Improve checking of elliptic curve - scheme match

ionut-arm · ionut-arm · commit 3e278a2dbeca · 2024-01-24T21:56:06.000Z
A proper match of elliptic curve and asymmetric scheme is more
thoroughly checked to avoid cases where the user can generate
PublicEccParameters that are invalid.

Signed-off-by: Ionut Mihalcea &lt;ionut.mihalcea@arm.com&gt;
diff --git a/tss-esapi/src/structures/tagged/public/ecc.rs b/tss-esapi/src/structures/tagged/public/ecc.rs
@@ -194,11 +194,31 @@ impl PublicEccParametersBuilder {
             return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
         }
 
-        if (ecc_curve == EccCurve::BnP256 || ecc_curve == EccCurve::BnP638)
-            && ecc_scheme.algorithm() != EccSchemeAlgorithm::EcDaa
-        {
-            error!("Bn curve should use only EcDaa scheme");
-            return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+        match (ecc_curve, ecc_scheme.algorithm()) {
+            (EccCurve::BnP256 | EccCurve::BnP638, EccSchemeAlgorithm::EcDaa)
+            | (EccCurve::Sm2P256, EccSchemeAlgorithm::Sm2)
+            | (
+                EccCurve::NistP192
+                | EccCurve::NistP224
+                | EccCurve::NistP256
+                | EccCurve::NistP384
+                | EccCurve::NistP521,
+                EccSchemeAlgorithm::EcDh
+                | EccSchemeAlgorithm::EcDaa
+                | EccSchemeAlgorithm::EcDsa
+                | EccSchemeAlgorithm::EcMqv
+                | EccSchemeAlgorithm::EcSchnorr,
+            )
+            | (_, EccSchemeAlgorithm::Null) => (),
+
+            _ => {
+                error!(
+                    "Mismatch between elliptic curve ({:#?}) and signing scheme ({:#?}) used",
+                    ecc_curve,
+                    ecc_scheme.algorithm()
+                );
+                return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+            }
         }
 
         Ok(PublicEccParameters {
diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/ak_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/ak_tests.rs
@@ -15,6 +15,7 @@ use tss_esapi::{
         session_handles::PolicySession,
     },
     structures::{Auth, Digest, PublicBuilder, SymmetricDefinition},
+    Error, WrapperErrorKind,
 };
 
 use crate::common::create_ctx_without_session;
@@ -51,24 +52,24 @@ fn test_create_ak_rsa_ecc() {
         None,
     )
     .unwrap();
-    if ak::create_ak(
+    if let Err(Error::WrapperError(WrapperErrorKind::InconsistentParams)) = ak::create_ak(
         &mut context,
         ek_rsa,
         HashingAlgorithm::Sha256,
         AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256),
         SignatureSchemeAlgorithm::Sm2,
         None,
         None,
-    )
-    .is_ok()
-    {
-        // We can't use unwrap_err because that requires Debug on the T
-        panic!("Should have errored");
+    ) {
+    } else {
+        panic!(
+            "Should've gotten an 'InconsistentParams' error when trying to create an a P256 AK with an SM2 signing scheme."
+        );
     }
 }
 
 #[test]
-fn test_create_ak_ecc_ecc() {
+fn test_create_ak_ecc() {
     let mut context = create_ctx_without_session();
 
     let ek_ecc = ek::create_ek_object(
@@ -89,6 +90,28 @@ fn test_create_ak_ecc_ecc() {
     .unwrap();
 }
 
+#[test]
+fn test_create_ak_ecdaa() {
+    let mut context = create_ctx_without_session();
+
+    let ek_ecc = ek::create_ek_object(
+        &mut context,
+        AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384),
+        None,
+    )
+    .unwrap();
+    ak::create_ak(
+        &mut context,
+        ek_ecc,
+        HashingAlgorithm::Sha256,
+        AsymmetricAlgorithmSelection::Ecc(EccCurve::BnP256),
+        SignatureSchemeAlgorithm::EcDaa,
+        None,
+        None,
+    )
+    .unwrap();
+}
+
 #[test]
 fn test_create_and_use_ak() {
     let mut context = create_ctx_without_session();
diff --git a/tss-esapi/tests/integration_tests/structures_tests/tagged_tests/public_ecc_parameters_tests.rs b/tss-esapi/tests/integration_tests/structures_tests/tagged_tests/public_ecc_parameters_tests.rs
@@ -92,3 +92,72 @@ fn test_signing_with_wrong_symmetric() {
         Err(Error::WrapperError(WrapperErrorKind::InconsistentParams))
     ));
 }
+
+#[test]
+fn test_signing_with_mismatched_scheme_nist() {
+    assert_eq!(
+        PublicEccParametersBuilder::new()
+            .with_restricted(false)
+            .with_is_decryption_key(false)
+            .with_is_signing_key(true)
+            .with_curve(EccCurve::NistP256)
+            .with_ecc_scheme(
+                EccScheme::create(
+                    EccSchemeAlgorithm::Sm2,
+                    Some(HashingAlgorithm::Sha256),
+                    None
+                )
+                .unwrap()
+            )
+            .with_key_derivation_function_scheme(KeyDerivationFunctionScheme::Null)
+            .with_symmetric(SymmetricDefinitionObject::Null)
+            .build(),
+        Err(Error::WrapperError(WrapperErrorKind::InconsistentParams))
+    );
+}
+
+#[test]
+fn test_signing_with_mismatched_scheme_sm2() {
+    assert_eq!(
+        PublicEccParametersBuilder::new()
+            .with_restricted(false)
+            .with_is_decryption_key(false)
+            .with_is_signing_key(true)
+            .with_curve(EccCurve::Sm2P256)
+            .with_ecc_scheme(
+                EccScheme::create(
+                    EccSchemeAlgorithm::EcDsa,
+                    Some(HashingAlgorithm::Sha256),
+                    None
+                )
+                .unwrap()
+            )
+            .with_key_derivation_function_scheme(KeyDerivationFunctionScheme::Null)
+            .with_symmetric(SymmetricDefinitionObject::Null)
+            .build(),
+        Err(Error::WrapperError(WrapperErrorKind::InconsistentParams))
+    );
+}
+
+#[test]
+fn test_signing_with_mismatched_scheme_bn() {
+    assert_eq!(
+        PublicEccParametersBuilder::new()
+            .with_restricted(false)
+            .with_is_decryption_key(false)
+            .with_is_signing_key(true)
+            .with_curve(EccCurve::BnP256)
+            .with_ecc_scheme(
+                EccScheme::create(
+                    EccSchemeAlgorithm::EcDsa,
+                    Some(HashingAlgorithm::Sha256),
+                    None
+                )
+                .unwrap()
+            )
+            .with_key_derivation_function_scheme(KeyDerivationFunctionScheme::Null)
+            .with_symmetric(SymmetricDefinitionObject::Null)
+            .build(),
+        Err(Error::WrapperError(WrapperErrorKind::InconsistentParams))
+    );
+}
