index 0000000000..be332cd605 --- /dev/null +++ b/ChangeLog.d/7764.txt @@ -0,0 +1,4 @@ +Features + * mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() helper + functions were added to convert from mbedtls_ecp_group_id to + psa_ecc_family_t and curve's bit size and viceversa, respectively. \ No newline at end of file From dc33200b74db515ef0e031d97f8207282ed41e06 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 18:28:11 +0100 Subject: [PATCH 07/25] psa-transition: extend "Elliptic curve mechanism selection" Signed-off-by: Valerio Setti --- docs/psa-transition.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 067ffafbd3..71b3d68f90 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -743,6 +743,10 @@ A curve is fully determined by a curve family identifier and the private key siz | `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | | `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | +The following helper functions can be used to convert between the 2 types: +- `mbedtls_ecc_group_to_psa()` converts from the legacy curve type identifier to PSA curve family and bit-size. +- `mbedtls_ecc_group_from_psa()` converts from PSA curve family and bit-size to the legacy identifier. + The following cryptographic algorithms work with ECC keys: * ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). From 0e608807e36e46c06abcd7bd1bdb8c6cef2c3f66 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 11:46:44 +0100 Subject: [PATCH 08/25] psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 9 ++------- library/psa_crypto_ecp.c | 30 +++++++++++++++--------------- library/psa_util.c | 2 -- 3 files changed, 17 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a2604e1f31..cfb4bce58c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -126,16 +126,11 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * \param curve A PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. - * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up - * to the nearest multiple of 8. This allows the caller - * to infer the exact curve from the length of a key - * which is supplied as a byte string. * * \return The corresponding Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). - * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized. - * \return #MBEDTLS_ECP_DP_NONE if \p bits is not - * correct for \p curve. + * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve + * and \p bits is not recognized. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, size_t bits); diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 866ef7956a..3c5aa729bd 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -32,13 +32,16 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) -/* Helper function to verify if the provided EC's family and key bit size are - * valid. */ -static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup) +/* Helper function to verify if the provided EC's family and key bit size are valid. + * + * Note: "bits" parameter is used both as input and output and it might be updated + * in case provided input value is not multiple of 8 ("sloppy" bits). + */ +static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) { switch (family) { case PSA_ECC_FAMILY_SECP_R1: - switch (bits) { + switch (*bits) { case 192: case 224: case 256: @@ -46,14 +49,13 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_ case 521: return PSA_SUCCESS; case 528: - if (allow_bit_size_roundup) { - return PSA_SUCCESS; - } + *bits = 521; + return PSA_SUCCESS; } break; case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch (bits) { + switch (*bits) { case 256: case 384: case 512: @@ -62,19 +64,18 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_ break; case PSA_ECC_FAMILY_MONTGOMERY: - switch (bits) { + switch (*bits) { case 448: case 255: return PSA_SUCCESS; case 256: - if (allow_bit_size_roundup) { - return PSA_SUCCESS; - } + *bits = 255; + return PSA_SUCCESS; } break; case PSA_ECC_FAMILY_SECP_K1: - switch (bits) { + switch (*bits) { case 192: case 224: case 256: @@ -136,8 +137,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( } mbedtls_ecp_keypair_init(ecp); - status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits, - !explicit_bits); + status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits); if (status != PSA_SUCCESS) { goto exit; } diff --git a/library/psa_util.c b/library/psa_util.c index abd7a5f6b9..28b0285521 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -276,7 +276,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, #endif #if defined(PSA_WANT_ECC_SECP_R1_521) case 521: - case 528: return MBEDTLS_ECP_DP_SECP521R1; #endif } @@ -303,7 +302,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, switch (bits) { #if defined(PSA_WANT_ECC_MONTGOMERY_255) case 255: - case 256: return MBEDTLS_ECP_DP_CURVE25519; #endif #if defined(PSA_WANT_ECC_MONTGOMERY_448) From ad819679a55a36338d8c1ba4e72db69d11409646 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 12:14:41 +0100 Subject: [PATCH 09/25] test_suite_psa_crypto: explicitly check return values of conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 31 ++++++++++---------- tests/suites/test_suite_psa_crypto.function | 32 ++++++++------------- 2 files changed, 28 insertions(+), 35 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d2fa842500..501cbb7833 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7409,55 +7409,56 @@ persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ECP group ID <-> PSA family - SECP192R1 depends_on:PSA_WANT_ECC_SECP_R1_192 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192 