lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Allow ECDH-only public key in ECDH

Browse Source 
In ECDH key agreement, allow a public key with the OID id-ECDH, not
just a public key with the OID id-ecPublicKey.

Public keys with the OID id-ECDH are not permitted by psa_import_key,
at least for now. There would be no way to use the key for a key
agreement operation anyway in the current API.
This commit is contained in:
Gilles Peskine
2018-10-25 23:07:25 +02:00
parent 714e16b37a
commit 88714d78b8
2 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
library/psa_crypto.c
View File

@ -3620,10 +3620,14 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
ret = mbedtls_pk_parse_public_key( &pk, peer_key, peer_key_length );
if( ret != 0 )
goto exit;
if( mbedtls_pk_get_type( &pk ) != MBEDTLS_PK_ECKEY )
switch( mbedtls_pk_get_type( &pk ) )
{
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto exit;
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
break;
default:
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto exit;
}
their_key = mbedtls_pk_ec( pk );
ret = mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS );