mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-26 03:35:35 +00:00
Add Weierstrass curve/bits consistancy check + negative test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
02cf12ff92
commit
50fcc535e5
@ -4949,6 +4949,50 @@ cleanup:
|
||||
}
|
||||
#endif
|
||||
|
||||
static psa_status_t psa_generate_derived_ecc_key_weierstrass_check_config(
|
||||
psa_ecc_family_t curve,
|
||||
size_t bits)
|
||||
{
|
||||
switch (curve)
|
||||
{
|
||||
case ( PSA_ECC_FAMILY_SECP_K1 ):
|
||||
if (bits != 192 && bits != 225 && bits != 256)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
case ( PSA_ECC_FAMILY_SECP_R1 ):
|
||||
if (bits != 192 && bits != 224 && bits != 256 && bits != 384 && bits != 521)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
case ( PSA_ECC_FAMILY_SECP_R2 ):
|
||||
if (bits != 160)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
case ( PSA_ECC_FAMILY_SECT_K1 ):
|
||||
if (bits != 163 && bits != 233 && bits != 239 && bits != 283 && bits != 409 && bits != 571)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
case ( PSA_ECC_FAMILY_SECT_R1 ):
|
||||
if (bits != 163 && bits != 233 && bits != 283 && bits != 409 && bits != 571)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
case ( PSA_ECC_FAMILY_SECT_R2 ):
|
||||
if (bits != 163)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
case ( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ):
|
||||
if (bits != 160 && bits != 192 && bits != 224 && bits != 256 && bits != 320 && bits != 384 && bits != 512)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT );
|
||||
break;
|
||||
/*
|
||||
case ( PSA_ECC_FAMILY_FRP ):
|
||||
if (bits != 256)
|
||||
return ( PSA_ERROR_INVALID_ARGUMENT ) ;
|
||||
break;
|
||||
*/
|
||||
}
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
static psa_status_t psa_generate_derived_key_internal(
|
||||
psa_key_slot_t *slot,
|
||||
size_t bits,
|
||||
@ -4969,6 +5013,11 @@ static psa_status_t psa_generate_derived_key_internal(
|
||||
{
|
||||
/* Weierstrass elliptic curve */
|
||||
unsigned key_err = 0;
|
||||
status = psa_generate_derived_ecc_key_weierstrass_check_config(
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ),
|
||||
bits );
|
||||
if ( status != PSA_SUCCESS )
|
||||
return status;
|
||||
gen_ecc_key:
|
||||
status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data, &key_err);
|
||||
if( status != PSA_SUCCESS )
|
||||
@ -4976,7 +5025,8 @@ gen_ecc_key:
|
||||
/* Key has been created, but it doesn't meet criteria. */
|
||||
if (key_err)
|
||||
goto gen_ecc_key;
|
||||
} else
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Montgomery elliptic curve */
|
||||
size_t output_length;
|
||||
|
@ -5205,15 +5205,95 @@ PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length (0)
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_RAW_DATA (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length (7 bits)
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_RAW_DATA (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY) (0)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: invalid length PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY) (7 bits)
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):7:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA key derivation: raw data, 8 bits
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
|
||||
|
Loading…
x
Reference in New Issue
Block a user