ECP group ID <-> PSA family - SECP224R1 depends_on:PSA_WANT_ECC_SECP_R1_224 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1:PSA_ECC_FAMILY_SECP_R1:224 ECP group ID <-> PSA family - SECP256R1 depends_on:PSA_WANT_ECC_SECP_R1_256 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256 ECP group ID <-> PSA family - SECP384R1 depends_on:PSA_WANT_ECC_SECP_R1_384 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384 ECP group ID <-> PSA family - SECP521R1 depends_on:PSA_WANT_ECC_SECP_R1_521 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521 ECP group ID <-> PSA family - BP256R1 depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256 ECP group ID <-> PSA family - BP384R1 depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 ECP group ID <-> PSA family - BP512R1 depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 ECP group ID <-> PSA family - CURVE25519 depends_on:PSA_WANT_ECC_MONTGOMERY_255 -ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519:PSA_ECC_FAMILY_MONTGOMERY:255 ECP group ID <-> PSA family - SECP192K1 depends_on:PSA_WANT_ECC_SECP_K1_192 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192 ECP group ID <-> PSA family - SECP224K1 depends_on:PSA_WANT_ECC_SECP_K1_224 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224 ECP group ID <-> PSA family - SECP256K1 depends_on:PSA_WANT_ECC_SECP_K1_256 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256 ECP group ID <-> PSA family - CURVE448 depends_on:PSA_WANT_ECC_MONTGOMERY_448 -ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448 + +ECP group ID <-> PSA family - Wrong values +ecc_conversion_functions:MBEDTLS_ECP_DP_MAX:0:0 -ECP group ID <-> PSA family - fail -ecc_conversion_functions_fail: \ No newline at end of file diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a2d156d4ee..ec8afe705f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9481,30 +9481,22 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void ecc_conversion_functions(int grp_id_arg) +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg) { mbedtls_ecp_group_id grp_id = grp_id_arg; - psa_ecc_family_t ecc_family; - size_t bits; + psa_ecc_family_t ecc_family = psa_family_arg; + size_t bits = bits_arg; + size_t bits_tmp; - ecc_family = mbedtls_ecc_group_to_psa(grp_id, &bits); - TEST_ASSERT(ecc_family != 0); - TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); -} -/* END_CASE */ + TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp)); + TEST_EQUAL(bits, bits_tmp); -/* BEGIN_CASE */ -void ecc_conversion_functions_fail(void) -{ - psa_ecc_family_t ecc_family; - size_t bits; - - // Pick an invalid group ID (MBEDTLS_ECP_DP_CURVE448 is the last enum) - ecc_family = mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_CURVE448 + 1, &bits); - TEST_EQUAL(ecc_family, 0); - - TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 0)); + if (grp_id != MBEDTLS_ECP_DP_MAX) { + TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); + } else { + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(ecc_family, bits)); + } } /* END_CASE */ From 8bd330dff554dfbf3e170463bcd21d31e2405595 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 13:35:58 +0100 Subject: [PATCH 10/25] changelog: add missing newline Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index be332cd605..5eb14b4d22 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,4 @@ Features * mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() helper functions were added to convert from mbedtls_ecp_group_id to - psa_ecc_family_t and curve's bit size and viceversa, respectively. \ No newline at end of file + psa_ecc_family_t and curve's bit size and viceversa, respectively. From 0bc8598d20071c1a8ae122cdeae74f7c53ba0e62 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 3 Jan 2024 15:22:46 +0100 Subject: [PATCH 11/25] psa_util: properly handle secp224r1 private key size Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 5 +++++ library/psa_util.c | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3c5aa729bd..f38efff670 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -80,6 +80,11 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case 224: case 256: return PSA_SUCCESS; + /* secp224k1 has 224-bit coordinates but 225-bit private keys. + * This means that private keys are represented with 232 bits. */ + case 232: + *bits = 225; + return PSA_SUCCESS; } break; } diff --git a/library/psa_util.c b/library/psa_util.c index 28b0285521..971f965e40 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -232,8 +232,10 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, return PSA_ECC_FAMILY_SECP_K1; #endif #if defined(MBEDTLS_ECP_HAVE_SECP224K1) + /* secp224k1 has 224-bit coordinates but 225-bit private keys. + * The nominal key size in PSA is the private key size, hence 225. */ case MBEDTLS_ECP_DP_SECP224K1: - *bits = 224; + *bits = 225; return PSA_ECC_FAMILY_SECP_K1; #endif #if defined(MBEDTLS_ECP_HAVE_SECP256K1) @@ -318,7 +320,9 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, return MBEDTLS_ECP_DP_SECP192K1; #endif #if defined(PSA_WANT_ECC_SECP_K1_224) - case 224: + /* secp224k1 has 224-bit coordinates but 225-bit private keys. + * The nominal key size in PSA is the private key size, hence 225. */ + case 225: return MBEDTLS_ECP_DP_SECP224K1; #endif #if defined(PSA_WANT_ECC_SECP_K1_256) From fc8a48a9e34d0bd42a0b8c6aaffeffc11391f230 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 09:03:23 +0100 Subject: [PATCH 12/25] changelog: fix working Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index 