From d8197cb9029ce9ea697cb490130de156959af647 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Dec 2019 17:56:46 +0100 Subject: [PATCH] mbedtls_psa_parse_tls_ecc_group: make no assumption on PSA encodings Don't assume that the PSA encoding of elliptic curves is identical to the TLS encoding. This is currently true but about to change. The new implementation only works when MBEDTLS_ECP_C is defined. This is ok because the function is only used with MBEDTLS_ECP_C defined. --- include/mbedtls/psa_util.h | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 35e0a4b5e..fa4be0ea6 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -350,13 +350,19 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) /* This function transforms an ECC group identifier from * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 * into a PSA ECC group identifier. */ +#if defined(MBEDTLS_ECP_C) static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group( uint16_t tls_ecc_grp_reg_id ) { - /* The PSA identifiers are currently aligned with those from - * the TLS Supported Groups registry, so no conversion is necessary. */ - return( (psa_ecc_curve_t) tls_ecc_grp_reg_id ); + size_t bits; + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id ); + if( curve_info == NULL ) + return( 0 ); + else + return( mbedtls_ecc_group_to_psa( curve_info->grp_id, &bits ) ); } +#endif /* MBEDTLS_ECP_C */ /* This function takes a buffer holding an EC public key * exported through psa_export_public_key(), and converts