Move key buffer size computation out of psa_generate_key_internal()
Preparatory commit to eventually change psa_generate_key_internal() signature to that of a PSA driver generate_key entry point. To be able to change the signature, the buffer to store the key has to be allocated before the call to psa_generate_key_internal() thus its size has to be calculed beforehand as well. This is the purpose of this commit: to move the computation of the key size in bytes out of psa_generate_key_internal(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
f3bb761c00
commit
01b2aba924
1 changed files with 74 additions and 24 deletions
|
|
@ -5984,24 +5984,83 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||||
|
|
||||||
static psa_status_t psa_generate_key_internal(
|
/** Get the key buffer size for the key material in export format
|
||||||
psa_key_slot_t *slot, size_t bits,
|
*
|
||||||
const uint8_t *domain_parameters, size_t domain_parameters_size )
|
* \param[in] type The key type
|
||||||
|
* \param[in] bits The number of bits of the key
|
||||||
|
* \param[out] key_buffer_size Minimum buffer size to contain the key material
|
||||||
|
* in export format
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* The minimum size for a buffer to contain the key material in export
|
||||||
|
* format has been returned successfully.
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* The size in bits of the key is not valid.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* The type and/or the size in bits of the key or the combination of
|
||||||
|
* the two is not supported.
|
||||||
|
*/
|
||||||
|
static psa_status_t psa_get_key_buffer_size(
|
||||||
|
psa_key_type_t type, size_t bits, size_t *key_buffer_size )
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_type_t type = slot->attr.type;
|
|
||||||
|
|
||||||
if( domain_parameters == NULL && domain_parameters_size != 0 )
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
|
|
||||||
if( key_type_is_raw_bytes( type ) )
|
if( key_type_is_raw_bytes( type ) )
|
||||||
{
|
{
|
||||||
status = validate_unstructured_key_bit_size( type, bits );
|
status = validate_unstructured_key_bit_size( type, bits );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
*key_buffer_size = PSA_BITS_TO_BYTES( bits );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||||
|
if( PSA_KEY_TYPE_IS_RSA( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
|
||||||
|
{
|
||||||
|
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
|
||||||
/* Allocate memory for the key */
|
/* Accept only byte-aligned keys, for the same reasons as
|
||||||
status = psa_allocate_buffer_to_slot( slot, PSA_BITS_TO_BYTES( bits ) );
|
* in psa_import_rsa_key(). */
|
||||||
|
if( bits % 8 != 0 )
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
|
||||||
|
*key_buffer_size = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( bits );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
|
||||||
|
if( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
|
||||||
|
{
|
||||||
|
*key_buffer_size = PSA_BITS_TO_BYTES( bits );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
|
||||||
|
{
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( PSA_SUCCESS );
|
||||||
|
}
|
||||||
|
|
||||||
|
static psa_status_t psa_generate_key_internal(
|
||||||
|
psa_key_slot_t *slot, size_t bits,
|
||||||
|
const uint8_t *domain_parameters, size_t domain_parameters_size )
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
psa_key_type_t type = slot->attr.type;
|
||||||
|
size_t key_buffer_size;
|
||||||
|
|
||||||
|
if( domain_parameters == NULL && domain_parameters_size != 0 )
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
|
status = psa_get_key_buffer_size( slot->attr.type, bits, &key_buffer_size );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
return( status );
|
||||||
|
|
||||||
|
if( key_type_is_raw_bytes( type ) )
|
||||||
|
{
|
||||||
|
status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
|
|
@ -6024,12 +6083,7 @@ static psa_status_t psa_generate_key_internal(
|
||||||
mbedtls_rsa_context rsa;
|
mbedtls_rsa_context rsa;
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
int exponent;
|
int exponent;
|
||||||
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
/* Accept only byte-aligned keys, for the same reasons as
|
|
||||||
* in mbedtls_psa_rsa_import_key(). */
|
|
||||||
if( bits % 8 != 0 )
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
status = psa_read_rsa_exponent( domain_parameters,
|
status = psa_read_rsa_exponent( domain_parameters,
|
||||||
domain_parameters_size,
|
domain_parameters_size,
|
||||||
&exponent );
|
&exponent );
|
||||||
|
|
@ -6044,10 +6098,7 @@ static psa_status_t psa_generate_key_internal(
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
return( mbedtls_to_psa_error( ret ) );
|
||||||
|
|
||||||
/* Make sure to always have an export representation available */
|
status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
|
||||||
size_t bytes = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( bits );
|
|
||||||
|
|
||||||
status = psa_allocate_buffer_to_slot( slot, bytes );
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
mbedtls_rsa_free( &rsa );
|
mbedtls_rsa_free( &rsa );
|
||||||
|
|
@ -6057,7 +6108,7 @@ static psa_status_t psa_generate_key_internal(
|
||||||
status = mbedtls_psa_rsa_export_key( type,
|
status = mbedtls_psa_rsa_export_key( type,
|
||||||
&rsa,
|
&rsa,
|
||||||
slot->key.data,
|
slot->key.data,
|
||||||
bytes,
|
slot->key.bytes,
|
||||||
&slot->key.bytes );
|
&slot->key.bytes );
|
||||||
mbedtls_rsa_free( &rsa );
|
mbedtls_rsa_free( &rsa );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
|
@ -6093,8 +6144,7 @@ static psa_status_t psa_generate_key_internal(
|
||||||
|
|
||||||
|
|
||||||
/* Make sure to always have an export representation available */
|
/* Make sure to always have an export representation available */
|
||||||
size_t bytes = PSA_BITS_TO_BYTES( bits );
|
status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
|
||||||
status = psa_allocate_buffer_to_slot( slot, bytes );
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
mbedtls_ecp_keypair_free( &ecp );
|
mbedtls_ecp_keypair_free( &ecp );
|
||||||
|
|
@ -6102,11 +6152,11 @@ static psa_status_t psa_generate_key_internal(
|
||||||
}
|
}
|
||||||
|
|
||||||
status = mbedtls_to_psa_error(
|
status = mbedtls_to_psa_error(
|
||||||
mbedtls_ecp_write_key( &ecp, slot->key.data, bytes ) );
|
mbedtls_ecp_write_key( &ecp, slot->key.data, slot->key.bytes ) );
|
||||||
|
|
||||||
mbedtls_ecp_keypair_free( &ecp );
|
mbedtls_ecp_keypair_free( &ecp );
|
||||||
if( status != PSA_SUCCESS ) {
|
if( status != PSA_SUCCESS ) {
|
||||||
memset( slot->key.data, 0, bytes );
|
memset( slot->key.data, 0, slot->key.bytes );
|
||||||
psa_remove_key_data_from_memory( slot );
|
psa_remove_key_data_from_memory( slot );
|
||||||
}
|
}
|
||||||
return( status );
|
return( status );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue