mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-27 06:35:22 +00:00
Check the curve of an elliptic curve key on import
psa_import_key must check that the imported key data matches the expected key type. Implement the missing check for EC keys that the curve is the expected one.
This commit is contained in:
parent
e1fed0de18
commit
34ef7f5a55
@ -311,6 +311,41 @@ static psa_status_t mbedtls_to_psa_error( int ret )
|
||||
/* Key management */
|
||||
/****************************************************************/
|
||||
|
||||
static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
|
||||
{
|
||||
switch( grpid )
|
||||
{
|
||||
case MBEDTLS_ECP_DP_SECP192R1:
|
||||
return( PSA_ECC_CURVE_SECP192R1 );
|
||||
case MBEDTLS_ECP_DP_SECP224R1:
|
||||
return( PSA_ECC_CURVE_SECP224R1 );
|
||||
case MBEDTLS_ECP_DP_SECP256R1:
|
||||
return( PSA_ECC_CURVE_SECP256R1 );
|
||||
case MBEDTLS_ECP_DP_SECP384R1:
|
||||
return( PSA_ECC_CURVE_SECP384R1 );
|
||||
case MBEDTLS_ECP_DP_SECP521R1:
|
||||
return( PSA_ECC_CURVE_SECP521R1 );
|
||||
case MBEDTLS_ECP_DP_BP256R1:
|
||||
return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
|
||||
case MBEDTLS_ECP_DP_BP384R1:
|
||||
return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
|
||||
case MBEDTLS_ECP_DP_BP512R1:
|
||||
return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
|
||||
case MBEDTLS_ECP_DP_CURVE25519:
|
||||
return( PSA_ECC_CURVE_CURVE25519 );
|
||||
case MBEDTLS_ECP_DP_SECP192K1:
|
||||
return( PSA_ECC_CURVE_SECP192K1 );
|
||||
case MBEDTLS_ECP_DP_SECP224K1:
|
||||
return( PSA_ECC_CURVE_SECP224K1 );
|
||||
case MBEDTLS_ECP_DP_SECP256K1:
|
||||
return( PSA_ECC_CURVE_SECP256K1 );
|
||||
case MBEDTLS_ECP_DP_CURVE448:
|
||||
return( PSA_ECC_CURVE_CURVE448 );
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_import_key( psa_key_slot_t key,
|
||||
psa_key_type_t type,
|
||||
const uint8_t *data,
|
||||
@ -356,7 +391,7 @@ psa_status_t psa_import_key( psa_key_slot_t key,
|
||||
case MBEDTLS_PK_RSA:
|
||||
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
|
||||
type == PSA_KEY_TYPE_RSA_KEYPAIR )
|
||||
slot->data.rsa = pk.pk_ctx;
|
||||
slot->data.rsa = mbedtls_pk_rsa( pk );
|
||||
else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
@ -365,8 +400,14 @@ psa_status_t psa_import_key( psa_key_slot_t key,
|
||||
case MBEDTLS_PK_ECKEY:
|
||||
if( PSA_KEY_TYPE_IS_ECC( type ) )
|
||||
{
|
||||
// TODO: check curve
|
||||
slot->data.ecp = pk.pk_ctx;
|
||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
|
||||
psa_ecc_curve_t actual_curve =
|
||||
mbedtls_ecc_group_to_psa( ecp->grp.id );
|
||||
psa_ecc_curve_t expected_curve =
|
||||
PSA_KEY_TYPE_GET_CURVE( type );
|
||||
if( actual_curve != expected_curve )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
slot->data.ecp = ecp;
|
||||
}
|
||||
else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
@ -53,6 +53,14 @@ PSA import/export EC secp256r1: good
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
import_export:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_RAW:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
|
||||
|
||||
PSA import/export EC secp384r1: good
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
import_export:"3081a402010104303f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76aa00706052b81040022a16403620004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_RAW:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
|
||||
|
||||
PSA import EC keypair secp384r1: wrong curve
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA hash finish: SHA-256
|
||||
depends_on:MBEDTLS_SHA256_C
|
||||
hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
|
||||
|
Loading…
x
Reference in New Issue
Block a user