Skip to content

Commit 3ba1eb5

Browse files
degjorvarlubos
degjorva
authored and
rlubos
committed
nrf_security: cracen: Fix IKG export public key bug
Fix bug where export_ecc_public_key_from_keypair would return early Signed-off-by: Dag Erik Gjørvad <[email protected]>
1 parent df22105 commit 3ba1eb5

File tree

1 file changed

+32
-19
lines changed

1 file changed

+32
-19
lines changed

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c

Lines changed: 32 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -649,6 +649,22 @@ static psa_status_t handle_curve_family(psa_ecc_family_t psa_curve, size_t key_b
649649
return PSA_SUCCESS;
650650
}
651651

652+
static bool requires_sitask(const psa_key_attributes_t *attributes, psa_ecc_family_t curve)
653+
{
654+
if (!(IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_ECC_MONTGOMERY_255) ||
655+
IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_ECC_MONTGOMERY_448) ||
656+
IS_ENABLED(PSA_NEED_CRACEN_ECDSA_SECP_R1_256))) {
657+
return false;
658+
}
659+
if ((curve != PSA_ECC_FAMILY_TWISTED_EDWARDS && curve != PSA_ECC_FAMILY_SECP_R1 &&
660+
curve != PSA_ECC_FAMILY_SECP_K1 && curve != PSA_ECC_FAMILY_BRAINPOOL_P_R1) ||
661+
(PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)) ==
662+
PSA_KEY_LOCATION_CRACEN)) {
663+
return true;
664+
}
665+
return false;
666+
}
667+
652668
static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_t *attributes,
653669
const uint8_t *key_buffer,
654670
size_t key_buffer_size, uint8_t *data,
@@ -675,32 +691,29 @@ static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_
675691

676692
if (PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)) ==
677693
PSA_KEY_LOCATION_CRACEN) {
678-
return handle_identity_key(key_buffer, key_buffer_size, sx_curve, data, &priv_key,
679-
&pub_key);
694+
status = handle_identity_key(key_buffer, key_buffer_size, sx_curve, data, &priv_key,
695+
&pub_key);
680696
} else {
681697
status = handle_curve_family(psa_curve, key_bits_attr, key_buffer, data, sx_curve,
682698
&priv_key, &pub_key);
683699
}
684700
if (status != PSA_SUCCESS) {
685701
return status;
686702
}
687-
if (IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_ECC_MONTGOMERY_255) ||
688-
IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_ECC_MONTGOMERY_448)) {
689-
if (psa_curve != PSA_ECC_FAMILY_TWISTED_EDWARDS &&
690-
psa_curve != PSA_ECC_FAMILY_SECP_R1 && psa_curve != PSA_ECC_FAMILY_SECP_K1 &&
691-
psa_curve != PSA_ECC_FAMILY_BRAINPOOL_P_R1) {
692-
char workmem[SX_ED448_DGST_SZ] = {};
693-
struct sitask t;
694-
695-
si_task_init(&t, workmem, sizeof(workmem));
696-
si_sig_create_pubkey(&t, &priv_key, &pub_key);
697-
si_task_run(&t);
698-
699-
status = silex_statuscodes_to_psa(si_task_wait(&t));
700-
safe_memzero(workmem, sizeof(workmem));
701-
if (status != PSA_SUCCESS) {
702-
return status;
703-
}
703+
bool is_sitask = requires_sitask(attributes, psa_curve);
704+
705+
if (is_sitask) {
706+
char workmem[SX_ED448_DGST_SZ] = {};
707+
struct sitask t;
708+
709+
si_task_init(&t, workmem, sizeof(workmem));
710+
si_sig_create_pubkey(&t, &priv_key, &pub_key);
711+
si_task_run(&t);
712+
713+
status = silex_statuscodes_to_psa(si_task_wait(&t));
714+
safe_memzero(workmem, sizeof(workmem));
715+
if (status != PSA_SUCCESS) {
716+
return status;
704717
}
705718
}
706719
*data_length = expected_pub_key_size;

0 commit comments

Comments
 (0)