Detecting bit size is no longer required

Storage format has been changed to always store the key's bit size

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-10-23 12:03:08 +02:00
parent c4813a6e80
commit 162ec8758f
3 changed files with 0 additions and 189 deletions

View file

@ -982,174 +982,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
return( PSA_SUCCESS );
}
psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot )
{
if( slot->attr.bits != 0 )
return( PSA_SUCCESS );
if( key_type_is_raw_bytes( slot->attr.type ) )
{
slot->attr.bits =
(psa_key_bits_t) PSA_BYTES_TO_BITS( slot->data.key.bytes );
return( PSA_SUCCESS );
}
else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
/* Keys are stored in export format, and we are currently
* restricted to known curves, so do the reverse lookup based
* on data length. */
size_t byte_length = slot->data.key.bytes;
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) &&
PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) !=
PSA_ECC_FAMILY_MONTGOMERY )
{
/* A Weierstrass public key is represented as:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
* So its data length is 2m+1 where m is the curve size in bits.
*/
if( ( byte_length & 1 ) == 0 )
return( PSA_ERROR_BAD_STATE );
byte_length = byte_length / 2;
/* Montgomery public keys are represented in compressed format,
* meaning their curve_size is equal to the amount of input. */
/* Private keys are represented in uncompressed private random
* integer format, meaning their curve_size is equal to the
* amount of input. */
}
switch( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) )
{
case PSA_ECC_FAMILY_SECP_R1:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 192 ):
slot->attr.bits = 192;
break;
case PSA_BITS_TO_BYTES( 224 ):
slot->attr.bits = 224;
break;
case PSA_BITS_TO_BYTES( 256 ):
slot->attr.bits = 256;
break;
case PSA_BITS_TO_BYTES( 384 ):
slot->attr.bits = 384;
break;
case PSA_BITS_TO_BYTES( 521 ):
slot->attr.bits = 521;
break;
default:
return( PSA_ERROR_BAD_STATE );
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 256 ):
slot->attr.bits = 256;
break;
case PSA_BITS_TO_BYTES( 384 ):
slot->attr.bits = 384;
break;
case PSA_BITS_TO_BYTES( 512 ):
slot->attr.bits = 512;
break;
default:
return( PSA_ERROR_BAD_STATE );
}
break;
case PSA_ECC_FAMILY_MONTGOMERY:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 255 ):
slot->attr.bits = 255;
break;
case PSA_BITS_TO_BYTES( 448 ):
slot->attr.bits = 448;
break;
default:
return( PSA_ERROR_BAD_STATE );
}
break;
case PSA_ECC_FAMILY_SECP_K1:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 192 ):
slot->attr.bits = 192;
break;
case PSA_BITS_TO_BYTES( 224 ):
slot->attr.bits = 224;
break;
case PSA_BITS_TO_BYTES( 256 ):
slot->attr.bits = 256;
break;
default:
return( PSA_ERROR_BAD_STATE );
}
break;
default:
return( PSA_ERROR_BAD_STATE );
}
return( PSA_SUCCESS );
}
else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
/* There's no easy way of figuring out the RSA bit size from
* the data length of the export representation. For now, use
* the mbed TLS software implementation to figure it out. */
psa_key_attributes_t attributes = {
.core = slot->attr
};
size_t bits;
psa_status_t status = psa_driver_wrapper_validate_key(
&attributes,
slot->data.key.data,
slot->data.key.bytes,
&bits );
if( status == PSA_SUCCESS )
slot->attr.bits = (psa_key_bits_t) bits;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
/* If no accelerator was able to figure it out, try software. */
#if defined(MBEDTLS_RSA_C)
mbedtls_rsa_context *rsa = NULL;
/* Parse input */
status = psa_load_rsa_representation( slot->attr.type,
slot->data.key.data,
slot->data.key.bytes,
&rsa );
if( status != PSA_SUCCESS )
{
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
return( status );
}
slot->attr.bits = (psa_key_bits_t) PSA_BYTES_TO_BITS(
mbedtls_rsa_get_len( rsa ) );
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
return( PSA_SUCCESS );
#else
return( PSA_ERROR_NOT_SUPPORTED );
#endif
}
else
return( PSA_ERROR_NOT_SUPPORTED );
}
/** Import key data into a slot.
*
* `slot->type` must have been set previously.

View file

@ -158,25 +158,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
const uint8_t *data,
size_t data_length );
/** Detect the key bit size for a key in a slot where bit size
* is unset.
*
* This function assumes that the slot contains key material in
* export format.
*
* \param[in,out] slot Key slot to detect and set the bit size in.
*
* \retval #PSA_SUCCESS
* The key bit size was already set, or has been detected
* and set accordingly.
* \retval #PSA_ERROR_BAD_STATE
* The size of the key material in the slot doesn't match
* with the declared key type.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The key type is unknown to the implementation.
*/
psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot );
/** Convert an mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of

View file

@ -144,8 +144,6 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_detect_bit_size_in_slot( slot );
}
exit: