yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 06:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check the curve of an elliptic curve key on import

Browse source 
psa_import_key must check that the imported key data matches the
expected key type. Implement the missing check for EC keys that the
curve is the expected one.
This commit is contained in:
Gilles Peskine 2018-06-18 20:47:51 +02:00 committed by itayzafrir
parent e1fed0de18
commit 34ef7f5a55
2 changed files with 52 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
library/psa_crypto.c
View file

@ -311,6 +311,41 @@ static psa_status_t mbedtls_to_psa_error( int ret )
/* Key management */
/****************************************************************/
static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
{
switch( grpid )
{
case MBEDTLS_ECP_DP_SECP192R1:
return( PSA_ECC_CURVE_SECP192R1 );
case MBEDTLS_ECP_DP_SECP224R1:
return( PSA_ECC_CURVE_SECP224R1 );
case MBEDTLS_ECP_DP_SECP256R1:
return( PSA_ECC_CURVE_SECP256R1 );
case MBEDTLS_ECP_DP_SECP384R1:
return( PSA_ECC_CURVE_SECP384R1 );
case MBEDTLS_ECP_DP_SECP521R1:
return( PSA_ECC_CURVE_SECP521R1 );
case MBEDTLS_ECP_DP_BP256R1:
return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
case MBEDTLS_ECP_DP_BP384R1:
return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
case MBEDTLS_ECP_DP_BP512R1:
return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
case MBEDTLS_ECP_DP_CURVE25519:
return( PSA_ECC_CURVE_CURVE25519 );
case MBEDTLS_ECP_DP_SECP192K1:
return( PSA_ECC_CURVE_SECP192K1 );
case MBEDTLS_ECP_DP_SECP224K1:
return( PSA_ECC_CURVE_SECP224K1 );
case MBEDTLS_ECP_DP_SECP256K1:
return( PSA_ECC_CURVE_SECP256K1 );
case MBEDTLS_ECP_DP_CURVE448:
return( PSA_ECC_CURVE_CURVE448 );
default:
return( 0 );
}
}
psa_status_t psa_import_key( psa_key_slot_t key,
psa_key_type_t type,
const uint8_t *data,
@ -356,7 +391,7 @@ psa_status_t psa_import_key( psa_key_slot_t key,
case MBEDTLS_PK_RSA:
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
type == PSA_KEY_TYPE_RSA_KEYPAIR )
slot->data.rsa = pk.pk_ctx;
slot->data.rsa = mbedtls_pk_rsa( pk );
else
return( PSA_ERROR_INVALID_ARGUMENT );
break;
@ -365,8 +400,14 @@ psa_status_t psa_import_key( psa_key_slot_t key,
case MBEDTLS_PK_ECKEY:
if( PSA_KEY_TYPE_IS_ECC( type ) )
{
// TODO: check curve
slot->data.ecp = pk.pk_ctx;
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
psa_ecc_curve_t actual_curve =
mbedtls_ecc_group_to_psa( ecp->grp.id );
psa_ecc_curve_t expected_curve =
PSA_KEY_TYPE_GET_CURVE( type );
if( actual_curve != expected_curve )
return( PSA_ERROR_INVALID_ARGUMENT );
slot->data.ecp = ecp;
}
else
return( PSA_ERROR_INVALID_ARGUMENT );

8
tests/suites/test_suite_psa_crypto.data
View file

@ -53,6 +53,14 @@ PSA import/export EC secp256r1: good
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
import_export:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_RAW:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
PSA import/export EC secp384r1: good
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
import_export:"3081a402010104303f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76aa00706052b81040022a16403620004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_RAW:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
PSA import EC keypair secp384r1: wrong curve
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ERROR_INVALID_ARGUMENT
PSA hash finish: SHA-256
depends_on:MBEDTLS_SHA256_C
hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"