Allow ECDH-only public key in ECDH In ECDH key agreement, allow a public key with the OID id-ECDH, not just a public key with the OID id-ecPublicKey. Public keys with the OID id-ECDH are not permitted by psa_import_key, at least for now. There would be no way to use the key for a key agreement operation anyway in the current API.

commit: 88714d78b8bd107c7d3787895e4a012605cc134d [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Oct 25 23:07:25 2018 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 14 21:17:16 2018 +0100
tree: dbe76386d8f7722dc03b1997e5ce62f24566cd9b
parent: 714e16b37a576f57771ea48c6b00e24f45347c85 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bc306cb..5fe969c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -3620,10 +3620,14 @@
     ret = mbedtls_pk_parse_public_key( &pk, peer_key, peer_key_length );
     if( ret != 0 )
         goto exit;
-    if( mbedtls_pk_get_type( &pk ) != MBEDTLS_PK_ECKEY )
+    switch( mbedtls_pk_get_type( &pk ) )
     {
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-        goto exit;
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+            break;
+        default:
+            ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+            goto exit;
     }
     their_key = mbedtls_pk_ec( pk );
     ret = mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS );
commit	88714d78b8bd107c7d3787895e4a012605cc134d	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Oct 25 23:07:25 2018 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Nov 14 21:17:16 2018 +0100
tree	dbe76386d8f7722dc03b1997e5ce62f24566cd9b
parent	714e16b37a576f57771ea48c6b00e24f45347c85 [diff] [blame]