mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-31 10:20:45 +00:00
Merge pull request #7391 from valeriosetti/issue7387
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
This commit is contained in:
commit
f740767c00
@ -1095,13 +1095,91 @@ cleanup:
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/*
|
||||
* Alternative function used to verify that the EC private/public key pair
|
||||
* is valid using PSA functions instead of ECP ones.
|
||||
* The flow is:
|
||||
* - import the private key "prv" to PSA and export its public part
|
||||
* - write the raw content of public key "pub" to a local buffer
|
||||
* - compare the two buffers
|
||||
*/
|
||||
static int eckey_check_pair_psa(const void *pub, const void *prv)
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_ecp_keypair *prv_ctx = (mbedtls_ecp_keypair *) prv;
|
||||
mbedtls_ecp_keypair *pub_ctx = (mbedtls_ecp_keypair *) pub;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
/* We are using MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for the size of this
|
||||
* buffer because it will be used to hold the private key at first and
|
||||
* then its public part (but not at the same time). */
|
||||
uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
|
||||
size_t prv_key_len;
|
||||
uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
|
||||
size_t pub_key_len;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
size_t curve_bits;
|
||||
const psa_ecc_family_t curve =
|
||||
mbedtls_ecc_group_to_psa(prv_ctx->grp.id, &curve_bits);
|
||||
const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits);
|
||||
|
||||
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
|
||||
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
|
||||
|
||||
ret = mbedtls_mpi_write_binary(&prv_ctx->d, prv_key_buf, curve_bytes);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
status = psa_import_key(&key_attr, prv_key_buf, curve_bytes, &key_id);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||
return ret;
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf));
|
||||
|
||||
ret = PSA_PK_TO_MBEDTLS_ERR(psa_export_public_key(key_id,
|
||||
prv_key_buf,
|
||||
sizeof(prv_key_buf),
|
||||
&prv_key_len));
|
||||
status = psa_destroy_key(key_id);
|
||||
if (ret != 0 || status != PSA_SUCCESS) {
|
||||
return (ret != 0) ? ret : PSA_PK_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
|
||||
ret = mbedtls_ecp_point_write_binary(&pub_ctx->grp, &pub_ctx->Q,
|
||||
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
||||
&pub_key_len, pub_key_buf,
|
||||
sizeof(pub_key_buf));
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (memcmp(prv_key_buf, pub_key_buf, curve_bytes) != 0) {
|
||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
static int eckey_check_pair(const void *pub, const void *prv,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
(void) f_rng;
|
||||
(void) p_rng;
|
||||
return eckey_check_pair_psa((const mbedtls_ecp_keypair *) pub,
|
||||
(const mbedtls_ecp_keypair *) prv);
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub,
|
||||
(const mbedtls_ecp_keypair *) prv,
|
||||
f_rng, p_rng);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
|
||||
static void *eckey_alloc_wrap(void)
|
||||
|
@ -489,6 +489,15 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
|
||||
mbedtls_pk_init(&prv);
|
||||
mbedtls_pk_init(&alt);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* mbedtls_pk_check_pair() returns either PK or ECP error codes depending
|
||||
on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the
|
||||
two */
|
||||
if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
|
||||
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
|
||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
|
||||
mbedtls_test_rnd_std_rand, NULL)
|
||||
|
Loading…
x
Reference in New Issue
Block a user