From 2acbed387d25b3ab40f90d13ce0c0eb389961ff8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 18:55:42 +0200 Subject: [PATCH] psa_generate_key: remove the bit-size sanity check In psa_generate_key_internal() for ECC keys, remove the check that the bit-size according to Mbed TLS is equal to the requested bit-size. This check was necessary back when the PSA API encoded curves and key sizes independently, in order to reject combinations such as SECP256R1 with a 512-bit size. Since the curve encoding changed to specifying a curve family and a size separately, the Mbed TLS curve id (grp_id) and the curve data (curve_info) are now determined from the size, and checking that (curve_info->bit_size == bits) is now only a redundant sanity check. This check is actually buggy, because PSA Crypto and Mbed TLS don't have exactly the same notion of key size. PSA thinks Curve25519 is 255-bit and secp224k1 is 225-bit, but Mbed TLS thinks they're 256-bit and 224-bit respectively. Removing the check allows key generation to work for these curves. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_generate_key-curve25519.txt | 3 +++ library/psa_crypto.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/psa_generate_key-curve25519.txt diff --git a/ChangeLog.d/psa_generate_key-curve25519.txt b/ChangeLog.d/psa_generate_key-curve25519.txt new file mode 100644 index 000000000..24b6fcfe2 --- /dev/null +++ b/ChangeLog.d/psa_generate_key-curve25519.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix psa_generate_key() returning an error when asked to generate + an ECC key pair on Curve25519 or secp244k1. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..3182a0acf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6110,8 +6110,6 @@ static psa_status_t psa_generate_key_internal( return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != bits ) - return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ecp_keypair_init( &ecp ); ret = mbedtls_ecp_gen_key( grp_id, &ecp, mbedtls_ctr_drbg_random,