From 62594a8b12d440b2dea89bd8fa9553a933128e8f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 14 Jan 2019 05:14:18 -0500 Subject: [PATCH] pk_wrap: pass curve size instead of a larger size of the exported key Whitespace fixes --- include/mbedtls/psa_util.h | 17 +++++++++++++++++ library/pk.c | 2 +- library/pk_wrap.c | 4 +++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 435aca809..a78c1a96c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -216,6 +216,23 @@ static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group } } +#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \ + ( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \ + curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \ + curve == PSA_ECC_CURVE_SECP256R1 ? 256 : \ + curve == PSA_ECC_CURVE_SECP384R1 ? 384 : \ + curve == PSA_ECC_CURVE_SECP521R1 ? 521 : \ + curve == PSA_ECC_CURVE_SECP192K1 ? 192 : \ + curve == PSA_ECC_CURVE_SECP224K1 ? 224 : \ + curve == PSA_ECC_CURVE_SECP256K1 ? 256 : \ + curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \ + curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \ + curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \ + 0 ) + +#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve ) \ + ( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 ) + /* Translations for PK layer */ static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) diff --git a/library/pk.c b/library/pk.c index c0ed54229..024dcdcb1 100644 --- a/library/pk.c +++ b/library/pk.c @@ -573,7 +573,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id; key_type = PSA_KEY_TYPE_ECC_KEYPAIR( - mbedtls_psa_parse_tls_ecc_group ( curve_id ) ); + mbedtls_psa_parse_tls_ecc_group ( curve_id ) ); /* allocate a key slot */ if( PSA_SUCCESS != psa_allocate_key( key_type, d_len * 8, &key ) ) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 902345737..08550d4c4 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -577,7 +577,9 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, psa_sig_md = PSA_ALG_ECDSA( psa_md ); psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); - if( ( ret = psa_allocate_key( psa_type, key_len * 8, &key_slot ) ) != PSA_SUCCESS ) + if( ( ret = psa_allocate_key( psa_type, + MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE(curve), + &key_slot ) ) != PSA_SUCCESS ) return( mbedtls_psa_err_translate_pk( ret ) ); psa_key_policy_init( &policy );