Convert USE_PSA_CRYPTO pk interface to the new PSA EC curve encoding

gilles-peskine-arm · gilles-peskine-arm · commit 573589f4bf47 · 2019-12-13T14:48:36.000+01:00
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
@@ -160,81 +160,96 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg
 /* Translations for ECC. */
 
 static inline int mbedtls_psa_get_ecc_oid_from_id(
-    psa_ecc_curve_t curve, char const **oid, size_t *oid_len )
+    psa_ecc_curve_t curve, size_t bits,
+    char const **oid, size_t *oid_len )
 {
     switch( curve )
     {
+        case PSA_ECC_CURVE_SECP_R1:
+            switch( bits )
+            {
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-        case PSA_ECC_CURVE_SECP192R1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
-            return( 0 );
+                case 192:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-        case PSA_ECC_CURVE_SECP224R1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
-            return( 0 );
+                case 224:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-        case PSA_ECC_CURVE_SECP256R1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
-            return( 0 );
+                case 256:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-        case PSA_ECC_CURVE_SECP384R1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
-            return( 0 );
+                case 384:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-        case PSA_ECC_CURVE_SECP521R1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
-            return( 0 );
+                case 521:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+            }
+            break;
+        case PSA_ECC_CURVE_SECP_K1:
+            switch( bits )
+            {
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-        case PSA_ECC_CURVE_SECP192K1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
-            return( 0 );
+                case 192:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-        case PSA_ECC_CURVE_SECP224K1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
-            return( 0 );
+                case 224:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-        case PSA_ECC_CURVE_SECP256K1:
-            *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
-            return( 0 );
+                case 256:
+                    *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+            }
+            break;
+        case PSA_ECC_CURVE_BRAINPOOL_P_R1:
+            switch( bits )
+            {
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-        case PSA_ECC_CURVE_BRAINPOOL_P256R1:
-            *oid = MBEDTLS_OID_EC_GRP_BP256R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
-            return( 0 );
+                case 256:
+                    *oid = MBEDTLS_OID_EC_GRP_BP256R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-        case PSA_ECC_CURVE_BRAINPOOL_P384R1:
-            *oid = MBEDTLS_OID_EC_GRP_BP384R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
-            return( 0 );
+                case 384:
+                    *oid = MBEDTLS_OID_EC_GRP_BP384R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-        case PSA_ECC_CURVE_BRAINPOOL_P512R1:
-            *oid = MBEDTLS_OID_EC_GRP_BP512R1;
-            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
-            return( 0 );
+                case 521:
+                    *oid = MBEDTLS_OID_EC_GRP_BP512R1;
+                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
+                    return( 0 );
 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-        default:
-            (void) oid;
-            (void) oid_len;
-            return( -1 );
+            }
+            break;
     }
+    (void) oid;
+    (void) oid_len;
+    return( -1 );
 }
 
 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
diff --git a/library/pkwrite.c b/library/pkwrite.c
@@ -272,18 +272,20 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
         psa_key_type_t key_type;
         psa_key_handle_t handle;
         psa_ecc_curve_t curve;
+        size_t bits;
 
         handle = *((psa_key_handle_t*) key->pk_ctx );
         if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) )
             return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
         key_type = psa_get_key_type( &attributes );
+        bits = psa_get_key_bits( &attributes );
         psa_reset_key_attributes( &attributes );
 
-        curve = PSA_KEY_TYPE_GET_CURVE( key_type );
+        curve = PSA_KEY_TYPE_GET_CURVE( key_type ) & 0xff0000;
         if( curve == 0 )
             return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
-        ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len );
+        ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
         if( ret != 0 )
             return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
@@ -102,8 +102,8 @@ psa_key_handle_t pk_psa_genkey( void )
 {
     psa_key_handle_t key;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    const int curve = PSA_ECC_CURVE_SECP256R1;
-    const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve);
+    const psa_key_type_t type =
+        PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 );
     const size_t bits = 256;
 
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
