From cd09d8c83a541db3be61426db7ac56bde5ccc832 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 11 Jan 2019 17:53:05 +0000 Subject: [PATCH] psa: Refactor psa_import_rsa_key() pk-using code Move pk-using code to inside psa_import_rsa_key(). This aligns the shape of psa_import_rsa_key() to match that of psa_import_ec_private_key() and psa_import_ec_public_key(). --- library/psa_crypto.c | 89 ++++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 37 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 01bd9574f..03d337178 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -512,28 +512,60 @@ static psa_status_t psa_check_rsa_key_byte_aligned( return( status ); } -static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk, +static psa_status_t psa_import_rsa_key( psa_key_type_t type, + const uint8_t *data, + size_t data_length, mbedtls_rsa_context **p_rsa ) { - if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_RSA ) - return( PSA_ERROR_INVALID_ARGUMENT ); + psa_status_t status; + mbedtls_pk_context pk; + mbedtls_rsa_context *rsa; + size_t bits; + + mbedtls_pk_init( &pk ); + + /* Parse the data. */ + if( PSA_KEY_TYPE_IS_KEYPAIR( type ) ) + status = mbedtls_to_psa_error( + mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 ) ); else + status = mbedtls_to_psa_error( + mbedtls_pk_parse_public_key( &pk, data, data_length ) ); + if( status != PSA_SUCCESS ) + goto exit; + + /* We have something that the pkparse module recognizes. If it is a + * valid RSA key, store it. */ + if( mbedtls_pk_get_type( &pk ) != MBEDTLS_PK_RSA ) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *pk ); - /* The size of an RSA key doesn't have to be a multiple of 8. - * Mbed TLS supports non-byte-aligned key sizes, but not well. - * For example, mbedtls_rsa_get_len() returns the key size in - * bytes, not in bits. */ - size_t bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) ); - psa_status_t status; - if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) - return( PSA_ERROR_NOT_SUPPORTED ); - status = psa_check_rsa_key_byte_aligned( rsa ); - if( status != PSA_SUCCESS ) - return( status ); - *p_rsa = rsa; - return( PSA_SUCCESS ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } + + rsa = mbedtls_pk_rsa( pk ); + /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS + * supports non-byte-aligned key sizes, but not well. For example, + * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */ + bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) ); + if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = psa_check_rsa_key_byte_aligned( rsa ); + +exit: + /* Free the content of the pk object only on error. */ + if( status != PSA_SUCCESS ) + { + mbedtls_pk_free( &pk ); + return( status ); + } + + /* On success, store the content of the object in the RSA context. */ + *p_rsa = rsa; + + return( PSA_SUCCESS ); } #endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */ @@ -687,29 +719,12 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) if( PSA_KEY_TYPE_IS_RSA( slot->type ) ) { - int ret; - mbedtls_pk_context pk; - mbedtls_pk_init( &pk ); + status = psa_import_rsa_key( slot->type, + data, data_length, + &slot->data.rsa ); - /* Parse the data. */ - if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) - ret = mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 ); - else - ret = mbedtls_pk_parse_public_key( &pk, data, data_length ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); - - /* We have something that the pkparse module recognizes. If it is a - * valid RSA key, store it. */ - status = psa_import_rsa_key( &pk, &slot->data.rsa ); - - /* Free the content of the pk object only on error. On success, - * the content of the object has been stored in the slot. */ if( status != PSA_SUCCESS ) - { - mbedtls_pk_free( &pk ); return( status ); - } } else #endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */