From 6c9514427b7c2ba55c09dd02d280deb5b27ecd65 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2019 12:51:03 +0200 Subject: [PATCH 1/2] New macro to get the bit size of an elliptic curve --- include/psa/crypto_sizes.h | 41 +++++++++++++++++++ .../test_suite_psa_crypto_metadata.function | 4 +- 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 5f6282c40..39dbccb89 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -187,6 +187,47 @@ #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0 #endif +/** Bit size associated with an elliptic curve. + * + * \param curve An elliptic curve (value of type #psa_ecc_curve_t). + * + * \return The size associated with \p curve, in bits. + * This may be 0 if the implementation does not support + * the specified curve. + */ +#define PSA_ECC_CURVE_BITS(curve) \ + ((curve) == PSA_ECC_CURVE_SECT163K1 ? 163 : \ + (curve) == PSA_ECC_CURVE_SECT163R1 ? 163 : \ + (curve) == PSA_ECC_CURVE_SECT163R2 ? 163 : \ + (curve) == PSA_ECC_CURVE_SECT193R1 ? 193 : \ + (curve) == PSA_ECC_CURVE_SECT193R2 ? 193 : \ + (curve) == PSA_ECC_CURVE_SECT233K1 ? 233 : \ + (curve) == PSA_ECC_CURVE_SECT233R1 ? 233 : \ + (curve) == PSA_ECC_CURVE_SECT239K1 ? 239 : \ + (curve) == PSA_ECC_CURVE_SECT283K1 ? 283 : \ + (curve) == PSA_ECC_CURVE_SECT283R1 ? 283 : \ + (curve) == PSA_ECC_CURVE_SECT409K1 ? 409 : \ + (curve) == PSA_ECC_CURVE_SECT409R1 ? 409 : \ + (curve) == PSA_ECC_CURVE_SECT571K1 ? 571 : \ + (curve) == PSA_ECC_CURVE_SECT571R1 ? 571 : \ + (curve) == PSA_ECC_CURVE_SECP160K1 ? 160 : \ + (curve) == PSA_ECC_CURVE_SECP160R1 ? 160 : \ + (curve) == PSA_ECC_CURVE_SECP160R2 ? 160 : \ + (curve) == PSA_ECC_CURVE_SECP192K1 ? 192 : \ + (curve) == PSA_ECC_CURVE_SECP192R1 ? 192 : \ + (curve) == PSA_ECC_CURVE_SECP224K1 ? 224 : \ + (curve) == PSA_ECC_CURVE_SECP224R1 ? 224 : \ + (curve) == PSA_ECC_CURVE_SECP256K1 ? 256 : \ + (curve) == PSA_ECC_CURVE_SECP256R1 ? 256 : \ + (curve) == PSA_ECC_CURVE_SECP384R1 ? 384 : \ + (curve) == PSA_ECC_CURVE_SECP521R1 ? 521 : \ + (curve) == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \ + (curve) == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \ + (curve) == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \ + (curve) == PSA_ECC_CURVE_CURVE25519 ? 255 : \ + (curve) == PSA_ECC_CURVE_CURVE448 ? 448 : \ + 0) + /** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN * * This macro returns the maximum length of the PSK supported diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 1bc8d64d8..0b7e7ae24 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -451,9 +451,7 @@ void ecc_key_types( int curve_arg, int curve_bits_arg ) TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve ); TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve ); - /* Validate that the bit size is less than the maximum ECC bit size - * in this implementation. There's no parameter that should be equal - * to curve_bits and can be validated without creating a key. */ + TEST_EQUAL( curve_bits, PSA_ECC_CURVE_BITS( curve ) ); TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); } /* END_CASE */ From c9d910bed69fbfa5b68fa34019ef913a3b0c36a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2019 14:21:57 +0200 Subject: [PATCH 2/2] EC key pair import: check the buffer size When importing a private elliptic curve key, require the input to have exactly the right size. RFC 5915 requires the right size (you aren't allow to omit leading zeros). A different buffer size likely means that something is wrong, e.g. a mismatch between the declared key type and the actual data. --- library/psa_crypto.c | 3 +++ tests/suites/test_suite_psa_crypto.data | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6a4f180c4..38977cf06 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -621,6 +621,9 @@ static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve, mbedtls_ecp_keypair *ecp = NULL; mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve ); + if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length ) + return( PSA_ERROR_INVALID_ARGUMENT ); + *p_ecp = NULL; ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); if( ecp == NULL ) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4a1a04fc4..5c3e33953 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -243,6 +243,10 @@ PSA import EC keypair: DER format depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT +PSA import EC keypair: too short +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +import:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT + PSA import EC keypair: public key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED import:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT