Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
Implement the key slot mutex
diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt
new file mode 100644
index 0000000..4cd2079
--- /dev/null
+++ b/ChangeLog.d/7764.txt
@@ -0,0 +1,3 @@
+Features
+ * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa()
+ to convert between Mbed TLS and PSA curve identifiers.
diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt
new file mode 100644
index 0000000..5664bf1
--- /dev/null
+++ b/ChangeLog.d/8340.txt
@@ -0,0 +1,4 @@
+Features
+ * Add functions mbedtls_md_psa_alg_from_type() and
+ mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and
+ psa_algorithm_t.
diff --git a/ChangeLog.d/ecp-keypair-utilities.txt b/ChangeLog.d/ecp-keypair-utilities.txt
new file mode 100644
index 0000000..6f9714a
--- /dev/null
+++ b/ChangeLog.d/ecp-keypair-utilities.txt
@@ -0,0 +1,5 @@
+Features
+ * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling
+ gaps made by making its fields private: mbedtls_ecp_set_public_key(),
+ mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(),
+ mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652.
diff --git a/docs/psa-transition.md b/docs/psa-transition.md
index 067ffaf..e89128c 100644
--- a/docs/psa-transition.md
+++ b/docs/psa-transition.md
@@ -443,6 +443,10 @@
| `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` |
| `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` |
+The following helper functions can be used to convert between the 2 types:
+- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`.
+- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`.
+
### MAC mechanism selection
PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6).
@@ -725,7 +729,11 @@
An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key).
You can always use a private key for operations on the corresponding public key (as long as the policy permits it).
-A curve is fully determined by a curve family identifier and the private key size in bits. The following table gives the correspondence between legacy and PSA elliptic curve designations.
+A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations:
+- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size.
+- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier.
+
+The following table gives the correspondence between legacy and PSA elliptic curve designations.
| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size |
| -------------------------------- | ---------------- | -------------- |
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 7f5e880..76aef32 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -1259,9 +1259,56 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
+/** \brief Set the public key in a key pair object.
+ *
+ * \note This function does not check that the point actually
+ * belongs to the given group. Call mbedtls_ecp_check_pubkey()
+ * on \p Q before calling this function to check that.
+ *
+ * \note This function does not check that the public key matches
+ * the private key that is already in \p key, if any.
+ * To check the consistency of the resulting key pair object,
+ * call mbedtls_ecp_check_pub_priv() after setting both
+ * the public key and the private key.
+ *
+ * \param grp_id The ECP group identifier.
+ * \param key The key pair object. It must be initialized.
+ * If its group has already been set, it must match \p grp_id.
+ * If its group has not been set, it will be set to \p grp_id.
+ * If the public key has already been set, it is overwritten.
+ * \param Q The public key to copy. This must be a point on the
+ * curve indicated by \p grp_id.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p key does not
+ * match \p grp_id.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+ * the group is not implemented.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id,
+ mbedtls_ecp_keypair *key,
+ const mbedtls_ecp_point *Q);
+
/**
* \brief This function reads an elliptic curve private key.
*
+ * \note This function does not set the public key in the
+ * key pair object. Without a public key, the key pair object
+ * cannot be used with operations that require the public key.
+ * Call mbedtls_ecp_keypair_calc_public() to set the public
+ * key from the private key. Alternatively, you can call
+ * mbedtls_ecp_set_public_key() to set the public key part,
+ * and then optionally mbedtls_ecp_check_pub_priv() to check
+ * that the private and public parts are consistent.
+ *
+ * \note If a public key has already been set in the key pair
+ * object, this function does not check that it is consistent
+ * with the private key. Call mbedtls_ecp_check_pub_priv()
+ * after setting both the public key and the private key
+ * to make that check.
+ *
* \param grp_id The ECP group identifier.
* \param key The destination key.
* \param buf The buffer containing the binary representation of the
@@ -1300,6 +1347,32 @@
unsigned char *buf, size_t buflen);
/**
+ * \brief This function exports an elliptic curve public key.
+ *
+ * \param key The public key.
+ * \param format The point format. This must be either
+ * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+ * (For groups without these formats, this parameter is
+ * ignored. But it still has to be either of the above
+ * values.)
+ * \param olen The address at which to store the length of
+ * the output in Bytes. This must not be \c NULL.
+ * \param buf The output buffer. This must be a writable buffer
+ * of length \p buflen Bytes.
+ * \param buflen The length of the output buffer \p buf in Bytes.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+ * is too small to hold the point.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ * or the export for the given group is not implemented.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen);
+
+/**
* \brief This function checks that the keypair objects
* \p pub and \p prv have the same group and the
* same public point, and that the private key in
@@ -1323,16 +1396,48 @@
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+/** \brief Calculate the public key from a private key in a key pair.
