Public keys can't be used as private-key inputs to key agreement

The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-19 12:16:45 +01:00
parent 32611243d4
commit cb451702b4
4 changed files with 119 additions and 3464 deletions

View File

@ -239,6 +239,13 @@ class KeyType:
return True return True
if self.head == 'RSA' and alg.head.startswith('RSA_'): if self.head == 'RSA' and alg.head.startswith('RSA_'):
return True return True
if alg.category == AlgorithmCategory.KEY_AGREEMENT and \
self.is_public():
# The PSA API does not use public key objects in key agreement
# operations: it imports the public key as a formatted byte string.
# So a public key object with a key agreement algorithm is not
# a valid combination.
return False
if self.head == 'ECC': if self.head == 'ECC':
assert self.params is not None assert self.params is not None
eccc = EllipticCurveCategory.from_family(self.params[0]) eccc = EllipticCurveCategory.from_family(self.params[0])

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff