Add missing Curve448 support for PSA keys

mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include support for Curve448 as prescribed by RFC 7748 §5. Test suites have been updated to validate curve448 under Montgomery curves. Signed-off-by: Archana <archana.madhavan@silabs.com>
2025-07-30 22:43:08 +03:00 · 2021-06-07 06:13:16 +05:30
parent ac694b9eac
commit 1d2e2bb8cc
2 changed files with 119 additions and 20 deletions
--- a/library/ecp.c
+++ b/library/ecp.c
@ -3054,6 +3054,7 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
 }

 #define ECP_CURVE25519_KEY_SIZE 32
+#define ECP_CURVE448_KEY_SIZE   56
 /*
 * Read a private key.
 */
@ -3074,7 +3075,7 @@ int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
    {
        /*
-         * If it is Curve25519 curve then mask the key as mandated by RFC7748
+         * Mask the key as mandated by RFC7748 for Curve25519 and Curve448.
         */
        if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
        {
@ -3100,8 +3101,23 @@ int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
                                         ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
                    );
        }
-        else
-            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+        else if( grp_id == MBEDTLS_ECP_DP_CURVE448 )
+        {
+            if( buflen != ECP_CURVE448_KEY_SIZE )
+                return MBEDTLS_ERR_ECP_INVALID_KEY;
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+
+            /* Set the two least significant bits to 0 */
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
+
+            /* Set the most significant bit to 1 */
+            MBEDTLS_MPI_CHK(
+                    mbedtls_mpi_set_bit( &key->d,
+                                         ECP_CURVE448_KEY_SIZE * 8 - 1, 1 )
+                    );
+        }
    }

 #endif
@ -3141,12 +3157,14 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
            if( buflen < ECP_CURVE25519_KEY_SIZE )
                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;

-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
        }
-        else
-            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+        else if ( key->grp.id == MBEDTLS_ECP_DP_CURVE448 )
+        {
+            if( buflen < ECP_CURVE448_KEY_SIZE )
+                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+        }
+        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
    }
-
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )