Linaro Git Browser
Code Review Sign In
review.linaro.org / people / jun.nie / optee_os.git / 7bd215a7be2bfac84dadf78e2f771400e163bd05^! / .
commit7bd215a7be2bfac84dadf78e2f771400e163bd05[log] [tgz]
authorJerome Forissier <jerome.forissier@linaro.org>Mon Mar 06 10:26:36 2023 +0100
committerJérôme Forissier <jerome@forissier.org>Tue Mar 14 21:48:51 2023 +0100
tree3e0dda539c864fe449fadfa3bc8df1d6d6068896
parent9cf576a9f597db75d892cab78eae646151a7ecc0 [diff]
core: mbedtls: ecc_get_keysize(): do not check algorithm against curve

Since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"), the algorithm and curve values are not tied
as closely as before. The GP TEE Internal Core API specification v1.3.1
mentions "ECDSA algorithm identifiers should be tied to the size of the
digest, not the key. The key size information is provided with the key
material." (Table B-2). In other words, a number of algorithm values
are valid for use with any given ECC curve. Therefore remove the
algorithm checks in ecc_get_keysize(). This function is not the proper
place anyways.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

diff --git a/lib/libmbedtls/core/ecc.c b/lib/libmbedtls/core/ecc.c
index fd4a51b..8ec9f16 100644
--- a/lib/libmbedtls/core/ecc.c
+++ b/lib/libmbedtls/core/ecc.c

@@ -44,52 +44,29 @@
 	crypto_bignum_free(s->y);
 }
 
-/*
- * curve is part of TEE_ECC_CURVE_NIST_P192,...
- * algo is part of TEE_ALG_ECDSA_P192,..., and 0 if we do not have it
- */
 static TEE_Result ecc_get_keysize(uint32_t curve, uint32_t algo,
 				  size_t *key_size_bytes, size_t *key_size_bits)
 {
-	/*
-	 * Note GPv1.1 indicates TEE_ALG_ECDH_NIST_P192_DERIVE_SHARED_SECRET
-	 * but defines TEE_ALG_ECDH_P192
-	 */
 	switch (curve) {
 	case TEE_ECC_CURVE_NIST_P192:
 		*key_size_bits = 192;
 		*key_size_bytes = 24;
-		if ((algo != 0) && (algo != TEE_ALG_ECDSA_P192) &&
-		    (algo != TEE_ALG_ECDH_P192))
-			return TEE_ERROR_BAD_PARAMETERS;
 		break;
 	case TEE_ECC_CURVE_NIST_P224:
 		*key_size_bits = 224;
 		*key_size_bytes = 28;
-		if ((algo != 0) && (algo != TEE_ALG_ECDSA_P224) &&
-		    (algo != TEE_ALG_ECDH_P224))
-			return TEE_ERROR_BAD_PARAMETERS;
 		break;
 	case TEE_ECC_CURVE_NIST_P256:
 		*key_size_bits = 256;
 		*key_size_bytes = 32;
-		if ((algo != 0) && (algo != TEE_ALG_ECDSA_P256) &&
-		    (algo != TEE_ALG_ECDH_P256))
-			return TEE_ERROR_BAD_PARAMETERS;
 		break;
 	case TEE_ECC_CURVE_NIST_P384:
 		*key_size_bits = 384;
 		*key_size_bytes = 48;
-		if ((algo != 0) && (algo != TEE_ALG_ECDSA_P384) &&
-		    (algo != TEE_ALG_ECDH_P384))
-			return TEE_ERROR_BAD_PARAMETERS;
 		break;
 	case TEE_ECC_CURVE_NIST_P521:
 		*key_size_bits = 521;
 		*key_size_bytes = 66;
-		if ((algo != 0) && (algo != TEE_ALG_ECDSA_P521) &&
-		    (algo != TEE_ALG_ECDH_P521))
-			return TEE_ERROR_BAD_PARAMETERS;
 		break;
 	case TEE_ECC_CURVE_SM2:
 		*key_size_bits = 256;