Check the curve of an elliptic curve key on import
psa_import_key must check that the imported key data matches the
expected key type. Implement the missing check for EC keys that the
curve is the expected one.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 446c90e..603a510 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -311,6 +311,41 @@
/* Key management */
/****************************************************************/
+static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
+{
+ switch( grpid )
+ {
+ case MBEDTLS_ECP_DP_SECP192R1:
+ return( PSA_ECC_CURVE_SECP192R1 );
+ case MBEDTLS_ECP_DP_SECP224R1:
+ return( PSA_ECC_CURVE_SECP224R1 );
+ case MBEDTLS_ECP_DP_SECP256R1:
+ return( PSA_ECC_CURVE_SECP256R1 );
+ case MBEDTLS_ECP_DP_SECP384R1:
+ return( PSA_ECC_CURVE_SECP384R1 );
+ case MBEDTLS_ECP_DP_SECP521R1:
+ return( PSA_ECC_CURVE_SECP521R1 );
+ case MBEDTLS_ECP_DP_BP256R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
+ case MBEDTLS_ECP_DP_BP384R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
+ case MBEDTLS_ECP_DP_BP512R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
+ case MBEDTLS_ECP_DP_CURVE25519:
+ return( PSA_ECC_CURVE_CURVE25519 );
+ case MBEDTLS_ECP_DP_SECP192K1:
+ return( PSA_ECC_CURVE_SECP192K1 );
+ case MBEDTLS_ECP_DP_SECP224K1:
+ return( PSA_ECC_CURVE_SECP224K1 );
+ case MBEDTLS_ECP_DP_SECP256K1:
+ return( PSA_ECC_CURVE_SECP256K1 );
+ case MBEDTLS_ECP_DP_CURVE448:
+ return( PSA_ECC_CURVE_CURVE448 );
+ default:
+ return( 0 );
+ }
+}
+
psa_status_t psa_import_key( psa_key_slot_t key,
psa_key_type_t type,
const uint8_t *data,
@@ -356,7 +391,7 @@
case MBEDTLS_PK_RSA:
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
type == PSA_KEY_TYPE_RSA_KEYPAIR )
- slot->data.rsa = pk.pk_ctx;
+ slot->data.rsa = mbedtls_pk_rsa( pk );
else
return( PSA_ERROR_INVALID_ARGUMENT );
break;
@@ -365,8 +400,14 @@
case MBEDTLS_PK_ECKEY:
if( PSA_KEY_TYPE_IS_ECC( type ) )
{
- // TODO: check curve
- slot->data.ecp = pk.pk_ctx;
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
+ psa_ecc_curve_t actual_curve =
+ mbedtls_ecc_group_to_psa( ecp->grp.id );
+ psa_ecc_curve_t expected_curve =
+ PSA_KEY_TYPE_GET_CURVE( type );
+ if( actual_curve != expected_curve )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ slot->data.ecp = ecp;
}
else
return( PSA_ERROR_INVALID_ARGUMENT );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index ff96c90..3e4465c 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -53,6 +53,14 @@
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
import_export:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_RAW:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+PSA import/export EC secp384r1: good
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+import_export:"3081a402010104303f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76aa00706052b81040022a16403620004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_RAW:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
+
+PSA import EC keypair secp384r1: wrong curve
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ERROR_INVALID_ARGUMENT
+
PSA hash finish: SHA-256
depends_on:MBEDTLS_SHA256_C
hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"