+ *
+ * \param key A keypair structure. It must have a private key set.
+ * If the public key is set, it will be overwritten.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
+ * NULL if \p f_rng doesn't need a context.
+ *
+ * \return \c 0 on success. The key pair object can be used for
+ * operations that require the public key.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+ * error code on calculation failure.
+ */
+int mbedtls_ecp_keypair_calc_public(
+ mbedtls_ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+
+/** \brief Query the group that a key pair belongs to.
+ *
+ * \param key The key pair to query.
+ *
+ * \return The group ID for the group registered in the key pair
+ * object.
+ * This is \c MBEDTLS_ECP_DP_NONE if no group has been set
+ * in the key pair object.
+ */
+mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id(
+ const mbedtls_ecp_keypair *key);
+
/**
* \brief This function exports generic key-pair parameters.
*
+ * Each of the output parameters can be a null pointer
+ * if you do not need that parameter.
+ *
* \param key The key pair to export from.
* \param grp Slot for exported ECP group.
- * It must point to an initialized ECP group.
+ * It must either be null or point to an initialized ECP group.
* \param d Slot for the exported secret value.
- * It must point to an initialized mpi.
+ * It must either be null or point to an initialized mpi.
* \param Q Slot for the exported public value.
- * It must point to an initialized ECP point.
+ * It must either be null or point to an initialized ECP point.
*
* \return \c 0 on success,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 5f6a053..47724c6 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -110,44 +110,72 @@
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
*
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
* \param grpid An Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
- * \param[out] bits On success, the bit size of the curve.
+ * \param[out] bits On success the bit size of the curve; 0 on failure.
*
- * \return The corresponding PSA elliptic curve identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \return \c 0 on failure (\p grpid is not recognized).
+ * \return If the curve is supported in the PSA API, this function
+ * returns the proper PSA curve identifier
+ * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is
+ * not supported by the ECP module.
+ * \return \c 0 if the curve is not supported in the PSA API.
*/
psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits);
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
- * \param curve A PSA elliptic curve identifier
+ * \param family A PSA elliptic curve family identifier
* (`PSA_ECC_FAMILY_xxx`).
* \param bits The bit-length of a private key on \p curve.
- * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
- * to the nearest multiple of 8. This allows the caller
- * to infer the exact curve from the length of a key
- * which is supplied as a byte string.
*
- * \return The corresponding Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
- * \return #MBEDTLS_ECP_DP_NONE if \p bits is not
- * correct for \p curve.
+ * \return If the curve is supported in the PSA API, this function
+ * returns the corresponding Mbed TLS elliptic curve
+ * identifier (`MBEDTLS_ECP_DP_xxx`).
+ * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve
+ * and \p bits is not supported.
*/
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy);
+mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
+ size_t bits);
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+/**
+ * \brief This function returns the PSA algorithm identifier
+ * associated with the given digest type.
+ *
+ * \param md_type The type of digest to search for. Must not be NONE.
+ *
+ * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will
+ * not return \c PSA_ALG_NONE, but an invalid algorithm.
+ *
+ * \warning This function does not check if the algorithm is
+ * supported, it always returns the corresponding identifier.
+ *
+ * \return The PSA algorithm identifier associated with \p md_type,
+ * regardless of whether it is supported or not.
+ */
+static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
+{
+ return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
+}
+
+/**
+ * \brief This function returns the given digest type
+ * associated with the PSA algorithm identifier.
+ *
+ * \param psa_alg The PSA algorithm identifier to search for.
+ *
+ * \warning This function does not check if the algorithm is
+ * supported, it always returns the corresponding identifier.
+ *
+ * \return The MD type associated with \p psa_alg,
+ * regardless of whether it is supported or not.
+ */
+static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
+{
+ return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
+}
+
/**@}*/
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/ecp.c b/library/ecp.c
index ee86cbc..758d54b 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -3198,6 +3198,25 @@
}
#endif /* MBEDTLS_ECP_C */
+int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id,
+ mbedtls_ecp_keypair *key,
+ const mbedtls_ecp_point *Q)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if (key->grp.id == MBEDTLS_ECP_DP_NONE) {
+ /* Group not set yet */
+ if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
+ return ret;
+ }
+ } else if (key->grp.id != grp_id) {
+ /* Group mismatch */
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+ return mbedtls_ecp_copy(&key->Q, Q);
+}
+
+
#define ECP_CURVE25519_KEY_SIZE 32
#define ECP_CURVE448_KEY_SIZE 56
/*
@@ -3314,6 +3333,18 @@
return ret;
}
+/*
+ * Write a public key.
