ARMmbed
diff --git a/‎include/psa/crypto.h
Lines changed: 11 additions & 25 deletions b/‎include/psa/crypto.h
Lines changed: 11 additions & 25 deletions
diff --git a/‎include/psa/crypto_sizes.h
Lines changed: 8 additions & 18 deletions b/‎include/psa/crypto_sizes.h
Lines changed: 8 additions & 18 deletions
diff --git a/‎library/psa_crypto.c
Lines changed: 70 additions & 66 deletions b/‎library/psa_crypto.c
Lines changed: 70 additions & 66 deletions
@@ -482,6 +482,14 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
  *      modulus            INTEGER,    -- n
  *      publicExponent     INTEGER  }  -- e
  *   ```
+ * - For elliptic curve public keys (key types for which
+ *   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+ *   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint:
+ *   Let `m` be the bit size associated with the curve, i.e. the bit size of
+ *   `q` for a curve over `F_q`. The representation consists of:
+ *      - The byte 0x04;
+ *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
  *
  * For other public key types, the format is the DER representation defined by
  * RFC 5280 as `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
@@ -509,30 +517,6 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
  *      g                  INTEGER  }
  *   DSAPublicKey ::= INTEGER -- public key, Y
  *   ```
- * - For elliptic curve public keys (key types for which
- *   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true),
- *   the `subjectPublicKey` format is defined by RFC 3279 &sect;2.3.5 as
- *   `ECPoint`, which contains the uncompressed
- *   representation defined by SEC1 &sect;2.3.3.
- *   The OID is `id-ecPublicKey`,
- *   and the parameters must be given as a `namedCurve` OID as specified in
- *   RFC 5480 &sect;2.1.1.1 or other applicable standards.
- *   ```
- *   ansi-X9-62 OBJECT IDENTIFIER ::=
- *                           { iso(1) member-body(2) us(840) 10045 }
- *   id-public-key-type OBJECT IDENTIFIER  ::= { ansi-X9.62 2 }
- *   id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
- *
- *   ECPoint ::= ...
- *      -- first 8 bits: 0x04;
- *      -- then x_P as a `ceiling(m/8)`-byte string, big endian;
- *      -- then y_P as a `ceiling(m/8)`-byte string, big endian;
- *      -- where `m` is the bit size associated with the curve,
- *      --       i.e. the bit size of `q` for a curve over `F_q`.
- *
- *   EcpkParameters ::= CHOICE { -- other choices are not allowed
- *      namedCurve    OBJECT IDENTIFIER }
- *   ```
  *
  * \param handle            Handle to the key to export.
  * \param[out] data         Buffer where the key data is to be written.
@@ -2160,7 +2144,9 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
  *                                in the same format that psa_import_key()
  *                                accepts. The standard formats for public
  *                                keys are documented in the documentation
- *                                of psa_export_public_key().
+ *                                of psa_export_public_key(). For EC keys, it
+ *                                must also be of the same group as the private
+ *                                key.
  * \param peer_key_length         Size of \p peer_key in bytes.
  * \param alg                     The key agreement algorithm to compute
  *                                (\c PSA_ALG_XXX value such that
 
@@ -493,26 +493,16 @@
 
 /* Maximum size of the export encoding of an ECC public key.
  *
- * SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *      algorithm            AlgorithmIdentifier,
- *      subjectPublicKey     BIT STRING  } -- contains ECPoint
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              OBJECT IDENTIFIER } -- namedCurve
- * ECPoint ::= ...
- *    -- first 8 bits: 0x04;
- *    -- then x_P as a `ceiling(m/8)`-byte string, big endian;
- *    -- then y_P as a `ceiling(m/8)`-byte string, big endian;
- *    -- where `m` is the bit size associated with the curve.
- *
- * - 2 * 4 bytes of SEQUENCE overhead;
- * - 1 + 1 + 7 bytes of algorithm (id-ecPublicKey OID);
- * - 1 + 1 + 12 bytes of namedCurve OID;
- * - 4 bytes of BIT STRING overhead;
- * - 1 byte + 2 * point size in ECPoint.
+ * The representation of an ECC public key is:
+ *      - The byte 0x04;
+ *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
+ *      - where m is the bit size associated with the curve.
+ *
+ * - 1 byte + 2 * point size.
  */
 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (2 * PSA_BITS_TO_BYTES(key_bits) + 36)
+    (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
 
 /* Maximum size of the export encoding of an ECC key pair.
  *
 
@@ -537,25 +537,55 @@ static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk,
 }
 #endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
 
