Merge pull request #7676 from valeriosetti/issue7485
PK: add support for check_pair() with "opaque" EC keys
diff --git a/library/pk.c b/library/pk.c
index 8e42b8d..d30205c 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -825,7 +825,8 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
} else {
- if (pub->pk_info != prv->pk_info) {
+ if ((prv->pk_info->type != MBEDTLS_PK_OPAQUE) &&
+ (pub->pk_info != prv->pk_info)) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
}
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 21fb34a..388f94a 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -86,11 +86,11 @@
mbedtls_ecp_group_id id;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t opaque_key_type;
- psa_ecc_family_t curve;
-
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t opaque_key_type;
+ psa_ecc_family_t curve;
+
if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
return MBEDTLS_ECP_DP_NONE;
}
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 92937c8..9170231 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1669,6 +1669,53 @@
#endif /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */
}
+static int pk_opaque_ec_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
+{
+ /* The main difference between this function and eckey_check_pair_psa() is
+ * that in the opaque case the private key is always stored in PSA side no
+ * matter if MBEDTLS_PK_USE_PSA_EC_DATA is enabled or not.
+ * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we can simply use the
+ * eckey_check_pair_psa(). */
+ (void) f_rng;
+ (void) p_rng;
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ return eckey_check_pair_psa(pub, prv);
+#elif defined(MBEDTLS_ECP_LIGHT)
+ psa_status_t status;
+ uint8_t exp_pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
+ size_t exp_pub_key_len = 0;
+ uint8_t pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
+ size_t pub_key_len = 0;
+ int ret;
+
+ status = psa_export_public_key(prv->priv_id, exp_pub_key, sizeof(exp_pub_key),
+ &exp_pub_key_len);
+ if (status != PSA_SUCCESS) {
+ ret = psa_pk_status_to_mbedtls(status);
+ return ret;
+ }
+ ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(*pub)->grp),
+ &(mbedtls_pk_ec_ro(*pub)->Q),
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &pub_key_len, pub_key, sizeof(pub_key));
+ if (ret != 0) {
+ return ret;
+ }
+ if ((exp_pub_key_len != pub_key_len) ||
+ memcmp(exp_pub_key, pub_key, exp_pub_key_len)) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ return 0;
+#else
+ (void) pub;
+ (void) prv;
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+}
+
const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
@@ -1682,7 +1729,7 @@
#endif
NULL, /* decrypt - not relevant */
NULL, /* encrypt - not relevant */
- NULL, /* check_pair - could be done later or left NULL */
+ pk_opaque_ec_check_pair,
NULL, /* alloc - no need to allocate new data dynamically */
NULL, /* free - as for the alloc, there is no data to free */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index a5b50de..65b0c03 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -562,6 +562,9 @@
void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
{
mbedtls_pk_context pub, prv, alt;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_init(&pub);
mbedtls_pk_init(&prv);
@@ -575,7 +578,7 @@
if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
@@ -596,7 +599,20 @@
== ret);
}
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
+ TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id,
+ PSA_ALG_ANY_HASH,
+ PSA_KEY_USAGE_EXPORT, 0), 0);
+ TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
+ NULL), ret);
+ }
+#endif
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(opaque_key_id);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_free(&pub);
mbedtls_pk_free(&prv);
mbedtls_pk_free(&alt);