+ */
+int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen)
+{
+ return mbedtls_ecp_point_write_binary(&key->grp, &key->Q,
+ format, olen, buf, buflen);
+}
+
+
#if defined(MBEDTLS_ECP_C)
/*
* Check a public-private key pair
@@ -3355,8 +3386,22 @@
return ret;
}
+
+int mbedtls_ecp_keypair_calc_public(mbedtls_ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
+{
+ return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G,
+ f_rng, p_rng);
+}
#endif /* MBEDTLS_ECP_C */
+mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id(
+ const mbedtls_ecp_keypair *key)
+{
+ return key->grp.id;
+}
+
/*
* Export generic key-pair parameters.
*/
@@ -3365,15 +3410,15 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) {
+ if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) {
return ret;
}
- if ((ret = mbedtls_mpi_copy(d, &key->d)) != 0) {
+ if (d != NULL && (ret = mbedtls_mpi_copy(d, &key->d)) != 0) {
return ret;
}
- if ((ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) {
+ if (Q != NULL && (ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) {
return ret;
}
diff --git a/library/md_psa.h b/library/md_psa.h
index b201263..028ba24 100644
--- a/library/md_psa.h
+++ b/library/md_psa.h
@@ -15,43 +15,6 @@
#include "mbedtls/md.h"
#include "psa/crypto.h"
-/**
- * \brief This function returns the PSA algorithm identifier
- * associated with the given digest type.
- *
- * \param md_type The type of digest to search for. Must not be NONE.
- *
- * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will
- * not return \c PSA_ALG_NONE, but an invalid algorithm.
- *
- * \warning This function does not check if the algorithm is
- * supported, it always returns the corresponding identifier.
- *
- * \return The PSA algorithm identifier associated with \p md_type,
- * regardless of whether it is supported or not.
- */
-static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
-{
- return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
-}
-
-/**
- * \brief This function returns the given digest type
- * associated with the PSA algorithm identifier.
- *
- * \param psa_alg The PSA algorithm identifier to search for.
- *
- * \warning This function does not check if the algorithm is
- * supported, it always returns the corresponding identifier.
- *
- * \return The MD type associated with \p psa_alg,
- * regardless of whether it is supported or not.
- */
-static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
-{
- return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
-}
-
/** Convert PSA status to MD error code.
*
* \param status PSA status.
diff --git a/library/pk.c b/library/pk.c
index 61ac0df..9261837 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -31,7 +31,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa_util_internal.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#endif
#include <limits.h>
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 025ee8b..3d5adf8 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -98,13 +98,13 @@
}
opaque_key_type = psa_get_key_type(&opaque_attrs);
curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type);
- id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0);
+ id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs));
psa_reset_key_attributes(&opaque_attrs);
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+ id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
id = mbedtls_pk_ec_ro(*pk)->grp.id;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 9247945..c232650 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -13,7 +13,7 @@
#include "pk_wrap.h"
#include "pk_internal.h"
#include "mbedtls/error.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
/* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h"
diff --git a/library/pkparse.c b/library/pkparse.c
index d36fa3f..5f95545 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -250,7 +250,7 @@
mbedtls_ecp_group_id ecp_group_id;
int ret;
- ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+ ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
mbedtls_ecp_keypair_init(&ecp_key);
ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f17e14f..3be3176 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -70,7 +70,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
@@ -5741,7 +5741,7 @@
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
slot->attr.type);
mbedtls_ecp_group_id grp_id =
- mbedtls_ecc_group_of_psa(curve, bits, 0);
+ mbedtls_ecc_group_from_psa(curve, bits);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index e4a372d..db08541 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -14,7 +14,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_random_impl.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#include <stdlib.h>
#include <string.h>
@@ -32,6 +32,61 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
+/* Helper function to verify if the provided EC's family and key bit size are valid.
+ *
+ * Note: "bits" parameter is used both as input and output and it might be updated
+ * in case provided input value is not multiple of 8 ("sloppy" bits).
