diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index fa4be0ea6..be45542d6 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -160,81 +160,96 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg /* Translations for ECC. */ static inline int mbedtls_psa_get_ecc_oid_from_id( - psa_ecc_curve_t curve, char const **oid, size_t *oid_len ) + psa_ecc_curve_t curve, size_t bits, + char const **oid, size_t *oid_len ) { switch( curve ) { + case PSA_ECC_CURVE_SECP_R1: + switch( bits ) + { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - case PSA_ECC_CURVE_SECP192R1: - *oid = MBEDTLS_OID_EC_GRP_SECP192R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 ); - return( 0 ); + case 192: + *oid = MBEDTLS_OID_EC_GRP_SECP192R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - case PSA_ECC_CURVE_SECP224R1: - *oid = MBEDTLS_OID_EC_GRP_SECP224R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 ); - return( 0 ); + case 224: + *oid = MBEDTLS_OID_EC_GRP_SECP224R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case PSA_ECC_CURVE_SECP256R1: - *oid = MBEDTLS_OID_EC_GRP_SECP256R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 ); - return( 0 ); + case 256: + *oid = MBEDTLS_OID_EC_GRP_SECP256R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case PSA_ECC_CURVE_SECP384R1: - *oid = MBEDTLS_OID_EC_GRP_SECP384R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 ); - return( 0 ); + case 384: + *oid = MBEDTLS_OID_EC_GRP_SECP384R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case PSA_ECC_CURVE_SECP521R1: - *oid = MBEDTLS_OID_EC_GRP_SECP521R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 ); - return( 0 ); + case 521: + *oid = MBEDTLS_OID_EC_GRP_SECP521R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + } + break; + case PSA_ECC_CURVE_SECP_K1: + switch( bits ) + { #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - case PSA_ECC_CURVE_SECP192K1: - *oid = MBEDTLS_OID_EC_GRP_SECP192K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 ); - return( 0 ); + case 192: + *oid = MBEDTLS_OID_EC_GRP_SECP192K1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - case PSA_ECC_CURVE_SECP224K1: - *oid = MBEDTLS_OID_EC_GRP_SECP224K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 ); - return( 0 ); + case 224: + *oid = MBEDTLS_OID_EC_GRP_SECP224K1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - case PSA_ECC_CURVE_SECP256K1: - *oid = MBEDTLS_OID_EC_GRP_SECP256K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 ); - return( 0 ); + case 256: + *oid = MBEDTLS_OID_EC_GRP_SECP256K1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ + } + break; + case PSA_ECC_CURVE_BRAINPOOL_P_R1: + switch( bits ) + { #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - case PSA_ECC_CURVE_BRAINPOOL_P256R1: - *oid = MBEDTLS_OID_EC_GRP_BP256R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 ); - return( 0 ); + case 256: + *oid = MBEDTLS_OID_EC_GRP_BP256R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - case PSA_ECC_CURVE_BRAINPOOL_P384R1: - *oid = MBEDTLS_OID_EC_GRP_BP384R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 ); - return( 0 ); + case 384: + *oid = MBEDTLS_OID_EC_GRP_BP384R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - case PSA_ECC_CURVE_BRAINPOOL_P512R1: - *oid = MBEDTLS_OID_EC_GRP_BP512R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 ); - return( 0 ); + case 512: + *oid = MBEDTLS_OID_EC_GRP_BP512R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 ); + return( 0 ); #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - default: - (void) oid; - (void) oid_len; - return( -1 ); + } + break; } + (void) oid; + (void) oid_len; + return( -1 ); } #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1 diff --git a/library/pkwrite.c b/library/pkwrite.c index 49a21bf08..4fa542415 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -273,18 +273,20 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si psa_key_type_t key_type; psa_key_handle_t handle; psa_ecc_curve_t curve; + size_t bits; handle = *((psa_key_handle_t*) key->pk_ctx ); if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) ) return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); key_type = psa_get_key_type( &attributes ); + bits = psa_get_key_bits( &attributes ); psa_reset_key_attributes( &attributes ); - curve = PSA_KEY_TYPE_GET_CURVE( key_type ); + curve = PSA_KEY_TYPE_GET_CURVE( key_type ) & 0xff0000; if( curve == 0 ) return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len ); + ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len ); if( ret != 0 ) return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2eeb07655..d88ca5454 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -107,8 +107,8 @@ psa_key_handle_t pk_psa_genkey( void ) { psa_key_handle_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - const int curve = PSA_ECC_CURVE_SECP256R1; - const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve); + const psa_key_type_t type = + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ); const size_t bits = 256; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );