diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c3e80d6a3..d9ba543e37 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -134,6 +134,15 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) return global_data.drivers_initialized; } +static int psa_is_dh_key_size_valid(size_t bits) { + if (bits != 2048 && bits != 3072 && bits != 4096 && + bits != 6144 && bits != 8192) { + return 0; + } + + return 1; +} + psa_status_t mbedtls_to_psa_error(int ret) { /* Mbed TLS error codes can combine a high-level error code and a @@ -632,9 +641,7 @@ psa_status_t psa_import_key_into_slot( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_DH(type)) { - if (data_length != 256 && data_length != 384 && - data_length != 512 && data_length != 768 && - data_length != 1024) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -6980,8 +6987,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - if (bits != 2048 && bits != 3072 && bits != 4096 && - bits != 6144 && bits != 8192) { + if (psa_is_dh_key_size_valid(bits) == 0) { return PSA_ERROR_NOT_SUPPORTED; } } else