commit 512d040963a7ca23666ea04e77a3284ce1e0a6e7
author Gilles Peskine <gilles.peskine@arm.com> Fri Jan 31 16:30:02 2020 +0100
committer GitHub <noreply@github.com> Fri Jan 31 16:30:02 2020 +0100
tree 9e0976d80ee991cdb243b7aa9dd8be7d150759b1
parent 2b91abaae6fd6b9dbb1151554df680511c9adbf3
parent 42459805ce18c7dfe4e3ddefa777210fc0cba411

Merge pull request #2964 from gilles-peskine-arm/psa-streamline_encodings-types_and_curves-ls

USE_PSA_CRYPTO: update elliptic curve encoding

crypto

diff --git a/crypto b/crypto
index 1146b4e..819799c 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit 1146b4e06011b69a6437e6b728f2af043a06ec19
+Subproject commit 819799cfc68e4c4381673a8a27af19802c8263f2

include/mbedtls/ssl_internal.h

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index f703da9..b8c7f0a 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -319,7 +319,8 @@
     mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_ecc_curve_t ecdh_psa_curve;
+    psa_key_type_t ecdh_psa_type;
+    uint16_t ecdh_bits;
     psa_key_handle_t ecdh_psa_privkey;
     unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
     size_t ecdh_psa_peerkey_len;

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 1005bd9..0f6a26b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2244,6 +2244,7 @@
                                              unsigned char *end )
 {
     uint16_t tls_id;
+    size_t ecdh_bits = 0;
     uint8_t ecpoint_len;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
@@ -2264,11 +2265,14 @@
     tls_id |= *(*p)++;
 
     /* Convert EC group to PSA key type. */
-    if( ( handshake->ecdh_psa_curve =
-          mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 )
+    if( ( handshake->ecdh_psa_type =
+          mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
     {
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
     }
+    if( ecdh_bits > 0xffff )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    handshake->ecdh_bits = (uint16_t) ecdh_bits;
 
     /*
      * Put peer's ECDH public key in the format understood by PSA.
@@ -2278,7 +2282,7 @@
     if( (size_t)( end - *p ) < ecpoint_len )
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
 
-    if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve,
+    if( mbedtls_psa_tls_ecpoint_to_psa_ec(
                                     *p, ecpoint_len,
                                     handshake->ecdh_psa_peerkey,
                                     sizeof( handshake->ecdh_psa_peerkey ),
@@ -3257,11 +3261,8 @@
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
         psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes,
-                          PSA_KEY_TYPE_ECC_KEY_PAIR( handshake->ecdh_psa_curve )
-                        );
-        psa_set_key_bits( &key_attributes,
-                          PSA_ECC_CURVE_BITS( handshake->ecdh_psa_curve ) );
+        psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+        psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
 
         /* Generate ECDH private key. */
         status = psa_generate_key( &key_attributes,