5eb14b4d22..0734fb9113 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,4 @@ Features - * mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() helper - functions were added to convert from mbedtls_ecp_group_id to - psa_ecc_family_t and curve's bit size and viceversa, respectively. + * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() + to convert between mbedtls_ecp_group_id and psa_ecc_family_t and curve's + bit size and vice versa, respectively. From afa01c7394a2e02b060f741f56c3614f7af70b86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 09:47:50 +0100 Subject: [PATCH 13/25] psa-transition: update "Elliptic curve mechanism selection" section - add hyperlinks for the conversion functions. - move conversion functions' description before the legacy<->PSA table. Signed-off-by: Valerio Setti --- docs/psa-transition.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 71b3d68f90..617426cfd7 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -725,7 +725,11 @@ An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mb An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). You can always use a private key for operations on the corresponding public key (as long as the policy permits it). -A curve is fully determined by a curve family identifier and the private key size in bits. The following table gives the correspondence between legacy and PSA elliptic curve designations. +A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations: +- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size. +- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier. + +The following table gives the correspondence between legacy and PSA elliptic curve designations. | Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size | | -------------------------------- | ---------------- | -------------- | @@ -743,10 +747,6 @@ A curve is fully determined by a curve family identifier and the private key siz | `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | | `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | -The following helper functions can be used to convert between the 2 types: -- `mbedtls_ecc_group_to_psa()` converts from the legacy curve type identifier to PSA curve family and bit-size. -- `mbedtls_ecc_group_from_psa()` converts from PSA curve family and bit-size to the legacy identifier. - The following cryptographic algorithms work with ECC keys: * ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). From 4ba0c61eda41c5873879d670e58842e4f6196f52 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 09:51:25 +0100 Subject: [PATCH 14/25] test_suite_psa_crypto: add test case for ECP conversion with null values Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 501cbb7833..c0916e067f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7459,6 +7459,9 @@ ECP group ID <-> PSA family - CURVE448 depends_on:PSA_WANT_ECC_MONTGOMERY_448 ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448 +ECP group ID <-> PSA family - Null values +ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0 + ECP group ID <-> PSA family - Wrong values ecc_conversion_functions:MBEDTLS_ECP_DP_MAX:0:0 From ac739524740747292352b8b8393e7fdbe244b6d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 10:22:01 +0100 Subject: [PATCH 15/25] test_suite_psa_crypto: improve failing tests for EC conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto.function | 30 ++++++++++++++++----- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c0916e067f..eda6f5d8c2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7463,5 +7463,5 @@ ECP group ID <-> PSA family - Null values ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0 ECP group ID <-> PSA family - Wrong values -ecc_conversion_functions:MBEDTLS_ECP_DP_MAX:0:0 +ecc_conversion_functions_fail diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ec8afe705f..1112cfcd59 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9491,15 +9491,33 @@ void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg) TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp)); TEST_EQUAL(bits, bits_tmp); - - if (grp_id != MBEDTLS_ECP_DP_MAX) { - TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); - } else { - TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(ecc_family, bits)); - } + TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); } /* END_CASE */ +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +void ecc_conversion_functions_fail() +{ + size_t bits; + + /* Invalid legacy curve identifier. */ + TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits)); + TEST_EQUAL(0, bits); + + /* Invalid PSA EC family. */ + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(0, 192)); + /* Invalid bit-size for a valid EC family. */ + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 512)); + + /* Twisted-Edward curves are not supported yet. */ + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, + mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 255)); + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, + mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 448)); +} +/* END_CASE */ + + /* BEGIN_CASE */ void key_agreement_output(int alg_arg, int our_key_type_arg, data_t *our_key_data, From 65df79303fafe853809dc392f8eb91d2bddec31d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 10:58:36 +0100 Subject: [PATCH 16/25] psa_crypto_ecp: return unsupported for secp224k1 in check_ecc_parameters() Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f38efff670..d6b640cf75 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -77,14 +77,14 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case PSA_ECC_FAMILY_SECP_K1: switch (*bits) { case 192: - case 224: case 256: return PSA_SUCCESS; - /* secp224k1 has 224-bit coordinates but 225-bit private keys. - * This means that private keys are represented with 232 bits. */ + /* secp224k1 is not and will not be supported in PSA (#3541). + * Note: secp224k1 has 225-bit private keys which are rounded + * up to 232 for their representation. */ + case 224: case 232: - *bits = 225; - return PSA_SUCCESS; + return PSA_ERROR_NOT_SUPPORTED; } break; } From 7863627bd6fe7320542095fde87eae093b30a61d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:17:04 +0100 Subject: [PATCH 17/25] psa_util: remove support for secp224k1 in EC conversion functions Signed-off-by: Valerio Setti --- library/psa_util.