Add missing Curve448 support for PSA keys
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 ยง5.
Test suites have been updated to validate curve448 under Montgomery
curves.
Signed-off-by: Archana <archana.madhavan@silabs.com>
diff --git a/library/ecp.c b/library/ecp.c
index e8df7ff..7963665 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -3054,6 +3054,7 @@
}
#define ECP_CURVE25519_KEY_SIZE 32
+#define ECP_CURVE448_KEY_SIZE 56
/*
* Read a private key.
*/
@@ -3074,7 +3075,7 @@
if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/*
- * If it is Curve25519 curve then mask the key as mandated by RFC7748
+ * Mask the key as mandated by RFC7748 for Curve25519 and Curve448.
*/
if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
{
@@ -3100,8 +3101,23 @@
ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
);
}
- else
- ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ else if( grp_id == MBEDTLS_ECP_DP_CURVE448 )
+ {
+ if( buflen != ECP_CURVE448_KEY_SIZE )
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+
+ /* Set the two least significant bits to 0 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
+
+ /* Set the most significant bit to 1 */
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_set_bit( &key->d,
+ ECP_CURVE448_KEY_SIZE * 8 - 1, 1 )
+ );
+ }
}
#endif
@@ -3141,12 +3157,14 @@
if( buflen < ECP_CURVE25519_KEY_SIZE )
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
}
- else
- ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ else if ( key->grp.id == MBEDTLS_ECP_DP_CURVE448 )
+ {
+ if( buflen < ECP_CURVE448_KEY_SIZE )
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ }
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
}
-
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )