Ignore domain parameters in RSA key generation

Remove the ability to select a custom public exponent via domain parameters
in RSA key generation. The only way to select a custom public exponent is
now to pass custom production parameters to psa_generate_key_ext().

A subsequent commit will remove domain parameters altogether from the API,
thus this commit does not bother to update the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-02-16 00:11:09 +01:00
parent 6a2c400b8c
commit 4c32b69f37
6 changed files with 23 additions and 116 deletions

View file

@ -7576,11 +7576,8 @@ psa_status_t psa_generate_key_internal(
* that mbedtls_psa_rsa_generate_key() gets e via a new * that mbedtls_psa_rsa_generate_key() gets e via a new
* parameter instead. */ * parameter instead. */
psa_key_attributes_t override_attributes = *attributes; psa_key_attributes_t override_attributes = *attributes;
if (params_data_length != 0) {
override_attributes.domain_parameters_size = params_data_length;
override_attributes.domain_parameters = (uint8_t *) &params->data;
}
return mbedtls_psa_rsa_generate_key(&override_attributes, return mbedtls_psa_rsa_generate_key(&override_attributes,
params, params_data_length,
key_buffer, key_buffer,
key_buffer_size, key_buffer_size,
key_buffer_length); key_buffer_length);

View file

@ -223,11 +223,6 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
size_t i; size_t i;
uint32_t acc = 0; uint32_t acc = 0;
if (domain_parameters_size == 0) {
*exponent = 65537;
return PSA_SUCCESS;
}
/* Mbed TLS encodes the public exponent as an int. For simplicity, only /* Mbed TLS encodes the public exponent as an int. For simplicity, only
* support values that fit in a 32-bit integer, which is larger than * support values that fit in a 32-bit integer, which is larger than
* int on just about every platform anyway. */ * int on just about every platform anyway. */
@ -246,19 +241,21 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
psa_status_t mbedtls_psa_rsa_generate_key( psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const psa_key_production_parameters_t *params, size_t params_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{ {
psa_status_t status; psa_status_t status;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent; int exponent = 65537;
status = psa_rsa_read_exponent(attributes->domain_parameters, if (params_data_length != 0) {
attributes->domain_parameters_size, status = psa_rsa_read_exponent(params->data, params_data_length,
&exponent); &exponent);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return status; return status;
} }
}
mbedtls_rsa_init(&rsa); mbedtls_rsa_init(&rsa);
ret = mbedtls_rsa_gen_key(&rsa, ret = mbedtls_rsa_gen_key(&rsa,

View file

@ -109,6 +109,15 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
* entry point. * entry point.
* *
* \param[in] attributes The attributes for the RSA key to generate. * \param[in] attributes The attributes for the RSA key to generate.
* \param[in] params Production parameters for the key
* generation. This function only uses
* `params->data`,
* which contains the public exponent.
* This can be a null pointer if
* \c params_data_length is 0.
* \param params_data_length Length of `params->data` in bytes.
* This can be 0, in which case the
* public exponent will be 65537.
* \param[out] key_buffer Buffer where the key data is to be written. * \param[out] key_buffer Buffer where the key data is to be written.
* \param[in] key_buffer_size Size of \p key_buffer in bytes. * \param[in] key_buffer_size Size of \p key_buffer in bytes.
* \param[out] key_buffer_length On success, the number of bytes written in * \param[out] key_buffer_length On success, the number of bytes written in
@ -123,6 +132,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
*/ */
psa_status_t mbedtls_psa_rsa_generate_key( psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const psa_key_production_parameters_t *params, size_t params_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
/** Sign an already-calculated hash with an RSA private key. /** Sign an already-calculated hash with an RSA private key.

View file

@ -225,10 +225,13 @@ psa_status_t mbedtls_test_transparent_generate_key(
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_rsa_generate_key( return libtestdriver1_mbedtls_psa_rsa_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes, (const libtestdriver1_psa_key_attributes_t *) attributes,
NULL, 0, /* We don't support custom e in the test driver yet */
key, key_size, key_length); key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return mbedtls_psa_rsa_generate_key( return mbedtls_psa_rsa_generate_key(
attributes, key, key_size, key_length); attributes,
NULL, 0, /* We don't support custom e in the test driver yet */
key, key_size, key_length);
#endif #endif
} else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
&& PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {

View file

@ -7431,24 +7431,6 @@ PSA generate key: ECC, Curve448, good
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
PSA generate key: RSA, domain parameters: default e
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=3
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=65537
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=513
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=1
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: RSA, domain parameters: e=2
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: FFDH, 2048 bits, good PSA generate key: FFDH, 2048 bits, good
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048 depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0

View file

@ -9840,88 +9840,6 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
void generate_key_rsa(int bits_arg,
data_t *e_arg,
int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
size_t bits = bits_arg;
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *e_read_buffer = NULL;
int is_default_public_exponent = 0;
size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE(type, bits);
size_t e_read_length = SIZE_MAX;
if (e_arg->len == 0 ||
(e_arg->len == 3 &&
e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1)) {
is_default_public_exponent = 1;
e_read_size = 0;
}
TEST_CALLOC(e_read_buffer, e_read_size);
PSA_ASSERT(psa_crypto_init());
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
PSA_ASSERT(psa_set_key_domain_parameters(&attributes, type,
e_arg->x, e_arg->len));
psa_set_key_bits(&attributes, bits);
/* Generate a key */
TEST_EQUAL(psa_generate_key(&attributes, &key), expected_status);
if (expected_status != PSA_SUCCESS) {
goto exit;
}
/* Test the key information */
PSA_ASSERT(psa_get_key_attributes(key, &attributes));
TEST_EQUAL(psa_get_key_type(&attributes), type);
TEST_EQUAL(psa_get_key_bits(&attributes), bits);
psa_status_t status = psa_get_key_domain_parameters(&attributes,
e_read_buffer, e_read_size,
&e_read_length);
#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
if (is_default_public_exponent) {
TEST_EQUAL(e_read_length, 0);
} else {
TEST_EQUAL(status, PSA_SUCCESS);
TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
}
#else
(void) is_default_public_exponent;
TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED);
#endif
/* Do something with the key according to its type and permitted usage. */
if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
goto exit;
}
TEST_ASSERT(rsa_test_e(key, bits, e_arg));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes() or
* set by psa_set_key_domain_parameters() thus reset them as required.
*/
psa_reset_key_attributes(&attributes);
psa_destroy_key(key);
PSA_DONE();
mbedtls_free(e_read_buffer);
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void generate_key_ext(int type_arg, void generate_key_ext(int type_arg,
int bits_arg, int bits_arg,