ECDH: check that the keys are on the same curve

In psa_key_agreement_ecdh, check that the public key is on the same
curve as the private key. The underlying mbedtls API doesn't check.

If the curves don't match, psa_key_agreement_ecdh is practically
guaranteed to return INVALID_ARGUMENT anyway, because way the code is
written, the public point is interpreted on the curve of the private
point, and it is rejected because the point is not on the curve. This
is why the test case "PSA key agreement setup: ECDH, raw: public key
on different curve" passed even before adding this check.
This commit is contained in:
Gilles Peskine 2018-11-14 20:51:23 +01:00
parent c7998b78b8
commit b408661be9

View file

@ -3630,6 +3630,12 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
goto exit;
}
their_key = mbedtls_pk_ec( pk );
if( their_key->grp.id != our_key->grp.id )
{
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto exit;
}
ret = mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS );
if( ret != 0 )
goto exit;