mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-03 10:13:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rework pk_ecc_set_pubkey()

Browse Source 
- Fix the logic around format: we were just assuming that if the format
was not compressed, it was uncompressed, but it could also have been
just invalid.
- Remove redundant length check: the fallback does its own checks.
- Remove set_algorithm() that's not needed and introduced a depencency
on ECDSA.
- Some style / naming / scope reduction.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-07-26 23:56:05 +02:00
parent e4c883bc8c
commit ff72ea9d51
1 changed files with 27 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
library/pkparse.c
View File

@ -284,54 +284,51 @@ exit:
static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, static int pk_ecc_set_pubkey(mbedtls_pk_context *pk,
const unsigned char *pub, size_t pub_len) const unsigned char *pub, size_t pub_len)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_svc_key_id_t key;
psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
if (pub_len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { /* Load the key */
return MBEDTLS_ERR_PK_BAD_INPUT_DATA; if (*pub == 0x04) {
} /* Uncompressed format, directly supported by PSA */
if (pub_len > sizeof(pk->pub_raw)) {
if ((*pub == 0x02) || (*pub == 0x03)) {
/* Compressed format, not supported by PSA Crypto.
* Try converting using functions from ECP_LIGHT. */
ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len);
if (ret != 0) {
return ret;
}
} else {
/* Uncompressed format */
if (pub_len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
} }
memcpy(pk->pub_raw, pub, pub_len); memcpy(pk->pub_raw, pub, pub_len);
pk->pub_raw_len = pub_len; pk->pub_raw_len = pub_len;
} else {
/* Other format, try the fallback */
int ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len);
if (ret != 0) {
return ret;
}
} }
/* Validate the key by trying to importing it */ /* Validate the key by trying to import it */
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags(&key_attrs, 0); psa_set_key_usage_flags(&key_attrs, 0);
psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY);
psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family));
psa_set_key_bits(&key_attrs, pk->ec_bits); psa_set_key_bits(&key_attrs, pk->ec_bits);
if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len,
&key) != PSA_SUCCESS) || &key_id) != PSA_SUCCESS) ||
(psa_destroy_key(key) != PSA_SUCCESS)) { (psa_destroy_key(key_id) != PSA_SUCCESS)) {
mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); return MBEDTLS_ERR_PK_INVALID_PUBKEY;
pk->pub_raw_len = 0;
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
} }
ret = 0;
return 0;
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
int ret;
mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx;
if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, pub, pub_len);
pub, pub_len)) == 0) { if (ret != 0) {
ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q);
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
return ret; return ret;
}
return mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q);
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
} }
/*********************************************************************** /***********************************************************************