TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e3fd39289ea15787064b00e8c29d9e9a63d2ff5d^! / . / library
commite3fd39289ea15787064b00e8c29d9e9a63d2ff5d[log] [tgz]
authorSteven Cooreman <steven.cooreman@silabs.com>Thu Jun 11 16:50:36 2020 +0200
committerSteven Cooreman <steven.cooreman@silabs.com>Mon Jul 06 10:45:31 2020 +0200
tree036175022c2e11b2f95d909aa67f42d2ed40cbf5
parent6f5cc71ad15bc65e0a4e29b810644f04c99e0450 [diff]
Fix endianness and masking for Curve25519 keys handled by PSA

Changed PSA core (and PKWrite) from reaching into MPI to using the proper
ecp function to fetch a private key.
Added changelog.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

diff --git a/library/pkwrite.c b/library/pkwrite.c
index b1b5f46..914b33f 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c

@@ -166,9 +166,10 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+    size_t output_length;
     unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
 
-    ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
+    ret = mbedtls_ecp_write_key( ec->grp.id, ec, &output_length, tmp, byte_length );
     if( ret != 0 )
         goto exit;
     ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6932318..1151d17 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -670,16 +670,12 @@
     if( status != PSA_SUCCESS )
         goto exit;
 
-    /* Load the secret value. */
+    /* Load and validate the secret key */
     status = mbedtls_to_psa_error(
-        mbedtls_mpi_read_binary( &ecp->d, data, data_length ) );
+        mbedtls_ecp_read_key( ecp->grp.id, ecp, data, data_length ) );
     if( status != PSA_SUCCESS )
         goto exit;
-    /* Validate the private key. */
-    status = mbedtls_to_psa_error(
-        mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
+
     /* Calculate the public key from the private key. */
     status = mbedtls_to_psa_error(
         mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
@@ -1325,12 +1321,14 @@
     if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( slot->attr.type ) && !export_public_key )
     {
         psa_status_t status;
+        size_t actual_data_size;
 
         size_t bytes = PSA_BITS_TO_BYTES( slot->attr.bits );
         if( bytes > data_size )
             return( PSA_ERROR_BUFFER_TOO_SMALL );
         status = mbedtls_to_psa_error(
-            mbedtls_mpi_write_binary( &slot->data.ecp->d, data, bytes ) );
+            mbedtls_ecp_write_key(slot->data.ecp->grp.id, slot->data.ecp,
+                                  &actual_data_size, data, bytes) );
         if( status != PSA_SUCCESS )
             return( status );
         memset( data + bytes, 0, data_size - bytes );