test: add ECDH invalid curve attack regression test (Wycheproof)#816
Open
sahilnxp wants to merge 1 commit into
Open
test: add ECDH invalid curve attack regression test (Wycheproof)#816sahilnxp wants to merge 1 commit into
sahilnxp wants to merge 1 commit into
Conversation
Add regression_4023 to verify that ECDH key derivation rejects peer public keys that do not lie on the negotiated curve (secp256r1). This protects against invalid curve attacks as documented in Wycheproof test vector tcId 335. The test supplies an off-curve peer public key to TEE_DeriveKey() and expects the TA to panic (TEEC_ERROR_TARGET_DEAD), confirming that the underlying public key validation in OP-TEE core correctly detects and rejects the invalid point before any shared secret is computed. Also update the ret_orig check in ta_crypt_cmd_derive_key() to accept both TEEC_ORIGIN_TRUSTED_APP and TEEC_ORIGIN_TEE, since a validation failure in the core crypto layer causes TEE_DeriveKey() to panic, resulting in TEEC_ORIGIN_TEE rather than TEEC_ORIGIN_TRUSTED_APP. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Contributor
Author
|
Related to OP-TEE/optee_os#7828 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add regression_4023 to verify that ECDH key derivation rejects peer public keys that do not lie on the negotiated curve (secp256r1). This protects against invalid curve attacks as documented in Wycheproof test vector tcId 335.
The test supplies an off-curve peer public key to TEE_DeriveKey() and expects the TA to panic (TEEC_ERROR_TARGET_DEAD), confirming that the underlying public key validation in OP-TEE core correctly detects and rejects the invalid point before any shared secret is computed.
Also update the ret_orig check in ta_crypt_cmd_derive_key() to accept both TEEC_ORIGIN_TRUSTED_APP and TEEC_ORIGIN_TEE, since a validation failure in the core crypto layer causes TEE_DeriveKey() to panic, resulting in TEEC_ORIGIN_TEE rather than TEEC_ORIGIN_TRUSTED_APP.