Convert USE_PSA_CRYPTO pk interface to the new PSA EC curve encoding

This commit is contained in:
Gilles Peskine 2019-12-03 21:19:09 +01:00
parent 33b1c69908
commit 89177e862b
3 changed files with 70 additions and 53 deletions

View file

@ -160,81 +160,96 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg
/* Translations for ECC. */ /* Translations for ECC. */
static inline int mbedtls_psa_get_ecc_oid_from_id( static inline int mbedtls_psa_get_ecc_oid_from_id(
psa_ecc_curve_t curve, char const **oid, size_t *oid_len ) psa_ecc_curve_t curve, size_t bits,
char const **oid, size_t *oid_len )
{ {
switch( curve ) switch( curve )
{ {
case PSA_ECC_CURVE_SECP_R1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case PSA_ECC_CURVE_SECP192R1: case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1; *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case PSA_ECC_CURVE_SECP224R1: case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1; *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case PSA_ECC_CURVE_SECP256R1: case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1; *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case PSA_ECC_CURVE_SECP384R1: case 384:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1; *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case PSA_ECC_CURVE_SECP521R1: case 521:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1; *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
}
break;
case PSA_ECC_CURVE_SECP_K1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case PSA_ECC_CURVE_SECP192K1: case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1; *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case PSA_ECC_CURVE_SECP224K1: case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1; *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case PSA_ECC_CURVE_SECP256K1: case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1; *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
}
break;
case PSA_ECC_CURVE_BRAINPOOL_P_R1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case PSA_ECC_CURVE_BRAINPOOL_P256R1: case 256:
*oid = MBEDTLS_OID_EC_GRP_BP256R1; *oid = MBEDTLS_OID_EC_GRP_BP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case PSA_ECC_CURVE_BRAINPOOL_P384R1: case 384:
*oid = MBEDTLS_OID_EC_GRP_BP384R1; *oid = MBEDTLS_OID_EC_GRP_BP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case PSA_ECC_CURVE_BRAINPOOL_P512R1: case 512:
*oid = MBEDTLS_OID_EC_GRP_BP512R1; *oid = MBEDTLS_OID_EC_GRP_BP512R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 ); *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
return( 0 ); return( 0 );
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
default: }
(void) oid; break;
(void) oid_len;
return( -1 );
} }
(void) oid;
(void) oid_len;
return( -1 );
} }
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1

View file

@ -273,18 +273,20 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
psa_key_type_t key_type; psa_key_type_t key_type;
psa_key_handle_t handle; psa_key_handle_t handle;
psa_ecc_curve_t curve; psa_ecc_curve_t curve;
size_t bits;
handle = *((psa_key_handle_t*) key->pk_ctx ); handle = *((psa_key_handle_t*) key->pk_ctx );
if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) ) if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
key_type = psa_get_key_type( &attributes ); key_type = psa_get_key_type( &attributes );
bits = psa_get_key_bits( &attributes );
psa_reset_key_attributes( &attributes ); psa_reset_key_attributes( &attributes );
curve = PSA_KEY_TYPE_GET_CURVE( key_type ); curve = PSA_KEY_TYPE_GET_CURVE( key_type ) & 0xff0000;
if( curve == 0 ) if( curve == 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len ); ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );

View file

@ -107,8 +107,8 @@ psa_key_handle_t pk_psa_genkey( void )
{ {
psa_key_handle_t key; psa_key_handle_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const int curve = PSA_ECC_CURVE_SECP256R1; const psa_key_type_t type =
const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve); PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 );
const size_t bits = 256; const size_t bits = 256;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );