Move RSA key generation code to the PSA RSA specific C file

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-11-05 17:36:40 +01:00
parent 977c247048
commit 9e18fc1cf9
3 changed files with 88 additions and 55 deletions

View file

@ -5956,34 +5956,6 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
{
size_t i;
uint32_t acc = 0;
if( domain_parameters_size == 0 )
{
*exponent = 65537;
return( PSA_SUCCESS );
}
/* Mbed TLS encodes the public exponent as an int. For simplicity, only
* support values that fit in a 32-bit integer, which is larger than
* int on just about every platform anyway. */
if( domain_parameters_size > sizeof( acc ) )
return( PSA_ERROR_NOT_SUPPORTED );
for( i = 0; i < domain_parameters_size; i++ )
acc = ( acc << 8 ) | domain_parameters[i];
if( acc > INT_MAX )
return( PSA_ERROR_NOT_SUPPORTED );
*exponent = acc;
return( PSA_SUCCESS );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
/** Get the key buffer size for the key material in export format
*
* \param[in] type The key type
@ -6070,33 +6042,10 @@ psa_status_t psa_generate_key_internal(
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context rsa;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent;
status = psa_read_rsa_exponent( attributes->domain_parameters,
attributes->domain_parameters_size,
&exponent );
if( status != PSA_SUCCESS )
return( status );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
ret = mbedtls_rsa_gen_key( &rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
(unsigned int) attributes->core.bits,
exponent );
if( ret != 0 )
return( mbedtls_to_psa_error( ret ) );
status = mbedtls_psa_rsa_export_key( type,
&rsa,
key_buffer,
key_buffer_size,
key_buffer_length );
mbedtls_rsa_free( &rsa );
return( status );
return( mbedtls_psa_rsa_generate_key( attributes,
key_buffer,
key_buffer_size,
key_buffer_length ) );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */

View file

@ -24,6 +24,7 @@
#include <psa/crypto.h>
#include "psa_crypto_core.h"
#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
#include <stdlib.h>
@ -258,6 +259,66 @@ static psa_status_t rsa_export_public_key(
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
{
size_t i;
uint32_t acc = 0;
if( domain_parameters_size == 0 )
{
*exponent = 65537;
return( PSA_SUCCESS );
}
/* Mbed TLS encodes the public exponent as an int. For simplicity, only
* support values that fit in a 32-bit integer, which is larger than
* int on just about every platform anyway. */
if( domain_parameters_size > sizeof( acc ) )
return( PSA_ERROR_NOT_SUPPORTED );
for( i = 0; i < domain_parameters_size; i++ )
acc = ( acc << 8 ) | domain_parameters[i];
if( acc > INT_MAX )
return( PSA_ERROR_NOT_SUPPORTED );
*exponent = acc;
return( PSA_SUCCESS );
}
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
psa_status_t status;
mbedtls_rsa_context rsa;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent;
status = psa_read_rsa_exponent( attributes->domain_parameters,
attributes->domain_parameters_size,
&exponent );
if( status != PSA_SUCCESS )
return( status );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
ret = mbedtls_rsa_gen_key( &rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
(unsigned int)attributes->core.bits,
exponent );
if( ret != 0 )
return( mbedtls_to_psa_error( ret ) );
status = mbedtls_psa_rsa_export_key( attributes->core.type,
&rsa, key_buffer, key_buffer_size,
key_buffer_length );
mbedtls_rsa_free( &rsa );
return( status );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)

View file

@ -114,6 +114,29 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length );
/**
* \brief Generate an RSA key.
*
* \note The signature of the function is that of a PSA driver generate_key
* entry point.
*
* \param[in] attributes The attributes for the RSA key to generate.
* \param[out] key_buffer Buffer where the key data is to be written.
* \param[in] key_buffer_size Size of \p key_buffer in bytes.
* \param[out] key_buffer_length On success, the number of bytes written in
* \p key_buffer.
*
* \retval #PSA_SUCCESS
* The key was successfully generated.
* \retval #PSA_ERROR_NOT_SUPPORTED
* Key length or type not supported.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
*/
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/