Promise mbedtls_ecp_read_key doesn't overwrite the public key

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-30 15:32:58 +00:00 · 2023-06-21 19:51:28 +02:00 · 2023-06-21 19:51:28 +02:00 · 091a85a762
commit 091a85a762
parent ba5b5d67aa
2 changed files with 23 additions and 2 deletions
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -1262,6 +1262,16 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
 /**
 * \brief           This function reads an elliptic curve private key.
 *
+ * \note            This function does not set the public key in the
+ *                  key pair object. Without a public key, the key pair object
+ *                  cannot be used with operations that require the public key.
+ *
+ * \note            If a public key has already been set in the key pair
+ *                  object, this function does not check that it is consistent
+ *                  with the private key. Call mbedtls_ecp_check_pub_priv()
+ *                  after setting both the public key and the private key
+ *                  to make that check.
+ *
 * \param grp_id    The ECP group identifier.
 * \param key       The destination key.
 * \param buf       The buffer containing the binary representation of the
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@ -1044,11 +1044,16 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica
 {
    int ret = 0;
    mbedtls_ecp_keypair key;
-    mbedtls_ecp_keypair key2;
-
    mbedtls_ecp_keypair_init(&key);
+    mbedtls_ecp_keypair key2;
    mbedtls_ecp_keypair_init(&key2);

+#if defined(MBEDTLS_BIGNUM_C)
+    TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0);
+    TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0);
+    TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0);
+#endif
+
    ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len);
    TEST_ASSERT(ret == expected);

@ -1057,6 +1062,12 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica
        ret = mbedtls_ecp_check_privkey(&key.grp, &key.d);
        TEST_ASSERT(ret == 0);

+#if defined(MBEDTLS_BIGNUM_C)
+        TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0);
+        TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0);
+        TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0);
+#endif
+
        if (canonical) {
            unsigned char buf[MBEDTLS_ECP_MAX_BYTES];