From 11ea6a10e88cb5bc535bb3d6559a995a5afa3890 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Sat, 14 Jan 2023 08:26:32 +1000
Subject: [PATCH] ECCSI: hash function must have output size as curve size

---
 wolfcrypt/src/eccsi.c | 19 +++++++++++++++++++
 wolfcrypt/test/test.c |  6 ++++++
 2 files changed, 25 insertions(+)

diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c
index 95f92c79c..a707a5e3c 100644
--- a/wolfcrypt/src/eccsi.c
+++ b/wolfcrypt/src/eccsi.c
@@ -1618,6 +1618,7 @@ int wc_ValidateEccsiPvt(EccsiKey* key, const ecc_point* pvt, int* valid)
  * @param  [out]  hashSz    Length of hash data in bytes.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when key, id, pvt, hash or hashSz is NULL.
+ * @return  BAD_FUNC_ARG when hash size doesn't match curve size.
  * @return  BAD_STATE_E when public key not set.
  * @return  MEMORY_E when dynamic memory allocation fails.
  * @return  Other -ve value when an internal operation fails.
@@ -1626,6 +1627,8 @@ int wc_HashEccsiId(EccsiKey* key, enum wc_HashType hashType, const byte* id,
         word32 idSz, ecc_point* pvt, byte* hash, byte* hashSz)
 {
     int err = 0;
+    int dgstSz = -1;
+    int curveSz = -1;
 
     if ((key == NULL) || (id == NULL) || (pvt == NULL) || (hash == NULL) ||
             (hashSz == NULL)) {
@@ -1635,6 +1638,22 @@ int wc_HashEccsiId(EccsiKey* key, enum wc_HashType hashType, const byte* id,
             (key->ecc.type != ECC_PUBLICKEY)) {
         err = BAD_STATE_E;
     }
+    /* Ensure digest output size matches curve size (RFC 6507 4.1). */
+    if (err == 0) {
+        dgstSz = wc_HashGetDigestSize(hashType);
+        if (dgstSz < 0) {
+            err = dgstSz;
+        }
+    }
+    if (err == 0) {
+        curveSz = wc_ecc_get_curve_size_from_id(key->ecc.dp->id);
+        if (curveSz < 0) {
+            err = curveSz;
+        }
+    }
+    if ((err == 0) && (dgstSz != curveSz)) {
+        err = BAD_FUNC_ARG;
+    }
     /* Load the curve parameters for operations */
     if (err == 0) {
        err = eccsi_load_ecc_params(key);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 08185e391..bb52bdcf9 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -33130,6 +33130,12 @@ static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
     byte msg[] = { 0x00 };
     word32 msgSz = sizeof(msg);
 
+#ifdef WOLFSSL_SHA384
+    ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
+            &hashSz);
+    if (ret != BAD_FUNC_ARG)
+        return -10174;
+#endif
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
             &hashSz);
     if (ret != 0)