From 4c317f4b4c5dd3dce1b755bb12ad939ca1a7710e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jul 2018 01:24:09 +0200 Subject: [PATCH] generate_key: define a structure type for RSA extra parameters --- include/psa/crypto.h | 11 ++++++++++- library/psa_crypto.c | 12 ++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ff85924aa..b190907cf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2407,6 +2407,15 @@ psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key, psa_status_t psa_generate_random(uint8_t *output, size_t output_size); +/** Extra parameters for RSA key generation. + * + * You may pass a pointer to a structure of this type as the `extra` + * parameter to psa_generate_key(). + */ +typedef struct { + uint32_t e; /**! Public exponent value. Default: 65537. */ +} psa_generate_key_extra_rsa; + /** * \brief Generate a key or key pair. * @@ -2432,7 +2441,7 @@ psa_status_t psa_generate_random(uint8_t *output, * * Type | Parameter type | Meaning | Parameters used if `extra == NULL` * ---- | -------------- | ------- | --------------------------------------- - * `PSA_KEY_TYPE_RSA_KEYPAIR` | `unsigned int` | Public exponent | 65537 + * `PSA_KEY_TYPE_RSA_KEYPAIR` | #psa_generate_key_extra_rsa | Public exponent | 65537 * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_NOT_SUPPORTED diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a256ad7ee..eb140ea2c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3012,12 +3012,16 @@ psa_status_t psa_generate_key( psa_key_slot_t key, return( PSA_ERROR_NOT_SUPPORTED ); if( extra != NULL ) { - const unsigned *p = extra; + const psa_generate_key_extra_rsa *p = extra; if( extra_size != sizeof( *p ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - if( *p > INT_MAX ) - return( PSA_ERROR_INVALID_ARGUMENT ); - exponent = *p; +#if INT_MAX < 0xffffffff + /* Check that the uint32_t value passed by the caller fits + * in the range supported by this implementation. */ + if( p->e > INT_MAX ) + return( PSA_ERROR_NOT_SUPPORTED ); +#endif + exponent = p->e; } rsa = mbedtls_calloc( 1, sizeof( *rsa ) ); if( rsa == NULL )