Fix conflict in EC private key writing
On the mbedtls-2.16 side, there was a change in commit
a7cfdad82e5bb9e94fc001bab2f6a71b8f49234f (PR r#503) in order to write
fixed-length private keys. It added a new helper function
pk_write_ec_private() for that.
On the baremetal side, there were changes in order to add a tinycrypt-based
implementation. It added a new helper function pk_write_ec_privkey() with two
implementations (with or without tinycrypt).
This commit keeps the function pk_write_ec_privkey() but changes its
implementation in the non-tinycrypt configuration in order to match the
implementation of pk_write_ec_private(), which is in turn removed it was only
used in that place.
The tinycrypt version of pk_write_ec_private() was already writing
constant-length private keys, so there is nothing to change here.
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 76f0a34..c8d9230 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -122,6 +122,9 @@
return( (int) len );
}
+/*
+ * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
+ */
static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
mbedtls_pk_context const *key )
{
@@ -183,11 +186,25 @@
return( (int) len );
}
+/*
+ * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
+ */
static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
mbedtls_pk_context const *key )
{
+ int ret;
mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
- return( mbedtls_asn1_write_mpi( p, start, &ec->d ) );
+ size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+ unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
+
+ ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
+
+exit:
+ mbedtls_platform_zeroize( tmp, byte_length );
+ return( ret );
}
/*
@@ -212,25 +229,6 @@
return( (int) len );
}
-/*
- * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
- */
-static int pk_write_ec_private( unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec )
-{
- int ret;
- size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
- unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
-
- ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
-
-exit:
- mbedtls_platform_zeroize( tmp, byte_length );
- return( ret );
-}
#endif /* MBEDTLS_ECP_C */
#endif /* MBEDTLS_USE_TINYCRYPT */
@@ -445,9 +443,8 @@
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
len += par_len;
- /* privateKey: write as MPI then fix tag */
+ /* privateKey */
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_privkey( &c, buf, key ) );
- *c = MBEDTLS_ASN1_OCTET_STRING;
/* version */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );