Skip to content

Commit

Permalink
pal: fix public key generation for secp256r1
Browse files Browse the repository at this point in the history
The SECPxxx public key contains additional constant byte (prefix)
on the buffer beginning, to backward compatibility this byte is skipped

Signed-off-by: Krzysztof Taborowski <[email protected]>
  • Loading branch information
ktaborowski committed Sep 5, 2024
1 parent 2115882 commit 1dca29a
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions subsys/sal/sid_pal/src/sid_crypto_keys.c
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

LOG_MODULE_REGISTER(sid_crypto_key, CONFIG_SIDEWALK_CRYPTO_LOG_LEVEL);
#define ESUCCESS (0)
#define MAX_PUBLIC_KEY_LENGTH (65)

int sid_crypto_keys_init(void)
{
Expand Down Expand Up @@ -130,12 +131,18 @@ int sid_crypto_keys_new_generate(psa_key_id_t id, uint8_t *puk, size_t puk_size)
}

/* Export public key */
status = psa_export_public_key(id, puk, puk_size, &out_size);
if (PSA_SUCCESS == status && out_size == puk_size) {
uint8_t public_key[MAX_PUBLIC_KEY_LENGTH];
size_t pub_key_offset = (SID_CRYPTO_MFG_SECP_256R1_PRIV_KEY_ID == id) ? 1 : 0;

status = psa_export_public_key(id, public_key, puk_size + pub_key_offset, &out_size);
memcpy(puk, &public_key[pub_key_offset], puk_size);
memset(public_key, 0, sizeof(public_key));

if (PSA_SUCCESS == status && out_size == puk_size + pub_key_offset) {
LOG_DBG("export public key success");
} else {
LOG_ERR("psa_export_public_key failed! (err %d id %d)", status, id);
LOG_ERR("psa_export_public_key failed! (expected %d was %d)", puk_size, out_size);
LOG_DBG("puk size expected %d was %d", puk_size, out_size);
return -EBADF;
}

Expand Down

0 comments on commit 1dca29a

Please sign in to comment.