+ */
+static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits)
+{
+ switch (family) {
+ case PSA_ECC_FAMILY_SECP_R1:
+ switch (*bits) {
+ case 192:
+ case 224:
+ case 256:
+ case 384:
+ case 521:
+ return PSA_SUCCESS;
+ case 528:
+ *bits = 521;
+ return PSA_SUCCESS;
+ }
+ break;
+
+ case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
+ switch (*bits) {
+ case 256:
+ case 384:
+ case 512:
+ return PSA_SUCCESS;
+ }
+ break;
+
+ case PSA_ECC_FAMILY_MONTGOMERY:
+ switch (*bits) {
+ case 448:
+ case 255:
+ return PSA_SUCCESS;
+ case 256:
+ *bits = 255;
+ return PSA_SUCCESS;
+ }
+ break;
+
+ case PSA_ECC_FAMILY_SECP_K1:
+ switch (*bits) {
+ case 192:
+ /* secp224k1 is not and will not be supported in PSA (#3541). */
+ case 256:
+ return PSA_SUCCESS;
+ }
+ break;
+ }
+
+ return PSA_ERROR_INVALID_ARGUMENT;
+}
+
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
const uint8_t *data, size_t data_length,
@@ -82,16 +137,15 @@
}
mbedtls_ecp_keypair_init(ecp);
+ status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
/* Load the group. */
- grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
- curve_bits, !explicit_bits);
+ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
+ curve_bits);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
- /* We can't distinguish between a nonsensical family/size combination
- * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
- * well-regarded curve that Mbed TLS just doesn't know about (which
- * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how
- * curves that Mbed TLS knows about but for which support is disabled
- * at build time, return NOT_SUPPORTED. */
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
@@ -285,7 +339,7 @@
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
attributes->core.type);
mbedtls_ecp_group_id grp_id =
- mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0);
+ mbedtls_ecc_group_from_psa(curve, attributes->core.bits);
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(grp_id);
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 0679f41..7b58ea2 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -16,7 +16,7 @@
#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_hash.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#include <stdlib.h>
#include <string.h>
diff --git a/library/psa_util.c b/library/psa_util.c
index 36b7175..41586e2 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -232,9 +232,7 @@
return PSA_ECC_FAMILY_SECP_K1;
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
- case MBEDTLS_ECP_DP_SECP224K1:
- *bits = 224;
- return PSA_ECC_FAMILY_SECP_K1;
+ /* secp224k1 is not and will not be supported in PSA (#3541). */
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
case MBEDTLS_ECP_DP_SECP256K1:
@@ -252,11 +250,10 @@
}
}
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy)
+mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
+ size_t bits)
{
- switch (curve) {
+ switch (family) {
case PSA_ECC_FAMILY_SECP_R1:
switch (bits) {
#if defined(PSA_WANT_ECC_SECP_R1_192)
@@ -278,11 +275,6 @@
#if defined(PSA_WANT_ECC_SECP_R1_521)
case 521:
return MBEDTLS_ECP_DP_SECP521R1;
- case 528:
- if (bits_is_sloppy) {
- return MBEDTLS_ECP_DP_SECP521R1;
- }
- break;
#endif
}
break;
@@ -309,11 +301,6 @@
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
case 255:
return MBEDTLS_ECP_DP_CURVE25519;
- case 256:
- if (bits_is_sloppy) {
- return MBEDTLS_ECP_DP_CURVE25519;
- }
- break;
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
case 448:
@@ -329,8 +316,7 @@
return MBEDTLS_ECP_DP_SECP192K1;
#endif
#if defined(PSA_WANT_ECC_SECP_K1_224)
- case 224:
- return MBEDTLS_ECP_DP_SECP224K1;
+ /* secp224k1 is not and will not be supported in PSA (#3541). */
#endif
#if defined(PSA_WANT_ECC_SECP_K1_256)
case 256:
@@ -340,7 +326,6 @@
break;
}
- (void) bits_is_sloppy;
return MBEDTLS_ECP_DP_NONE;
}
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 6224ef2..23619a2 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -17,7 +17,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#endif
#include <string.h>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index ee81eb4..2772cac 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -24,7 +24,7 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8c1e372..0bc18f1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -29,6 +29,7 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
#include "md_psa.h"
#include "psa_util_internal.h"
#include "psa/crypto.h"
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5c668bd..a3d33a3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -19,7 +19,7 @@
#include "ssl_client.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
/* Define a local translating function to save code size by not using too many
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 47fa65c..04ecd8b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -17,7 +17,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
#include "psa/crypto.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#include "ssl_misc.h"
#include "ssl_tls13_invasive.h"
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 9b775ec..edb453c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -22,7 +22,7 @@
#include "ssl_tls13_invasive.h"
#include "psa/crypto.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6e2866a..904bb5b 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -14,7 +14,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
#include "mbedtls/oid.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 4e7672e..84b92a8 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -35,7 +35,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "pk_internal.h"
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 44b6b17..913b15a 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -33,7 +33,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 254da69..af75e7f 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -24,7 +24,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index afd6fb3..5664b8c 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -60,8 +60,8 @@
unsigned char buf[300];
size_t len;
- if (mbedtls_ecp_point_write_binary(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
- MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) {
+ if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, buf, sizeof(buf)) != 0) {
mbedtls_printf("internal error\n");
return;
}
@@ -79,6 +79,8 @@
