psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index a2604e1..cfb4bce 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -126,16 +126,11 @@
* \param curve A PSA elliptic curve identifier
* (`PSA_ECC_FAMILY_xxx`).
* \param bits The bit-length of a private key on \p curve.
- * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
- * to the nearest multiple of 8. This allows the caller
- * to infer the exact curve from the length of a key
- * which is supplied as a byte string.
*
* \return The corresponding Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
- * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
- * \return #MBEDTLS_ECP_DP_NONE if \p bits is not
- * correct for \p curve.
+ * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve
+ * and \p bits is not recognized.
*/
mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve,
size_t bits);
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 866ef79..3c5aa72 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -32,13 +32,16 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-/* Helper function to verify if the provided EC's family and key bit size are
- * valid. */
-static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup)
+/* Helper function to verify if the provided EC's family and key bit size are valid.
+ *
+ * Note: "bits" parameter is used both as input and output and it might be updated
+ * in case provided input value is not multiple of 8 ("sloppy" bits).
+ */
+static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits)
{
switch (family) {
case PSA_ECC_FAMILY_SECP_R1:
- switch (bits) {
+ switch (*bits) {
case 192:
case 224:
case 256:
@@ -46,14 +49,13 @@
case 521:
return PSA_SUCCESS;
case 528:
- if (allow_bit_size_roundup) {
- return PSA_SUCCESS;
- }
+ *bits = 521;
+ return PSA_SUCCESS;
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch (bits) {
+ switch (*bits) {
case 256:
case 384:
case 512:
@@ -62,19 +64,18 @@
break;
case PSA_ECC_FAMILY_MONTGOMERY:
- switch (bits) {
+ switch (*bits) {
case 448:
case 255:
return PSA_SUCCESS;
case 256:
- if (allow_bit_size_roundup) {
- return PSA_SUCCESS;
- }
+ *bits = 255;
+ return PSA_SUCCESS;
}
break;
case PSA_ECC_FAMILY_SECP_K1:
- switch (bits) {
+ switch (*bits) {
case 192:
case 224:
case 256:
@@ -136,8 +137,7 @@
}
mbedtls_ecp_keypair_init(ecp);
- status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits,
- !explicit_bits);
+ status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits);
if (status != PSA_SUCCESS) {
goto exit;
}
diff --git a/library/psa_util.c b/library/psa_util.c
index abd7a5f..28b0285 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -276,7 +276,6 @@
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
case 521:
- case 528:
return MBEDTLS_ECP_DP_SECP521R1;
#endif
}
@@ -303,7 +302,6 @@
switch (bits) {
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
case 255:
- case 256:
return MBEDTLS_ECP_DP_CURVE25519;
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)