Public keys can't be used as private-key inputs to key agreement The PSA API does not use public key objects in key agreement operations: it imports the public key as a formatted byte string. So a public key object with a key agreement algorithm is not a valid combination. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: ac17ec438858cbeae9c2a3f5f3a45772fc519954 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Sat Mar 19 12:16:45 2022 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Apr 15 11:10:14 2022 +0200
tree: ea40296187cbf94e21ffc339b42f500adb3c5da1
parent: 4bd90dc6b101ec185dbd19c04f743574ee6a1bfc [diff] [blame]
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 1491a84..54de0de 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py

@@ -241,6 +241,13 @@
             return True
         if self.head == 'RSA' and alg.head.startswith('RSA_'):
             return True
+        if alg.category == AlgorithmCategory.KEY_AGREEMENT and \
+           self.is_public():
+            # The PSA API does not use public key objects in key agreement
+            # operations: it imports the public key as a formatted byte string.
+            # So a public key object with a key agreement algorithm is not
+            # a valid combination.
+            return False
         if self.head == 'ECC':
             assert self.params is not None
             eccc = EllipticCurveCategory.from_family(self.params[0])
commit	ac17ec438858cbeae9c2a3f5f3a45772fc519954	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Sat Mar 19 12:16:45 2022 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Apr 15 11:10:14 2022 +0200
tree	ea40296187cbf94e21ffc339b42f500adb3c5da1
parent	4bd90dc6b101ec185dbd19c04f743574ee6a1bfc [diff] [blame]