sys/psa_crypto: correct use of (ECDSA) key_bits

2024-12-29 04:50:03 +01:00 · 2024-04-22 12:50:40 +02:00 · 2024-04-22 12:50:40 +02:00 · 15e48f0cf3
commit 15e48f0cf3
parent 12180f5e80
5 changed files with 14 additions and 32 deletions
--- a/examples/psa_crypto/example_ecdsa_p256.c
+++ b/examples/psa_crypto/example_ecdsa_p256.c
@ -88,7 +88,7 @@ psa_status_t example_ecdsa_p256(void)
    psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
 #endif
    psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
-    psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
+    psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
    psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

    status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
--- a/sys/include/psa_crypto/psa/crypto_sizes.h
+++ b/sys/include/psa_crypto/psa/crypto_sizes.h
@ -893,30 +893,6 @@ extern "C" {
 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE 0
 #endif

-/**
- * @brief   Get curve size from ECC public key
- *
- * @details The representation of an ECC public key is dependent on the family:
- *          - for twisted Edwards curves: 32B
- *          - for Weierstrass curves:
- *            - The byte 0x04;
- *            - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- *            - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
- *            - where m is the bit size associated with the curve.
- *            - 1 byte + 2 * point size.
- */
-#define PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits)                    \
-    (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 255 : \
-     ((size_t)((key_bits - 8) / 2)))
-
-/**
- * @brief   Get curve size from ECC key (public or private)
- */
-#define PSA_ECC_KEY_GET_CURVE(key_type, key_bits)                   \
-    (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ?                     \
-        PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits) : \
-     (size_t)key_bits)
-
 /**
 * @brief   Maximum size of the export encoding of an ECC public key.
 *
@ -1059,7 +1035,7 @@ extern "C" {
 *          If the parameters are not valid, the return value is unspecified.
 */
 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)        \
-    (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(key_type, key_bits)) : \
+    (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
     ((void)alg, 0))

 #ifdef __cplusplus
--- a/sys/psa_crypto/psa_crypto.c
+++ b/sys/psa_crypto/psa_crypto.c
@ -1551,6 +1551,12 @@ psa_status_t psa_builtin_import_key(const psa_key_attributes_t *attributes,
        return PSA_SUCCESS;
    }
    else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
+        /* key material does not match expected size */
+        if (data_length != PSA_EXPORT_KEY_OUTPUT_SIZE(type, attributes->bits)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
+
+        /* key material too large to be represented */
        if (data_length > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) {
            return PSA_ERROR_NOT_SUPPORTED;
        }
@ -1944,7 +1950,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key,
        return status;
    }

-    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
        return PSA_ERROR_BUFFER_TOO_SMALL;
    }

@ -1997,7 +2003,7 @@ psa_status_t psa_sign_message(psa_key_id_t key,
        return status;
    }

-    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
        return PSA_ERROR_BUFFER_TOO_SMALL;
    }

@ -2048,7 +2054,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key,
        return status;
    }

-    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
        return PSA_ERROR_INVALID_ARGUMENT;
    }

@ -2105,7 +2111,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
        return status;
    }

-    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
        return PSA_ERROR_INVALID_ARGUMENT;
    }

--- a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c
+++ b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c
@ -78,7 +78,7 @@ psa_status_t example_ecdsa_p256(void)

    psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
    psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
-    psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
+    psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
    psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

    status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
--- a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c
+++ b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c
@ -84,7 +84,7 @@ psa_status_t example_ecdsa_p256(void)
    psa_set_key_lifetime(&pubkey_attr, lifetime);
    psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH);
    psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
-    psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
+    psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
    psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

    status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);