commit b4a87b07f8e2791eb368bb79fb9ae8c32c7cb82e
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 04 22:54:26 2022 +0200
committer Valerio Setti <valerio.setti@nordicsemi.no> Wed Feb 08 13:39:10 2023 +0100
tree bb6fa45d56a26533ff85882f72c834a49d414178
parent 9cb1aa21c41587618dac2b2886d7362633faa869

Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO

Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling
mbedtls_pk_write_pubkey() to write a public key in the form of a
subjectPublicKey, only to then extract the part that represents the EC
point which psa_import_key() actually wants. Instead, call an ecp
function to directly get the public key in the desired format (just the
point).

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/pk_wrap.c

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index fa296e8..0f0ae5b 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -691,11 +691,13 @@
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
-    mbedtls_pk_context key;
-    int key_len;
-    unsigned char buf[MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES];
+    size_t key_len;
+    /* This buffer contains first the public key (consisting of two public
+     * points plus a header byte), then the signature (consisting of two
+     * public points). Size it for the public key which is one byte larger. */
+    unsigned char buf[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(
+            PSA_VENDOR_ECC_MAX_CURVE_BITS )];
     unsigned char *p;
-    mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
     psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
     size_t curve_bits;
     psa_ecc_family_t curve =
@@ -707,25 +709,22 @@
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
 
-    /* mbedtls_pk_write_pubkey() expects a full PK context;
-     * re-construct one to make it happy */
-    key.pk_info = &pk_info;
-    key.pk_ctx = ctx;
-    p = buf + sizeof(buf);
-    key_len = mbedtls_pk_write_pubkey(&p, buf, &key);
-    if (key_len <= 0) {
-        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+    psa_set_key_algorithm( &attributes, psa_sig_md );
+
+    ret = mbedtls_ecp_point_write_binary(&ctx->grp, &ctx->Q,
+                                         MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                         &key_len, buf, sizeof(buf));
+    if (ret != 0) {
+        goto cleanup;
     }
 
-    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve));
-    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
-    psa_set_key_algorithm(&attributes, psa_sig_md);
-
     status = psa_import_key(&attributes,
-                            buf + sizeof(buf) - key_len, key_len,
+                            buf, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = mbedtls_pk_error_from_psa( status );
         goto cleanup;
     }