TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2b5d3ded1f6ba1018bf5deebcfec6cb1bd6563a4^! / . / library
commit2b5d3ded1f6ba1018bf5deebcfec6cb1bd6563a4[log] [tgz]
authorValerio Setti <vsetti@baylibre.com>Mon Jan 09 11:04:52 2023 +0100
committerValerio Setti <vsetti@baylibre.com>Mon Jan 09 11:04:52 2023 +0100
tree76e768897f5dadaea45b85ad15cfc2513e41affb
parent67419f0e112d6edd72fdad559c2ff5f40dc1d8cf [diff]
remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 58f0a37..4ddb187 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -2107,8 +2107,9 @@
     peer_key = mbedtls_pk_ec( *peer_pk );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    size_t ecdh_bits = 0;
     size_t olen = 0;
+    uint16_t tls_id = 0;
+    psa_ecc_family_t ecc_family;
 
     if( mbedtls_ssl_check_curve( ssl, peer_key->grp.id ) != 0 )
     {
@@ -2116,17 +2117,20 @@
         return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
     }
 
-    ssl->handshake->ecdh_psa_type =
-        PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa( peer_key->grp.id,
-                                                             &ecdh_bits ) );
-
-    if( ssl->handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff )
+    tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( peer_key->grp.id );
+    if( tls_id == 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group conversion to psa." ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ECC group %d not suported",
+                                peer_key->grp.id ) );
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
-    ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+    /* If the above conversion to TLS ID was fine, then also this one will be, 
+       so there is no need to check the retun value here */
+    mbedtls_ssl_get_psa_curve_info_from_tls_id( tls_id, &ecc_family,
+                                &ssl->handshake->ecdh_bits );
+
+    ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ecc_family );
 
     /* Store peer's public key in psa format. */
     ret = mbedtls_ecp_point_write_binary( &peer_key->grp, &peer_key->Q,

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index fb053c6..2d7e572 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -2659,7 +2659,8 @@
     unsigned char buf[
         PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
     psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
-    size_t ecdh_bits = 0;
+    uint16_t tls_id = 0;
+    psa_ecc_family_t ecc_family;
     size_t key_len;
     mbedtls_pk_context *pk;
     mbedtls_ecp_keypair *key;
@@ -2703,15 +2704,19 @@
         if( key == NULL )
             return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
-        /* Convert EC group to PSA key type. */
-        if( ( ssl->handshake->ecdh_psa_type =
-                    mbedtls_ecc_group_to_psa( key->grp.id,
-                                              &ecdh_bits ) ) == 0 )
+        tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( key->grp.id );
+        if( tls_id == 0 )
         {
+            /* This elliptic curve is not supported */
             return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
         }
 
-        ssl->handshake->ecdh_bits = ecdh_bits;
+        /* If the above conversion to TLS ID was fine, then also this one will
+            be, so there is no need to check the retun value here */
+        mbedtls_ssl_get_psa_curve_info_from_tls_id( tls_id, &ecc_family,
+                                &ssl->handshake->ecdh_bits );
+
+        ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ecc_family );
 
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );