lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-20 16:42:59 +03:00
Code Activity

Public keys can't be used as private-key inputs to key agreement

Browse Source 
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2022-03-19 12:16:45 +01:00
parent 32611243d4
commit cb451702b4
4 changed files with 119 additions and 3464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/mbedtls_dev/crypto_knowledge.py
View File

@ -239,6 +239,13 @@ class KeyType:
return True return True
if self.head == 'RSA' and alg.head.startswith('RSA_'): if self.head == 'RSA' and alg.head.startswith('RSA_'):
return True return True
if alg.category == AlgorithmCategory.KEY_AGREEMENT and \
self.is_public():
# The PSA API does not use public key objects in key agreement
# operations: it imports the public key as a formatted byte string.
# So a public key object with a key agreement algorithm is not
# a valid combination.
return False
if self.head == 'ECC': if self.head == 'ECC':
assert self.params is not None assert self.params is not None
eccc = EllipticCurveCategory.from_family(self.params[0]) eccc = EllipticCurveCategory.from_family(self.params[0])

1952
tests/suites/test_suite_psa_crypto_op_fail.generated.data
View File

File diff suppressed because it is too large Load Diff

812
tests/suites/test_suite_psa_crypto_storage_format.current.data
View File

File diff suppressed because it is too large Load Diff

812
tests/suites/test_suite_psa_crypto_storage_format.v0.data
View File

File diff suppressed because it is too large Load Diff