From e105031f31dbef36f46eb6005180be36d7a0ee3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Dec 2024 23:23:04 +0100 Subject: [PATCH] PSA interruptible sign/verify: detect invalid curve family in start Detect attempts to do ECDSA with a Montgomery curve in psa_sign_hash_start() and psa_verify_hash_start(), whereas before start() would succeed and complete() would fail. This avoids an inconsistency between psa_sign_hash() and psa_sign_hash_start() that would be annoying to handle in test_suite_psa_crypto_op_fail. Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2bbe3a5a7864..b576f95789ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3969,9 +3969,13 @@ psa_status_t mbedtls_psa_sign_hash_start( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t required_hash_length; - if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) { + if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type)) { return PSA_ERROR_NOT_SUPPORTED; } + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type); + if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) { + return PSA_ERROR_INVALID_ARGUMENT; + } if (!can_do_interruptible_sign_verify(alg)) { return PSA_ERROR_NOT_SUPPORTED; @@ -4188,6 +4192,10 @@ psa_status_t mbedtls_psa_verify_hash_start( if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) { return PSA_ERROR_NOT_SUPPORTED; } + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type); + if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) { + return PSA_ERROR_INVALID_ARGUMENT; + } if (!can_do_interruptible_sign_verify(alg)) { return PSA_ERROR_NOT_SUPPORTED;