eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Public keys can't be used as private-key inputs to key agreement

Browse source 
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-19 12:16:45 +01:00
parent 4bd90dc6b1
commit ac17ec4388
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/mbedtls_dev/crypto_knowledge.py
View file

@ -241,6 +241,13 @@ class KeyType:
return True return True
if self.head == 'RSA' and alg.head.startswith('RSA_'): if self.head == 'RSA' and alg.head.startswith('RSA_'):
return True return True
if alg.category == AlgorithmCategory.KEY_AGREEMENT and \
self.is_public():
# The PSA API does not use public key objects in key agreement
# operations: it imports the public key as a formatted byte string.
# So a public key object with a key agreement algorithm is not
# a valid combination.
return False
if self.head == 'ECC': if self.head == 'ECC':
assert self.params is not None assert self.params is not None
eccc = EllipticCurveCategory.from_family(self.params[0]) eccc = EllipticCurveCategory.from_family(self.params[0])