diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 20ef29c12..866ef7956 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -32,6 +32,60 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) +/* Helper function to verify if the provided EC's family and key bit size are + * valid. */ +static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup) +{ + switch (family) { + case PSA_ECC_FAMILY_SECP_R1: + switch (bits) { + case 192: + case 224: + case 256: + case 384: + case 521: + return PSA_SUCCESS; + case 528: + if (allow_bit_size_roundup) { + return PSA_SUCCESS; + } + } + break; + + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: + switch (bits) { + case 256: + case 384: + case 512: + return PSA_SUCCESS; + } + break; + + case PSA_ECC_FAMILY_MONTGOMERY: + switch (bits) { + case 448: + case 255: + return PSA_SUCCESS; + case 256: + if (allow_bit_size_roundup) { + return PSA_SUCCESS; + } + } + break; + + case PSA_ECC_FAMILY_SECP_K1: + switch (bits) { + case 192: + case 224: + case 256: + return PSA_SUCCESS; + } + break; + } + + return PSA_ERROR_INVALID_ARGUMENT; +} + psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, @@ -41,7 +95,6 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; - size_t curve_bits_check; int explicit_bits = (curve_bits != 0); if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && @@ -83,27 +136,16 @@ psa_status_t mbedtls_psa_ecp_load_representation( } mbedtls_ecp_keypair_init(ecp); + status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits, + !explicit_bits); + if (status != PSA_SUCCESS) { + goto exit; + } + /* Load the group. */ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { - /* We can't distinguish between a nonsensical family/size combination - * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a - * well-regarded curve that Mbed TLS just doesn't know about (which - * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how - * curves that Mbed TLS knows about but for which support is disabled - * at build time, return NOT_SUPPORTED. */ - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - - /* Get the exact number of bits which are necessary for this key. This is - * used to validate the "curve_bits" input parameter (only in case it was - * provided). - * Note: we intentionally ignore the return value of mbedtls_ecc_group_to_psa() - * because we are only interested in the curve's bit size. */ - mbedtls_ecc_group_to_psa(grp_id, &curve_bits_check); - if (explicit_bits && (curve_bits_check != curve_bits)) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 1bd8b6500..0cb800573 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -684,7 +684,7 @@ import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=255 for secp256r1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED +import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=521 for secp521r1 (good) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521 @@ -692,7 +692,7 @@ import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521 -import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED +import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, DER format depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 @@ -716,7 +716,7 @@ import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba0120 PSA import EC keypair: implicit bit-size, not a valid length depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED +import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, all-bits-zero (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256