Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sys/psa_crypto: correct use of (ECDSA) key_bits #20607

Merged
merged 1 commit into from
May 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examples/psa_crypto/example_ecdsa_p256.c
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ psa_status_t example_ecdsa_p256(void)
psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
#endif
psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
Expand Down
26 changes: 1 addition & 25 deletions sys/include/psa_crypto/psa/crypto_sizes.h
Original file line number Diff line number Diff line change
Expand Up @@ -804,7 +804,7 @@
#define PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits) \
(size_t)\
(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 32 : \
(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_SECP_R1 ? PSA_BITS_TO_BYTES(key_bits) : \

Check warning on line 807 in sys/include/psa_crypto/psa/crypto_sizes.h

View workflow job for this annotation

GitHub Actions / static-tests

line is longer than 100 characters
0))

/**
Expand Down Expand Up @@ -844,7 +844,7 @@
* Unspecified if the parameters are not valid.
*/
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type) ? PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) : \

Check warning on line 847 in sys/include/psa_crypto/psa/crypto_sizes.h

View workflow job for this annotation

GitHub Actions / static-tests

line is longer than 100 characters
(PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits) : \
0))

Expand Down Expand Up @@ -893,30 +893,6 @@
#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 0
#endif

/**
* @brief Get curve size from ECC public key
*
* @details The representation of an ECC public key is dependent on the family:
* - for twisted Edwards curves: 32B
* - for Weierstrass curves:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
* - where m is the bit size associated with the curve.
* - 1 byte + 2 * point size.
*/
#define PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits) \
(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 255 : \
((size_t)((key_bits - 8) / 2)))

/**
* @brief Get curve size from ECC key (public or private)
*/
#define PSA_ECC_KEY_GET_CURVE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? \
PSA_ECC_KEY_GET_CURVE_FROM_PUBLIC_KEY(key_type, key_bits) : \
(size_t)key_bits)

/**
* @brief Maximum size of the export encoding of an ECC public key.
*
Expand Down Expand Up @@ -1059,7 +1035,7 @@
* If the parameters are not valid, the return value is unspecified.
*/
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(key_type, key_bits)) : \
(PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0))

#ifdef __cplusplus
Expand Down
14 changes: 10 additions & 4 deletions sys/psa_crypto/psa_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -1551,6 +1551,12 @@
return PSA_SUCCESS;
}
else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
/* key material does not match expected size */
if (data_length != PSA_EXPORT_KEY_OUTPUT_SIZE(type, attributes->bits)) {
return PSA_ERROR_INVALID_ARGUMENT;
}

/* key material too large to be represented */
if (data_length > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) {
return PSA_ERROR_NOT_SUPPORTED;
}
Expand Down Expand Up @@ -1944,7 +1950,7 @@
return status;
}

if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}

Expand Down Expand Up @@ -1997,7 +2003,7 @@
return status;
}

if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
if (signature_size < PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}

Expand All @@ -2008,7 +2014,7 @@

psa_key_attributes_t attributes = slot->attr;

status = psa_location_dispatch_sign_message(&attributes, alg, slot, input, input_length, signature,

Check warning on line 2017 in sys/psa_crypto/psa_crypto.c

View workflow job for this annotation

GitHub Actions / static-tests

line is longer than 100 characters
signature_size, signature_length);

unlock_status = psa_unlock_key_slot(slot);
Expand Down Expand Up @@ -2048,7 +2054,7 @@
return status;
}

if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
return PSA_ERROR_INVALID_ARGUMENT;
}

Expand Down Expand Up @@ -2105,7 +2111,7 @@
return status;
}

if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(PSA_ECC_KEY_GET_CURVE(slot->attr.type, slot->attr.bits))) {
if (signature_length != PSA_ECDSA_SIGNATURE_SIZE(slot->attr.bits)) {
return PSA_ERROR_INVALID_ARGUMENT;
}

Expand All @@ -2122,10 +2128,10 @@

psa_key_attributes_t attributes = slot->attr;

status = psa_location_dispatch_verify_message(&attributes, alg, slot, input, input_length, signature,

Check warning on line 2131 in sys/psa_crypto/psa_crypto.c

View workflow job for this annotation

GitHub Actions / static-tests

line is longer than 100 characters
signature_length);

unlock_status = psa_unlock_key_slot(slot);
return ((status == PSA_SUCCESS) ? unlock_status : status);
}
#endif /* MODULE_PSA_ASYMMETRIC */

Check warning on line 2137 in sys/psa_crypto/psa_crypto.c

View workflow job for this annotation

GitHub Actions / static-tests

source file is too long
2 changes: 1 addition & 1 deletion tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ psa_status_t example_ecdsa_p256(void)

psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
Expand Down
2 changes: 1 addition & 1 deletion tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ psa_status_t example_ecdsa_p256(void)
psa_set_key_lifetime(&pubkey_attr, lifetime);
psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
psa_set_key_bits(&pubkey_attr, ECC_KEY_SIZE);
psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
Expand Down
Loading