mbedtls_psa_parse_tls_ecc_group: make no assumption on PSA encodings

Don't assume that the PSA encoding of elliptic curves is identical to the TLS encoding. This is currently true but about to change. The new implementation only works when MBEDTLS_ECP_C is defined. This is ok because the function is only used with MBEDTLS_ECP_C defined.
2019-12-12 17:56:46 +01:00 · 2019-12-12 17:56:46 +01:00 · d8197cb902
commit d8197cb902
parent fc2459db13
1 changed files with 9 additions and 3 deletions
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@ -350,13 +350,19 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
 /* This function transforms an ECC group identifier from
 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
 * into a PSA ECC group identifier. */
+#if defined(MBEDTLS_ECP_C)
 static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(
    uint16_t tls_ecc_grp_reg_id )
 {
-    /* The PSA identifiers are currently aligned with those from
-     * the TLS Supported Groups registry, so no conversion is necessary. */
-    return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
+    size_t bits;
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
+    if( curve_info == NULL )
+        return( 0 );
+    else
+        return( mbedtls_ecc_group_to_psa( curve_info->grp_id, &bits ) );
 }
+#endif /* MBEDTLS_ECP_C */

 /* This function takes a buffer holding an EC public key
 * exported through psa_export_public_key(), and converts