Public keys can't be used as private-key inputs to key agreement The PSA API does not use public key objects in key agreement operations: it imports the public key as a formatted byte string. So a public key object with a key agreement algorithm is not a valid combination. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: cb451702b4e00370d9af3ac807836f4197b247be [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Sat Mar 19 12:16:45 2022 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Apr 15 16:15:48 2022 +0200
tree: feee1a3ea0fd010dcc443d95d9579a68055eb5a7
parent: 32611243d4973050759e4821f420b63171b2fc8f [diff]
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 83470fd..16c11ef 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py

@@ -239,6 +239,13 @@
             return True
         if self.head == 'RSA' and alg.head.startswith('RSA_'):
             return True
+        if alg.category == AlgorithmCategory.KEY_AGREEMENT and \
+           self.is_public():
+            # The PSA API does not use public key objects in key agreement
+            # operations: it imports the public key as a formatted byte string.
+            # So a public key object with a key agreement algorithm is not
+            # a valid combination.
+            return False
         if self.head == 'ECC':
             assert self.params is not None
             eccc = EllipticCurveCategory.from_family(self.params[0])
commit	cb451702b4e00370d9af3ac807836f4197b247be	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Sat Mar 19 12:16:45 2022 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Apr 15 16:15:48 2022 +0200
tree	feee1a3ea0fd010dcc443d95d9579a68055eb5a7
parent	32611243d4973050759e4821f420b63171b2fc8f [diff]