mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-06 19:13:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

PSA interruptible sign/verify: detect invalid curve family in start

Browse Source 
Detect attempts to do ECDSA with a Montgomery curve in psa_sign_hash_start()
and psa_verify_hash_start(), whereas before start() would succeed and
complete() would fail. This avoids an inconsistency between psa_sign_hash()
and psa_sign_hash_start() that would be annoying to handle in
test_suite_psa_crypto_op_fail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-12-16 23:23:04 +01:00
parent 905899839d
commit abf9f1aaa5
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/psa_crypto.c
View File

@ -3969,9 +3969,13 @@ psa_status_t mbedtls_psa_sign_hash_start(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t required_hash_length;
if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type)) {
return PSA_ERROR_NOT_SUPPORTED;
}
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type);
if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (!can_do_interruptible_sign_verify(alg)) {
return PSA_ERROR_NOT_SUPPORTED;
@ -4188,6 +4192,10 @@ psa_status_t mbedtls_psa_verify_hash_start(
if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
return PSA_ERROR_NOT_SUPPORTED;
}
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type);
if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (!can_do_interruptible_sign_verify(alg)) {
return PSA_ERROR_NOT_SUPPORTED;