Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.
Support these constants in the implementation and in the PSA metadata
tests.
Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.
Switch some documentation to the new encodings.
Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1120c83..f0972b6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -427,10 +427,30 @@
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
size_t byte_length )
{
- if( PSA_BITS_TO_BYTES( curve & 0xffff ) != byte_length )
- return( MBEDTLS_ECP_DP_NONE );
+ if( ( curve & 0xffff ) != 0 )
+ {
+ if( PSA_BITS_TO_BYTES( curve & 0xffff ) != byte_length )
+ return( MBEDTLS_ECP_DP_NONE );
+ }
switch( curve )
{
+ case PSA_ECC_CURVE_SECP_R1:
+ switch( byte_length )
+ {
+ case PSA_BITS_TO_BYTES( 192 ):
+ return( MBEDTLS_ECP_DP_SECP192R1 );
+ case PSA_BITS_TO_BYTES( 224 ):
+ return( MBEDTLS_ECP_DP_SECP224R1 );
+ case PSA_BITS_TO_BYTES( 256 ):
+ return( MBEDTLS_ECP_DP_SECP256R1 );
+ case PSA_BITS_TO_BYTES( 384 ):
+ return( MBEDTLS_ECP_DP_SECP384R1 );
+ case PSA_BITS_TO_BYTES( 521 ):
+ return( MBEDTLS_ECP_DP_SECP521R1 );
+ default:
+ return( MBEDTLS_ECP_DP_NONE );
+ }
+ break;
case PSA_ECC_CURVE_SECP192R1:
return( MBEDTLS_ECP_DP_SECP192R1 );
case PSA_ECC_CURVE_SECP224R1:
@@ -441,22 +461,63 @@
return( MBEDTLS_ECP_DP_SECP384R1 );
case PSA_ECC_CURVE_SECP521R1:
return( MBEDTLS_ECP_DP_SECP521R1 );
+
+ case PSA_ECC_CURVE_BRAINPOOL_P_R1:
+ switch( byte_length )
+ {
+ case PSA_BITS_TO_BYTES( 256 ):
+ return( MBEDTLS_ECP_DP_BP256R1 );
+ case PSA_BITS_TO_BYTES( 384 ):
+ return( MBEDTLS_ECP_DP_BP384R1 );
+ case PSA_BITS_TO_BYTES( 512 ):
+ return( MBEDTLS_ECP_DP_BP512R1 );
+ default:
+ return( MBEDTLS_ECP_DP_NONE );
+ }
+ break;
case PSA_ECC_CURVE_BRAINPOOL_P256R1:
return( MBEDTLS_ECP_DP_BP256R1 );
case PSA_ECC_CURVE_BRAINPOOL_P384R1:
return( MBEDTLS_ECP_DP_BP384R1 );
case PSA_ECC_CURVE_BRAINPOOL_P512R1:
return( MBEDTLS_ECP_DP_BP512R1 );
+
+ case PSA_ECC_CURVE_MONTGOMERY:
+ switch( byte_length )
+ {
+ case PSA_BITS_TO_BYTES( 255 ):
+ return( MBEDTLS_ECP_DP_CURVE25519 );
+ case PSA_BITS_TO_BYTES( 448 ):
+ return( MBEDTLS_ECP_DP_CURVE448 );
+ default:
+ return( MBEDTLS_ECP_DP_NONE );
+ }
+ break;
case PSA_ECC_CURVE_CURVE25519:
return( MBEDTLS_ECP_DP_CURVE25519 );
+ case PSA_ECC_CURVE_CURVE448:
+ return( MBEDTLS_ECP_DP_CURVE448 );
+
+ case PSA_ECC_CURVE_SECP_K1:
+ switch( byte_length )
+ {
+ case PSA_BITS_TO_BYTES( 192 ):
+ return( MBEDTLS_ECP_DP_SECP192K1 );
+ case PSA_BITS_TO_BYTES( 224 ):
+ return( MBEDTLS_ECP_DP_SECP224K1 );
+ case PSA_BITS_TO_BYTES( 256 ):
+ return( MBEDTLS_ECP_DP_SECP256K1 );
+ default:
+ return( MBEDTLS_ECP_DP_NONE );
+ }
+ break;
case PSA_ECC_CURVE_SECP192K1:
return( MBEDTLS_ECP_DP_SECP192K1 );
case PSA_ECC_CURVE_SECP224K1:
return( MBEDTLS_ECP_DP_SECP224K1 );
case PSA_ECC_CURVE_SECP256K1:
return( MBEDTLS_ECP_DP_SECP256K1 );
- case PSA_ECC_CURVE_CURVE448:
- return( MBEDTLS_ECP_DP_CURVE448 );
+
default:
return( MBEDTLS_ECP_DP_NONE );
}
@@ -685,9 +746,6 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
- if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
status = psa_prepare_import_ec_key( curve, data_length, 0, &ecp );
if( status != PSA_SUCCESS )
goto exit;