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 971f965e40..d833299e8c 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -232,11 +232,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, return PSA_ECC_FAMILY_SECP_K1; #endif #if defined(MBEDTLS_ECP_HAVE_SECP224K1) - /* secp224k1 has 224-bit coordinates but 225-bit private keys. - * The nominal key size in PSA is the private key size, hence 225. */ - case MBEDTLS_ECP_DP_SECP224K1: - *bits = 225; - return PSA_ECC_FAMILY_SECP_K1; + /* secp224k1 is not and will not be supported in PSA (#3541). */ #endif #if defined(MBEDTLS_ECP_HAVE_SECP256K1) case MBEDTLS_ECP_DP_SECP256K1: @@ -320,10 +316,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, return MBEDTLS_ECP_DP_SECP192K1; #endif #if defined(PSA_WANT_ECC_SECP_K1_224) - /* secp224k1 has 224-bit coordinates but 225-bit private keys. - * The nominal key size in PSA is the private key size, hence 225. */ - case 225: - return MBEDTLS_ECP_DP_SECP224K1; + /* secp224k1 is not and will not be supported in PSA (#3541). */ #endif #if defined(PSA_WANT_ECC_SECP_K1_256) case 256: From eca07140f3c160eba07cf63c34c1d2495c925b40 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:17:31 +0100 Subject: [PATCH 18/25] psa_util: update documentation of EC conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index cfb4bce58c..d0d95ae19a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -112,11 +112,16 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; * * \param grpid An Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). - * \param[out] bits On success, the bit size of the curve. + * \param[out] bits On success the bit size of the curve; 0 on failure. * - * \return The corresponding PSA elliptic curve identifier + * \return On success the corresponding PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). - * \return \c 0 on failure (\p grpid is not recognized). + * \return \c 0 if \p grpid is not supported. + * + * \note A successful conversion means that the curve is supported + * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only + * enabled if the curve is builtin (see + * `config_adjust_legacy_from_psa.h` for details). */ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits); @@ -127,10 +132,23 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. * - * \return The corresponding Mbed TLS elliptic curve identifier - * (`MBEDTLS_ECP_DP_xxx`). + * \return On success the corresponding Mbed TLS elliptic curve + * identifier (`MBEDTLS_ECP_DP_xxx`). * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve - * and \p bits is not recognized. + * and \p bits is not supported or invalid: + * - not supported means that the proper `PSA_WANT_ECC_xxx` + * symbol is not enabled for the requested curve. + * - invalid if `PSA_WANT_ECC_xxx` is enabled, but the + * combination of \p curve and \p bits are not correct + * for that curve. + * \return #MBEDTLS_ECP_DP_NONE for secp224k1 curve, no matter + * what the status of `PSA_WANT_ECC_SECP_K1_224` is, because + * this curve is not and will not be supported in PSA (#3541). + * + * \note A successful conversion means that the curve is supported + * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only + * enabled if the curve is builtin (see + * `config_adjust_legacy_from_psa.h` for details). */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, size_t bits); From db6e02902de5c399e37fc9f171f117d1c9afa962 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:15:45 +0100 Subject: [PATCH 19/25] test_suite_psa_crypto: test also MBEDTLS_ECP_DP_MAX in ecc_conversion_functions_fail() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1112cfcd59..7b6f5ae04d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9500,7 +9500,9 @@ void ecc_conversion_functions_fail() { size_t bits; - /* Invalid legacy curve identifier. */ + /* Invalid legacy curve identifiers. */ + TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_MAX, &bits)); + TEST_EQUAL(0, bits); TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits)); TEST_EQUAL(0, bits); From 0d438fa390355958c0745f0393859110029f0bf6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:33:51 +0100 Subject: [PATCH 20/25] psa_crypto_ecp: fix comment for secp224k1 in check_ecc_parameters Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index d6b640cf75..4d9a59baa9 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -80,8 +80,8 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case 256: return PSA_SUCCESS; /* secp224k1 is not and will not be supported in PSA (#3541). - * Note: secp224k1 has 225-bit private keys which are rounded - * up to 232 for their representation. */ + * Note: secp224k1 has 224-bit coordinates but 225-bit private + * keys which are rounded up to 232 for their representation. */ case 224: case 232: return PSA_ERROR_NOT_SUPPORTED; From 2622b1dab364d29923035189620a44a5109d0c20 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:36:33 +0100 Subject: [PATCH 21/25] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index 0734fb9113..9830584034 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,4 @@ Features * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() to convert between mbedtls_ecp_group_id and psa_ecc_family_t and curve's - bit size and vice versa, respectively. + bit size. From 3afdd02e378f4e901845ad7d6f00e7379073d497 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:50:20 +0100 Subject: [PATCH 22/25] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index 9830584034..4cd20798a2 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,3 @@ Features * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() - to convert between mbedtls_ecp_group_id and psa_ecc_family_t and curve's - bit size. + to convert between Mbed TLS and PSA curve identifiers. From d0aa9c1316e4fdc98c3e5f501bf9aa1e0b3342b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 09:10:44 +0100 Subject: [PATCH 23/25] psa_util: update documentation for PSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index d0d95ae19a..f36d89ad62 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -114,14 +114,11 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; * (`MBEDTLS_ECP_DP_xxx`). * \param[out] bits On success the bit size of the curve; 0 on failure. * - * \return On success the corresponding PSA elliptic curve identifier - * (`PSA_ECC_FAMILY_xxx`). - * \return \c 0 if \p grpid is not supported. - * - * \note A successful conversion means that the curve is supported - * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only - * enabled if the curve is builtin (see - * `config_adjust_legacy_from_psa.h` for details). + * \return If the curve is supported in the PSA API, this function + * returns the proper PSA curve identifier + * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is + * not supported by the ECP module. + * \return \c 0 if the curve is not supported in the PSA API. */ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits); @@ -132,23 +129,11 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. * - * \return On success the corresponding Mbed TLS elliptic curve + * \return If the curve is supported in the PSA API, this function + * returns the corresponding Mbed TLS elliptic curve * identifier (`MBEDTLS_ECP_DP_xxx`). * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve - * and \p bits is not supported or invalid: - * - not supported means that the proper `PSA_WANT_ECC_xxx` - * symbol is not enabled for the requested curve. - * - invalid if `PSA_WANT_ECC_xxx` is enabled, but the - * combination of \p curve and \p bits are not correct - * for that curve. - * \return #MBEDTLS_ECP_DP_NONE for secp224k1 curve, no matter - * what the status of `PSA_WANT_ECC_SECP_K1_224` is, because - * this curve is not and will not be supported in PSA (#3541). - * - * \note A successful conversion means that the curve is supported - * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only - * enabled if the curve is builtin (see - * `config_adjust_legacy_from_psa.h` for details). + * and \p bits is not supported. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, size_t bits); From 39faa9cad4e83293094e74b2a39bab8914109994 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 09:11:22 +0100 Subject: [PATCH 24/25] psa_util: rename parameter of mbedtls_ecc_group_from_psa The new name better reflects the fact that the 1st parameter is just the EC family and not the curve. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 4 ++-- library/psa_util.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f36d89ad62..1b142562ec 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -125,7 +125,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. * - * \param curve A PSA elliptic curve identifier + * \param family A PSA elliptic curve family identifier * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. * @@ -135,7 +135,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve * and \p bits is not supported. */ -mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ diff --git a/library/psa_util.c b/library/psa_util.c index d833299e8c..41586e262c 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -250,10 +250,10 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } } -mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits) { - switch (curve) { + switch (family) { case PSA_ECC_FAMILY_SECP_R1: switch (bits) { #if defined(PSA_WANT_ECC_SECP_R1_192) From 19ec9e4f66eabb8e8fa71f0cca69b1fb74095c4d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 13:45:05 +0100 Subject: [PATCH 25/25] psa_crypto_ecp: remove support for secp224k1 Since this curve is not supported in PSA (and it will not ever be in the future), we save a few bytes. Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 4d9a59baa9..61c941479a 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -77,14 +77,9 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case PSA_ECC_FAMILY_SECP_K1: switch (*bits) { case 192: + /* secp224k1 is not and will not be supported in PSA (#3541). */ case 256: return PSA_SUCCESS; - /* secp224k1 is not and will not be supported in PSA (#3541). - * Note: secp224k1 has 224-bit coordinates but 225-bit private - * keys which are rounded up to 232 for their representation. */ - case 224: - case 232: - return PSA_ERROR_NOT_SUPPORTED; } break; }