From 15e48f0cf3aeeb1ba2b31bd1c2782b2e96fa29f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= Date: Mon, 22 Apr 2024 12:50:40 +0200 Subject: [PATCH] sys/psa_crypto: correct use of (ECDSA) key_bits --- examples/psa_crypto/example_ecdsa_p256.c | 2 +- sys/include/psa_crypto/psa/crypto_sizes.h | 26 +------------------ sys/psa_crypto/psa_crypto.c | 14 +++++++--- .../sys/psa_crypto_ecdsa/example_ecdsa_p256.c | 2 +- .../psa_crypto_se_ecdsa/example_ecdsa_p256.c | 2 +- 5 files changed, 14 insertions(+), 32 deletions(-) diff --git a/examples/psa_crypto/example_ecdsa_p256.c b/examples/psa_crypto/example_ecdsa_p256.c index fe5fa8a170..0e4e7af3cf 100644 --- a/examples/psa_crypto/example_ecdsa_p256.c +++ b/examples/psa_crypto/example_ecdsa_p256.c @@ -88,7 +88,7 @@ psa_status_t example_ecdsa_p256(void) psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE); #endif psa_set_key_algorithm(&pubkey_attr, ECC_ALG); - psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE); psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id); diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h index edbfb2da4d..7b3f29bf19 100644 --- a/sys/include/psa_crypto/psa/crypto_sizes.h +++ b/sys/include/psa_crypto/psa/crypto_sizes.h @@ -893,30 +893,6 @@ extern "C" { #define PSA_EXPORT_KEY_PAIR_MAX_SIZE 0 #endif -/** - * @brief Get curve size from ECC public key - * - * @details The representation of an ECC public key is dependent on the family: - * - for twisted Edwards curves: 32B - * - for Weierstrass curves: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; - * - where m is the bit size associated with the curve. - * - 1 byte + 2 * point size. - */ -#define PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits) \ - (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 255 : \ - ((size_t)((key_bits - 8) / 2))) - -/** - * @brief Get curve size from ECC key (public or private) - */ -#define PSA_ECC_KEY_GET_CURVE(key_type, key_bits) \ - (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? \ - PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits) : \ - (size_t)key_bits) - /** * @brief Maximum size of the export encoding of an ECC public key. * @@ -1059,7 +1035,7 @@ extern "C" { * If the parameters are not valid, the return value is unspecified. */ #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \ - (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(key_type, key_bits)) : \ + (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ ((void)alg, 0)) #ifdef __cplusplus diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c index b7bff781e7..90b573840d 100644 --- a/sys/psa_crypto/psa_crypto.c +++ b/sys/psa_crypto/psa_crypto.c @@ -1551,6 +1551,12 @@ psa_status_t psa_builtin_import_key(const psa_key_attributes_t *attributes, return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { + /* key material does not match expected size */ + if (data_length != PSA_EXPORT_KEY_OUTPUT_SIZE(type, attributes->bits)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* key material too large to be represented */ if (data_length > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { return PSA_ERROR_NOT_SUPPORTED; } @@ -1944,7 +1950,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key, return status; } - if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) { + if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -1997,7 +2003,7 @@ psa_status_t psa_sign_message(psa_key_id_t key, return status; } - if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) { + if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -2048,7 +2054,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key, return status; } - if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) { + if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -2105,7 +2111,7 @@ psa_status_t psa_verify_message(psa_key_id_t key, return status; } - if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) { + if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) { return PSA_ERROR_INVALID_ARGUMENT; } diff --git a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c index c110841686..22f8a7d68e 100644 --- a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c +++ b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c @@ -78,7 +78,7 @@ psa_status_t example_ecdsa_p256(void) psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE); psa_set_key_algorithm(&pubkey_attr, ECC_ALG); - psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE); psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id); diff --git a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c index 29f6e7b31d..20a8cce53a 100644 --- a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c +++ b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c @@ -84,7 +84,7 @@ psa_status_t example_ecdsa_p256(void) psa_set_key_lifetime(&pubkey_attr, lifetime); psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&pubkey_attr, ECC_ALG); - psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE); psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);