Make PSA util compatible with Mbed Crypto 3.0.1

Patater · Patater · commit 0961f312c6b0 · 2020-06-18T12:16:25.000+01:00
Mbed Crypto 3.0.1 ships with TF-M. To make Mbed TLS 2.22.0 compatible
with Mbed Crypto 3.0.1, changes are needed in psa_util.h (which
abstracts some portions of the PSA Crypto API for use with TLS) to deal
with new ECC curve define changes.

Signed-off-by: Jaeden Amero &lt;jaeden.amero@arm.com&gt;
Signed-off-by: Devaraj Ranganna &lt;devaraj.ranganna@arm.com&gt;
diff --git a/features/mbedtls/inc/mbedtls/psa_util.h b/features/mbedtls/inc/mbedtls/psa_util.h
@@ -7,7 +7,7 @@
  *          change at any time.
  */
 /*
- *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ *  Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -163,6 +163,87 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
     psa_ecc_curve_t curve, size_t bits,
     char const **oid, size_t *oid_len )
 {
+#if TARGET_TFM
+    /* Use older Crypto API, at least until TF-M updates its crypto
+     * implementation to Mbed TLS 2.22.0. See
+     * https://github.com/ARMmbed/mbed-os/issues/13025 for details. */
+    (void) bits;
+    switch( curve )
+    {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+        case PSA_ECC_CURVE_SECP192R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+        case PSA_ECC_CURVE_SECP224R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+        case PSA_ECC_CURVE_SECP256R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+        case PSA_ECC_CURVE_SECP384R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+        case PSA_ECC_CURVE_SECP521R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+        case PSA_ECC_CURVE_SECP192K1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+        case PSA_ECC_CURVE_SECP224K1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+        case PSA_ECC_CURVE_SECP256K1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+        case PSA_ECC_CURVE_BRAINPOOL_P256R1:
+            *oid = MBEDTLS_OID_EC_GRP_BP256R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+        case PSA_ECC_CURVE_BRAINPOOL_P384R1:
+            *oid = MBEDTLS_OID_EC_GRP_BP384R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+        case PSA_ECC_CURVE_BRAINPOOL_P512R1:
+            *oid = MBEDTLS_OID_EC_GRP_BP512R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+        default:
+            (void) oid;
+            (void) oid_len;
+            return( -1 );
+    }
+#else
+    /* Use more up to date Crypto API */
+
     switch( curve )
     {
         case PSA_ECC_CURVE_SECP_R1:
@@ -250,6 +331,7 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
     (void) oid;
     (void) oid_len;
     return( -1 );
+#endif /* TARGET_TFM */
 }
 
 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
@@ -369,12 +451,16 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
 static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
     uint16_t tls_ecc_grp_reg_id, size_t *bits )
 {
+#if TARGET_TFM
+    return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
+#else
     const mbedtls_ecp_curve_info *curve_info =
         mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
     if( curve_info == NULL )
         return( 0 );
     return( PSA_KEY_TYPE_ECC_KEY_PAIR(
                 mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
+#endif
 }
 #endif /* MBEDTLS_ECP_C */
 
diff --git a/features/mbedtls/src/pk.c b/features/mbedtls/src/pk.c
@@ -1,7 +1,7 @@
 /*
  *  Public Key abstraction layer
  *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -617,12 +617,18 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
     if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
         return( ret );
 
+    /* prepare the key attributes */
+#if TARGET_TFM
+    curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
+    key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(
+                                 mbedtls_psa_parse_tls_ecc_group ( curve_id,
+                                 &bits ) );
+#else
     curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
     key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
-
-    /* prepare the key attributes */
-    psa_set_key_type( &attributes, key_type );
+#endif
     psa_set_key_bits( &attributes, bits );
+    psa_set_key_type( &attributes, key_type );
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
     psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
 
diff --git a/features/mbedtls/src/pk_wrap.c b/features/mbedtls/src/pk_wrap.c
@@ -1,7 +1,7 @@
 /*
  *  Public Key abstraction layer: wrapper functions
  *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -559,8 +559,12 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
     mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
     psa_algorithm_t psa_sig_md, psa_md;
     size_t curve_bits;
-    psa_ecc_curve_t curve =
-        mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
+    psa_ecc_curve_t curve;
+#if TARGET_TFM
+    curve = mbedtls_ecp_curve_info_from_grp_id( ctx->grp.id )->tls_id;
+#else
+    curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
+#endif
     const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
 
     if( curve == 0 )
