Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
This commit is contained in:
Ronald Cron
GitHub
commit
142c205ffc
5 changed files with 27 additions and 7 deletions
5
ChangeLog.d/psa-without-genprime-fix.txt
Normal file
5
ChangeLog.d/psa-without-genprime-fix.txt
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Restore the ability to configure PSA via Mbed TLS options to support RSA
|
||||
key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
|
||||
is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
|
||||
Fixes #4512.
|
||||
|
|
@ -4818,7 +4818,8 @@ psa_status_t psa_generate_key_internal(
|
|||
}
|
||||
else
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
|
||||
defined(MBEDTLS_GENPRIME)
|
||||
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||
{
|
||||
return( mbedtls_psa_rsa_generate_key( attributes,
|
||||
|
|
@ -4827,7 +4828,8 @@ psa_status_t psa_generate_key_internal(
|
|||
key_buffer_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
* defined(MBEDTLS_GENPRIME) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
|
||||
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
|
||||
|
|
|
|||
|
|
@ -274,7 +274,8 @@ static psa_status_t rsa_export_public_key(
|
|||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
|
||||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
|
||||
|
||||
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
|
||||
defined(MBEDTLS_GENPRIME)
|
||||
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
|
||||
size_t domain_parameters_size,
|
||||
int *exponent )
|
||||
|
|
@ -332,7 +333,8 @@ static psa_status_t rsa_generate_key(
|
|||
|
||||
return( status );
|
||||
}
|
||||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
* defined(MBEDTLS_GENPRIME) */
|
||||
|
||||
/****************************************************************/
|
||||
/* Sign/verify hashes */
|
||||
|
|
@ -557,7 +559,8 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
|||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
|
||||
defined(MBEDTLS_GENPRIME)
|
||||
psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
|
||||
|
|
@ -565,7 +568,8 @@ psa_status_t mbedtls_psa_rsa_generate_key(
|
|||
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
|
||||
key_buffer_length ) );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
* defined(MBEDTLS_GENPRIME) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||
|
|
|
|||
|
|
@ -828,6 +828,15 @@ component_test_psa_crypto_client () {
|
|||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_rsa_no_genprime() {
|
||||
msg "build: default config minus MBEDTLS_GENPRIME"
|
||||
scripts/config.py unset MBEDTLS_GENPRIME
|
||||
make
|
||||
|
||||
msg "test: default config minus MBEDTLS_GENPRIME"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_ref_configs () {
|
||||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
|
|
|
|||
|
|
@ -3369,7 +3369,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTL
|
|||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 0 bits: invalid
|
||||
|
|
|
|||
Loading…
Reference in a new issue