TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fa4cbe0422f2fb84f61ba8be8f21657e274fe07a^! / . / library / pkwrite.c
commitfa4cbe0422f2fb84f61ba8be8f21657e274fe07a[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Sep 10 12:20:43 2019 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Sep 10 12:20:43 2019 +0200
tree4c919beb4535f746ad512973841b07460fa0005a
parent8abd0a0c84c59e2e65db12dcf841c5b7602de429 [diff] [blame]
Fix conflict in EC private key writing

On the mbedtls-2.16 side, there was a change in commit
a7cfdad82e5bb9e94fc001bab2f6a71b8f49234f (PR r#503) in order to write
fixed-length private keys. It added a new helper function
pk_write_ec_private() for that.

On the baremetal side, there were changes in order to add a tinycrypt-based
implementation. It added a new helper function pk_write_ec_privkey() with two
implementations (with or without tinycrypt).

This commit keeps the function pk_write_ec_privkey() but changes its
implementation in the non-tinycrypt configuration in order to match the
implementation of pk_write_ec_private(), which is in turn removed it was only
used in that place.

The tinycrypt version of pk_write_ec_private() was already writing
constant-length private keys, so there is nothing to change here.

diff --git a/library/pkwrite.c b/library/pkwrite.c
index 76f0a34..c8d9230 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c

@@ -122,6 +122,9 @@
     return( (int) len );
 }
 
+/*
+ * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
+ */
 static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
                                 mbedtls_pk_context const *key )
 {
@@ -183,11 +186,25 @@
     return( (int) len );
 }
 
+/*
+ * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
+ */
 static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
                                 mbedtls_pk_context const *key )
 {
+    int ret;
     mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
-    return( mbedtls_asn1_write_mpi( p, start, &ec->d ) );
+    size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+    unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
+
+    ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
+    if( ret != 0 )
+        goto exit;
+    ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
+
+exit:
+    mbedtls_platform_zeroize( tmp, byte_length );
+    return( ret );
 }
 
 /*
@@ -212,25 +229,6 @@
     return( (int) len );
 }
 
-/*
- * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
- */
-static int pk_write_ec_private( unsigned char **p, unsigned char *start,
-                                mbedtls_ecp_keypair *ec )
-{
-    int ret;
-    size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
-    unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
-
-    ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
-    if( ret != 0 )
-        goto exit;
-    ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
-
-exit:
-    mbedtls_platform_zeroize( tmp, byte_length );
-    return( ret );
-}
 #endif /* MBEDTLS_ECP_C */
 #endif /* MBEDTLS_USE_TINYCRYPT */
 
@@ -445,9 +443,8 @@
                             MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
         len += par_len;
 
-        /* privateKey: write as MPI then fix tag */
+        /* privateKey */
         MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_privkey( &c, buf, key ) );
-        *c = MBEDTLS_ASN1_OCTET_STRING;
 
         /* version */
         MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );