commit c7ef5b3f4573973f0e8302ee0214b70de195506e
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Dec 12 16:58:00 2019 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Jan 31 10:15:32 2020 +0100
tree 6f9466cae0f688939c3a0025c9b4aac7712a1afb
parent 2eea95cb5dbb87888ac28161d47c4beaff1f8d79

Rework mbedlts group id to PSA curve conversion

Don't rely on the PSA curve identifier determining the key size, in
preparation for removing that.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 84054a7..f031654 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -375,35 +375,49 @@
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
 #if defined(MBEDTLS_ECP_C)
-static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
+static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
+                                                 size_t *bits )
 {
     switch( grpid )
     {
         case MBEDTLS_ECP_DP_SECP192R1:
+            *bits = 192;
             return( PSA_ECC_CURVE_SECP192R1 );
         case MBEDTLS_ECP_DP_SECP224R1:
+            *bits = 224;
             return( PSA_ECC_CURVE_SECP224R1 );
         case MBEDTLS_ECP_DP_SECP256R1:
+            *bits = 256;
             return( PSA_ECC_CURVE_SECP256R1 );
         case MBEDTLS_ECP_DP_SECP384R1:
+            *bits = 384;
             return( PSA_ECC_CURVE_SECP384R1 );
         case MBEDTLS_ECP_DP_SECP521R1:
+            *bits = 521;
             return( PSA_ECC_CURVE_SECP521R1 );
         case MBEDTLS_ECP_DP_BP256R1:
+            *bits = 256;
             return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
         case MBEDTLS_ECP_DP_BP384R1:
+            *bits = 384;
             return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
         case MBEDTLS_ECP_DP_BP512R1:
+            *bits = 512;
             return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
         case MBEDTLS_ECP_DP_CURVE25519:
+            *bits = 255;
             return( PSA_ECC_CURVE_CURVE25519 );
         case MBEDTLS_ECP_DP_SECP192K1:
+            *bits = 192;
             return( PSA_ECC_CURVE_SECP192K1 );
         case MBEDTLS_ECP_DP_SECP224K1:
+            *bits = 224;
             return( PSA_ECC_CURVE_SECP224K1 );
         case MBEDTLS_ECP_DP_SECP256K1:
+            *bits = 256;
             return( PSA_ECC_CURVE_SECP256K1 );
         case MBEDTLS_ECP_DP_CURVE448:
+            *bits = 448;
             return( PSA_ECC_CURVE_CURVE448 );
         default:
             return( 0 );
@@ -5251,12 +5265,13 @@
     mbedtls_ecp_keypair *their_key = NULL;
     mbedtls_ecdh_context ecdh;
     psa_status_t status;
+    size_t bits = 0;
+    psa_ecc_curve_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
     mbedtls_ecdh_init( &ecdh );
 
-    status = psa_import_ec_public_key(
-        mbedtls_ecc_group_to_psa( our_key->grp.id ),
-        peer_key, peer_key_length,
-        &their_key );
+    status = psa_import_ec_public_key( curve,
+                                       peer_key, peer_key_length,
+                                       &their_key );
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -5275,6 +5290,10 @@
                                   shared_secret, shared_secret_size,
                                   mbedtls_ctr_drbg_random,
                                   &global_data.ctr_drbg ) );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
+        status = PSA_ERROR_CORRUPTION_DETECTED;
 
 exit:
     mbedtls_ecdh_free( &ecdh );