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdsa_context ctx_sign, ctx_verify;
+ mbedtls_ecp_point Q;
+ mbedtls_ecp_point_init(&Q);
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char message[100];
@@ -128,7 +130,10 @@
goto exit;
}
- mbedtls_printf(" ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits);
+ mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign);
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
+ mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size);
dump_pubkey(" + Public key: ", &ctx_sign);
@@ -174,16 +179,13 @@
mbedtls_printf(" . Preparing verification context...");
fflush(stdout);
- if ((ret =
- mbedtls_ecp_group_copy(&ctx_verify.MBEDTLS_PRIVATE(grp),
- &ctx_sign.MBEDTLS_PRIVATE(grp))) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ecp_group_copy returned %d\n", ret);
+ if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret);
goto exit;
}
- if ((ret =
- mbedtls_ecp_copy(&ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q))) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ecp_copy returned %d\n", ret);
+ if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret);
goto exit;
}
@@ -208,6 +210,7 @@
mbedtls_ecdsa_free(&ctx_verify);
mbedtls_ecdsa_free(&ctx_sign);
+ mbedtls_ecp_point_free(&Q);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index f6bb237..6914c93 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -9,8 +9,19 @@
#include "mbedtls/platform.h"
-#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
- defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/ecdsa.h"
@@ -61,7 +72,6 @@
return 0;
}
#endif /* !_WIN32 */
-#endif
#if defined(MBEDTLS_ECP_C)
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
@@ -96,19 +106,6 @@
USAGE_DEV_RANDOM \
"\n"
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_PEM_WRITE_C"
- "not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
/*
* global options
@@ -160,6 +157,71 @@
return 0;
}
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+ int ret = 0;
+
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(
+ mbedtls_ecp_keypair_get_group_id(ecp));
+ mbedtls_printf("curve: %s\n", curve_info->name);
+
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi D;
+ mbedtls_mpi_init(&D);
+ mbedtls_ecp_point pt;
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_mpi X, Y;
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+ MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+ (has_private ? &D : NULL),
+ &pt));
+
+ unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len = 0;
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+ &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, point_bin, sizeof(point_bin)));
+ switch (mbedtls_ecp_get_type(&grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((len & 1) == 0 || point_bin[0] != 0x04) {
+ /* Point in an unxepected format. This shouldn't happen. */
+ ret = -1;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ break;
+ default:
+ mbedtls_printf(
+ "This program does not yet support listing coordinates for this curve type.\n");
+ break;
+ }
+
+ if (has_private) {
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ }
+
+cleanup:
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&D);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ return ret;
+}
+#endif
+
int main(int argc, char *argv[])
{
int ret = 1;
@@ -365,12 +427,10 @@
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
- mbedtls_printf("curve: %s\n",
- mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
- mbedtls_mpi_write_file("X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
- mbedtls_mpi_write_file("Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
- mbedtls_mpi_write_file("D: ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL);
+ if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto exit;
+ }
} else
#endif
mbedtls_printf(" ! key type not supported\n");
@@ -415,5 +475,4 @@
mbedtls_exit(exit_code);
}
-#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
- * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* program viability conditions */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 194c410..e3a6966 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -53,6 +53,71 @@
#else
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+ int ret = 0;
+
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(
+ mbedtls_ecp_keypair_get_group_id(ecp));
+ mbedtls_printf("curve: %s\n", curve_info->name);
+
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi D;
+ mbedtls_mpi_init(&D);
+ mbedtls_ecp_point pt;
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_mpi X, Y;
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+ MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+ (has_private ? &D : NULL),
+ &pt));
+
+ unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len = 0;
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+ &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, point_bin, sizeof(point_bin)));
+ switch (mbedtls_ecp_get_type(&grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((len & 1) == 0 || point_bin[0] != 0x04) {
+ /* Point in an unxepected format. This shouldn't happen. */
+ ret = -1;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ break;
+ default:
+ mbedtls_printf(
+ "This program does not yet support listing coordinates for this curve type.\n");
+ break;
+ }
+
+ if (has_private) {
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ }
+
+cleanup:
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&D);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ return ret;
+}
+#endif
+
/*
* global options
*/
@@ -219,17 +284,10 @@
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ",
- &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16,
- NULL));
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ",
- &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16,
- NULL));
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ",
- &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16,
- NULL));
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL));
+ if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto cleanup;
+ }
} else
#endif
{
@@ -269,16 +327,10 @@
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ",
- &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16,
- NULL));
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ",
- &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16,
- NULL));
