From 8bc372552cf5cb75db1c8b39fab1e15369f1a7fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= <mikolai.guetschow@tu-dresden.de>
Date: Mon, 22 Apr 2024 12:50:40 +0200
Subject: [PATCH] sys/psa_crypto: correct use of (ECDSA) key_bits

---
 examples/psa_crypto/example_ecdsa_p256.c  |  2 +-
 sys/include/psa_crypto/psa/crypto_sizes.h | 26 +----------------------
 sys/psa_crypto/psa_crypto.c               | 14 ++++++++----
 3 files changed, 12 insertions(+), 30 deletions(-)

diff --git a/examples/psa_crypto/example_ecdsa_p256.c b/examples/psa_crypto/example_ecdsa_p256.c
index fe5fa8a170bd3..0e4e7af3cf7f7 100644
--- a/examples/psa_crypto/example_ecdsa_p256.c
+++ b/examples/psa_crypto/example_ecdsa_p256.c
@@ -88,7 +88,7 @@ psa_status_t example_ecdsa_p256(void)
     psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
 #endif
     psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
-    psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
+    psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
     psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
 
     status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h
index edbfb2da4df49..7b3f29bf19e69 100644
--- a/sys/include/psa_crypto/psa/crypto_sizes.h
+++ b/sys/include/psa_crypto/psa/crypto_sizes.h
@@ -893,30 +893,6 @@ extern "C" {
 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE 0
 #endif
 
-/**
- * @brief   Get curve size from ECC public key
- *
- * @details The representation of an ECC public key is dependent on the family:
- *          - for twisted Edwards curves: 32B
- *          - for Weierstrass curves:
- *            - The byte 0x04;
- *            - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- *            - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
- *            - where m is the bit size associated with the curve.
- *            - 1 byte + 2 * point size.
- */
-#define PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits)                    \
-    (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 255 : \
-     ((size_t)((key_bits - 8) / 2)))
-
-/**
- * @brief   Get curve size from ECC key (public or private)
- */
-#define PSA_ECC_KEY_GET_CURVE(key_type, key_bits)                   \
-    (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ?                     \
-        PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits) : \
-     (size_t)key_bits)
-
 /**
  * @brief   Maximum size of the export encoding of an ECC public key.
  *
@@ -1059,7 +1035,7 @@ extern "C" {
  *          If the parameters are not valid, the return value is unspecified.
  */
 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)        \
-    (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(key_type, key_bits)) : \
+    (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
      ((void)alg, 0))
 
 #ifdef __cplusplus
diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c
index b7bff781e7f24..90b573840df3c 100644
--- a/sys/psa_crypto/psa_crypto.c
+++ b/sys/psa_crypto/psa_crypto.c
@@ -1551,6 +1551,12 @@ psa_status_t psa_builtin_import_key(const psa_key_attributes_t *attributes,
         return PSA_SUCCESS;
     }
     else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
+        /* key material does not match expected size */
+        if (data_length != PSA_EXPORT_KEY_OUTPUT_SIZE(type, attributes->bits)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
+
+        /* key material too large to be represented */
         if (data_length > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) {
             return PSA_ERROR_NOT_SUPPORTED;
         }
@@ -1944,7 +1950,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key,
         return status;
     }
 
-    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
         return PSA_ERROR_BUFFER_TOO_SMALL;
     }
 
@@ -1997,7 +2003,7 @@ psa_status_t psa_sign_message(psa_key_id_t key,
         return status;
     }
 
-    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
         return PSA_ERROR_BUFFER_TOO_SMALL;
     }
 
@@ -2048,7 +2054,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key,
         return status;
     }
 
-    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
         return PSA_ERROR_INVALID_ARGUMENT;
     }
 
@@ -2105,7 +2111,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
         return status;
     }
 
-    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
+    if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
         return PSA_ERROR_INVALID_ARGUMENT;
     }