From af16be64a2372abb14915dcf1a9d3324759e0d46 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 13 Feb 2023 23:30:27 +0100
Subject: [PATCH] Adding checks on ec import.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/kek.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/hsm/kek.c b/src/hsm/kek.c
index 2b0e7c0..2c1f260 100644
--- a/src/hsm/kek.c
+++ b/src/hsm/kek.c
@@ -589,8 +589,16 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, size_t in_len,
             mbedtls_ecdsa_free(ecdsa);
             return CCID_EXEC_ERROR;
         }
+        ofs += len;
 
-        r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
+        //Q
+        len = get_uint16_t(kb, ofs); ofs += 2;
+        r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
+        if (r != 0) {
+            mbedtls_ecdsa_free(ecdsa);
+            return CCID_EXEC_ERROR;
+        }
+        r = mbedtls_ecp_check_pub_priv(ecdsa, ecdsa, random_gen, NULL);
         if (r != 0) {
             mbedtls_ecdsa_free(ecdsa);
             return CCID_EXEC_ERROR;