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ",
- &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16,
- NULL));
+ if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto cleanup;
+ }
} else
#endif
{
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index c07c564..60f992e 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -9,9 +9,21 @@
#include "mbedtls/platform.h"
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \
- defined(MBEDTLS_FS_IO) && \
- defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_PK_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_BIGNUM_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/error.h"
@@ -21,7 +33,6 @@
#include <stdio.h>
#include <string.h>
-#endif
#if defined(MBEDTLS_PEM_WRITE_C)
#define USAGE_OUT \
@@ -66,20 +77,6 @@
USAGE_OUT \
"\n"
-#if !defined(MBEDTLS_PK_PARSE_C) || \
- !defined(MBEDTLS_PK_WRITE_C) || \
- !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
/*
* global options
@@ -176,6 +173,71 @@
return 0;
}
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+ int ret = 0;
+
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(
+ mbedtls_ecp_keypair_get_group_id(ecp));
+ mbedtls_printf("curve: %s\n", curve_info->name);
+
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi D;
+ mbedtls_mpi_init(&D);
+ mbedtls_ecp_point pt;
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_mpi X, Y;
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+ MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+ (has_private ? &D : NULL),
+ &pt));
+
+ unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len = 0;
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+ &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, point_bin, sizeof(point_bin)));
+ switch (mbedtls_ecp_get_type(&grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((len & 1) == 0 || point_bin[0] != 0x04) {
+ /* Point in an unxepected format. This shouldn't happen. */
+ ret = -1;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ break;
+ default:
+ mbedtls_printf(
+ "This program does not yet support listing coordinates for this curve type.\n");
+ break;
+ }
+
+ if (has_private) {
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ }
+
+cleanup:
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&D);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ return ret;
+}
+#endif
+
int main(int argc, char *argv[])
{
int ret = 1;
@@ -338,11 +400,10 @@
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
- mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
- mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
- mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL);
- mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL);
+ if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto exit;
+ }
} else
#endif
mbedtls_printf("key type not supported yet\n");
@@ -384,10 +445,10 @@
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
- mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
- mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
- mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL);
+ if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto exit;
+ }
} else
#endif
mbedtls_printf("key type not supported yet\n");
@@ -431,5 +492,4 @@
mbedtls_exit(exit_code);
}
-#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO &&
- MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* program viability conditions */
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index a867971..6503f9a 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -325,6 +325,7 @@
# is required.
'test_suite_ecp': [
re.compile(r'ECP check public-private .*'),
+ re.compile(r'ECP calculate public: .*'),
re.compile(r'ECP gen keypair .*'),
re.compile(r'ECP point muladd .*'),
re.compile(r'ECP point multiplication .*'),
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 3d8937d..2368a76 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -9,7 +9,7 @@
*/
#include <test/ssl_helpers.h>
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 9d9aa3c..0e870d8 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -3,7 +3,7 @@
#include <mbedtls/constant_time.h>
#include <mbedtls/md.h>
#include <constant_time_internal.h>
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#include <ssl_misc.h>
#include <test/constant_flow.h>
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 1002991..01fdc47 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -529,6 +529,24 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_ecp_check_pub_priv:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ECP calculate public: secp256r1, good
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff"
+
+ECP calculate public: secp256r1, private value out of range
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_ECP_INVALID_KEY:""
+
+# Alice's private key from rfc 7748, masked and adjusted for endianness
+# because the test function wants the little-endian representation.
+ECP calculate public: Curve25519, good
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"6a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":0:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+
+ECP calculate public: Curve25519, private value not masked
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"2a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":MBEDTLS_ERR_ECP_INVALID_KEY:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+
ECP gen keypair [#1]
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_keypair:MBEDTLS_ECP_DP_SECP192R1
@@ -581,6 +599,48 @@
ECP generate Montgomery key: Curve448, not enough entropy
genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":""
+ECP set public key: invalid group (0)
+ecp_set_public_key_group_check:MBEDTLS_ECP_DP_NONE:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP set public key: valid group (secp256r1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:0
+
+ECP set public key: group not supported (secp256r1)
+depends_on:!MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP set public key: bad group (not in enum)
+ecp_set_public_key_group_check:MBEDTLS_ECP_DP_MAX:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP set public key: good, secp256r1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_set_public_key_good:MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
+
+ECP set public key: good, Curve25519
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_set_public_key_good:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+
+ECP set public key after private: good, secp256r1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
+
+ECP set public key after private: good, Curve25519
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_set_public_key_after_private:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
+
+ECP set public key after private: secp256r1 then secp256k1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256K1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
+
+ECP set public key after private: secp256r1 then secp384r1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP384R1:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaae1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
+
+ECP set public key after private: secp384r1 then secp256r1
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP384R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
+
ECP read key #1 (short weierstrass, too small)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 5751624..295fe7f 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -590,29 +590,41 @@
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
+ mbedtls_ecp_keypair key;
unsigned char buf[256];
size_t olen;
memset(buf, 0, sizeof(buf));
mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
+ mbedtls_ecp_keypair_init(&key);
- TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
+ TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&P.X, x), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&P.Y, y), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&P.Z, z), 0);
- TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format,
- &olen, buf, blen) == ret);
-
+ TEST_EQUAL(mbedtls_ecp_point_write_binary(&grp, &P, format,
+ &olen, buf, blen), ret);
if (ret == 0) {
- TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN);
- TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0);
+ TEST_LE_U(olen, MBEDTLS_ECP_MAX_PT_LEN);
+ ASSERT_COMPARE(buf, olen,
+ out->x, out->len);
+ }
+
+ memset(buf, 0, blen);
+ TEST_EQUAL(mbedtls_ecp_set_public_key(grp.id, &key, &P), 0);
+ TEST_EQUAL(mbedtls_ecp_write_public_key(&key, format,
+ &olen, buf, blen), ret);
+ if (ret == 0) {
+ ASSERT_COMPARE(buf, olen,
+ out->x, out->len);
}
exit:
mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
+ mbedtls_ecp_keypair_free(&key);
}
/* END_CASE */
@@ -989,6 +1001,41 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
+void ecp_calc_public(int grp_id, data_t *private_data,
+ int expected_ret, data_t *expected_public)
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_keypair_init(&key);
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
+
+ TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0);
+ TEST_EQUAL(mbedtls_mpi_read_binary(&key.d,
+ private_data->x, private_data->len), 0);
+
+ TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info),
+ expected_ret);
+
+ if (expected_ret == 0) {
+ TEST_EQUAL(mbedtls_ecp_check_pub_priv(&key, &key,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info),
+ 0);
+ unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t length;
+ TEST_EQUAL(mbedtls_ecp_point_write_binary(&key.grp, &key.Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &length, buf, sizeof(buf)),
+ 0);
+ ASSERT_COMPARE(expected_public->x, expected_public->len, buf, length);
+ }
+
+exit:
+ mbedtls_ecp_keypair_free(&key);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void mbedtls_ecp_gen_keypair(int id)
{
mbedtls_ecp_group grp;
@@ -1030,6 +1077,7 @@
&mbedtls_test_rnd_pseudo_rand,
&rnd_info) == 0);
+ TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), id);
TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0);
TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0);
@@ -1039,22 +1087,123 @@
/* END_CASE */
/* BEGIN_CASE */
+void ecp_set_public_key_group_check(int grp_id, int expected_ret)
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_point Q;
+ mbedtls_ecp_point_init(&Q);
+
+ TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q),
+ expected_ret);
+
+exit:
+ mbedtls_ecp_keypair_free(&key);
+ mbedtls_ecp_point_free(&Q);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecp_set_public_key_good(int grp_id, data_t *public_data)
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point Q;
+ mbedtls_ecp_point_init(&Q);
+
+ TEST_EQUAL(mbedtls_ecp_group_load(&grp, grp_id), 0);
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q,
+ public_data->x, public_data->len),
+ 0);
+
+ /* Freshly initialized key */
+ TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0);
+ TEST_EQUAL(key.grp.id, grp_id);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0);
+
+ /* Key with a public key already set to a different value */
+ TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Z, &key.Q.Z, 1), 0);
+ TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0);
+ TEST_EQUAL(key.grp.id, grp_id);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0);
+
+exit:
+ mbedtls_ecp_keypair_free(&key);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data,
+ int public_grp_id, data_t *public_data)
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point Q;
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi d;
+ mbedtls_mpi_init(&d);
+
+ TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0);
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q,
+ public_data->x, public_data->len),
+ 0);
+ TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key,
+ private_data->x, private_data->len),
+ 0);
+ TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0);
+
+ int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q);
+
+ if (private_grp_id == public_grp_id) {
+ TEST_EQUAL(ret, 0);
+ TEST_EQUAL(key.grp.id, public_grp_id);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0);
+ } else {
+ TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
+ }
+
+exit:
+ mbedtls_ecp_keypair_free(&key);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&d);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical)
{
int ret = 0;
mbedtls_ecp_keypair key;
- mbedtls_ecp_keypair key2;
-
mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_keypair key2;
mbedtls_ecp_keypair_init(&key2);
+ TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0);
+ TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0);
+
ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len);
TEST_ASSERT(ret == expected);
if (expected == 0) {
+ TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), grp_id);
ret = mbedtls_ecp_check_privkey(&key.grp, &key.d);
TEST_ASSERT(ret == 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0);
+
if (canonical) {
unsigned char buf[MBEDTLS_ECP_MAX_BYTES];
@@ -1233,6 +1382,28 @@
TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0);
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0);
TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0);
+
+ /* Check consistency with the group id */
+ TEST_EQUAL(export_grp.id,
+ mbedtls_ecp_keypair_get_group_id(&key));
+
+ /* Test null arguments: grp only */
+ mbedtls_ecp_group_free(&export_grp);
+ mbedtls_ecp_group_init(&export_grp);
+ TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0);
+ TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0);
+
+ /* Test null arguments: d only */
+ mbedtls_mpi_free(&export_d);
+ mbedtls_mpi_init(&export_d);
+ TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0);
+
+ /* Test null arguments: Q only */
+ mbedtls_ecp_point_free(&export_Q);
+ mbedtls_ecp_point_init(&export_Q);
+ TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0);
+ TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0);
}
exit:
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 866ff58..2a885e2 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/md.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 226598c..f054443 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -16,7 +16,7 @@
* but the test code generator requires test case data to be valid C code
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "psa_util_internal.h"
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 1bd8b65..eda6f5d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -684,7 +684,7 @@
PSA import EC keypair: explicit bit-size=255 for secp256r1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
-import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size=521 for secp521r1 (good)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521
@@ -692,7 +692,7 @@
PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521
-import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size, DER format
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
@@ -716,7 +716,7 @@
PSA import EC keypair: implicit bit-size, not a valid length
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
-import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: secp256r1, all-bits-zero (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
@@ -7406,3 +7406,62 @@
PSA derive persistent key: HKDF SHA-256, exportable
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
+
+ECP group ID <-> PSA family - SECP192R1
+depends_on:PSA_WANT_ECC_SECP_R1_192
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192
+
+ECP group ID <-> PSA family - SECP224R1
+depends_on:PSA_WANT_ECC_SECP_R1_224
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1:PSA_ECC_FAMILY_SECP_R1:224
+
+ECP group ID <-> PSA family - SECP256R1
+depends_on:PSA_WANT_ECC_SECP_R1_256
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256
+
+ECP group ID <-> PSA family - SECP384R1
+depends_on:PSA_WANT_ECC_SECP_R1_384
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384
+
+ECP group ID <-> PSA family - SECP521R1
+depends_on:PSA_WANT_ECC_SECP_R1_521
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521
+
+ECP group ID <-> PSA family - BP256R1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256
+
+ECP group ID <-> PSA family - BP384R1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384
+
+ECP group ID <-> PSA family - BP512R1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512
+
+ECP group ID <-> PSA family - CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
+ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519:PSA_ECC_FAMILY_MONTGOMERY:255
+
+ECP group ID <-> PSA family - SECP192K1
+depends_on:PSA_WANT_ECC_SECP_K1_192
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
+
+ECP group ID <-> PSA family - SECP224K1
+depends_on:PSA_WANT_ECC_SECP_K1_224
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+
+ECP group ID <-> PSA family - SECP256K1
+depends_on:PSA_WANT_ECC_SECP_K1_256
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256
+
+ECP group ID <-> PSA family - CURVE448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
+ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448
+
+ECP group ID <-> PSA family - Null values
+ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0
+
+ECP group ID <-> PSA family - Wrong values
+ecc_conversion_functions_fail
+
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4c08a90..7b6f5ae 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -6,6 +6,8 @@
#include "mbedtls/oid.h"
#include "common.h"
+#include "mbedtls/psa_util.h"
+
/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
* uses mbedtls_ctr_drbg internally. */
#include "mbedtls/ctr_drbg.h"
@@ -9479,6 +9481,45 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg)
+{
+ mbedtls_ecp_group_id grp_id = grp_id_arg;
+ psa_ecc_family_t ecc_family = psa_family_arg;
+ size_t bits = bits_arg;
+ size_t bits_tmp;
+
+ TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp));
+ TEST_EQUAL(bits, bits_tmp);
+ TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits));
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+void ecc_conversion_functions_fail()
+{
+ size_t bits;
+
+ /* Invalid legacy curve identifiers. */
+ TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_MAX, &bits));
+ TEST_EQUAL(0, bits);
+ TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits));
+ TEST_EQUAL(0, bits);
+
+ /* Invalid PSA EC family. */
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(0, 192));
+ /* Invalid bit-size for a valid EC family. */
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 512));
+
+ /* Twisted-Edward curves are not supported yet. */
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE,
+ mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 255));
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE,
+ mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 448));
+}
+/* END_CASE */
+
+
/* BEGIN_CASE */
void key_agreement_output(int alg_arg,
int our_key_type_arg, data_t *our_key_data,
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 503d976..1d8b87c 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -7,7 +7,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/pk.h"
-#include "md_psa.h"
+#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,