psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
71284eabdb
commit
2ecfd57b93
2 changed files with 205 additions and 0 deletions
|
@ -650,4 +650,107 @@ rsa_exit:
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
psa_status_t mbedtls_psa_asymmetric_decrypt( const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *input,
|
||||||
|
size_t input_length,
|
||||||
|
const uint8_t *salt,
|
||||||
|
size_t salt_length,
|
||||||
|
uint8_t *output,
|
||||||
|
size_t output_size,
|
||||||
|
size_t *output_length )
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
(void) key_buffer;
|
||||||
|
(void) key_buffer_size;
|
||||||
|
(void) input;
|
||||||
|
(void) input_length;
|
||||||
|
(void) salt;
|
||||||
|
(void) salt_length;
|
||||||
|
(void) output;
|
||||||
|
(void) output_size;
|
||||||
|
(void) output_length;
|
||||||
|
|
||||||
|
*output_length = 0;
|
||||||
|
|
||||||
|
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
|
||||||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
|
||||||
|
mbedtls_rsa_context *rsa = NULL;
|
||||||
|
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&rsa );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto rsa_exit;
|
||||||
|
|
||||||
|
if( input_length != mbedtls_rsa_get_len( rsa ) )
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
goto rsa_exit;
|
||||||
|
}
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
|
||||||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
|
||||||
|
|
||||||
|
if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
|
||||||
|
status = mbedtls_to_psa_error(
|
||||||
|
mbedtls_rsa_pkcs1_decrypt( rsa,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
output_length,
|
||||||
|
input,
|
||||||
|
output,
|
||||||
|
output_size ) );
|
||||||
|
#else
|
||||||
|
status = PSA_ERROR_NOT_SUPPORTED;
|
||||||
|
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
if( PSA_ALG_IS_RSA_OAEP( alg ) )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
|
||||||
|
status = mbedtls_to_psa_error(
|
||||||
|
psa_rsa_oaep_set_padding_mode( alg, rsa ) );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto rsa_exit;
|
||||||
|
|
||||||
|
status = mbedtls_to_psa_error(
|
||||||
|
mbedtls_rsa_rsaes_oaep_decrypt( rsa,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
salt, salt_length,
|
||||||
|
output_length,
|
||||||
|
input,
|
||||||
|
output,
|
||||||
|
output_size ) );
|
||||||
|
#else
|
||||||
|
status = PSA_ERROR_NOT_SUPPORTED;
|
||||||
|
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
|
||||||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
|
||||||
|
rsa_exit:
|
||||||
|
mbedtls_rsa_free( rsa );
|
||||||
|
mbedtls_free( rsa );
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
|
||||||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
|
@ -212,6 +212,50 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
|
||||||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature, size_t signature_length );
|
const uint8_t *signature, size_t signature_length );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Encrypt a short message with a public key.
|
||||||
|
*
|
||||||
|
* \param attributes The attributes for the key to import.
|
||||||
|
* \param key_buffer Buffer where the key data is to be written.
|
||||||
|
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param input_length Size of the \p input buffer in bytes.
|
||||||
|
* \param[in] salt A salt or label, if supported by the
|
||||||
|
* encryption algorithm.
|
||||||
|
* If the algorithm does not support a
|
||||||
|
* salt, pass \c NULL.
|
||||||
|
* If the algorithm supports an optional
|
||||||
|
* salt and you do not want to pass a salt,
|
||||||
|
* pass \c NULL.
|
||||||
|
*
|
||||||
|
* - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
|
||||||
|
* supported.
|
||||||
|
* \param salt_length Size of the \p salt buffer in bytes.
|
||||||
|
* If \p salt is \c NULL, pass 0.
|
||||||
|
* \param[out] output Buffer where the encrypted message is to
|
||||||
|
* be written.
|
||||||
|
* \param output_size Size of the \p output buffer in bytes.
|
||||||
|
* \param[out] output_length On success, the number of bytes
|
||||||
|
* that make up the returned output.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* The size of the \p output buffer is too small. You can
|
||||||
|
* determine a sufficient buffer size by calling
|
||||||
|
* #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
|
||||||
|
* where \c key_type and \c key_bits are the type and bit-size
|
||||||
|
* respectively of \p key.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||||
|
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||||
|
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
|
||||||
|
* \retval #PSA_ERROR_BAD_STATE
|
||||||
|
* The library has not been previously initialized by psa_crypto_init().
|
||||||
|
* It is implementation-dependent whether a failure to initialize
|
||||||
|
* results in this error code.
|
||||||
|
*/
|
||||||
psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attributes,
|
psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *key_buffer,
|
const uint8_t *key_buffer,
|
||||||
size_t key_buffer_size,
|
size_t key_buffer_size,
|
||||||
|
@ -224,4 +268,62 @@ psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attribu
|
||||||
size_t output_size,
|
size_t output_size,
|
||||||
size_t *output_length );
|
size_t *output_length );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Decrypt a short message with a private key.
|
||||||
|
*
|
||||||
|
* \param attributes The attributes for the key to import.
|
||||||
|
* \param key_buffer Buffer where the key data is to be written.
|
||||||
|
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] input The message to decrypt.
|
||||||
|
* \param input_length Size of the \p input buffer in bytes.
|
||||||
|
* \param[in] salt A salt or label, if supported by the
|
||||||
|
* encryption algorithm.
|
||||||
|
* If the algorithm does not support a
|
||||||
|
* salt, pass \c NULL.
|
||||||
|
* If the algorithm supports an optional
|
||||||
|
* salt and you do not want to pass a salt,
|
||||||
|
* pass \c NULL.
|
||||||
|
*
|
||||||
|
* - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
|
||||||
|
* supported.
|
||||||
|
* \param salt_length Size of the \p salt buffer in bytes.
|
||||||
|
* If \p salt is \c NULL, pass 0.
|
||||||
|
* \param[out] output Buffer where the decrypted message is to
|
||||||
|
* be written.
|
||||||
|
* \param output_size Size of the \c output buffer in bytes.
|
||||||
|
* \param[out] output_length On success, the number of bytes
|
||||||
|
* that make up the returned output.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* The size of the \p output buffer is too small. You can
|
||||||
|
* determine a sufficient buffer size by calling
|
||||||
|
* #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
|
||||||
|
* where \c key_type and \c key_bits are the type and bit-size
|
||||||
|
* respectively of \p key.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||||
|
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||||
|
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
|
||||||
|
* \retval #PSA_ERROR_INVALID_PADDING
|
||||||
|
* \retval #PSA_ERROR_BAD_STATE
|
||||||
|
* The library has not been previously initialized by psa_crypto_init().
|
||||||
|
* It is implementation-dependent whether a failure to initialize
|
||||||
|
* results in this error code.
|
||||||
|
*/
|
||||||
|
psa_status_t mbedtls_psa_asymmetric_decrypt( const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *input,
|
||||||
|
size_t input_length,
|
||||||
|
const uint8_t *salt,
|
||||||
|
size_t salt_length,
|
||||||
|
uint8_t *output,
|
||||||
|
size_t output_size,
|
||||||
|
size_t *output_length );
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_RSA_H */
|
#endif /* PSA_CRYPTO_RSA_H */
|
||||||
|
|
Loading…
Reference in a new issue