2fa6b5f503
Attempting to create an ECC key with a curve specification that is not valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may be a curve specification, but not one I support"). The choice of error is somewhat subjective. Before this commit, due to happenstance in the implementation, an attempt to use a curve that is declared in the PSA API but not implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas an attempt to use a curve that Mbed TLS supports but for which support was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This inconsistency made it difficult to write negative tests that could work whether the curve is implemented via Mbed TLS code or via a driver. After this commit, any attempt to use parameters that are not recognized fails with NOT_SUPPORTED, whether a curve with the specified size might plausibly exist or not, because "might plausibly exist" is not something Mbed TLS can determine. To keep returning INVALID_ARGUMENT when importing an ECC key with an explicit "bits" attribute that is inconsistent with the size of the key material, this commit changes the way mbedtls_ecc_group_of_psa() works: it now works on a size in bits rather than bytes, with an extra flag indicating whether the bit-size must be exact or not. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
5 lines
229 B
Plaintext
5 lines
229 B
Plaintext
API changes
|
|
* The API glue function mbedtls_ecc_group_of_psa() now takes the curve size
|
|
in bits rather than bytes, with an additional flag to indicate if the
|
|
size may have been rounded up to a whole number of bytes.
|