From bb3814c7a80ba7a3c80634676a882b02e616cb39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Dec 2022 01:12:12 +0100 Subject: [PATCH] Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be used on a shared secret from a key agreement since its input must be an ECC public key. Reject this properly. This is tested by test_suite_psa_crypto_op_fail.generated. Signed-off-by: Gilles Peskine --- .../psa_alg_tls12_ecjpake_to_pms-reject_ka.txt | 4 ++++ library/psa_crypto.c | 15 +++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt diff --git a/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt b/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt new file mode 100644 index 0000000000..cfea661365 --- /dev/null +++ b/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt @@ -0,0 +1,4 @@ +Bugfix + * The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be + used on a shared secret from a key agreement since its input must be + an ECC public key. Reject this properly. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0a8949fdad..a683fdb8f7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5168,6 +5168,18 @@ static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg) (void) alg; return PSA_ERROR_NOT_SUPPORTED; } + +static int psa_key_derivation_allows_free_form_secret_input( + psa_algorithm_t kdf_alg) +{ +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + return 0; + } +#endif + (void) kdf_alg; + return 1; +} #endif /* AT_LEAST_ONE_BUILTIN_KDF */ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, @@ -5189,6 +5201,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, if (status != PSA_SUCCESS) { return status; } + if (!psa_key_derivation_allows_free_form_secret_input(kdf_alg)) { + return PSA_ERROR_INVALID_ARGUMENT; + } status = psa_key_derivation_setup_kdf(operation, kdf_alg); #else return PSA_ERROR_NOT_SUPPORTED;