[xilpki] Potential incorrect command descriptor for P384 private key generation

[jcorbier]

Hi,

At line 98 in xilpki.c:

#define PKI_ECC_NIST_P192_KEY_PRIV_GEN_CMD	0x00001701U
#define PKI_ECC_NIST_P256_KEY_PRIV_GEN_CMD	0x00001F01U
#define PKI_ECC_NIST_P384_KEY_PRIV_GEN_CMD	0x00002F02U
#define PKI_ECC_NIST_P521_KEY_PRIV_GEN_CMD	0x00004101U

Shouldn't PKI_ECC_NIST_P384_KEY_PRIV_GEN_CMD be using the same 0x01 operation ID as the commands for the other curves?

 #define PKI_ECC_NIST_P192_KEY_PRIV_GEN_CMD	0x00001701U
 #define PKI_ECC_NIST_P256_KEY_PRIV_GEN_CMD	0x00001F01U
-#define PKI_ECC_NIST_P384_KEY_PRIV_GEN_CMD	0x00002F02U
+#define PKI_ECC_NIST_P384_KEY_PRIV_GEN_CMD	0x00002F01U
 #define PKI_ECC_NIST_P521_KEY_PRIV_GEN_CMD	0x00004101U

[sivadur]

@jcorbier Thanks for reporting, we will check and get back on this.

[NavaKishoreManne]

@jcorbier Thanks for reporting, I have analyzed this and the pointed macro needs to be updated. Will provide the required fix in the next release. For PKI_ECC_NIST_P384_KEY_PRIV_GEN_CMD is subtracting 1 (private key d = (c mod n) - 1) instead of adding (private key d = (c mod n) + 1). Even if we subtract 1 the probability of getting the wrong key(0 or -1) is very low. So we have not observed any issues at our end.

[jcorbier]

@NavaKishoreManne Indeed, this is currently a very minor issue when it comes to key generation. I just wanted to point it out in case this descriptor was used for actual modular addition for some other operation. Thanks for your feedback.