From eab9a85f4c716f599b41427fc4244affd65ec1f3 Mon Sep 17 00:00:00 2001
From: valerio <valerio.setti@nordicsemi.no>
Date: Thu, 1 Jun 2023 10:58:19 +0200
Subject: [PATCH 1/4] pk_wrap: add support for key pair check for EC opaque
 keys

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
---
 library/pk_wrap.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 92937c8f3b..9170231d6f 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1669,6 +1669,53 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
 #endif /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */
 }
 
+static int pk_opaque_ec_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
+                                   int (*f_rng)(void *, unsigned char *, size_t),
+                                   void *p_rng)
+{
+    /* The main difference between this function and eckey_check_pair_psa() is
+     * that in the opaque case the private key is always stored in PSA side no
+     * matter if MBEDTLS_PK_USE_PSA_EC_DATA is enabled or not.
+     * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we can simply use the
+     * eckey_check_pair_psa(). */
+    (void) f_rng;
+    (void) p_rng;
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+    return eckey_check_pair_psa(pub, prv);
+#elif defined(MBEDTLS_ECP_LIGHT)
+    psa_status_t status;
+    uint8_t exp_pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
+    size_t exp_pub_key_len = 0;
+    uint8_t pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
+    size_t pub_key_len = 0;
+    int ret;
+
+    status = psa_export_public_key(prv->priv_id, exp_pub_key, sizeof(exp_pub_key),
+                                   &exp_pub_key_len);
+    if (status != PSA_SUCCESS) {
+        ret = psa_pk_status_to_mbedtls(status);
+        return ret;
+    }
+    ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(*pub)->grp),
+                                         &(mbedtls_pk_ec_ro(*pub)->Q),
+                                         MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                         &pub_key_len, pub_key, sizeof(pub_key));
+    if (ret != 0) {
+        return ret;
+    }
+    if ((exp_pub_key_len != pub_key_len) ||
+        memcmp(exp_pub_key, pub_key, exp_pub_key_len)) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+    return 0;
+#else
+    (void) pub;
+    (void) prv;
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+}
+
 const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
     MBEDTLS_PK_OPAQUE,
     "Opaque",
@@ -1682,7 +1729,7 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
 #endif
     NULL, /* decrypt - not relevant */
     NULL, /* encrypt - not relevant */
-    NULL, /* check_pair - could be done later or left NULL */
+    pk_opaque_ec_check_pair,
     NULL, /* alloc - no need to allocate new data dynamically */
     NULL, /* free - as for the alloc, there is no data to free */
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)

From 8cbef4d55ec3394de8cf2620cfdc8f49a9163402 Mon Sep 17 00:00:00 2001
From: valerio <valerio.setti@nordicsemi.no>
Date: Thu, 1 Jun 2023 10:59:03 +0200
Subject: [PATCH 2/4] pk: allow key pair checking for opaque keys

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
---
 library/pk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/pk.c b/library/pk.c
index 8e42b8d4c7..d30205cf78 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -825,7 +825,8 @@ int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
             return MBEDTLS_ERR_PK_TYPE_MISMATCH;
         }
     } else {
-        if (pub->pk_info != prv->pk_info) {
+        if ((prv->pk_info->type != MBEDTLS_PK_OPAQUE) &&
+            (pub->pk_info != prv->pk_info)) {
             return MBEDTLS_ERR_PK_TYPE_MISMATCH;
         }
     }

From 6c666c6c8dcdef068af78ae9708b1a263b3925fe Mon Sep 17 00:00:00 2001
From: valerio <valerio.setti@nordicsemi.no>
Date: Thu, 1 Jun 2023 10:59:42 +0200
Subject: [PATCH 3/4] test: add key pair check verification for opaque EC keys

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_pk.function | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index a5b50dec45..65b0c0303f 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -562,6 +562,9 @@ exit:
 void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
 {
     mbedtls_pk_context pub, prv, alt;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_pk_init(&pub);
     mbedtls_pk_init(&prv);
@@ -575,7 +578,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
     if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
         ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
     TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
@@ -596,7 +599,20 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
                     == ret);
     }
 #endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
+        TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id,
+                                             PSA_ALG_ANY_HASH,
+                                             PSA_KEY_USAGE_EXPORT, 0), 0);
+        TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
+                                         NULL), ret);
+    }
+#endif
 
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key(opaque_key_id);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_pk_free(&pub);
     mbedtls_pk_free(&prv);
     mbedtls_pk_free(&alt);

From ede0c4676e3d94d41c3b82fe730bed0640c904bb Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 5 Jun 2023 11:08:28 +0200
Subject: [PATCH 4/4] pk_internal: minor rearrangement in
 mbedtls_pk_get_group_id()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/pk_internal.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/pk_internal.h b/library/pk_internal.h
index 21fb34a8f4..388f94ac80 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -86,11 +86,11 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
     mbedtls_ecp_group_id id;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_type_t opaque_key_type;
-    psa_ecc_family_t curve;
-
     if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+        psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
+        psa_key_type_t opaque_key_type;
+        psa_ecc_family_t curve;
+
         if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
             return MBEDTLS_ECP_DP_NONE;
         }