-#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_PARSE_C)
-/* Import an elliptic curve parsed by the mbedtls pk module. */
-static psa_status_t psa_import_ecp_key( psa_ecc_curve_t expected_curve,
-                                        mbedtls_pk_context *pk,
-                                        mbedtls_ecp_keypair **p_ecp )
+#if defined(MBEDTLS_ECP_C)
+
+/* Import a public key given as the uncompressed representation defined by SEC1
+ * 2.3.3 as the content of an ECPoint. */
+static psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve,
+                                              const uint8_t *data,
+                                              size_t data_length,
+                                              mbedtls_ecp_keypair **p_ecp )
 {
-    if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    else
+    psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+    mbedtls_ecp_keypair *ecp = NULL;
+    mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
+
+    *p_ecp = NULL;
+    ecp = mbedtls_calloc( 1, sizeof( *ecp ) );
+    if( ecp == NULL )
+        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    mbedtls_ecp_keypair_init( ecp );
+
+    /* Load the group. */
+    status = mbedtls_to_psa_error(
+        mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    /* Load the public value. */
+    status = mbedtls_to_psa_error(
+        mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
+                                       data, data_length ) );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    /* Check that the point is on the curve. */
+    status = mbedtls_to_psa_error(
+        mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    *p_ecp = ecp;
+    return( PSA_SUCCESS );
+
+exit:
+    if( ecp != NULL )
     {
-        mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( *pk );
-        psa_ecc_curve_t actual_curve = mbedtls_ecc_group_to_psa( ecp->grp.id );
-        if( actual_curve != expected_curve )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        *p_ecp = ecp;
-        return( PSA_SUCCESS );
+        mbedtls_ecp_keypair_free( ecp );
+        mbedtls_free( ecp );
     }
+    return( status );
 }
-#endif /* defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_PARSE_C) */
+#endif /* defined(MBEDTLS_ECP_C) */
 
 #if defined(MBEDTLS_ECP_C)
 /* Import a private key given as a byte string which is the private value
@@ -642,11 +672,20 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
         if( status != PSA_SUCCESS )
             return( status );
     }
+    else if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( slot->type ) )
+    {
+        status = psa_import_ec_public_key(
+            PSA_KEY_TYPE_GET_CURVE( slot->type ),
+            data, data_length,
+            &slot->data.ecp );
+
+        if( status != PSA_SUCCESS )
+            return( status );
+    }
     else
 #endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_PK_PARSE_C)
-    if( PSA_KEY_TYPE_IS_RSA( slot->type ) ||
-        PSA_KEY_TYPE_IS_ECC( slot->type ) )
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
+    if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
     {
         int ret;
         mbedtls_pk_context pk;
@@ -660,23 +699,9 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
         if( ret != 0 )
             return( mbedtls_to_psa_error( ret ) );
 
-        /* We have something that the pkparse module recognizes.
-         * If it has the expected type and passes any type-specific
-         * checks, store it. */
-#if defined(MBEDTLS_RSA_C)
-        if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
-            status = psa_import_rsa_key( &pk, &slot->data.rsa );
-        else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-        if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
-            status = psa_import_ecp_key( PSA_KEY_TYPE_GET_CURVE( slot->type ),
-                                         &pk, &slot->data.ecp );
-        else
-#endif /* MBEDTLS_ECP_C */
-        {
-            status = PSA_ERROR_NOT_SUPPORTED;
-        }
+        /* We have something that the pkparse module recognizes. If it is a
+         * valid RSA key, store it. */
+        status = psa_import_rsa_key( &pk, &slot->data.rsa );
 
         /* Free the content of the pk object only on error. On success,
          * the content of the object has been stored in the slot. */
@@ -687,7 +712,7 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
         }
     }
     else
-#endif /* defined(MBEDTLS_PK_PARSE_C) */
+#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
     {
         return( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -900,7 +925,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle,
     return( PSA_SUCCESS );
 }
 
-#if defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
 static int pk_write_pubkey_simple( mbedtls_pk_context *key,
                                    unsigned char *buf, size_t size )
 {
@@ -914,7 +939,7 @@ static int pk_write_pubkey_simple( mbedtls_pk_context *key,
 
     return( (int) len );
 }
-#endif /* defined(MBEDTLS_RSA_C) */
+#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) */
 
 static  psa_status_t psa_internal_export_key( psa_key_slot_t *slot,
                                               uint8_t *data,
@@ -987,14 +1012,7 @@ static  psa_status_t psa_internal_export_key( psa_key_slot_t *slot,
             }
             if( export_public_key || PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) )
             {
-                if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
-                {
-                    ret = pk_write_pubkey_simple( &pk, data, data_size );
-                }
-                else
-                {
-                    ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
-                }
+                ret = pk_write_pubkey_simple( &pk, data, data_size );
             }
             else
             {
@@ -4041,32 +4059,17 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
                                             size_t shared_secret_size,
                                             size_t *shared_secret_length )
 {
-    mbedtls_pk_context pk;
     mbedtls_ecp_keypair *their_key = NULL;
     mbedtls_ecdh_context ecdh;
     psa_status_t status;
     mbedtls_ecdh_init( &ecdh );
-    mbedtls_pk_init( &pk );
 
-    status = mbedtls_to_psa_error(
-        mbedtls_pk_parse_public_key( &pk, peer_key, peer_key_length ) );
+    status = psa_import_ec_public_key(
+        mbedtls_ecc_group_to_psa( our_key->grp.id ),
+        peer_key, peer_key_length,
+        &their_key );
     if( status != PSA_SUCCESS )
         goto exit;
-    switch( mbedtls_pk_get_type( &pk ) )
-    {
-        case MBEDTLS_PK_ECKEY:
-        case MBEDTLS_PK_ECKEY_DH:
-            break;
-        default:
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-    }
-    their_key = mbedtls_pk_ec( pk );
-    if( their_key->grp.id != our_key->grp.id )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
 
     status = mbedtls_to_psa_error(
         mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
@@ -4085,8 +4088,9 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
                                   &global_data.ctr_drbg ) );
 
 exit:
-    mbedtls_pk_free( &pk );
     mbedtls_ecdh_free( &ecdh );
+    mbedtls_ecp_keypair_free( their_key );
+    mbedtls_free( their_key );
     return( status );
 }
 #endif /* MBEDTLS_ECDH_C */